12 Using Oracle UCM Web Services 12-1 12 Using Oracle UCM Web Services This chapter describes how to use Oracle Universal Content Management Oracle UCM web services with Oracle WebLogic Server web services to manage Oracle Content Server. This chapter includes the following sections: ■ Section 12.1, Overview of Oracle UCM Web Services ■ Section 12.2, Oracle UCM Web Services ■ Section 12.3, Installation and Configuration ■ Section 12.4, Security

12.1 Overview of Oracle UCM Web Services

Web services reside as a layer on top of existing software systems such as application servers, .NET servers, Oracle WebLogic Server, and Oracle Content Server. Web services can be used as a bridge to dissimilar operating systems or programming languages. Web services are adapted to the Internet as the model for communication and rely on the HyperText Transfer Protocol HTTP as the default network protocol. Thus, using web services, you can build applications using a combination of components. Oracle UCM web services work with Oracle WebLogic Server web services to perform management functions for Oracle Content Server installed on Oracle WebLogic Server. Oracle WebLogic Server web services provide SOAP capabilities, and Oracle UCM web services include several built-in SOAP requests. Oracle UCM web services are automatically installed with an Oracle UCM instance, but they require additional configuration to set up security. Core enabling technologies for Oracle UCM web services include: ■ SOAP Simple Object Access Protocol is a lightweight XML-based messaging protocol used to encode the information in web service request and response messages before sending them over a network. SOAP requests are sent by the Oracle UCM web services to the Oracle WebLogic Server web services for implementation. For more information about SOAP, see Simple Object Access Protocol SOAP at http:www.w3.orgTRsoap12 . 12-2 Oracle Fusion Middleware Developers Guide for Oracle Universal Content Management ■ Web Services Security WS-Security is a standard set of SOAP extensions for securing web services for confidentiality, integrity, and authentication. For Oracle UCM web services, WS-Security is used for authentication, either for a client to connect to the server as a particular user or for one server to talk to another as a user. For more information, see the OASIS Web Service Security web page at http:www.oasis-open.orgcommitteestc_home.php?wg_ abbrev=wss . ■ Web Service Policy WS-Policy is a standard for attaching policies to web services. For Oracle UCM web services, policies are used for applying WS-Security to web services. The two supported policies are username-token security and Security Assertion Markup Language SAML security. Historically, Oracle used Oracle Web Services Manager OWSM to secure its web services, and Oracle WebLogic Server used Web Services Security Policy WS-SecurityPolicy to secure its web services. Because web services security is partially standardized, some OWSM and WS-SecurityPolicy policies can work with each other. Oracle UCM web services idcws as context root are SOAP based, while Oracle UCM native web services idcnativews as context root are JAX_WS based. Both kinds of web services can be assigned OWSM policies through the Oracle WebLogic Server Administration Console. The generic Oracle UCM web services are JAX-WS based and can be assigned OWSM policies and managed by OWSM. The native Oracle UCM web Services are SOAP based and can only support WS-Policy policies managed through the Oracle WebLogic Server Administration Console. For more information about OWSM, see the Oracle Fusion Middleware Security and Administrator’s Guide for Web Services. A subset of WebLogic web service policies interoperate with OWSM policies. For more information, see Interoperability with WebLogic Web Service Policies in Oracle Fusion Middleware Security and Administrators Guide for Web Services. Web Services Security Policy WS-SecurityPolicy is a set of security policy assertions for use with the WS-Policy framework. For more information, see Web Services Security Policy WS-SecurityPolicy specification at http:docs.oasis-open.orgws-sxws-securitypolicy200702ws- securitypolicy-1.2-spec-os.html . ■ SAML is an XML standard for exchanging authentication and authorization between different security domains. For more information, see the Security Assertion Markup Language SAML specification at http:docs.oasis-open.orgsecuritysamlv2.0 . ■ WebLogic Scripting Tool WLST is a command-line tool for managing Oracle WebLogic Server. For more information, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference. Note: Use OWSM policies over Oracle WebLogic Server web services whenever possible. You cannot mix your use of OWSM and Oracle WebLogic Server web services policies in the same web service. Using Oracle UCM Web Services 12-3