This chapter provides a synopsis of the Oracle Application Integration Architecture security features.
Oracle AIA runs within an Oracle WebLogic Server Service-Oriented Architecture (SOA) container. You can leverage all WebLogic Server security infrastructure functionality, such as authentication, authorization, and secure auditing.
The following inbound communication points must be managed securely:
Siebel customer relationship management (Siebel CRM) to Oracle AIA:
Siebel CRM communicates asynchronously with Oracle AIA.
Oracle AIA exposes Java Message Service (JMS) queues to Siebel CRM.
Siebel CRM adds messages to Oracle AIA JMS queues.
The Oracle AIA consumer services subscribed to the queues pick up the messages for processing.
Oracle AIA JMS queues are protected with user credentials created and maintained in WebLogic Server security infrastructure.
You configure and maintain Oracle AIA queue details and credentials in Siebel CRM. See Siebel CRM Security Guide for more information about managing security in Siebel CRM.
Oracle Communications Order and Service Management (OSM) to Oracle AIA:
OSM communicates asynchronously with Oracle AIA.
Oracle AIA exposes JMS Store and Forward (SAF) queues to OSM.
OSM adds messages to Oracle AIA JMS SAF queues.
The Oracle AIA consumer services subscribed to the queues pick up the messages for processing.
Oracle AIA JMS SAF queues are protected with user credentials created and maintained in WebLogic Server security infrastructure.
You configure and maintain Oracle AIA JMS SAF queue details and credentials in OSM. See OSM Security Guide for more information about managing security in OSM.
Oracle Communications Billing and Revenue Management (BRM) to Oracle AIA:
BRM communicates asynchronously with Oracle AIA.
BRM exposes Advanced Queueing (AQ) database queues to Oracle AIA.
BRM adds messages to the AQ database queues.
The Oracle AIA AQ adapter polls the AQ database queues and picks up the messages for processing.
You configure and maintain the BRM AQ database queue details and credentials in Oracle AIA.
Oracle Product Hub to Oracle AIA:
Product Hub communicates asynchronously with Oracle AIA.
Product Hub exposes Advanced Queueing (AQ) database queues to Oracle AIA.
Product Hub adds messages to the AQ database queues.
The Oracle AIA AQ adapter polls the AQ database queues and picks up the messages for processing.
You configure and maintain the Product Hub database queue details and credentials in Oracle AIA.
The following outbound communication points must be managed securely:
Oracle AIA to Siebel CRM:
Oracle AIA communicates synchronously with Siebel CRM in a request-response pattern.
Siebel CRM exposes SOAP web services to Oracle AIA.
Oracle AIA invokes the SOAP web services and receives a response from Siebel CRM.
Siebel CRM web services are protected with user credentials.
You configure encrypted Siebel CRM web service credentials in Oracle AIA configuration files.
Oracle AIA uses Session Pool Manager to get a session token that is associated with the SOAP request.
Oracle AIA releases the session token when it receives a response from Siebel CRM.
Oracle AIA to OSM:
Oracle AIA communicates asynchronously with OSM.
Oracle AIA adds messages to the OSM JMS SAF queues.
The OSM JMS consumers subscribed to the queues pick up the messages for processing.
OSM JMS SAF queues are protected with user credentials created and maintained in WebLogic Server security infrastructure.
Oracle AIA stores the encrypted OSM JMS SAF queue credentials in configuration files.
Oracle AIA to BRM:
Oracle AIA communicates synchronously with BRM in a request-response pattern.
BRM exposes the JCA Resource Adapter to Oracle AIA.
Oracle AIA invokes the JCA Resource Adapter and it invokes BRM opcodes.
The JCA Resource Adapter is protected with user credentials.
You configure and maintain encrypted JCA Resource Adapter credentials in Oracle AIA configuration files.
By default, Oracle AIA services are secured by SOA and Oracle WebLogic Server security infrastructure. Oracle AIA composites are protected by authentication through Oracle Web Services Manager security policies. When you deploy pre-built integrations, the default policies are automatically applied as follows:
Global security policies are automatically attached to all composites that match the Oracle AIA naming conventions.
Local security policies are automatically attached to composites whose security requirements differ from the global policy or whose name does not match the Oracle AIA naming conventions.
Oracle recommends the following:
Harden the services with message protection in your production environment. Before modifying the default security policies, you must understand Oracle Web Services Management security policy configuration and the global and local deployment strategies. Changes to the default policies without proper understanding could impact the integration's expected behavior.
Do not completely disable default security policies.
Validate that the default security policies are correctly deployed before running your production system.
For more information about security policies, see the discussion of working with security in Oracle Fusion Middleware Developer's Guide for Oracle Application Integration Architecture Foundation Pack.