1 Overview of Oracle Web Services Security and Policy Management

This chapter provides a brief overview of Oracle web services security and policy management using Oracle Web Services Manager (OWSM).

This chapter includes the following section:

1.1 Web Services Security and Policy Management

Oracle Web Services Manager (OWSM) provides a policy framework to manage and secure web services consistently across your organization. For details about OWSM, see Understanding Oracle Web Services Manager.

OWSM can be used by both developers, at design time, and system administrators in production environments:

  • Application developers use Oracle JDeveloper to leverage the security and management features of the OWSM policy framework. For more information, see "Developing and Securing Web Services" in Developing Applications with Oracle JDeveloper.

  • System administrators can leverage OWSM post-deployment using Oracle Enterprise Manager Fusion Middleware Control or the command line interface WebLogic Scripting Tool (WLST).

Details for using OWSM, including the predefined policies and assertions, to secure the web services in your environment are described throughout this document.

For definitions of unfamiliar terms found in this and other books, see the Glossary.

You can use the OWSM framework to secure the types and categories of Oracle web services listed in Table 1-1. For more information about the web service categories and the types of web services and clients, see "Overview of Web Services in Oracle Fusion Middleware 12c" in Understanding Web Services.

Table 1-1 Categories of Oracle Web Services Secured Using OWSM

Web Service Category Web Service and Client Types

Oracle Infrastructure web services

Oracle ADF Services

  • ADF Business Components services (SOAP and RESTful)

  • ADF web applications (SOAP and RESTful)

  • ADF data controls (SOAP only)


Oracle Enterprise Scheduler

  • Web service jobs and callback services (SOAP only)


Oracle Service Bus

  • Business and proxy services (SOAP, RESTful)

  • JCA adapters

Note: You can also attach a subset of OWSM policies to non-SOAP HTTP endpoints. For more information, see "Supported OWSM Seed Policies for WSDL (non-SOAP), XML, and Messaging Service Service Types with HTTP Transport" in Developing Services with Oracle Service Bus.


Oracle SOA web services

  • Service components (SOAP and RESTful)

  • Service and reference binding components (SOAP and RESTful)

  • JCA adapters

Java EE (WebLogic) web services

  • JAX-WS (SOAP) web services

  • JAX-RS (RESTful) web services