Oracle API Gateway Policy Developer Guide
11g Release 2 (11.1.2.4.0)
Oracle API Gateway Policy Developer Guide, 11g Release 2 (11.1.2.4.0)
Copyright © 1999, 2015, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. This documentation is in prerelease status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.
The information contained in this document is for informational sharing purposes only and should be considered in your capacity as a customer advisory board member or pursuant to your beta trial agreement only. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.
This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions of your Oracle Software License and Service Agreement, which has been executed and with which you agree to comply. This document and information contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
25 March 2015
Contents
- What's new
- 1. Get started
- 2. Manage policies
- 3. Web services
-
- Register and secure web services
- Configure policies from WSDL files
-
- Overview
- API Gateway as the web service initiator
- API Gateway as the web service recipient
- Import WSDL summary
- Import a WSDL file
- Configure a security policy
- Configure recipient security settings
- Configure initiator security settings
- Configure recipient policy filters
- Configure initiator policy filters
- Edit the recipient or initiator WS-Policy
- Configure a recipient WCF WS-Policy
- Remove security tokens
- Manage web services
- Manage WSDL and XML schema documents
-
- Overview
- Structure of the global cache
- View cached WSDL or XML schema documents
- Add XML schemas to the cache
- Add WSDL documents to the cache
- Update cached WSDL or XML schema documents
- Delete cached WSDL or XML schema documents
- XML schema and WSDL document validation
- XML schema and WSDL document limitations
- Version and duplicate management
- Validate messages against XML schemas
- Test a WSDL for WS-I compliance
- Expose a web service as a REST API
- Connect to a UDDI registry
- Retrieve WSDL files from a UDDI registry
- Publish WSDL files to a UDDI registry
-
- Overview
- Find WSDL files
- Publish WSDL files
- Step 1: Enter virtualized service address and WSDL URL for publishing in UDDI registry
- Step 2: View WSDL to UDDI mapping result
- Step 3: Select a registry for publishing
- Step 4: Select a duplicate publishing approach
- Step 5: Create or search for business
- Step 6: Publish WSDL
- 4. Messaging
- 5. Manage deployments
-
- Manage API Gateway deployments
- Deploy API Gateway configuration
-
- Overview
- Create a package in Policy Studio
- Configure package properties in Policy Studio
- Deploy packages in Policy Studio
- Deploy a factory configuration in Policy Studio
- Deploy currently loaded configuration in Policy Studio
- Push configuration to a group in Policy Studio
- View deployment results in Policy Studio
- Deploy on the command line
- Deploy packages in API Gateway Manager
- Compare and merge API Gateway configurations
- Manage Admin users
- 6. General configuration
- 7. API Gateway instances
-
- Configure API Gateway instances
- Configure HTTP services
- Configure relative paths
- Configure virtual hosts
- Configure SMTP services
-
- Overview
- Add an SMTP service
- Add an SMTP interface
- Configure policy handlers for SMTP commands
- Add an HELO/EHLO policy handler
- Add an AUTH policy handler
- Add a MAIL policy handler
- Add a RCPT policy handler
- Add a DATA policy handler
- SMTP authentication
- SMTP Content-Transfer-Encoding
- Deployment example
- Configure a file transfer service
- Policy execution scheduling
- Configure Amazon SQS queue listener
- Configure an FTP poller
- Configure directory scanner
- Packet sniffers
- Configure remote host settings
- Configure WebSocket connections
- Configure HTTP watchdog
- Configure conditions for HTTP interfaces
- Configure a POP client
- TIBCO integration
- Cryptographic acceleration
- Cryptographic acceleration conversation: request-response
- TIBCO Rendezvous listener
- 8. External connections
-
- External connections
-
- Overview
- Authentication repository profiles
- Client credentials
- Connection sets
- Database connections
- ICAP servers
- JMS services
- Kerberos connections
- LDAP connections
- Proxy servers
- RADIUS clients
- SiteMinder
- SMTP servers
- SOA Security Manager
- Syslog servers
- TIBCO
- Tivoli
- URL connection sets
- XKMS connections
- Authentication repository
-
- Overview
- Axway PassPort repositories
- CA SiteMinder repositories
- Database repositories
- Entrust GetAccess repositories
- Local repositories
- LDAP repositories
- Oracle Access Manager repositories
- Oracle Entitlements Server 10g repositories
- RADIUS repositories
- RSA Access Manager repositories
- Tivoli repositories
- Axway PassPort authentication repository
- Configure client credentials
- Configure Sentinel servers
- Configure database connections
- Configure database query
- Configure ICAP servers
- Configure Kerberos clients
- Configure Kerberos principals
- Configure Kerberos services
- Kerberos Keytab concepts
- Configure LDAP directories
- Configure proxy servers
- Configure RADIUS clients
- Configure SiteMinder/SOA Security Manager connections
- Configure SMTP servers
- Configure TIBCO Rendezvous daemons
- Configure XKMS connections
- 9. Resources and libraries
- 10. Amazon Web Services filters
- 11. Attribute filters
-
- Compare attribute
- Extract REST request attributes
- Extract WSS header
- Extract WSS timestamp
- Extract WSS UsernameToken element
- Get cookie
- Insert SAML attribute assertion
- Retrieve attributes from JSON message
- Retrieve attribute from directory server
- Retrieve attribute from HTTP header
- Retrieve attribute from SAML attribute assertion
- Retrieve attribute from SAML PDP
- Retrieve attribute from Tivoli
- Retrieve attribute from message
- Retrieve attribute from database
- Retrieve attribute from user store
- 12. Authentication filters
-
- Attribute authentication
- API key authentication
- Check session
- Create session
- End session
- CA SOA Security Manager authentication
- HTML form-based authentication
- HTTP basic authentication
- HTTP digest authentication
- HTTP header authentication
- IP address authentication
- Insert SAML authentication assertion
- Insert timestamp
- Insert WS-Security UsernameToken
- Kerberos client authentication
- Kerberos service authentication
- SAML authentication
- SAML PDP authentication
- SSL authentication
- STS client authentication
- WS-Security UsernameToken authentication
- 13. Authorization filters
-
- RSA Access Manager authorization
- Attribute authorization
- Axway PassPort authorization
- CA SOA Security Manager authorization
- Certificate attribute authorization
- Entrust GetAccess authorization
- Insert SAML authorization assertion
- LDAP attribute authorization
- SAML authorization
- SAML PDP authorization
- Tivoli authorization
- XACML PEP authorization
- 14. CA SiteMinder filters
- 15. Certificate filters
- 16. Cache filters
- 17. Content filters
-
- Scan with ClamAV anti-virus
- Content type filtering
- Content validation
- HTTP header validation
- Send to ICAP
- Scan with McAfee anti-virus
- Message size filtering
- Query string validation
- Schema validation
- JSON schema validation
- Scan with Sophos anti-virus
- Threatening content
- Throttling
- Validate selector expression
- Validate REST request
- Validate timestamp
- Verify the WS-Policy security header layout
- XML complexity
- 18. Conversion filters
-
- Add HTTP header
- Add XML node
- Transform with Contivo
- Convert multipart or compound body type message
- Create cookie
- Create REST request
- Extract MTOM content
- Insert MTOM attachment
- Add node to JSON document
- Remove node from JSON document
- Convert JSON to XML
- Load contents of a file
- Remove HTTP header
- Remove XML node
- Remove attachments
- Restore message
- Set HTTP verb
- Set message
- Store message
- Convert XML to JSON
- Transform with XSLT
- 19. Encryption filters
- 20. Integrity filters
- 21. Fault handler filters
- 22. Monitoring filters
- 23. Oracle Access Manager filters
- 24. Oracle Entitlements Server filters
- 25. Resolver filters
- 26. Routing filters
-
- Getting started with routing configuration
-
- Overview
- Proxy or endpoint server
- Service virtualization
- Choosing the correct routing filters
- Case 1: Proxy without service virtualization
- Case 2: Proxy with service virtualization
- Case 3: Endpoint without service virtualization
- Case 4: Endpoint with service virtualization
- Case 5: Simple redirect
- Case 6: Routing on to an HTTP proxy
- Summary
- Call internal service
- Connection
- Connect to URL
- Dynamic router
- Extract path parameters
- File download
- File upload
- HTTP redirect
- HTTP status code
- Insert WS-Addressing information
- Read WS-Addressing information
- Rewrite URL
- Save to file
- Route to SMTP
- Static router
- Route to TIBCO Rendezvous
- Wait for response packets
- 27. Security services filters
- 28. Trust filters
- 29. Utility filters
-
- Abort policy
- Check group membership
- Copy or modify attributes
- Evaluate selector
- Execute external process
- False filter
- HTTP parser
- Insert BST
- Invoke policy per message body
- Locate XML nodes
- Management services RBAC
- Pause processing
- Create policy shortcut
- Create policy shortcut chain
- Quote of the day
- Reflect message
- Reflect message and attributes
- Remove attribute
- Set attribute
- Set response status
- Replace string
- Switch on attribute value
- Allow or block messages at specified times
- Trace filter
- True filter
- 30. Web services filters
- 31. Extend filters
- 32. Configure common settings
- 33. Reference