Understanding WSRP

WSRP is a web services protocol that is used to bring together content and interactive web applications from remote sources. WSRP incorporates standards such as XML, Simple Object Access Protocol (SOAP), and Web Service Description Language (WSDL) to serve as a foundation, while allowing for the implementation of evolving standards.

A WSDL document is an XML file that contains information about the interface, semantics, and other details of a call to a web service. When someone wants to use a service, he or she requests a WSDL document to determine the location of the service, the associated function calls, and how to access them. The administrator then uses this information in the WSDL to form a SOAP request and send it via HTTP to the external system endpoint.

Oracle provides support for:

  • Consuming portlets using WSRP technology.

  • Producing WSRP portlets through Pagelet Wizard.

  • Producing WSRP portlets for PeopleSoft pages and iScripts.

  • Implementing WS-Security for single signon with third -party portals that support WSRP and WS-Security.

The terms producer and consumer are used to describe parties implementing the WSRP protocol.

Producer: A web service that offers one or more portlets and implements various WSRP interfaces. A producer may offer just one portlet or provide a container for deploying and managing several portlets.

Consumer: A web service client that invokes producer-offered WSRP web services and provides an environment for users to interact with portlets offered by one or more producers.

Most PeopleSoft pages, portlets, and iScripts are WSRP-compliant and available for consumption in WSRP-compliant portals; this applies to existing definitions and newly created definitions. While these PeopleSoft items, by default, are available for WSRP consumption, an administrator controls which items are actually produced, or exposed, for WSRP consumption.

This functionality enables you to incorporate PeopleSoft application pages, pagelets, and iScripts into a portal of your choice. When users in the non-PeopleSoft portal interact with the WSRP portlet, depending on how the portlet is configured, they can interact directly within the portlet or they can be transferred to the PeopleSoft portal where the portlet originated.

To enable components for WSRP production, you select the WSRP Compliant option on the Internet tab of the Component Properties dialog box.

See Setting Internet Properties.

WSRP Interfaces and Operations

A producer must implement the following WSRP interfaces:

Service Description Interface: Provides metadata of itself and the list of portlets that it offers. The consumer invokes the getServiceDescription operation of this interface to obtain the metadata.

Markup Interface: Generates markup and processes interaction requests. The consumer invokes the getMarkup operation of this interface to obtain the portlets markup. These portlets then invoke the performBlockingInteraction operation to process user interactions to the producer.

WSRP also specifies the following optional interfaces:

Registration Interface: Provides an in-band mechanism for a consumer to register with a producer. It enables the producer to customize its behavior for each consumer based on registration information. WSRP also allows out-of-band registrations and no registration.

Portlet Management Interface: Enables consumers to clone or destroy portlets as well as customize portlets by changing any associated properties.

Note: The registration interface and portlet management interfaces are not used by the PeopleSoft producer. Consumers are therefore not required to register with the PeopleSoft producer.

WS-Security

By implementing the WS-Security standard, Oracle enables you to leverage emerging XML security technologies to address web services security requirements. WS-Security provides:

  • A way for applications to construct secure SOAP message exchanges.

  • A general-purpose mechanism for associating security tokens with SOAP messages.

  • XML message integrity and confidentiality.

With WS-Security capabilities, you can leverage the standard set of SOAP extensions that you use when building secure web services to implement message content integrity and confidentiality. WS-Security provides a way to insert and convey security tokens in SOAP messages. The ability to leverage WS-Security standards provides for better interoperability and improved usability, enabling the implementation of robust security within a WSRP-capable environment. The solutions being provided through the PeopleSoft WS-Security implementation include:

  • Single signon solution between WSRP consumer and producer.

    The web services consumer passes the appropriate identification to a producer as part of the SOAP message so that the producer can verify the identity to run requested web services on behalf of the user without requiring a user to sign in. Single signon between the web services consumer and producer is currently supported in WSRP portal and Integration Broker.

  • SOAP message integrity. This ensures that no one has tampered with the messages.

  • SOAP message confidentiality. This guarantees that messages are protected against eavesdroppers.

WS-Security UsernameToken Profile defines a standard way to associate user ID and password information in the SOAP messaging for web services interoperability.

The Security Assertion Markup Language (SAML) Token defines assertions, protocols, bindings, and profiles.

The PeopleSoft portal solution provides support for WS-Security for single signon with third-party applications, limited to user authentication using user name and password or user authentication using user name and digital signature through the use of Web Services Security: Username Token Profile and SAML Token.

Note: Oracle provides multiple levels of security for WSRP. These levels, or options, are discussed in the following topic. Oracle recommends that you determine the level that is appropriate for your needs before implementing WS-Security. Using SSL (Secure Sockets Layer) connections to secure transmissions may be sufficient.

See Improving Same-Server Performance Under SSL, Understanding the PeopleSoft WS-Security for WSRP.