This chapter describes the set of typical tasks you need to manage Oracle Web Services Manager (OWSM) policies and secure Oracle Web Services.
This chapter includes the following sections:
This section provides a summary of the steps required to create a new policy. You can create a new policy using one or more assertion templates, or by cloning an existing policy and editing it as desired.
Decide what behavior your policy needs to enforce and determine if you can use one of the predefined policies. More
Understand the different categories of policies. More
Understand the policy subjects to which policies can be attached. More
Decide upon a naming convention for your policies. More
The steps for this process are:
If you are creating a new policy, then use the Create feature. How?
If you are using an existing policy as the starting point for your policy, then use the Create Like feature. How?
For more information about creating policies, see "Managing Web Service Policies with Fusion Middleware Control" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to edit a policy. Note that you can only edit a policy that you created, either using assertion templates or by cloning a predefined policy. You cannot edit the predefined policies; these policies are read only.
The steps for this process are:
Review the policy details. How?
Analyze the impact of editing the policy on the policy subjects. How?
Edit the policy. How?
For more information about editing policies, see "Managing Web Service Policies with Fusion Middleware Control" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to delete a policy. Note that you can only delete a policy that you created, either using assertion templates or by cloning a predefined policy. You cannot delete the predefined policies; these policies are read only.
The steps for this process are:
Review the policy details. How?
Analyze the impact of deleting the policy on the policy subjects. How?
Delete the policy. How?
For more information about deleting policies, see "Managing Web Service Policies with Fusion Middleware Control" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to change the current version of a policy.
Note:
You can change the current version of a user-created policy only. Version control does not apply to the Oracle predefined policies because they are read only and cannot be modified.The steps for this process are:
Review the earlier versions of the policy to determine the version you want to restore. How?
Review the policy subjects to which this policy is attached. How?
Change the current version of the policy. How?
For more information about changing the current version of a policy, see "Versioning Web Service Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to attach a standalone policy or globally available policy set to a Web service.
The steps for this process are:
Identify the Web service to which you want to attach the policy. How?
View the policies or policy sets that are currently attached to the Web service. How?
Navigate to the policy that you want to attach to the Web service endpoint. How?
If the policy you need does not exist, then create a new one. How?
View the policy and verify that it meets your requirements. How?
If you need to make changes, then edit the policy. How?
Note: Editing the predefined policies is not recommended.
Attach the policy to the Web service. How?
Test the Web service to verify that the policy is being used by the Web service. How?
For more information about attaching policies, see "Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to use the Web services test page to verify that the policy is being enforced and that you are getting the expected results.
Note:
You can test RESTful Web services by selecting the GET or POST service port operations. However, because the SOAP protocol is not used with RESTful Web services, the only security options are HTTP Basic Authentication or None, and the results on the Response tab are a simplified version of the standard Web service results. In addition, SOAP action and other Web service policies, such as WS-RM, MTOM, and WS-Addressing are not applicable for REST endpoints.The steps for this process are:
Navigate to the Web service you want to test and review the operations. How?
Test one of the operations using a security policy. How?
Review the results of the test.
Test the operation again, generating a load for the application. How?
Review the test results.
Review the system parameters and application performance metrics.
For more information about testing Web services, see "Testing Web Services" in Administering Web Services.
This section provides a summary of the steps required to use the Web Service Client page to configure policies and HTTP properties for SOA reference, Oracle Infrastructure clients such as ADF DC Web service clients, or the Web Service Callback Client page to configure asynchronous Web service callback clients.
The steps for this process are:
Use the Policy tab to attach or detach client policies, enable or disable client policy references, and override security configuration. How?
Use the Configuration tab to configure the client. How?
Note:
The Endpoint Address and Maintain Session properties in the General area are not available on the Callback Client page for asynchronous Web service callback clients.For more information about configuring a Web service client, see "Configuring Web Service Clients Using Fusion Middleware Control" in Administering Web Services.
This section provides a summary of the steps required to manage OWSM configuration at the domain level.
The steps for this process are:
View and Modify General Information About the Domain. How?
The General tab enables you view the domain name, platform type, and the number of applications and services. You can modify the display name and the description for the domain. It also provides version information for the configuration.
Configuring Domain-Level Authentication. How?
The Authentication tab provides the ability to configure the authentication settings required for the environment. This includes the ability to configure SAML trust, specify the lifetime of an issued token, and configure the subject created in OWSM. You can also configure the SAML and SAML2 login modules, the Kerberos login module, and the X509 login module, as well as create custom login modules.
Configure Domain-Level Message Security. How?
The Message Security tab provides the ability to configure the message protection settings required for the environment. This includes configuring the OWSM keystore and tuning security policy enforcement by adjusting the default message timestamp skews between system clocks, the time-to-live for nonce messages in the cache, the message expiration time, and XPath transformations. You can also specify identity settings such as whether to enforce Web service policies by publishing the X509 certificate in the WSDL. In addition, if the X509 is published, you can also specify whether to ignore host name verification. You can also configure secure conversation settings such as when secure conversations should expire.
Configure Policy Access. How?
The Policy Access tab provides the ability to configure the policy manager connection, including whether to use the auto-discovery feature. You can also configure the SSL settings for the OWSM domain, and tune the policy cache.
For more information about configuring an OWSM domain, see "Managing OWSM Domain Configuration" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to use the View Policy Sets page to review the configuration of a policy set.
The step for this process is:
Review the policy set details. How?
For more information about viewing a policy set, see "Viewing the Configuration of a Policy Set Using Fusion Middleware Control" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to create a new policy set or copy an existing policy set and edit it.
Note:
When you create a policy set from an existing policy set, all values and attachments are copied into the new one. You can modify the resource scope and the policy attachments in the new policy set, but you cannot change the type of resource to which it applies.Understand how to attach policies globally using policy sets. More
Understand how to define the type and scope of resources in a policy set. More
Understand how to specify a runtime constraint. More
Familiarize yourself with the policy framework to manage and secure Web services consistently across your organization. More
The steps for this process are:
If you are creating a new policy set, then use the Create feature. How?
If you are using an existing policy set as the starting point for your new policy set, then use the Create Like feature. How?
For more information about creating a new policy set, see "Attaching Policies Globally Using Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to edit a policy set.
The steps for this process are:
For more information about editing a policy set, see "Editing a Policy Set" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to override the policy configuration in a policy set.
The steps for this process are:
For more information about overriding the policy configuration in a policy set, see "Overriding Policy Configuration Properties Using Fusion Middleware Control" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
This section provides a summary of the steps required to delete a policy set.
The steps for this process are:
For more information about deleting a policy set, see "Deleting Policy Sets Using Fusion Middleware Control" in Securing Web Services and Managing Policies with Oracle Web Services Manager.