1 Overview

This chapter provides a brief overview of Web services security and policy management using OWSM. It includes the following sections:

1.1 Web Services Security and Policy Management

Oracle Web Services Manager (OWSM) provides a policy framework to manage and secure these Web services consistently across your organization. OWSM can be used by both developers, at design time, and system administrators in production environments. For details about OWSM, see Understanding Oracle Web Services Manager.

You can use the OWSM framework to secure the following categories of Oracle Web services:

  • Oracle Infrastructure Web services—ADF services

  • WebLogic (Java EE) Web services

  • RESTful Web services

For more information about the Web service categories and the types of Web services and clients in Oracle Fusion Middleware 12c, see Understanding Web Services.

Application developers can use Oracle JDeveloper to leverage the security and management features of the OWSM policy framework. For more information, see "Developing with Web Services" in the Oracle JDeveloper online help.

System administrators can leverage OWSM post-deployment using Oracle Enterprise Manager Fusion Middleware Control or the command line interface WebLogic Scripting Tool (WLST).

OWSM provides a set of predefined policies and assertions that you can use to secure the Web services in your environment. You can attach OWSM policies to Oracle Infrastructure Web services. You can also attach OWSM security policies to WebLogic (Java EE) JAX-WS Web services to interface with the SOA/ADF/WebCenter Web services, for example. (You cannot attach OWSM policies to JAX-RPC Web services.)


You can also secure WebLogic (Java EE) Web services using WebLogic Web service policies, which are provided by WebLogic Server. You manage WebLogic Web service policies from the WebLogic Administration Console. For more information about the WebLogic Web service policies, see Securing WebLogic Web Services for Oracle WebLogic Server.

A subset of WebLogic Web service policies interoperate with OWSM policies. For more information, see "Interoperability with Oracle WebLogic Server 11g Web Service Security Environments" in Interoperability Solutions Guide for Oracle Web Services Manager.