Web Services Security

The Inbound Web Services capability of Oracle Utilities Cloud Service, which is based on JAX-WS/JAX-RS implementation, allows for support for advanced security settings on individual services. This section applies to REST-based and SOAP-based services defined as inbound web services.

Note: Refer to Web Services Best Practices for Oracle Utilities Application Framework (Doc ID 2214375.1) for additional implementation advice for web services security.

Oracle Utilities Cloud Service includes the following preonfigured Inbound Web Services configurations optimized for the Oracle Cloud Infrastructure:

• An internal web services capability rather than the Oracle Web Service Manager to reduce implementation cost.

• A multi-token WS-Policy (via K1-BASIC Web Service Annotation) for services authentication using oracle/multi_token_rest_service_policy. This policy supports several methods within a single policy.

• Other WS-Policy configurations are not available at present time. These do not need to be attached to any Inbound Web Service as annotations as these are global policies.

• A Web Services Catalog capability to control integration with Oracle Integration Cloud Services.

• Online service deployment is the only supported method at present time, which is available through the Inbound SOAP Service Deployment menu option. REST services are automatically deployed when active.