Using WLST to manage Web Service Policies
Security policies can be added and managed for your web services using Fusion Middeware Control, Enterprise Manager, by browsing appropriate web service on EM. But WLST offers more convenient way to manage policies. I find WLST more handy in many many cases. So I will talk about the common WLST commands that will be used to list/attach/detach/enable/disable security policies with your Web Service.
Dev Guide Reference: http://download.oracle.com/docs/cd/E21764_01/web.1111/e13813/custom_webservices.htm#CHDBGDBF
The commands that I am going to talk about here are,
listWebServicePolicies
attachWebServicePolicy
detachWebServicePolicy
enableWebServicePolicy
The tricky part here is not using these commands. But knowing the hack on how to identify these parameters correct and use those parameters. I am going to focus on that in this post.
Knowing the common parameters:
All the WLST commands for doing above operations share a common parameters. If you know how to derive them, then this is a cake walk. This post will help you in know that hack.
Syntax:
listWebServicePolicies(application,moduleOrCompName,moduleType,serviceName,subjectName) attachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [subjectType=None]) detachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [subjectType=None]) enableWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [enable], [subjectType=None] ))
Parameter | Description | How to derive the value |
application | For J2EE App:
Name of the J2EE App relative to domain name, server name and application name in pattern “domain-name/server-name/application-name”. Eg: /wls_domain/AdminServer/EmpDeptService For SOA Composite: None. |
For J2EE App:
Navigate to <domain-home>\servers\AdminServer\upload and take the Application name from there. For SOA Project: The value can be entered as None. Its a static value. |
moduleOrCompName | For J2EE App:
Name of the moduleOrCompName represents the name of the web module for an ADF BC Service. For SOA Composite: This represents the SOA Composite name in pattern <partition-name>/<composite-name>[revision-id] |
For J2EE App:
Navigate to WLS console -> Deployments and drill down into the Application. In Overview -> Modules section, you can find the web module name for the service. Eg: for my EmpDeptService App, the web module name you would see if “empDeptService”. For SOA Composite: Navigate to soa-infra URL. You would find the composite name mentioned as “default/AsyncServiceCallUsingPick!1.0”. Remove ! and cover the revision id with []. Eg: valid name for above composite would be “default/AsyncServiceCallUsingPick[1.0]” |
moduleType | For J2EE App: web.
For SOA Composite: soa. |
Static values..
For J2EE App: web. For SOA Composite: soa. |
serviceName | This represents the name of the service. | Navigate to the WSDL file. Navigate to the wsdl:service tag. Fetch the value from “name” attribute. |
subjectName | This represents the port name of the service. | Navigate to the WSDL file.Navigate to the wsdl:port tag. Fetch the value from “name” attribute. |
policyURI | The security policy URI which needs to be used in appropriate command. | List of available security policies can be obtained from wsm-pm/validator URL. |
List attached web service security policy:
In all these examples/demos, I am going to take my EmpDeptBCService. This would list all security policy attached with this ADF BC Service.
Syntax:
listWebServicePolicies(application,moduleOrCompName,moduleType,serviceName,subjectName)
Example usage:
listWebServicePolicies('/soa_domain_dev/AdminServer/EmpDeptService','empDeptService','web','EmpDeptBCService','EmpDeptBCServiceSoapHttpPort')
Output:
wls:/soa_domain_dev/serverConfig> listWebServicePolicies('/soa_domain_dev/AdminServer/EmpDeptService','empDeptService','web','EmpDeptBCService','EmpDeptBCServic eSoapHttpPort') EmpDeptBCServiceSoapHttpPort : security : oracle/wss_saml_or_username_token_service_policy, enabled=true Attached policy or policies are valid; endpoint is secure. wls:/soa_domain_dev/serverConfig>
Attaching a web service policy:
Let’s attach the log policy, oracle/log_policy, to the web service.
Syntax:
attachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [subjectType=None])
Example usage:
attachWebServicePolicy('/soa_domain_dev/AdminServer/EmpDeptService', 'empDeptService', 'web', 'EmpDeptBCService', 'EmpDeptBCServiceSoapHttpPort', 'oracle/log_policy')
Output:
wls:/soa_domain_dev/serverConfig> attachWebServicePolicy('/soa_domain_dev/AdminServer/EmpDeptService', 'empDeptService', 'web', 'EmpDeptBCService', 'EmpDeptBCS rviceSoapHttpPort', 'oracle/log_policy') Please restart application to uptake any policy or configuration change. wls:/soa_domain_dev/serverConfig>
As it clearly says in output, restart of Application is required to get this configuration change activated. This can be verified using listWebServicePolicies or this new policy can be seen from EM.
Detach a web service security policy:
This can be used to detach a security policy applied to the service.
Syntax:
detachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [subjectType=None])
Example usage:
detachWebServicePolicy('/soa_domain_dev/AdminServer/EmpDeptService', 'empDeptService', 'web', 'EmpDeptBCService', 'EmpDeptBCServiceSoapHttpPort', 'oracle/log_policy')
Output:
wls:/soa_domain_dev/serverConfig> detachWebServicePolicy('/soa_domain_dev/AdminServer/EmpDeptService', 'empDeptService', 'web', 'EmpDeptBCService', 'EmpDeptBCSe rviceSoapHttpPort', 'oracle/log_policy') Please restart application to uptake any policy or configuration change. wls:/soa_domain_dev/serverConfig>
As it clearly says in output, restart of Application is required to get this configuration change activated. This can be verified using listWebServicePolicies or this new policy can be seen from EM.
Enable or Disable security policy attached with service:
This is used to enable or disable a security policy that is attached with a service.
Syntax:
enableWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [enable], [subjectType=None] ))
Here enable property value set to “true” is going to enable the security policy. This value set to “false” is going to disable the security policy.
Example usage:
enableWebServicePolicy('/soa_domain_dev/AdminServer/EmpDeptService', 'empDeptService', 'web', 'EmpDeptBCService', 'EmpDeptBCServiceSoapHttpPort', 'oracle/wss_saml_or_username_token_service_policy', false )
Output:
wls:/soa_domain_dev/serverConfig> enableWebServicePolicy('/soa_domain_dev/AdminServer/EmpDeptService', 'empDeptService', 'web', 'EmpDeptBCService', 'EmpDeptBCSe rviceSoapHttpPort', 'oracle/wss_saml_or_username_token_service_policy', false ) Please restart application to uptake any policy or configuration change. wls:/soa_domain_dev/serverConfig>
As it clearly says in output, restart of Application is required to get this configuration change activated. This can be verified using listWebServicePolicies or this new policy can be seen from EM.
Thanks for reading and Keep Smiling 🙂
Kavin.
Categories
Thought for the day
When you become a calm and cool observer of life, you are going to laugh not ordinary laughter, but a belly laughter like a lion's roar.
--Osho
Keep Smiling :-)