11 Web Services Security

The Inbound Web Services capability of Oracle Utilities Cloud Services, which is based on JAX-WS/JAX-RS implementation, allows for support for advanced security settings on individual services. This section applies to REST-based and SOAP-based services defined as inbound web services.

Note:

Refer to Web Services Best Practices for Oracle Utilities Application Framework (Doc ID 2214375.1) for additional implementation advice for web services security.

Oracle Utilities Cloud Services include the following pre-configured Inbound Web Services configurations optimized for the Oracle Cloud Infrastructure:

• An internal web services capability rather than the Oracle Web Service Manager to reduce implementation cost.
• A multi-token WS-Policy (via K1-BASIC Web Service Annotation) for services authentication using oracle/multi_token_rest_service_policy. This policy supports several methods within a single policy.
• Other WS-Policy configurations are not available at present time. These do not need to be attached to any Inbound Web Service as annotations as these are global policies.
• A Web Services Catalog capability to control integration with Oracle Integration Cloud Services.
• Online service deployment is the only supported method at present time, which is available through the Inbound SOAP Service Deployment menu option. REST services are automatically deployed when active.