Security and Policy Annotations for Oracle Web Services

A Security and Policy Annotations for Oracle Web Services

Web service security and policy annotations are available to secure and enable advanced features on Oracle web services.

This appendix describes the web service security and policy annotations and incudes the following sections:

A.1 About Security and Policy Annotations for Web Services

The Oracle web services programming model uses JDK metadata annotations.

JDK metadata annotations are described in the following technical note:

http://docs.oracle.com/javase/7/docs/technotes/guides/language/annotations.html

For additional information, see JSR 175 at:

http://www.jcp.org/en/jsr/detail?id=175

In this programming model, you create an annotated Java file to specify the shape and characteristics of the web service.

For more information about the annotations available, see Java API Reference for Oracle Infrastructure Web Services. For more information about the OWSM predefined policies, see Oracle Web Services Manager Predefined Policies.

A.2 Summary of Security and Policy Annotations for Web Services

Web service security and policy annotations secure and enable advanced features on Oracle web services.

Table A-1 summarizes the web service security and policy annotations described in this appendix. This table also lists the corresponding web service Feature class that can be used to attach policies to a subset of web service clients, as described in "Understanding Attaching Policies to Web Services and Clients at Design Time".

Table A-1 Security and Policy Annotations for Oracle Web Services

Annotation	Description
@Addressing	Specifies the use of WS-Addressing with either the SOAP 1.1/HTTP or SOAP 1.2/HTTP binding.
@AtomicTransaction	Enables web services atomic transactions.
@Buffering	Enables buffering of a Web service.
@CacheBinaryContent	Enables and configures binary caching of content.
@CallbackManagementPolicy	Attaches a management policy when sending the asynchronous response to the client callback service.
@CallbackMtomPolicy	Attaches an MTOM policy when sending the asynchronous response to the client callback service.
@CallbackPolicySet	Attaches one or more policy sets to the callback client of the asynchronous web service that will connect to the callback service.
@CallbackSecurityPolicy	Attaches a security policy when sending the asynchronous response to the client callback service.
@FastInfosetCallbackClient	Enables and configures Fast Infoset on callback client of the asynchronous web service that will connect to the callback service.
@FastInfosetClient	Enables and configures Fast Infoset on a Web service client.
@FastInfosetService	Enables Fast Infoset on a web service.
@JMSTransportClient	Enables and configures SOAP over JMS transport for JAX-WS web service clients.
@JMSTransportService	Enables and configures SOAP over JMS transport for JAX-WS web services.
@ManagementPolicy	Attaches a management policy to the web service.
@MaxRequestSize	Configures the maximum size, in bytes, of the request message that can be sent to the web service.
@MEXRequestProcessingService	Enables the exchange of metadata.
@MTOM	Enables the use of Message Transmission Optimization Mechanism (MTOM) on the web service.
@MTOMEncodeFaultService	Enables the creation of MTOM-enabled SOAP fault messages when MTOM is enabled.
@MtomPolicy	Attaches an MTOM policy to the web service.
@ OAuth1 Client Policy	Attaches a management policy which allows applications to use Twitter API using the statically generated consumer and access tokens.
@Persistence	Configures the secure conversation session persistence mechanism for the web service.
@PolicyReference	Attaches a single policy to a subject, and optionally overrides configuration property values.
@PolicySet	Defines a set of policy references, and optionally overrides unscoped configuration property values.
@POXHttpBindingService	Enables an endpoint to receive non-SOAP XML messages that are processed by a user defined `javax.xml.ws.Provider<T>.invoke` method.
@Property	Specifies a single property that can be used to override the configuration of one or more policies.
@ReliabilityPolicy	Attaches the `oracle/wsrm10_policy` or `oracle/wsrm10_policy` reliable messaging policies to the web service.
@ReliableMessaging	Attaches the `oracle/reliable_messaging_policy` policy to the web service
@RequestProcessingService	Enables the web service endpoint.
@SchemaValidation	Enables validation of request messages against the schema.
@SecurityPolicies (Oracle Infrastructure Web Services)	Specifies an array of `oracle.webservices.annotations.SecurityPolicy` annotations.
@SecurityPolicies (Java EE Web Services)	Specifies an array of `weblogic.wsee.jws.jaxws.owsm.SecurityPolicy` annotations.
@SecurityPolicy (Oracle Infrastructure Web Services)	Attaches a security policy to the request or response SOAP message.
@SecurityPolicy (Java EE Web Services)	Attaches a security policy to the request or response SOAP message.
@SOAPRequestProcessingService	Enables the processing of SOAP requests on a web service endpoint.
@TestPageProcessingService	Enables the Web Service Test Client.
@WSDLRequestProcessingService	Enables the WSDL for the web service.
@WSLoggingLevel	Sets the logging level for diagnostic logs for the web service endpoint.

A.3 List of Security and Policy Annotations for Web Services

Oracle web services includes the following security and policy annotations:

A.3.1 @Addressing

The javax.xml.ws.soap.Addressing annotation specifies the use of WS-Addressing with either the SOAP 1.1/HTTP or SOAP 1.2/HTTP binding.

A.3.1.1 @Addressing Attributes

The following table defines the attributes that can be passed to the javax.xml.ws.soap.Addressing annotation.

Table A-2 Attributes for javax.xml.ws.soap.Addressing Annotation

Attribute Description Default

Attribute	Description	Default
`enabled`	Boolean value that specifies whether the endpoint supports WS-Addressing.	`true`
`required`	Boolean value that specifies whether WS-Addressing headers are required to be present on the incoming message.	`false`
`responses`	Value that specifies whether the endpoint requires the use of anonymous, non-anonymous, or all types of responses. Valid values, defined by `javax.xml.ws.soap.AddressingFeature.Responses`, include: `ALL` `ANONYMOUS` `NON_ANONYMOUS`	`ALL`

enabled

Boolean value that specifies whether the endpoint supports WS-Addressing.

true

required

Boolean value that specifies whether WS-Addressing headers are required to be present on the incoming message.

false

responses

Value that specifies whether the endpoint requires the use of anonymous, non-anonymous, or all types of responses. Valid values, defined by javax.xml.ws.soap.AddressingFeature.Responses, include:

ALL
ANONYMOUS
NON_ANONYMOUS

ALL

A.3.1.2 @Addressing Example

@Addressing(
    enabled = true,
    required = true,
    responses = AddressingFeature.Responses.ALL
)

A.3.2 @AtomicTransaction

The com.oracle.webservices.api.tx.at.AtomicTransaction annotation enables web services atomic transactions.

For more information, see "Using Web Services Atomic Transactions" in Developing Oracle Infrastructure Web Services.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.2.1 @AtomicTransaction Attributes

The following table defines the attributes that can be passed to the com.oracle.webservices.api.tx.at.AtomicTransaction annotation.

Table A-3 Attributes for com.oracle.webservices.api.tx.at.AtomicTransaction Annotation

Attribute Description Default

enabled

Boolean value that specifies whether or not the feature is enabled.

true

flowType

Whether the web services atomic transaction coordination context is passed with the transaction flow.

Valid values, defined by com.oracle.webservices.api.tx.at.AtomicTransactionFlowType, include:

MANDATORY
NEVER
SUPPORTS

For more information about the valid values, see "Configuring Web Service Atomic Transactions" in Developing Oracle Infrastructure Web Services.

SUPPORTS

version

Version of the web services atomic transaction coordination context that is supported for the SOA service or reference. For SOA references, it specifies the version used for outbound messages only. The value specified must be consistent across the entire transaction.

Valid values, defined by com.oracle.webservices.api.tx.at.AtomicTransactionVersion, include:

DEFAULT
WSAT10
WSAT11
WSAT12

For more information about the valid values, see "Configuring Web Service Atomic Transactions" in Developing Oracle Infrastructure Web Services.

DEFAULT

A.3.2.2 @AtomicTransaction Example

@AtomicTransaction(
    enabled=true,
    flowType = AtomicTransactionFlowType.MANDATORY,
    version= AtomicTransactionVersion.DEFAULT)

A.3.3 @Buffering

The com.oracle.webservices.api.Buffering annotation enables buffering of a Oracle Infrastructure Web service.

Note:

This annotation applies to Oracle Infrastructure Web services only.

When an operation on a buffered Web service is invoked, the message representing that invocation is stored in a JMS queue. WebLogic Server processes this buffered message asynchronously. If WebLogic Server goes down while the message is still in the queue, it will be processed as soon as WebLogic Server is restarted.

For example:

@Buffering(
    enabled=true,
    requestQueueEnabled=true)

The following table defines the attributes that can be passed to the com.oracle.webservices.api.Buffering annotation.

Table A-4 Attributes for com.oracle.webservices.api.Buffering Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`requestQueueConnectionFactoryJNDIName`	JNDI name of the connection factory to use for request message buffering. This value defaults to the default JMS connection factory defined by the server.	Default JMS connection factory defined by the server.
`requestQueueEnabled`	Flag that specifies whether the request queue is enabled.	`false`
`responseQueueName`	JNDI name of the request buffering queue.	""
`requestQueueTransactionEnabled`	Flag that specifies whether transactions should be used when storing and retrieving messages from the request buffering queue.	`false`
`responseQueueConnectionFactoryJNDIName`	JNDI name of the connection factory to use for response message buffering.	Default JMS connection factory defined by the server.
`responseQueueEnabled`	Flag that specifies whether the response queue is enabled.	`false`
`responseQueueName`	JNDI name of the response buffering queue.	""
`responseQueueTransactionEnabled`	Flag that specifies whether transactions should be used when storing and retrieving messages from the response buffering queue.	`false`
`retryCount`	Number of times that the JMS queue attempts to deliver the message to the Web service implementation until the operation is successfully invoked.	`3L`
`retryDelay`	Amount of time between retries of a buffered request and response. Note, this value is only applicable when `retryCount` is greater than 0. The value specified must be a positive value and conform to the XML schema duration lexical format, `PnYnMnDTnHnMnS`, where `nY` specifies the number of years, `nM` specifies the number of months, `nD` specifies the number of days, `T` is the date/time separator, `nH` specifies the number of hours, `nM` specifies the number of minutes, and `nS` specifies the number of seconds.	`P0DT30S` (30 seconds)

A.3.4 @CacheBinaryContent

The com.oracle.webservices.api.CacheBinaryContent annotation enables and configures binary caching of content.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.4.1 @CacheBinaryContent Attributes

The following table defines the attributes that can be passed to the com.oracle.webservices.api.CacheBinaryContent annotation.

Table A-5 Attributes for com.oracle.webservices.api.CacheBinaryContent Annotation

Attribute Description Default

Attribute	Description	Default
`arg1`	Boolean value that defines one of the following values: If `mode` is set to `BINARY`, this argument is not required. If `mode` is set to `FILE`, specifies the directory in which to store the temporary files as `arg1`. If `mode` is set to `BLOB`, specifies the URL of the DBMS connection.	`"java.io.tmpdir"`
`enabled`	Boolean value that specifies whether or not the feature is enabled.	`true`
`mode`	Value that specifies the runtime requirements of XTI scalable DOM in OraSAAJ. Valid values, defined by `com.oracle.webservcies.api.CacheBinaryContentMode`, include: `BINARY`—Fastest method, but most memory intensive. Not recommended for production. `FILE`—Recommended method. Specifies one temporary file per document. Need to specify the directory in which to store the temporary files as `arg1`. `BLOB`—Slowest method. Need to specify the URL of the DBMS connection as `arg1`.	`BINARY`

arg1

Boolean value that defines one of the following values:

If mode is set to BINARY, this argument is not required.
If mode is set to FILE, specifies the directory in which to store the temporary files as arg1.
If mode is set to BLOB, specifies the URL of the DBMS connection.

"java.io.tmpdir"

enabled

Boolean value that specifies whether or not the feature is enabled.

true

mode

Value that specifies the runtime requirements of XTI scalable DOM in OraSAAJ. Valid values, defined by com.oracle.webservcies.api.CacheBinaryContentMode, include:

BINARY—Fastest method, but most memory intensive. Not recommended for production.
FILE—Recommended method. Specifies one temporary file per document. Need to specify the directory in which to store the temporary files as arg1.
BLOB—Slowest method. Need to specify the URL of the DBMS connection as arg1.

BINARY

A.3.4.2 @CacheBinaryContent Example

@CacheBinaryContent(
    enabled=true,
    mode= CacheBinaryContentMode.FILE,
    arg1="/mytempdir")

A.3.5 @CallbackManagementPolicy

The oracle.webservices.annotations.CallbackManagementPolicy annotation enables you to attach a management policy when sending the asynchronous response to the client callback service.

This annotation is applicable to asynchronous web service implementation classes that are annotated with the oracle.webservices.annotations.async.AsyncWebService annotation, as described in "Developing an Asynchronous Web Service" in Developing Oracle Infrastructure Web Services.

Note:

This annotation has been deprecated. Oracle recommends that you use the oracle.wsm.metadata.annotation.CallbackPolicySet annotation, as described in "@CallbackPolicySet".

This annotation applies to Oracle Infrastructure web services only.

A.3.5.1 @CallbackManagementPolicy Attributes

The following table defines the attributes that can be passed to the oracle.webservices.annotations.async.CallbackManagementPolicy annotation.

Table A-6 Attributes for oracle.webservices.annotations.async.CallbackManagementPolicy Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`value`	Location from which to retrieve the WS-Policy file. Use the `http:` prefix to specify the URL of a WS-Policy file on the Web. Use the `policy:` prefix to specify that the WS-Policy file is packaged in the policy repository.	""

A.3.5.2 @CallbackManagementPolicy Example

@CallbackManagementPolicy(
    value="oracle/log_policy",
    enabled = true
)

A.3.6 @CallbackMtomPolicy

The oracle.webservices.annotations.async.CallbackMtomPolicy annotation attaches an MTOM policy when sending the asynchronous response to the client callback service.

Note:

This annotation has been deprecated. Oracle recommends that you use the oracle.wsm.metadata.annotation.CallbackPolicySet annotation, as described in "@CallbackPolicySet".

This annotation applies to Oracle Infrastructure web services only.

A.3.6.1 @CallbackMtomPolicy Attributes

The following table defines the attributes that can be passed to the oracle.webservices.annotations.async.CallbackMtomPolicy annotation.

Table A-7 Attributes for oracle.webservices.annotations.async.CallbackMtomPolicy Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`value`	Location from which to retrieve the MTOM policy file. Use the `http:` prefix to specify the URL of a MTOM policy file on the Web. Use the `policy:` prefix to specify that the MTOM policy file is packaged in the policy repository.	""

A.3.6.2 @CallbackMtomPolicy Example

@CallbackMtomPolicy(
    value="oracle/wsmtom_policy",
    enabled = true
)

A.3.7 @CallbackPolicySet

The oracle.wsm.metadata.annotation.CallbackPolicySet annotation defines a set of policy references for the callback service, and optionally overrides unscoped configuration property values.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.7.1 @CallbackPolicySet Attributes

The following table defines the attributes that can be passed to the oracle.wsm.metadata.annotation.CallbackPolicySet annotation.

Table A-8 Attributes for oracle.wsm.metadata.annotation.CallbackPolicySet Annotation

Attribute	Description	Default
`properties`	List of `oracle.wsm.metadata.annotation.Property` annotations that define configuration override property values.	""
`references`	List of `oracle.wsm.metadata.annotation.PolicyReference` annotations that define policies to attach to the subject.	""

A.3.7.2 @CallbackPolicySet Example

@CallbackPolicySet(references = { 
   @PolicyReference("oracle/wss_http_token_service_policy")
}

A.3.8 @CallbackSecurityPolicy

The oracle.webservices.annotations.async.CallbackSecurityPolicy annotation attaches a security policy when sending the asynchronous response to the client callback service.

Note:

This annotation has been deprecated. Oracle recommends that you use the oracle.wsm.metadata.annotation.CallbackPolicySet annotation, as described in "@CallbackPolicySet".

This annotation applies to Oracle Infrastructure web services only.

A.3.8.1 @CallbackSecurityPolicy Attributes

The following table summarizes the attributes that you can pass to the oracle.webservices.annotations.async.CallbackSecurityPolicy annotation.

Table A-9 Attributes for oracle.webservices.annotations.async.CallbackSecurityPolicy Annotation

Attribute	Description	Default
`enabled`	Optional. Boolean value that specifies whether the policy is enabled.	`true`
`Properties`	Optional. Array of property value-name pairs.	""
`value`	Location from which to retrieve the WS-Policy file. Use the `http:` prefix to specify the URL of a WS-Policy file on the Web. Use the `policy:` prefix to specify that the WS-Policy file is packaged in the policy repository.	""

A.3.8.2 @CallbackSecurityPolicy Example

@CallbackSecurityPolicy(value=
    "policy:oracle/wss10_username_token_with_message_protection_server_policy"),

A.3.9 @FastInfosetCallbackClient

The com.oracle.webservices.api.FastInfosetCallbackClient annotation enables and configures Fast Infoset on the callback client of the asynchronous web service that will connect to the callback service.

Note:

This annotation applies to Oracle Infrastructure web services only.

For more information about developing asynchronous web services and callback clients, see "Developing Asynchronous Web Services" in Developing Oracle Infrastructure Web Services. For more information about Fast Infoset, see "Optimizing XML Transmission Using Fast Infoset" in Developing Oracle Infrastructure Web Services.

A.3.9.1 @FastInfosetCallbackClient Attributes

The following table defines the attributes that can be passed to the com.oracle.webservices.api.FastInfosetCallbackClient annotation.

Table A-10 Attributes for com.oracle.webservices.api.FastInfosetCallbackClient Annotation

Attribute Description Default

Attribute	Description	Default
`fastInfosetContentNegotiation`	Content negotiation strategy. Valid values, defined by `com.oracle.webservices.api.FastInfosetContentNegotiationStrategy`, include: `OPTIMISTIC`—Assumes that Fast Infoset is enabled on the service. All requests will be sent using Fast Infoset. `PESSIMISTIC`—Initial request from client is sent without Fast Infoset enabled, but with an HTTP Accept header that indicates that the client supports the Fast Infoset capability. If the service response is in Fast Infoset format, confirming that Fast Infoset is enabled on the service, then subsequent requests from the client will be sent in Fast Infoset format. `NONE`—Client requests will not use Fast Infoset. For more information, see: JAX-WS Web Services: "Configuring the Content Negotiation Strategy" in Developing JAX-WS Web Services for Oracle WebLogic Server. Oracle Infrastructure Web Services: "Configuring the Content Negotiation Strategy" in Developing Oracle Infrastructure Web Services.	`NONE`
`enabled`	Boolean value that specifies whether or not the feature is enabled.	`true`

fastInfosetContentNegotiation

Content negotiation strategy. Valid values, defined by com.oracle.webservices.api.FastInfosetContentNegotiationStrategy, include:

OPTIMISTIC—Assumes that Fast Infoset is enabled on the service. All requests will be sent using Fast Infoset.
PESSIMISTIC—Initial request from client is sent without Fast Infoset enabled, but with an HTTP Accept header that indicates that the client supports the Fast Infoset capability. If the service response is in Fast Infoset format, confirming that Fast Infoset is enabled on the service, then subsequent requests from the client will be sent in Fast Infoset format.
NONE—Client requests will not use Fast Infoset.

For more information, see:

JAX-WS Web Services: "Configuring the Content Negotiation Strategy" in Developing JAX-WS Web Services for Oracle WebLogic Server.
Oracle Infrastructure Web Services: "Configuring the Content Negotiation Strategy" in Developing Oracle Infrastructure Web Services.

NONE

enabled

Boolean value that specifies whether or not the feature is enabled.

true

A.3.9.2 @FastInfosetCallbackClient Example

@FastInfosetCallbackClient(
    enable=true,
    fastInfosetContentNegotiation=FastInfosetContentNegotiationType.OPTIMISTIC
)

A.3.10 @FastInfosetClient

The com.oracle.webservices.api.FastInfosetClient annotation enables and configures Fast Infoset on a Web service client.

For more information about Fast Infoset, see:

JAX-WS Web Services: "Optimizing XML Transmission Using Fast Infoset" in Developing JAX-WS Web Services for Oracle WebLogic Server.
Oracle Infrastructure Web Services: "Optimizing XML Transmission Using Fast Infoset" in Developing Oracle Infrastructure Web Services.

A.3.11 @FastInfosetService

The com.oracle.webservices.api.FastInfosetService annotation enables Fast Infoset on the web service.

For more information about Fast Infoset, see:

JAX-WS Web Services: "Optimizing XML Transmission Using Fast Infoset" in Developing JAX-WS Web Services for Oracle WebLogic Server.
Oracle Infrastructure Web Services: "Optimizing XML Transmission Using Fast Infoset" in Developing Oracle Infrastructure Web Services.

A.3.11.1 @FastInfosetService Attribute

The following table defines the attribute that can be passed to the com.oracle.webservices.api.FastInfosetService annotation.

Table A-11 Attribute for com.oracle.webservices.api.FastInfosetService Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the feature is enabled.	`true`

A.3.11.2 @FastInfosetService Example

@FastInfosetService(
    enable=true
)

A.3.12 @JMSTransportClient

The com.oracle.webservices.api.jms.JMSTransportClient annotation enables and configures SOAP over JMS transport for Oracle Infrastructure and JAX-WS (Java EE) web service clients.

Using SOAP over JMS transport, web services and clients communicate using JMS destinations instead of HTTP connections, offering the following benefits:

Reliability
Scalability
Quality of service

For more information about using SOAP over JMS transport, see "Using SOAP Over JMS Transport" in Developing JAX-WS Web Services for Oracle WebLogic Server.

Note:

SOAP over JMS transport is not compatible with the following web service features: reliable messaging and HTTP transport-specific security.

For Oracle Infrastructure web services, SOAP over JMS transport is not compatible with asynchronous web services.

A.3.12.1 @JMSTransportClient Attributes

For information about the attributes that you can configure using the @JMSTransportClient annotation, see "Configuring JMS Transport Properties" in Developing JAX-WS Web Services for Oracle WebLogic Server.

A.3.12.2 @JMSTransportClient Example

@JMSTransportClient (
    destinationName="myQueue", 
    replyToName="myReplyToQueue",
    jndiURL="t3://localhost:7001",
    jndiInitialContextFactory="weblogic.jndi.WLInitialContextFactory", 
    jndiConnectionFactoryName="weblogic.jms.ConnectionFactory", 
    timeToLive=1000, priority=1, 
    messageType=com.oracle.webservices.api.jms.JMSMessageType.TEXT 
)

A.3.13 @JMSTransportService

The com.oracle.webservices.api.jms.JMSTransportService annotation enables and configures SOAP over JMS transport for Oracle Infrastructure and JAX-WS (Java EE) web services.

Using SOAP over JMS transport, web services and clients communicate using JMS destinations instead of HTTP connections, offering the following benefits:

Reliability
Scalability
Quality of service

For more information about using SOAP over JMS transport, see "Using SOAP Over JMS Transport" in Developing JAX-WS Web Services for Oracle WebLogic Server.

Note:

SOAP over JMS transport is not compatible with the following web service features: reliable messaging and HTTP transport-specific security.

For Oracle Infrastructure web services, SOAP over JMS transport is not compatible with asynchronous web services.

A.3.13.1 @JMSTransportService Attributes

For information about the attributes that you can configure using the @JMSTransportService annotation, see "Configuring JMS Transport Properties" in Developing JAX-WS Web Services for Oracle WebLogic Server.

A.3.13.2 @JMSTransportService Example

@JMSTransportService(destinationName="myQueue", 
   activationConfig = { 
      @ActivationConfigProperty(
         propertyName  = "destinationType", 
         propertyValue = "TOPIC"),
      @ActivationConfigProperty(
         propertyName  = "subscriptionDurability",
         propertyValue = "Durable"),
      @ActivationConfigProperty(propertyName  = "topicMessagesDistributionMode",
         propertyValue = "One-Copy-Per-Application")})

A.3.14 @ManagementPolicy

The oracle.webservices.annotations.ManagementPolicy annotation attaches a management policy to the web service.

Note:

This annotation has been deprecated. Oracle recommends that you use the oracle.wsm.metadata.annotation.PolicyReference annotation, as described in "@PolicyReference".

This annotation applies to Oracle Infrastructure web services only.

A.3.14.1 @ManagementPolicy Attributes

The following table defines the attributes that can be passed to the oracle.webservices.annotations.ManagementPolicy annotation.

Table A-12 Attributes for oracle.webservices.annotations.ManagementPolicy Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`value`	Location from which to retrieve the WS-Policy file. Use the `http:` prefix to specify the URL of a WS-Policy file on the Web. Use the `policy:` prefix to specify that the WS-Policy file is packaged in the policy repository.	""

A.3.14.2 @ManagementPolicy Example

@ManagementPolicy(
    value="oracle/log_policy",
    enabled = true
)

A.3.15 @MaxRequestSize

The com.oracle.webservices.api.MaxRequestSize annotation enables you to configure the maximum size, in bytes, of the request message that can be sent to the web service.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.15.1 @MaxRequestSize Attributes

The following table defines the attributes that can be passed to the com.oracle.webservices.api.MaxRequestSize annotation.

Table A-13 Attributes for com.oracle.webservices.api.MaxRequestSize Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`maxRequestSize`	Maximum size of the request message, in bytes. `-1` indicates that there is no limit to the size of the message.	`-1`

A.3.15.2 @MaxRequestSize Example

@MaxRequestSize(
    maxRequestSize=-1,
    enabled = true
)

A.3.16 @MEXRequestProcessingService

The com.oracle.webservices.api.MEXRequestProcessingService annotation enables the exchange of web service metadata.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.16.1 @MEXRequestProcessingService Attribute

The following table defines the attribute that can be passed to the com.oracle.webservices.api.MEXRequestProcessingService annotation.

Table A-14 Attribute for com.oracle.webservices.api.MEXRequestProcessingService Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`

A.3.16.2 @MEXRequestProcessingService Example

@MEXRequestProcessingService(
    enabled = true
)

A.3.17 @MTOM

The javax.xml.ws.soap.MTOM annotation enables the use of Message Transmission Optimization Mechanism (MTOM) on the web service. MTOM defines a method for optimizing the transmission of XML data of type xs:base64Binary or xs:hexBinary in SOAP messages.

For more information, see:

"Optimizing Binary Data Transmission" in Developing JAX-WS Web Services for Oracle WebLogic Server
@MTOM Javadoc at http://docs.oracle.com/javase/7/docs/api/javax/xml/ws/soap/MTOM.html

A.3.17.1 @MTOM Attribute

The following table defines the attribute that can be passed to the javax.xml.ws.soap.MTOM annotation.

Table A-15 Attribute for javax.xml.ws.soap.MTOM Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not MTOM is enabled.	`true`

A.3.17.2 @MTOM Example

@MTOM(
    enabled = true
)

A.3.18 @MTOMEncodeFaultService

The com.oracle.webservices.api.MTOMEncodeFaultService annotation enables the creation of MTOM-enabled SOAP fault messages when MTOM is enabled.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.18.1 @MTOMEncodeFaultService Attribute

The following table defines the attribute that can be passed to the com.oracle.webservices.api.MTOMEncodeFaultService annotation.

Table A-16 Attribute for com.oracle.webservcies.api.MTOMEncodeFaultService Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not MTOM is enabled.	`true`

A.3.18.2 @MTOMEncodeFaultService Example

@MTOMEncodeFaultService(
    enabled = true
)

A.3.19 @MtomPolicy

The oracle.webservices.annotations.MtomPolicy annotation attaches an MTOM policy to the web service.

Note:

This annotation has been deprecated. Oracle recommends that you use the oracle.wsm.metadata.annotation.PolicyReference annotation, as described in "@PolicyReference".

This annotation applies to Oracle Infrastructure web services only.

A.3.19.1 @MtomPolicy Attributes

The following table defines the attributes that can be passed to the oracle.webservices.annotations.MtomPolicy annotation.

Table A-17 Attributes for oracle.webservices.annotations.MtomPolicy Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`value`	Location from which to retrieve the MTOM policy file. Use the `http:` prefix to specify the URL of a MTOM policy file on the Web. Use the `policy:` prefix to specify that the MTOM policy file is packaged in the policy repository.	""

A.3.19.2 @MtomPolicy Example

@MtomPolicy(
    value="oracle/wsmtom_policy",
    enabled = true
)

A.3.20 @OAuth1 Client Policy

The OAuth1 Client Policy annotation attaches a management policy which allows applications to use Twitter API using the statically generated consumer and access tokens.

Note:

This annotation applies to Oracle Infrastructure Web services only.

A.3.21 @Persistence

The oracle.webservices.annotations.Persistence annotation configures the secure conversation session persistence mechanism for the web service.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.21.1 @Persistence Attributes

The following table defines the attributes that can be passed to the oracle.webservices.annotations.Persistence annotation.

Table A-18 Attributes for oracle.webservices.annotations.Persistence Annotation

Attribute Description Default

enabled

Boolean value that specifies whether or not the policy is enabled.

true

providerName

Identifies the persistence provider registered in the system. Possible values are:

oracle:jrf:Memory is the in-memory-based persistence provider.
oracle:jrf:Coherence is the integrated Coherence provider.

oracle:jrf:Coherence when the consumer of the policy (web service or client) is running in a WebLogic Server environment

oracle:jrf:Memory when the consumer of the policy is running in a standalone JVM environment

A.3.21.2 @Persistence Example

@PortableWebService
@SecurityPolicy("oracle/wss11_username_token_with_message_protection_wssc_service_policy") 
@Persistence(providerName="oracle:jrf:Coherence") 
 
public class TestService {
 ...... 
}

A.3.22 @PolicyReference

The oracle.wsm.metadata.annotation.PolicyReference annotation attaches a single policy to a subject, and optionally overrides configuration property values.

Note:

This annotation applies to Oracle Infrastructure web services and RESTful web services.

A.3.22.1 @PolicyReference Attributes

The following table defines the attributes that can be passed to the oracle.wsm.metadata.annotation.PolicyReference annotation.

Table A-19 Attributes for oracle.wsm.metadata.annotation.PolicyReference Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`properties`	List of `oracle.wsm.metadata.annotation.Property` annotations that define configuration override property values.	""
`value`	Location from which to retrieve the MTOM policy file. Use the `http:` prefix to specify the URL of a MTOM policy file on the Web. Use the `policy:` prefix to specify that the MTOM policy file is packaged in the policy repository.	""

A.3.22.2 @PolicyReference Example

@PolicyReference(
    value = "oracle/binding_permission_authorization_policy",
    properties = { 
        @Property(
            name="resource",
            value="com.sun.jersey.samples.helloworld.resources.MyApplication"),
        @Property(
            name="action",
            value="")
    }
)

A.3.23 @PolicySet

The oracle.wsm.metadata.annotation.PolicySet annotation defines a set of policy references for the web service, and optionally overrides unscoped configuration property values.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.23.1 @PolicySet Attributes

The following table defines the attributes that can be passed to the oracle.wsm.metadata.annotation.PolicySet annotation.

Table A-20 Attributes for oracle.wsm.metadata.annotation.PolicySet Annotation

Attribute	Description	Default
`properties`	List of `oracle.wsm.metadata.annotation.Property` annotations that define configuration override property values.	""
`references`	List of `oracle.wsm.metadata.annotation.PolicyReference` annotations that define policies to attach to the subject.	""

A.3.23.2 @PolicySet Example

@PolicySet(references = { 
   @PolicyReference("oracle/wss_http_token_service_policy")
}

A.3.24 @POXHttpBindingService

The com.oracle.webservices.api.POXHttpBindingService annotation enables an endpoint to receive non-SOAP XML messages that are processed by a user defined javax.xml.ws.Provider<T>.invoke method.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.24.1 @POXHttpBindingService Attribute

The following table defines the attribute that can be passed to the com.oracle.webservices.api.POXHttpBindingService annotation.

Table A-21 Attribute for com.oracle.webservcies.api.POXHttpBindingService Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not MTOM is enabled.	`true`

A.3.24.2 @POXHttpBindingService Example

@POXHttpBindingService(
    enabled = true
)

A.3.25 @Property

The oracle.wsm.metadata.annotation.Property annotation defines a single property that can be used to override the configuration of one or more policies.

Note:

This annotation applies to Oracle Infrastructure web services and RESTful web services.

A.3.25.1 @Property Attributes

The following table defines the attributes that can be passed to the oracle.wsm.metadata.annotation.Property annotation.

Table A-22 Attributes for oracle.wsm.metadata.annotation.Property Annotation

Attribute	Description	Default
`properties`	List of `oracle.wsm.metadata.annotation.Property` annotations that define unscoped configuration override property values.	""
`references`	List of `oracle.wsm.metadata.annotation.PolicyReference` annotations that define policies to attach to the subject.	""

A.3.25.2 @Property Example

@PolicyReference(
    value = "oracle/binding_permission_authorization_policy",
    properties = { 
        @Property(
            name="resource",
            value="com.sun.jersey.samples.helloworld.resources.MyApplication"),
        @Property(
            name="action",
            value="")
    }
)

A.3.26 @ReliabilityPolicy

The oracle.webservices.annotations.ReliabilityPolicy annotation attaches the oracle/wsrm10_policy or oracle/wsrm10_policy reliable messaging policies to the web service.

Note:

This annotation has been deprecated. Oracle recommends that you use the com.oracle.webservices.api.rm.ReliableMessaging annotation, as described in "@ReliableMessaging".

This annotation applies to Oracle Infrastructure web services only.

A.3.26.1 @ReliabilityPolicy Attributes

The following table defines the attributes that can be passed to the oracle.webservices.annotations.ReliabilityPolicy annotation.

Table A-23 Attributes for oracle.webservices.annotations.ReliabilityPolicy Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`value`	Location from which to retrieve the reliable messaging policy file. Use the `http:` prefix to specify the URL of a reliable messaging policy file on the Web. Use the `policy:` prefix to specify that the reliable messaging policy file is packaged in the policy repository.	""

A.3.26.2 @ReliabilityPolicy Example

@ReliabilityPolicy(
       value="oracle/wsrm11_policy",
       enabled = true)

A.3.27 @ReliableMessaging

The com.oracle.webservices.api.rm.ReliableMessaging annotation attaches the oracle/reliable_messaging_policy policy to the web service.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.27.1 @ReliableMessaging Attributes

The following table defines the attributes that can be passed to the oracle.webservices.annotations.ReliableMessaging annotation.

Table A-24 Attributes for oracle.webservices.annotations.ReliableMessaging Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`value`	Location from which to retrieve the reliable messaging policy file. Use the `http:` prefix to specify the URL of a reliable messaging policy file on the Web. Use the `policy:` prefix to specify that the reliable messaging policy file is packaged in the policy repository.	""

A.3.27.2 @ReliableMessaging Example

@ReliableMessaging(
       value="oracle/reliable_messaging_policy",
       enabled = true)

A.3.28 @RequestProcessingService

The com.oracle.webservices.api.RequestProcessingService annotation enables the web service endpoint to process incoming requests.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.28.1 @RequestProcessingService Attribute

The following table defines the attribute that can be passed to the oracle.webservices.annotations.RequestProcessingService annotation.

Table A-25 Attribute for oracle.webservices.annotations.RequestProcessingService Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`

A.3.28.2 @RequestProcessingService Example

@RequestProcessingService(
       enabled = true)

A.3.29 @SchemaValidation

The com.oracle.webservices.api.SchemaValidation annotation enables the validation of request messages against the schema.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.29.1 @SchemaValidation Attribute

The following table defines the attributes that can be passed to the oracle.webservices.annotations.SchemaValidation annotation.

Table A-26 Attribute for oracle.webservices.annotations.SchemaValidation Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`

A.3.29.2 @SchemaValidation Example

@SchemaValidation(
       enabled = true)

A.3.30 @SecurityPolicies (Oracle Infrastructure Web Services)

The oracle.webservices.annotations.SecurityPolicies annotation specifies an array of oracle.webservices.annotations.SecurityPolicy annotations. Use this annotation if you want to attach more than one WS-Policy file to a class.

Note:

This annotation has been deprecated. Oracle recommends that you use the oracle.wsm.metadata.annotation.PolicySet annotation, as described in "@PolicySet".

This annotation applies to Oracle Infrastructure web services only.

For example:

@SecurityPolicies({
   @SecurityPolicy(uri=
    "policy:oracle/wss10_username_token_with_message_protection_server_policy"),
   @SecurityPolicy(uri="policy:oracle/authorization_policy")

A.3.31 @SecurityPolicies (Java EE Web Services)

The weblogic.wsee.jws.jaxws.owsm.SecurityPolicies annotation specifies an array of weblogic.wsee.jws.jaxws.owsm.SecurityPolicy annotations. Use this annotation if you want to attach more than one WS-Policy file to a class.

Note:

This annotation applies to Java EE web services only.

A.3.31.1 @SecurityPolicies Example

@SecurityPolicies({
   @SecurityPolicy(uri=
    "policy:oracle/wss10_username_token_with_message_protection_server_policy"),
   @SecurityPolicy(uri="policy:oracle/authorization_policy")

A.3.32 @SecurityPolicy (Oracle Infrastructure Web Services)

The oracle.webservices.annotations.SecurityPolicy annotation attaches a security policy to the request or response SOAP message. This annotation can be used on its own to apply a single WS-Policy file to a class. If you want to apply more than one WS-Policy file to a class, use the @SecurityPolicies annotation to group them together.

Note:

This annotation has been deprecated. Oracle recommends that you use the oracle.wsm.metadata.annotation.PolicyReference annotation, as described in "@PolicyReference".

This annotation applies to Oracle Infrastructure web services only.

A.3.32.1 @SecurityPolicy Attributes

The following table summarizes the attributes that you can pass to the oracle.webservices.annotations.SecurityPolicy annotation.

Table A-27 Attributes for oracle.webservices.annotations.SecurityPolicy Annotation

Attribute	Description	Default
`enabled`	Optional. Boolean value that specifies whether the policy is enabled.	`true`
`Properties`	Optional. Array of property value-name pairs.	""
`value`	Location from which to retrieve the WS-Policy file. Use the `http:` prefix to specify the URL of a WS-Policy file on the Web. Use the `policy:` prefix to specify that the WS-Policy file is packaged in the policy repository.	""

A.3.32.2 @SecurityPolicy Example

@SecurityPolicy(value=
    "policy:oracle/wss10_username_token_with_message_protection_server_policy"),

A.3.33 @SecurityPolicy (Java EE Web Services)

The weblogic.wsee.jws.jaxws.owsm.SecurityPolicy annotation attaches a security policy to the request or response SOAP message. This annotation can be used on its own to apply a single WS-Policy file to a class. If you want to apply more than one WS-Policy file to a class, use the @SecurityPolicies annotation to group them together.

Note:

This annotation applies to Java EE web services only.

A.3.33.1 @SecurityPolicy Attributes

The following table summarizes the attributes that you can pass to the weblogic.wsee.jws.jaxws.owsm.SecurityPolicy annotation.

Table A-28 Attributes for weblogic.wsee.jws.jaxws.owsm.SecurityPolicy Annotation

Attribute	Description	Default
`enabled`	Optional. Boolean value that specifies whether the policy is enabled.	`true`
`uri`	Location from which to retrieve the WS-Policy file. Use the `http:` prefix to specify the URL of a WS-Policy file on the Web. Use the `policy:` prefix to specify that the WS-Policy file is packaged in the policy repository.	""

A.3.33.2 @SecurityPolicy Example

@SecurityPolicy(value=
    "policy:oracle/wss10_username_token_with_message_protection_server_policy")

A.3.34 @SOAPRequestProcessingService

This com.oracle.webservices.api.SOAPRequestProcessingService annotation enables the processing of SOAP requests on a web service endpoint.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.34.1 @SOAPRequestProcessingService Attribute

The following table defines the attribute that can be passed to the oracle.webservices.annotations.SOAPRequestProcessingService annotation.

Table A-29 Attribute for oracle.webservices.annotations.SOAPRequestProcessingService Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`

A.3.34.2 @SOAPRequestProcessingService Example

@SOAPRequestProcessingService(
       enabled = true)

A.3.35 @TestPageProcessingService

The com.oracle.webservices.api.TestPageProcessingService annotation enables the Web Service Test Client. This annotation applies to Oracle Infrastructure web services only.

For more information, see "Using the Web Services Test Client" in Administering Web Services.

Note:

The procedures described in this section do not impact the availability of the Web Services Test link on the Web Service Endpoint page, which enables you to access the Fusion Middleware Control Test Web Service page. For more information, see "Using the Test Web Service Page in Fusion Middleware Control" in Administering Web Services.

A.3.35.1 @TestPageProcessingService Attribute

The following table defines the attribute that can be passed to the oracle.webservices.annotations.TestPageProcessingService annotation.

Table A-30 Attribute for oracle.webservices.annotations.TestPageProcessingService Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`

A.3.35.2 @TestPageProcessingService Example

@TestPageProcessingService(
       enabled = true)

A.3.36 @WSDLRequestProcessingService

This com.oracle.webservices.api.WSDLRequestProcessingService annotation enables access to the WSDL for the web service.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.36.1 @WSDLRequestProcessingService Attribute

The following table defines the attribute that can be passed to the oracle.webservices.annotations.WSDLRequestProcessingService annotation.

Table A-31 Attribute for oracle.webservices.annotations.WSDLRequestProcessingService Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`

A.3.36.2 @WSDLRequestProcessingService Example

@WSDLRequestProcessingService(
       enabled = true)

A.3.37 @WSLoggingLevel

This com.oracle.webservices.api.WSLoggingLevel annotation sets the logging level for diagnostic logs for the web service endpoint.

Note:

This annotation applies to Oracle Infrastructure web services only.

A.3.37.1 @WSLoggingLevel Attributes

The following table defines the attributes that can be passed to the oracle.webservices.annotations.WSLoggingLevel annotation.

Table A-32 Attribute for oracle.webservices.annotations.WSLoggingLevel Annotation

Attribute	Description	Default
`enabled`	Boolean value that specifies whether or not the policy is enabled.	`true`
`loggingLevel`	Defines the logging level. Valid values include: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, or NULL.	""

A.3.37.2 @WSLoggingLevel Example

@WSLoggingLevel(
       enabled = true,
       loggingLevel=INFO
)