This post outlines how to apply WS-Policies to Web Service endpoints on a WebLogic server using the UCM Web Service as an example. It also details how to fix potential issues when securing web services in a multi-machine domain.
Securing the Endpoint
- Log into the Admin Console (http://<server>:7001/console)
- Select Deployments from the left menu
- Locate and select the relevant web service deployment. I am using GenericSoapService under the Oracle UCM Web Services deployment
- Select the Configuration tab, then the WS-Policy sub tab
- Click the relevant Service Endpoint. I am using GenericSoapPort
- If prompted, select OWSM and click Next
- Add the desired policy to the Chosen Endpoint Policies. For the UCM Web Service, only the following two policies are supported:
oracle/wss11_saml_token_with_message_protection_service_policy
oracle/wss11_username_token_with_message_protection_service_policy
oracle/wss11_username_token_with_message_protection_service_policy
- Click Finish. IMPORTANT: Take note of the deployment plan path. For me, it was:
<MW_HOME>/Oracle_ECM1/ucm/idc/components/ServletPlugin
- If prompted, click OK to confirm on the Save Deployment Plan screen.
- Activate Changes
If you are running a domain with multiple machines, you may see an an error message at the top of the screen indicating that the Plan.xml file was not found. If this occurs, follow the instructions below.
Configuring a Multi-Machine Domain
When you update the WS-Policy for the web service deployment, a Plan.xml file (and other supporting files) are created on the machine where Admin Server is running. If your web service is deployed to any other Managed Servers which are running on separate machines, these supporting files will not exist on these machines. This is why you receive the Plan.xml not found error.
This problem is easily fixed by copying the relevant files from the Admin Server machine to the same location on every machine with a Managed Server which has the relevant Web Service deployed to it.
For my UCM Web Service example, I had to copy the Plan.xml:
<MW_HOME>/Oracle_ECM1/ucm/idc/components/Plan.xml
And the following directory:
<MW_HOME>/Oracle_ECM1/ucm/idc/components/ServletPlugin
From the Admin Server's machine to the same locations on the two machines that were running the UCM Managed servers.
NOTE: After copying the above files/directories, please check the permissions are the same/similar to those set on the Admin Server copies.
Now that all of the supporting files exist in the relevant location, you need to update the your Web Service deployment:
- Log into the Admin Console (http://<server>:7001/console)
- Select Deployments from the left menu
- Check the box beside the relevant deployment. For me, this is Oracle UCM Web Services
- Click the Update button at the bottom or top of the page
- Make sure that the Redeploy radio button is selected and click Finish
- No restart is required
No comments:
Post a Comment