Configuring WebCenter Content Web Services for Integration

25 Configuring WebCenter Content Web Services for Integration

This chapter describes how to use Oracle WebCenter Content web services and Oracle WebLogic Server web services to integrate a client application with Content Server.

This chapter includes the following sections:

For general information about web services that you can use with Content Server, see Overview of Web Services.

The way to use web services described in this chapter was introduced in Oracle Universal Content Management 11g. If you want to use the way introduced in Oracle Universal Content Management 10g, with Web Services Definition Language (WSDL) and SOAP (Simple Object Access Protocol) files and the WSDL generator, see Configuring Web Services with WSDL_ SOAP_ and the WSDL Generator.

25.1 About Configuring WebCenter Content Web Services for Integration

WebCenter Content web services work with Oracle WebLogic Server web services to perform management functions for Content Server. Oracle WebLogic Server web services provide SOAP capabilities, and WebCenter Content web services include several built-in SOAP requests. WebCenter Content web services are automatically installed with Content Server, but they require additional configuration to set up security.

25.1.1 Technologies for Web Services

The core enabling technologies for WebCenter Content web services follow:

SOAP (Simple Object Access Protocol) is a lightweight XML-based messaging protocol used to encode the information in request and response messages before sending them over a network. SOAP requests are sent from WebCenter Content web services to Oracle WebLogic Server web services for implementation. For more information about SOAP, see Simple Object Access Protocol (SOAP) at http://www.w3.org/TR/soap12.
Web Services Security (WS-Security) is a standard set of SOAP extensions for securing web services for confidentiality, integrity, and authentication. For WebCenter Content web services, WS-Security is used for authentication, either for a client to connect to the server as a particular user or for one server to talk to another as a user. For more information, see the OASIS Web Service Security page at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.
Web Service Policy (WS-Policy) is a standard for attaching policies to web services. For WebCenter Content web services, policies are used for applying WS-Security to web services. The two supported policies are username-token security and SAML security.

Historically, Oracle used Oracle Web Services Manager (Oracle WSM) to secure its web services, and Oracle WebLogic Server used Web Services Security Policy (WS-SecurityPolicy) to secure its web services. Because web services security is partially standardized, some Oracle WSM and WS-SecurityPolicy policies can work with each other.

Note:

Use Oracle WSM policies over Oracle WebLogic Server web services whenever possible. You cannot mix your use of Oracle WSM and Oracle WebLogic Server web services policies in the same web service.

WebCenter Content web services (idcws/ as context root) are SOAP based, while WebCenter Content native web services (idcnativews/ as context root) are JAX_WS based. Both kinds of web services can be assigned Oracle WSM policies through the Oracle WebLogic Server Administration Console.

The generic WebCenter Content web services are JAX-WS based and can be assigned Oracle WSM policies and managed by Oracle WSM. The native WebCenter Content web Services are SOAP based and can only support WS-Policy policies managed through the Oracle WebLogic Server Administration Console.

For more information about Oracle WSM, see the Overview of Web Services Administration in Administering Web Services.

A subset of Oracle WebLogic Server web services policies interoperate with Oracle WSM policies. See Overview of OWSM Interoperability.

Web Services Security Policy (WS-SecurityPolicy) is a set of security policy assertions for use with the WS-Policy framework. For more information, see the Web Services Security Policy specification at http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html.
SAML is an XML standard for exchanging authentication and authorization between different security domains. For more information, see the Security Assertion Markup Language (SAML) specification at http://docs.oasis-open.org/security/saml/v2.0/.
WebLogic Scripting Tool (WLST) is a command-line tool for managing Oracle WebLogic Server. For more information, see WebCenter Portal Custom WLST Commands in Oracle Fusion Middleware WebCenter WLST Command Reference.

25.1.2 WebCenter Content Web Services

WebCenter Content provides two types of web services: a general (generic) JAX-WS based web service, and a native SOAP based web service. The two types of web services reside in two different context roots. The context root is the primary identifier in the URL for accessing the web services.

The context roots follow:

idcws

Use this context root for general access to Content Server through any regular web services client.
idcnativews

The Remote Intradoc Client (RIDC) uses the native web services. Oracle recommends that you do not develop a custom client against these services. For more information about RIDC, see Using RIDC to Access Content Server.

The following table describes the WebCenter Content web service in the idcws context root.

WebCenter Content Web Service Descriptions

WebCenter Content Web Service	Descriptions
`GenericSoapService`	This service uses a generic format similar to HDA for its SOAP format. It is almost identical to the generic SOAP calls that you can make to Content Server when you set `IsSoap=1`. For details of the format, see the published WSDL at `idcws/GenericSoapPort?WSDL`. You can apply WS-Security to `GenericSoapService` through WS-Policy. Content Server supports Oracle WSM policies for SAML and `username-token`. As a result of allowing WS-Security policies to be applied to this service, streaming Message Transmission Optimization Mechanism (MTOM) is not available for use with this service. Very large files (greater than the memory of the client or the server) cannot be uploaded or downloaded. `GenericSoapService` automatically has `oracle/wsmtom_policy` applied to it. Content Server cannot accept SOAP requests that have this policy applied. For `GenericSoapService` to work, the following policy must be applied to it: oracle/no_mtom_policy

GenericSoapService

This service uses a generic format similar to HDA for its SOAP format. It is almost identical to the generic SOAP calls that you can make to Content Server when you set IsSoap=1. For details of the format, see the published WSDL at idcws/GenericSoapPort?WSDL.

You can apply WS-Security to GenericSoapService through WS-Policy. Content Server supports Oracle WSM policies for SAML and username-token.

As a result of allowing WS-Security policies to be applied to this service, streaming Message Transmission Optimization Mechanism (MTOM) is not available for use with this service. Very large files (greater than the memory of the client or the server) cannot be uploaded or downloaded.

GenericSoapService automatically has oracle/wsmtom_policy applied to it. Content Server cannot accept SOAP requests that have this policy applied. For GenericSoapService to work, the following policy must be applied to it:

oracle/no_mtom_policy

The following table describes the WebCenter Content web services in the idcnativews context root.

WebCenter Content Web Services Descriptions

WebCenter Content Web Services	Descriptions
`IdcWebRequestService`	This is the general WebCenter Content service. Essentially, it is a normal socket request to Content Server, wrapped in a SOAP request. Requests are sent to Content Server using streaming Message Transmission Optimization Mechanism (MTOM) in order to support large files. Streaming MTOM and WS-Security do not mix. As a result, do not apply WS-Security to this service because it will break the streaming file support. In order to achieve security, you must first log in using the `IdcWebLoginService`, then use the same JSESSIONID received from that service in the next call to `IdcWebRequestService` as a cookie.
`IdcWebLoginService`	This service is solely for adding security to `IdcWebRequestService` calls. There are no parameters for this service; it simply creates a session. The important field to retrieve is the `JSESSIONID` value for future calls to `IdcWebRequestService`. If you want to use WS-Security with `IdcWebRequestService`, then apply it here. Content Server supports Oracle WSM policies for SAML and `username-token`.

IdcWebRequestService

This is the general WebCenter Content service. Essentially, it is a normal socket request to Content Server, wrapped in a SOAP request. Requests are sent to Content Server using streaming Message Transmission Optimization Mechanism (MTOM) in order to support large files.

Streaming MTOM and WS-Security do not mix. As a result, do not apply WS-Security to this service because it will break the streaming file support. In order to achieve security, you must first log in using the IdcWebLoginService, then use the same JSESSIONID received from that service in the next call to IdcWebRequestService as a cookie.

IdcWebLoginService

This service is solely for adding security to IdcWebRequestService calls. There are no parameters for this service; it simply creates a session. The important field to retrieve is the JSESSIONID value for future calls to IdcWebRequestService. If you want to use WS-Security with IdcWebRequestService, then apply it here. Content Server supports Oracle WSM policies for SAML and username-token.

25.2 Configuring Web Service Security Through Web Service Policies

The WebCenter Content web services are installed and ready to use by default with the WebCenter Content EAR. However, unless you configure web service security (WS-Security) on any of the WebCenter Content web services, all connections to Content Server will use the anonymous user. To configure security for WebCenter Content web services, you configure WS-Security through WS-Policy. Additional configuration is required to enable authentication.

WS-Security is set through the use of web service policies (WS-Policy). Security policies can be set for web services to define their security protocol. In particular, the WebCenter Content web services support Oracle WSM policies.

Note:

oracle/no_mtom_policy

WebCenter Content supports the following Oracle WSM policies:

oracle/wss11_saml_token_with_message_protection_service_policy
oracle/wss11_username_token_with_message_protection_service_policy
oracle/wss_username_token_service_policy

The 12c 12.2.1.3.0 uses Weblogic Server to apply Oracle WSM policies to web services. For more information, see Oracle Fusion Middleware Security and Administrator's Guide for Web Services.

25.3 Configuring SAML Support

You can also provide SAML support for client-side certificate authentication. See Securing Inbound SOAP Requests Using SAML Message Protection and Configuring Message Protection for Web Services for more details.