Configuring Policies 11-91 oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_KEYSTORE_ LOCATION This property sets the location of the keystore file. If provided, this value will override any statically configured value. Type: java.lang.String oraclewss10_message_ protection_client_policy oraclewss10_saml_hok_token_ with_message_protection_client_ policy oraclewss10_saml_token_with_ message_integrity_client_policy oraclewss10_saml_token_with_ message_protection_client_policy oraclewss10_saml_token_with_ message_protection_ski_basic256_ client_policy oraclewss10_username_token_ with_message_protection_client_ policy oraclewss10_username_token_ with_message_protection_ski_ basic256_client_policy oraclewss10_x509_token_with_ message_protection_client_policy oraclewss11_kerberos_token_ with_message_protection_client_ policy oraclewss11_message_ protection_client_policy oraclewss11_saml_token_with_ message_protection_client_policy oraclewss11_username_token_ with_message_protection_client_ policy oraclewss11_x509_token_with_ message_protection_client_policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies 11-92 Oracle Fusion Middleware Security and Administrators Guide for Web Services oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_KEYSTORE_ TYPE This property sets the type of keystore file. If provided, this value will override any statically configured value. Type: java.lang.String Default is JKS. oraclewss10_message_ protection_client_policy oraclewss10_saml_hok_token_ with_message_protection_client_ policy oraclewss10_saml_token_with_ message_integrity_client_policy oraclewss10_saml_token_with_ message_protection_client_policy oraclewss10_saml_token_with_ message_protection_ski_basic256_ client_policy oraclewss10_username_token_ with_message_protection_client_ policy oraclewss10_username_token_ with_message_protection_ski_ basic256_client_policy oraclewss10_x509_token_with_ message_protection_client_policy oraclewss11_kerberos_token_ with_message_protection_client_ policy oraclewss11_message_ protection_client_policy oraclewss11_saml_token_with_ message_protection_client_policy oraclewss11_username_token_ with_message_protection_client_ policy oraclewss11_x509_token_with_ message_protection_client_policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies Configuring Policies 11-93 oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_KEYSTORE_ PASSWORD This property sets the password of the keystore file. If provided, this value will override any statically configured value. Type: java.lang.String oraclewss10_message_ protection_client_policy oraclewss10_saml_hok_token_ with_message_protection_client_ policy oraclewss10_saml_token_with_ message_integrity_client_policy oraclewss10_saml_token_with_ message_protection_client_policy oraclewss10_saml_token_with_ message_protection_ski_basic256_ client_policy oraclewss10_username_token_ with_message_protection_client_ policy oraclewss10_username_token_ with_message_protection_ski_ basic256_client_policy oraclewss10_x509_token_with_ message_protection_client_policy oraclewss11_kerberos_token_ with_message_protection_client_ policy oraclewss11_message_ protection_client_policy oraclewss11_saml_token_with_ message_protection_client_policy oraclewss11_username_token_ with_message_protection_client_ policy oraclewss11_x509_token_with_ message_protection_client_policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies 11-94 Oracle Fusion Middleware Security and Administrators Guide for Web Services oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_SIG_KEY_ ALIAS This property sets the alias of the key within the keystore that will be used for digital signatures. If provided, this value will override any statically configured value. Type: java.lang.String For WSS11 policies, this property is used only in the case of mutual authentication. oraclewss10_message_ protection_client_policy oraclewss10_saml_hok_token_ with_message_protection_client_ policy oraclewss10_saml_token_with_ message_integrity_client_policy oraclewss10_saml_token_with_ message_protection_client_policy oraclewss10_saml_token_with_ message_protection_ski_basic256_ client_policy oraclewss10_username_token_ with_message_protection_client_ policy oraclewss10_username_token_ with_message_protection_ski_ basic256_client_policy oraclewss10_x509_token_with_ message_protection_client_policy oraclewss11_kerberos_token_ with_message_protection_client_ policy oraclewss11_message_ protection_client_policy oraclewss11_saml_token_with_ message_protection_client_policy oraclewss11_username_token_ with_message_protection_client_ policy oraclewss11_x509_token_with_ message_protection_client_policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies Configuring Policies 11-95 oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_SIG_KEY_ PASSWORD This property sets the password for the alias of the key within the keystore that will be used for digital signatures. If provided, this value will override any statically configured value. Type: java.lang.String For WSS11 policies, this property is used only in the case of mutual authentication. oraclewss10_message_ protection_client_policy oraclewss10_saml_hok_token_ with_message_protection_client_ policy oraclewss10_saml_token_with_ message_integrity_client_policy oraclewss10_saml_token_with_ message_protection_client_policy oraclewss10_saml_token_with_ message_protection_ski_basic256_ client_policy oraclewss10_username_token_ with_message_protection_client_ policy oraclewss10_username_token_ with_message_protection_ski_ basic256_client_policy oraclewss10_x509_token_with_ message_protection_client_policy oraclewss11_kerberos_token_ with_message_protection_client_ policy oraclewss11_message_ protection_client_policy oraclewss11_saml_token_with_ message_protection_client_policy oraclewss11_username_token_ with_message_protection_client_ policy oraclewss11_x509_token_with_ message_protection_client_policy oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_ENC_KEY_ ALIAS This property sets the alias of the key within the keystore that will be used to decrypt the response from the service. If provided, this value will override any statically configured value. Type: java.lang.String Not used in WSS11 policies. oraclewss10_message_ protection_client_policy oraclewss10_saml_hok_token_ with_message_protection_client_ policy oraclewss10_saml_token_with_ message_integrity_client_policy oraclewss10_saml_token_with_ message_protection_client_policy oraclewss10_saml_token_with_ message_protection_ski_basic256_ client_policy oraclewss10_username_token_ with_message_protection_client_ policy oraclewss10_username_token_ with_message_protection_ski_ basic256_client_policy oraclewss10_x509_token_with_ message_protection_client_policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies 11-96 Oracle Fusion Middleware Security and Administrators Guide for Web Services oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_ENC_KEY_ PASSWORD This property sets the password for the key within the keystore that will be used for decryption. If provided, this value will override any statically configured value. Type: java.lang.String Not used in WSS11 policies. oraclewss10_message_ protection_client_policy oraclewss10_saml_hok_token_ with_message_protection_client_ policy oraclewss10_saml_token_with_ message_integrity_client_policy oraclewss10_saml_token_with_ message_protection_client_policy oraclewss10_saml_token_with_ message_protection_ski_basic256_ client_policy oraclewss10_username_token_ with_message_protection_client_ policy oraclewss10_username_token_ with_message_protection_ski_ basic256_client_policy oraclewss10_x509_token_with_ message_protection_client_policy oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_RECIPIENT_ KEY_ALIAS This property sets the alias for the recipient’s public key that is used to encrypt type outbound message. If provided this value will override any static configuration value. Type: java.lang.String oraclewss10_message_ protection_client_policy oraclewss10_saml_hok_token_ with_message_protection_client_ policy oraclewss10_saml_token_with_ message_integrity_client_policy oraclewss10_saml_token_with_ message_protection_client_policy oraclewss10_saml_token_with_ message_protection_ski_basic256_ client_policy oraclewss10_username_token_ with_message_protection_client_ policy oraclewss10_username_token_ with_message_protection_ski_ basic256_client_policy oraclewss10_x509_token_with_ message_protection_client_policy oraclewss11_kerberos_token_ with_message_protection_client_ policy oraclewss11_message_ protection_client_policy oraclewss11_saml_token_with_ message_protection_client_policy oraclewss11_username_token_ with_message_protection_client_ policy oraclewss11_x509_token_with_ message_protection_client_policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies Configuring Policies 11-97 oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSM_SUBJECT_ PRECEDENCE In case of SAML client policies, set this property to false if there is a need to use a client-specified username rather than subject. Applies to all of the SAML client policies listed in Configuring SAML on page 10-43. oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSM_SAML_ ISSUER_NAME This property sets the SAML issuer name when trying access a service that is protected using SAML mechanism. If provided this value will override any static configuration value. Type: java.lang.String Applies to all of the SAML client policies listed in Configuring SAML on page 10-43. oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSM_INCLUDE_ USER_ROLES This property sets the user roles in a SAML assertion. Applies to all of the SAML client policies listed in Configuring SAML on page 10-43. oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSM_SAML_ ASSERTION_FILE_ NAME For SAML HOK policies, this file contains the assertion Applies to all of the SAML client policies listed in Configuring SAML on page 10-43. oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSS_KERBEROS_ SERVICE_PRINCIPAL This property sets the service principal name when trying access a service that is protected using the Kerberos mechanism. If provided this value will override any static configuration value. Type: java.lang.String oraclewss11_kerberos_token_ with_message_protection_client_ policy BindingProvider.USERNA ME_PROPERTY javax.xml.ws.secur ity.auth.username User name for authentication. Used by username policies, and SAML policies including identity switching policies. For username client policies, you have two options: ■ csf-key ■ BindingProvider.USERNAME _PROPERTY and BindingProvider.PASSWO RDproperty. For SAML client policies including the identity switch policy, use BindingProvider.USERNAME_ PROPERTY. BindingProvider.PASSWO RD_PROPERTY javax.xml.ws.secur ity.auth.password Password for authentication. Used by username client policies. Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies 11-98 Oracle Fusion Middleware Security and Administrators Guide for Web Services oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSM_STS_AUTH_ X509_CSF_KEY Use to configure X509 certificate for authenticating to the STS. If the policy-reference-u ri in the STS configuration policy points to an x509-based policy, then you configure the sts.auth.x509.csf. key property to specify the X509 certificate for authenticating to the STS. oraclewss_sts_issued_saml_ bearer_token_over_ssl_client_ policy oraclewss11_sts_issued_saml_ hok_with_message_protection_ client_policy oraclewss11_sts_issued_saml_ with_message_protection_client_ policy oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSM_STS_AUTH_ USER_CSF_KEY Use to configure the usernamepassword to authenticate to the STS. If policy-reference-u ri in the STS configuration policy points to a username-based policy, then you configure the sts.auth.user.csf. key property to specify a usernamepassword to authenticate to the STS. oraclewss_sts_issued_saml_ bearer_token_over_ssl_client_ policy oraclewss11_sts_issued_saml_ hok_with_message_protection_ client_policy oraclewss11_sts_issued_saml_ with_message_protection_client_ policy oracle.wsm.security.util.Sec urityConstants.ClientConst ants.WSM_STS_AUTH_ ON_BEHALF_OF_CSF_ KEY Optional property. Use to configure on behalf of entity. If present, it will be given preference over Subject if it exists. oraclewss_sts_issued_saml_ bearer_token_over_ssl_client_ policy oraclewss11_sts_issued_saml_ hok_with_message_protection_ client_policy oraclewss11_sts_issued_saml_ with_message_protection_client_ policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies Configuring Policies 11-99 oracle.wsm.security.util.Sec urityConstants.ClientConst ants.ON_BEHALF_OF Optional property. Override this property to indicate whether the request is on behalf of an another entity. The default value for this flag is true. When set to true and sts.auth.on.behalf .of.csf.key is configured, then it will be given preference and the identity established using that CSF key will be send in the on behalf of. Otherwise, if the subject is already established, then the username from the subject will be sent as onBehalfOf token. If sts.auth.on.behalf .of.csf.key is not set and the subject does not exist, on.behalf.of is treated as a token exchange for the requestor and not for another entity. It is not included in an onBehalfOf element in the request. oraclewss_sts_issued_saml_ bearer_token_over_ssl_client_ policy oraclewss11_sts_issued_saml_ hok_with_message_protection_ client_policy oraclewss11_sts_issued_saml_ with_message_protection_client_ policy oracle.wsm.security.util.Sec urityConstants.ClientConst ants.STS_KEYSTORE_ RECIPIENT_ALIAS The public key alias of the STS. oraclewss_sts_issued_saml_ bearer_token_over_ssl_client_ policy oraclewss11_sts_issued_saml_ hok_with_message_protection_ client_policy oraclewss11_sts_issued_saml_ with_message_protection_client_ policy oracle.wsm.security.util.Sec urityConstants.ClientConst ants.ATTESTING_ MAPPING_ATTRIBUTE The mapping attribute used to represent the attesting entity. Only the DN is currently supported. This attribute is applicable only to sender vouches and then only to message protection use cases. It is not applicable to SAML over SSL policies. wss10_saml20_token_with_ message_protection_client_policy wss11_saml20_token_with_ message_protection_client_policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies 11-100 Oracle Fusion Middleware Security and Administrators Guide for Web Services Configuration Override Example Example 11–9 shows an example of a Web service client overriding the keystore and usernamepassword. If you need to clear an overridden configuration property, set it to an empty string. Before you clear it, remember that other policies could be using the same property. The properties are client-specific and there could be multiple policies that are attached to the same client that use the same property. Example 11–9 Overriding the Keystore and UsernamePassword package example; import oracle.wsm.security.utils.SecurityConstants; public class MyClientJaxWs { public static void mainString[] args { try { URL serviceWsdl = new URLhttp:localhostmyAppmyPort?WSDL; QName serviceName = new QNameMyNamespace, MyService; Service service = Service.createserviceWsdl, serviceName; MyInterface proxy = service.getPortMyInterface.class; RequestContext context = BindingProviderproxy.getRequestContext; context.putoracle.webservices.ClientConstants.CLIENT_CONFIG, new File c:datclient-pdd.xml ; context.putBindingProvider.USERNAME_PROPERTY, getCurrentUsername ; context.putBindingProvider.PASSWORD_PROPERTY, getCurrentPassword ; context.putSecurityConstants.ClientConstants.WSS_KEYSTORE_LOCATION, c:mykeystore.jks; context.putSecurityConstants.ClientConstants.WSS_KEYSTORE_PASSWORD, keystorepassword ; context.putSecurityConstants.ClientConstants.WSS_KEYSTORE_TYPE, JKS ; context.putSecurityConstants.ClientConstants.WSS_SIG_KEY_ALIAS, your signature alias ; oracle.wsm.security.util.Sec urityConstants.ClientConst ants.SAML_AUDIENCE_ URI Represents the relying party, as a comma-separated URI. This field accepts wildcards. wss10_saml_token_client_policy wss10_saml20_token_client_ policy wss_saml_token_bearer_over_ssl_ client_policy wss_saml20_token_bearer_over_ ssl_client_policy wss_saml_token_over_ssl_client_ policy wss_saml20_token_over_ssl_ client_policy wss10_saml_token_with_ message_protection_client_policy wss10_saml20_token_with_ message_protection_client_policy wss11_saml_token_with_ message_protection_client_policy wss11_saml20_token_with_ message_protection_client_policy Table 11–2 Cont. Properties Set Via Programmatic Configuration Overrides Property List Description Applies to These Policies Configuring Policies 11-101 context.putSecurityConstants.ClientConstants.WSS_SIG_KEY_PASSWORD, your signature password ; context.putSecurityConstants.ClientConstants.WSS_ENC_KEY_ALIAS, your encryption alias ; context.putSecurityConstants.ClientConstants.WSS_ENC_KEY_PASSWORD, your encryption password ; System.out.printlnproxy.myOperationMyInput; } catch Exception e { e.printStackTrace; } } } In Example 11–9 , the contents of c:datclient-pdd.xml referenced might be as follows: -- The contents of c:datclient-pdd.xml file mentioned above -- oracle-webservice-clients webservice-client port-info policy-references policy-reference uri=managementLog_Msg_Policy category=management policy-reference uri=oraclewss10_username_token_with_message_ protection_client_policy category=security policy-references port-info webservice-client oracle-webservice-clients Configuring Local Optimization for a Policy Oracle WSM supports a SOA local optimization feature for composite-to-composite invocations in which the reference of one composite specifies a Web service binding to a second composite running in the same container. Local optimization enables you to bypass the HTTP stack and SOAPnormalized message conversions during run time. This SOA local optimization feature is described in Policy Attachments and Local Optimization in Composite-to-Composite Invocations in Oracle Fusion Middleware Administrators Guide for Oracle SOA Suite and Oracle Business Process Management Suite and summarized here. Controlling When Local Optimization is Used There are two ways to control the local optimization feature, and they have different scope: ■ By adding the oracle.webservices.local.optimization property in the binding section of the composite.xml file. There are two possible values, true and false: – true -- Local optimization is used if the policy supports it as shown in Table 11–3 and the policy-level control is configured to use it as described in Configuring the Policy-Level Optimization Control on page 11-102. If optimization is used, the policy is not applied. – false -- Local optimization is not used, regardless of the how the policy-level control is configured and the default policy setting for the local-optimization property shown in Table 11–3 . This setting forces the policy to be applied. 11-102 Oracle Fusion Middleware Security and Administrators Guide for Web Services The composite-level property is independent of the policy-level configuration. That is, if you want to turn off the optimization regardless of whether a policy is attached, set the composite-level property to false. See Policy Attachments and Local Optimization in Composite-to-Composite Invocations for information on overriding the local-optimization setting for a policy by adding the oracle.webservices.local.optimization property in the binding section of the composite.xml file. ■ By configuring the optimization control for a policy, as described in Configuring the Policy-Level Optimization Control on page 11-102. The policy-level property controls the optimization wherever the policy is used, except as overridden by the composite-level property. Configuring the Policy-Level Optimization Control The optimization control is available when you create or edit a policy, as shown in Figure 11–4 . Figure 11–4 Local Optimization Control When Creating a Policy There are three possible settings for the Local Optimization control: On, Off, and Check Identity: ■ On -- Optimization is turned on and the policy is not applied. ■ Off -- Optimization is turned off and the policy is applied. The request goes through the usual WSSOAPHTTP process. ■ Check Identity -- Optimize only if a JAAS subject already exists in the current thread, indicating that authentication has already succeeded. Otherwise, go through the usual WSSOAPHTTP process. Notes: If there is a policy attached to the Web service, the policy may not be invoked if this optimization is used. Therefore, for each policy you need to decide whether you want to use the local optimization. Oracle recommends that you do not change the optimization settings for the predefined policies because doing so may cause the policies to not be invoked, resulting in unexpected behavior. Configuring Policies 11-103 Table 11–3 shows the predefined policies, and describes how each policy implements the local optimization feature. Table 11–3 Default Optimization Setting of Predefined Policies Policy Name Default Optimization Setting oraclewsaddr10_policy On oraclebinding_ authorization_denyall_ policy Always Off oraclebinding_ authorization_permitall_ policy Always Off oraclebinding_permission_ authorization_policy Always Off oraclecomponent_ authorization_all_policy Does not apply to bindings oraclelog_policy On oracleno_addressing_ policy Off oracleno_authentication_ client_policy Off oracleno_authentication_ service_policy Off oracleno_authorization_ component_policy Off oracleno_authorization_ service_policy Off oracleno_ messageprotection_client_ policy Off oracleno_ messageprotection_service_ policy Off oracleno_mtom_policy Off oracleno_wsrm_policy Off oraclests_trust_config_ client_policy Off oraclests_trust_config_ service_policy Off oraclewhitelist_ authorization_policy Always Off oraclewsaddr_policy On oraclewsmtom_policy On oraclewsrm10_policy On oraclewsrm11_policy On oraclewss_http_token_ client_policy Off 11-104 Oracle Fusion Middleware Security and Administrators Guide for Web Services oraclewss_http_token_ service_policy Off oraclewss_http_token_ over_ssl_client_policy Off oraclewss_http_token_ over_ssl_service_policy Off oraclewss11_kerberos_ token_client_policy Off oraclewss11_kerberos_ token_service_policy Off oraclewss_username_ token_client_policy Off oraclewss_username_ token_service_policy Off oraclewss_username_ token_over_ssl_client_ policy Off oraclewss_username_ token_over_ssl_service_ policy Off oraclewss10_message_ protection_client_policy On oraclewss10_message_ protection_service_policy On oraclewss10_username_ token_with_message_ protection_client_policy Off oraclewss10_username_ token_with_message_ protection_service_policy Off oraclewss10_x509_token_ with_message_protection_ client_policy Off oraclewss10_x509_token_ with_message_protection_ service_policy Off oraclewss10_saml_token_ with_message_protection_ client_policy Check Identity oraclewss10_saml_token_ with_message_protection_ service_policy Check Identity oraclewss11_saml_token_ with_message_protection_ client_policy Check Identity oraclewss11_saml_token_ with_message_protection_ service_policy Check Identity Table 11–3 Cont. Default Optimization Setting of Predefined Policies Policy Name Default Optimization Setting Configuring Policies 11-105 oraclewss11_saml20_ token_with_message_ protection_client_policy Check Identity oraclewss11_saml20_ token_with_message_ protection_service_policy Check Identity oraclewss11_sts_issued_ saml_hok_with_message_ protection_client_policy Off oraclewss11_sts_issued_ saml_hok_with_message_ protection_service_policy Off oraclewss11_sts_issued_ saml_with_message_ protection_client_policy Off oraclewss11_sts_issued_ saml_with_message_ protection_client_policy Off oraclewss10_saml_token_ with_message_integrity_ client_policy Check Identity oraclewss10_saml_token_ with_message_integrity_ service_policy Check Identity oraclewss10_saml20_ token_with_message_ protection_client_policy Check Identity oraclewss10_saml20_ token_with_message_ protection_service_policy Check Identity oraclewss10_saml_token_ client_policy Check Identity oraclewss10_saml_token_ service_policy Check Identity oraclewss10_saml20_ token_client_policy Check Identity oraclewss10_saml20_ token_service_policy Check Identity oraclewss10_username_ id_propagation_with_msg_ protection_client_policy Check Identity oraclewss10_username_ id_propagation_with_msg_ protection_service_policy Check Identity oraclewss11_message_ protection_client_policy On oraclewss11_message_ protection_service_policy On Table 11–3 Cont. Default Optimization Setting of Predefined Policies Policy Name Default Optimization Setting 11-106 Oracle Fusion Middleware Security and Administrators Guide for Web Services oraclewss11_username_ token_with_message_ protection_client_policy Off oraclewss11_username_ token_with_message_ protection_service_policy Off oraclewss11_x509_token_ with_message_protection_ client_policy Off oraclewss11_x509_token_ with_message_protection_ service_policy Off oraclewsrm10_policy On oraclewsrm11_policy On oraclewss10_username_ token_with_message_ protection_ski_basic256_ client_policy Off oraclewss10_username_ token_with_message_ protection_ski_basic256_ service_policy Off oraclewss10_saml_token_ with_message_protection_ ski_basic256_client_policy Check Identity oraclewss10_saml_token_ with_message_protection_ ski_basic256_service_policy Check Identity wss11_saml_or_username_ token_with_message_ protection_client_policy Check Identity wss11_saml_or_username_ token_with_message_ protection_service_policy Check Identity wss11_saml_token_ identity_switch_with_ message_protection_client_ policy Off wss10_saml_hok_token_ with_message_protection_ client_policy Off wss10_saml_hok_token_ with_message_protection_ service_policy Off oraclewss_saml_or_ username_token_over_ssl_ service_policy Check Identity oraclewss_saml_or_ username_token_service_ policy Check Identity Table 11–3 Cont. Default Optimization Setting of Predefined Policies Policy Name Default Optimization Setting Configuring Policies 11-107 wss_saml_token_over_ssl_ client_policy Check Identity wss_saml_token_over_ssl_ service_policy Check Identity wss_saml20_token_over_ ssl_client_policy Check Identity wss_saml20_token_over_ ssl_service_policy Check Identity wss_saml_token_bearer_ over_ssl_client_policy Check Identity wss_saml_token_bearer_ over_ssl_service_policy Check Identity oraclewss_sts_issued_ saml_bearer_token_over_ ssl_client_policy Off oraclewss_sts_issued_ saml_bearer_token_over_ ssl_service_policy Off wss_saml20_token_bearer_ over_ssl_client_policy Check Identity wss_saml20_token_bearer_ over_ssl_service_policy Check Identity wss11_kerberos_token_ with_message_protection_ client_policy Off wss11_kerberos_token_ with_message_protection_ service_policy Off wss11_kerberos_token_ with_message_protection_ basic128_client_policy Off wss11_kerberos_token_ with_message_protection_ basic128_service_policy Off Table 11–3 Cont. Default Optimization Setting of Predefined Policies Policy Name Default Optimization Setting 11-108 Oracle Fusion Middleware Security and Administrators Guide for Web Services 12 Testing Web Services 12-1 12 Testing Web Services This chapter includes the following sections: ■ Testing Your Web Services ■ Editing the Input Arguments as XML Source ■ Enabling Authentication ■ Enabling Quality of Service Testing ■ Enabling HTTP Transport Options ■ Stress Testing the Web Service Operation ■ Disabling the Test Page for a Web Service Testing Your Web Services This section describes how to use the Fusion Middleware Control Test Web Service page to verify that you are receiving the expected results from the Web service. The Test Web Service page allows you to test any of the operations exposed by a Web service. You can test Web services that are deployed on any accessible host; the Web service does not have to be deployed on this host. You can navigate to the Test Web Service page in many ways. This section describes one typical way to do so. To test your Web service 1. In the navigator pane, expand WebLogic Domain to show the domain in which you want to test a Web service. 2. Select the domain. Note: The Test Web Service page can parse WSDL URLs that contain ASCII characters only. If the URL contains non-ASCII characters, the parse operation fails. To test a Web service that has non-ASCII characters in the URL, allow your browser to convert the WSDL URL and use the resulting encoded WSDL URL in the Test Web Service page. When testing Web services that use policies, the Oracle WSM component must be installed in the same domain from which Fusion Middleware Control is being run. Otherwise, an invalid policy exception will be returned. 12-2 Oracle Fusion Middleware Security and Administrators Guide for Web Services

3. From the WebLogic Domain menu, select Web Services, and then Test Web

Service . The Test Web Service input page appears.

4. Enter the WSDL of the Web service you want to test and click Parse WSDL. If you

do not know the WSDL, click the search icon and select from the registered Web services, if any. If the WSDL is secured with HTTP Basic Authentication, click HTTP Basic Auth Option for WSDL Access and enter the username and password before parsing the WSDL. The Test Web Service page appears as shown in Figure 12–1 . Note that the test option sections are collapsed by default. Figure 12–1 Test Web Service Page in Collapsed View

5. Select the service and port to be tested. If the WSDL has multiple services and

ports, these fields are available as drop-down menus. If the WSDL has only one service and port, these fields are read-only, as shown in Figure 12–1 .

6. Select the operation that you want to test from the Operation menu. The available

operations are determined from the WSDL. To test a RESTful Web service, select the GET or POST service port operations.

7. If you want to change the endpoint URL of the test, click Edit Endpoint URL and

make the change.

8. Select the Request tab if it is not already selected.

9. Expand the test option sections by clicking the plus sign + next to the section name. The expanded view of the Test Web Service page is shown in Figure 12–2 . Testing Web Services 12-3 Figure 12–2 Bottom Portion of Test Web Service Page in Expanded View

10. In the Security section, select the security token to verify. The security setting is

not determined from a policy in the WSDL; you can specify the type of token you want to test. The default is None. Depending on the option selected, additional fields are displayed. If you do specify a username and password, they must exist and be valid for the WebLogic Server. For more information, see Enabling Authentication on page 12-5. When testing RESTful Web services, because the SOAP protocol is not used, the only security options are HTTP Basic Authentication or None. 11. In the Quality of Service section, specify whether you want to explicitly test a Reliable Messaging WS-RM, WS-Addressing, or MTOM policy. For details about the options available, see Enabling Quality of Service Testing on page 12-6. Note: This section is not available when testing RESTful Web services. 12-4 Oracle Fusion Middleware Security and Administrators Guide for Web Services 12. In the HTTP Transport section, the test mechanism uses the WSDL to determine whether a SOAP action is available to test. If available, specify whether you want send the request with the SOAP action HTTP header. For more information, see Enabling HTTP Transport Options on page 12-6.

13. In the Additional Test Options section, select the Enable Stress Test option if you

want to invoke the Web service multiple times simultaneously. If you select this option, you can also provide values for the stress test options, or accept the defaults. For more information, see Stress Testing the Web Service Operation on page 12-7. 14. In the Input Arguments section, enter the input arguments for the Web service in the Value fields. The parameters and type, and the required input values, are determined from the WSDL. Select Tree View or XML View to toggle between a hierarchical list of input parameters and the XML content.

15. Click Test Web Service to initiate the test.

The test results appear in the Response tab upon completion. If the test is successful, the Test Status field indicates Request Successfully received and the response time is displayed, as shown in Figure 12–3 . Figure 12–3 Successful Test Note: This section is not available when testing RESTful Web services. Note: When running SOA composite tests, the Response tab will indicate whether a new composite was generated. You can also click the Launch Flow Trace button to open the Flow Trace window, where you can view the flow of the message through various composite and component instances.