5 Deploying, Testing, and Securing UIM Web Services
This chapter provides information about deploying, testing, and securing Oracle Communications Unified Inventory Management (UIM) Web Services and any custom web services you may have created.
Deploying Web Services
Each web service is packaged in a WAR file, which is packaged in an EAR file. When you deploy the EAR file, you also deploy any web services that are packaged within the EAR file.
For example, the Service Fulfillment Web Service is packaged in the inventory.ear file, within the InventoryWS.war file. So, when you deploy the inventory.ear file, you also deploy the Service Fulfillment Web Service.
For instructions on how to deploy the inventory.ear file, see UIM System Administrator's Guide.
For custom web services, you have the option of placing the custom WAR file within the custom.ear file, within any custom EAR file, or within the inventory.ear file. So, when you deploy the custom.ear file, or the specified custom EAR file, or the inventory.ear file, you also deploy the custom web service. See Developing Custom Web Services for more information.
Note:
If custom web services are packaged as part of an EAR file, the EAR must have a deployment plan defined with the following:
-
The plan directory is UIM_Home/app/plan. This is to ensure that the EclipseLink cache coordination configuration is available in the classpath for the custom EAR file.
-
For the deployment plan (the XML configuration file) ensure the following conditions are met:
-
If the EAR file has a deployment plan, it must be created under the plan directory UIM_Home/app/plan.
-
If the EAR file does not have any deployment plan, associate the existing plan (located under the plan directory UIM_Home/app/plan as plan.xml), to the custom EAR deployment. For a clustered environment, the plan file name is ClusterPlan.xml.
Verifying Deployments
You can verify that any UIM web service is deployed by viewing it in the WebLogic Server Administration Console.
To verify that a UIM web service is deployed:
-
Log in to the WebLogic Server Administration Console.
-
In the left panel, under Domain Structure, click the Deployments link.
The Summary of Deployments page appears.
-
Expand oracle.communications.inventory.
-
Under oracle.communications.inventory, expand Web Services.
-
Under Web Services, click the link that represents the name of the web service.
The Settings page for the selected web service appears.
-
Click the Testing tab.
-
Expand the name of the web service.
-
Under the expanded web service, click the WSDL link.
The WSDL file appears. Here, you can view the web service operations that are deployed.
Testing Web Services
After you successfully deploy the web service, you can test the web service.
Web services can be tested by using any software designed to test web services, such as:
-
LISA for testing SOAP XML through HTTP or JMS
-
SoapUI for testing SOAP XML through HTTP
-
HermesJMS for testing SOAP XML through JMS
Test Input XML
The UIM installation provides the GSM 3GPP cartridge pack and the Cable TV cartridge pack, and both cartridge packs use the Service Fulfillment Web Service. The cartridge packs provide test input XML that you can use to test the Service Fulfillment Web Service operations. For additional information about these cartridge packs, see UIM GSM 3GPP Cartridge Pack Guide and UIM Cable TV Cartridge Pack Guide.
You can also generate your own test input XML by using any software that generates XML based on schema, such as XML Spy, LISA, SoapUI, and so forth.
Pre-configuration for Testing
Before running the Service Fulfillment Web Service operations, you must have the UIM base cartridges deployed into your UIM environment. The base cartridges are located in the UIM_Home/cartridges/base directory. For additional information about the base cartridges, see UIM Cartridge Guide.
Be aware of any pre-configurations that must be in place before testing any custom web services.
Securing Web Services
The Service Fulfillment Web Service has security enabled upon installation. Specifically, the HTTP and JMS web service ports are associated to the default WebLogic security policy file, Auth.xml. As a result, a user name and password must be sent in clear text over a secure tunnel (HTTPS/t3s).
Note:
The user name and password, and the payload, are not encrypted to avoid significant performance impacts.
When you create a new web service, it is up to you to secure the web service. See "Securing Custom Web Services" for more information.
About Policy Files
A policy file can be associated to a port, or to a specific operation defined for the port. When a policy file is associated to a port, it automatically secures all operations defined for the web service. When a policy file is not associated to a port, a policy file can be associated to one or more operations. If necessary, each operation can specify a different policy file. If no policy file is associated to the port, or to any operations, the web service is unsecured and no security validations are performed.
Upon installation of UIM, the WebLogic default policy file, Auth.xml, is associated to UIMInventoryHTTPPort and UIMInventoryJMSPort. So, all operations are automatically secured, and all operations under each port require a user name and password in the SOAP message header. Example 5-1 shows a SOAP message header with a user name and password specified.
Example 5-1 SOAP Message Header
<soapenv:Envelope xmlns:com="http://xmlns.oracle.com/communications/inventory/webservice/common" xmlns:ser="http://xmlns.oracle.com/communications/inventory/webservice/service" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">
<wsse:Username>uimuser1</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-username-token-profile-1.0#PasswordText">Welcome@123
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ser:captureInteractionRequest>
.
.
.
</ser:captureInteractionRequest>
</soapenv:Body>
</soapenv:Envelope>Modifying Web Service Security
You can modify the default security settings through the WebLogic Server Administration Console.
To modify the default web service security settings, see the following:
Accessing Security
To access security:
-
Log in to the WebLogic Server Administration Console.
-
In the left panel, under Domain Structure, click the Deployments link.
The Summary of Deployments page appears.
-
Expand oracle.communications.inventory.
-
Under oracle.communications.inventory, expand Web Services.
-
Under Web Services, click the link that represents the name of the web service.
For example, click the oracle.communications.inventory.ws.InventoryWSPortImpl link.
-
Click the Configuration tab, then click the WS-Policy tab.
The WS-Policy tab lists the policy files associated with the web service. Upon installation, this page lists:
-
UIMInventoryHTTPPort with the Auth.xml policy file associated
-
UIMInventoryJMSPort with the Auth.xml policy file associated
-
-
Expand either port.
All operations are listed under the port.
Associating a Policy File
You can associate a policy file to a port, or to a specific operation defined for the port.
To associate a policy file:
-
Access security for the web service.
See "Accessing Security" for more information.
-
Click the port or a specific operation.
The available policy files are listed on the left, and the policy files associated with the port or operation are listed on the right.
-
In the left side, select an available policy file to associate to the port or operation.
-
Click the right arrow, which moves the available policy file to the list of associated policy files.
-
Click OK.
Disassociating a Policy File
You can disassociate a policy file from a port or from a specific operation defined for the port.
To disassociate a policy file:
-
Access security for the web service.
See "Accessing Security" for more information.
-
Click the port or a specific operation.
The available policy files are listed on the left, and the policy files associated with the port or operation are listed on the right.
-
In the right side, select the policy file to disassociate from the port or operation.
-
Click the left arrow, which moves the associated policy file to the list of available policy files.
-
Click OK.
Modifying the Deployment Plan
If you choose to modify the default security settings for the Service Fulfillment Web Service, then you also need to modify the deployment plan for the Service Fulfillment Web Service.
The deployment plan is located in the UIM_Home/app/plan/Plan.xml file.
When you install UIM, the deployment plan contains the following:
<variable-definition>
<variable>
<name>WsPolicy_policy:Auth.xml_Direction_13075993400140</name>
<value>inbound</value>
</variable>
</variable-definition>
<module-descriptor external="false">
<root-element>webservice-policy-ref</root-element>
<uri>WEB-INF/weblogic-webservices-policy.xml</uri>
<variable-assignment>
<name>WsPolicy_policy:Auth.xml_Direction_13075993400140</name>
<xpath>
/webservice-policy-ref/port-policy/
[port-name="UIMInventoryHTTPPort"]/
ws-policy/[uri="policy:Auth.xml"]/direction
</xpath>
</variable-assignment>
<variable-assignment>
<name>WsPolicy_policy:Auth.xml_Direction_13075993400140</name>
<xpath>
/webservice-policy-ref/port-policy/
[port-name="UIMInventoryJMSPort"]/
ws-policy/[uri="policy:Auth.xml"]/direction
</xpath>
</variable-assignment>
</module-descriptor>
If you modify the default security settings through the WebLogic Server Administration Console, the <value> element (bold in the example) gets set to both, and must be reset back to inbound.
Securing Custom Web Services
When you create a new web service, it is up to you to secure the web service. How you secure the web service depends upon how you created the web service. For example, if your custom web service deploys with the custom.ear file, you need to create your own deployment plan; if your custom web service deploys with the inventory.ear file, you need to modify the inventory.ear deployment plan that is part of the UIM installation (UIM_Home/app/plan/Plan.xml file).
To secure a custom web service:
-
Access security for the custom web service.
See "Accessing Security" for detailed instructions.
-
Associate a security policy to the custom web service.
See "Associating a Policy File" for detailed instructions. You can use the security policy that comes with the UIM installation (Auth.xml), or the security policy that comes in the Reference Web Service ZIP file (SampleAuth.xml), or create your own security policy file.
Note:
The Auth.xml file is automatically available for selection to associate to your custom web service. If you are using a security policy other than the Auth.xml file, there is an additional step required to get the security policy file to be available for selection to associate to your custom web service: The security policy file must be placed in your project's policies directory before creating the WAR file. Then, when you deploy the EAR file that contains the custom web service WAR file, the security policy in the WAR file becomes available for selection to associate to your custom web service.
When you associate a security policy to the custom web service, a deployment plan is generated in the form of a Plan.xml file.
-
Associate the generated deployment plan with the custom web service by redeploying the EAR file that contains the custom web service; the redeploy prompts you to supply the path to the EAR file, and to supply the name of the deployment plan (Plan.xml).
The prompt to supply the name of the deployment plan may also prompt you to select Inbound or Both: Select Inbound.
-
Ensure that the deployment plan reflects Inbound. See "Modifying the Deployment Plan" for detailed instructions.