17-2 Oracle Fusion Middleware Security and Administrators Guide for Web Services

1. In the Navigator pane, expand Metadata Repositories and select mds-owsm, as

shown in Figure 17–1 . Figure 17–1 Metadata Repository in Navigation Pane

2. Select Metadata Repository, then Administration, then RegisterDeregister.

The Metadata Repositories page is displayed, as shown in Figure 17–2 . Figure 17–2 Registering an Oracle WSM Repository

3. Click Register and provide the required database connection and repository

information to register the repository. Complete details for registering and managing a metadata repository are provided in Managing the Metadata Repository in the Oracle Fusion Middleware Administrators Guide. Understanding the Different Mechanisms for Importing and Exporting Policies You can use Enterprise Manager Fusion Middleware Control or WebLogic Scripting Tool WLST commands to import and export policies to and from the Oracle WSM Repository. Oracle Enterprise Manager Fusion Middleware Control provides the ability to selectively import and export one policy at a time. The procedures for importing and exporting policies using Fusion Middleware Control are described in the following sections: ■ Importing Web Service Policies on page 7-7 ■ Exporting Web Service Policies on page 7-20 The WLST commands, importRepository and exportRepository, are provided to facilitate importing and exporting multiple Oracle WSM documents directly to and from the Oracle WSM Repository. For details about using these commands, see Importing and Exporting Documents in the Repository on page 17-3. When you import or export policies using either of these mechanisms, the operation is routed through an instance of the Oracle WSM Policy Manager application. At run Maintaining the Oracle WSM Repository 17-3 time, when a request for a policy is made, the Policy Manager guarantees that the latest policy is always provided. Therefore, the latest policies are always enforced. Importing and Exporting Documents in the Repository You can import and export Oracle WSM documents to and from the Oracle WSM Repository using the importRepository and exportRepository commands. To export documents from the repository to a supported ZIP archive file, use the exportRepository command. exportRepositoryarchive,[documents=None],[expandReferences=’false’] Note the following: ■ If the archive specified using the archive argument already exists, you can choose to merge the documents into the existing archive, overwrite the existing archive, or cancel the operation. ■ Use the optional documents argument to specify the documents you want exported to the archive. If you do not specify this argument, then all assertion templates, intents, policies, and policy sets are exported. You can specify a list of the documents to be exported, or use a search expression to find specific documents in the repository. For example, to export a list of policies whose URI begins with either oraclewss10_ or oraclewss11_, enter the following: wls:jrfServer_ domainserverConfigexportRepositorytmptest2.zip,[policies:oraclewss10_ ,policies:oraclewss11_] Exporting policiesoraclewss10_message_protection_client_policy Exporting policiesoraclewss10_message_protection_service_policy . . . Exporting policiesoraclewss11_x509_token_with_message_protection_client_ policy Exporting policiesoraclewss11_x509_token_with_message_protection_service_ policy Successfully exported 43 documents. ■ Use the optional expandReferences argument to expand the policy references during the export. The default is false. When no list of documents is provided, expandReferences is true. For example, to export active policy set documents and the policies they use: wls:jrfServer_ Note: In earlier releases, the only WLST commands available to import and export polices were the importMetadata and exportMetadata MDS WLST commands. Oracle does not recommend using these commands for Oracle WSM documents because the operation is not routed through an instance of the Oracle WSM Policy Manager. Consequently, Oracle Web Services Manager may not be aware of the changes and may continue to enforce outdated policies. To ensure that only the latest polices are enforced, you must restart all the servers to which the Oracle WSM MDS repository is registered. 17-4 Oracle Fusion Middleware Security and Administrators Guide for Web Services domainserverConfigexportRepositorytmprepository-active.jar, [policysets:global], true Exporting policiesoraclewsaddr_policy Exporting policiesoraclewss11_saml_or_username_token_with_message_ protection_service_policy Exporting policiesoraclewss_username_token_service_policy Exporting policysetsglobalall-domains-default-web-service-policies Exporting policysetsglobalapp-only-web-service-policies Exporting policysetsglobalmigrate_example Successfully exported 6 documents. ■ If you modify a document in the repository, you can update it in the archive file. For example, if you modified a policy set named module-web-service-policies, you can update the policy set in the archive using the following command: wls:jrfServer_ domainserverConfigexportRepositorytmprepository-backup.jar, [policysetsglobalmodule-web-service-policies] To import documents into the repository use the importRepository command. importRepositoryarchive,[map=none],[generateMapFile=’false’] Note the following: ■ The archive argument, which is required, specifies the path to the archive file that contains the list of documents to be imported. ■ Optionally, you can use the map argument to provide the location of a file that describes how to map physical information in a policy set, from the source environment to the target environment. For example, you can use the map file to ensure that the resource scope expression in a policy set is updated to match the target environment, such as Domainfoo=Domainbar If you specify a map file and it does not exist, the operation fails and an error is displayed. ■ You can set the optional generateMapFile argument to true to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to true. The default is false. After the file is created you can edit it using any text editor. For example, to generate a map file tmpmapfile.txt for the tmprepository-active.jar, enter the following command: wls:jrfServer_ domainserverConfigimportRepositorytmprepository-active.jar, tmpmapfile.txt, true Successfully generated Resource Scope Mappings file at tmpmapfile.txt To import the active policy set archive tmprepository-active.jar using the map file tmpmapfile.txt, enter the following: wls:jrfServer_domainserverConfigimportRepositorytmprepository-active.jar, tmpmapfile.txt Importing META-INFpoliciesoraclewsaddr_policy Importing META-INFpoliciesoraclewss11_saml_or_username_token_with_message_ protection_service_policy Importing META-INFpoliciesoraclewss_username_token_service_policy Importing META-INFpolicysetsglobalall-domains-default-web-service-policies Maintaining the Oracle WSM Repository 17-5 Importing META-INFpolicysetsglobalapp-only-web-service-policies Importing META-INFpolicysetsglobalmigrate_example Successfully imported 6 documents For more information about the WLST commands and their arguments, see Web Services Custom WLST Commands in WebLogic Scripting Tool Command Reference. Migrating Policies Between Application Environments Policies can be migrated through the different stages of the application development and deployment cycles, such as from development to production. Oracle recommends using the importRepository and exportRepository commands for policy migration, as described in Migrating Policies on page 15-4. Exporting Policies from the Oracle WSM Repository for Use in JDeveloper In JDeveloper, you can add custom policies to the default policy store location at: C:\Documents and Settings\user-dir\ApplicationData\JDeveloper\system11.1.1.2.x.x. x\DefaultDomain\oracle\store\gmds Within this directory, Oracle WSM policies files must be included using one of the following directory structures: ■ Predefined Oracle WSM policies: owsmpoliciesoraclepolicy_file ■ Custom user policies: owsmpoliciespolicy_file When exporting policy files from the Oracle WSM Repository for use in JDeveloper, this directory structure is not maintained. You must ensure that when adding the exported policy to the JDeveloper environment that you use the required directory structure noted above. Otherwise, the policies will not be available in the JDeveloper environment. Patching Policies in the Repository You can patch the Oracle WSM Repository using either Fusion Middleware Control or the WLST commands, as described in Understanding the Different Mechanisms for Importing and Exporting Policies on page 17-2. When you create or update a policy, there are two possible scenarios to consider when you patch the repository: ■ You create a new policy or update an existing policy that uses a new policy URI. In this scenario, the patching of the repository acts as if a new file was added to the installation and, as a result, only impacts the components that expect to use the new policy. Once loaded, the policy is available to all applications. Generally speaking, using a new policy URI is the preferred model as policies are typically named to convey the behavior they represent. ■ You create a new policy or update an existing policy that uses an existing policy URI. In this scenario, the patching of the repository acts as if an existing file was overwritten with a new version and, therefore, impacts all components that are using the existing policy. Once loaded, all applications will use the new version of the policy. Reusing an existing URI is typically only done to make minor modifications to the behavior of a policy. Note that if you use WLST commands to patch the repository, you need to restart the server to ensure that the latest version of the policy is enforced. You do not need to restart if you use Fusion Middleware Control.