17-6 Oracle WebLogic Communications Server Administration Guide a request is received using a different channel, the server rejects the request with a 503 message. To transition the application from administration mode to a generally-available mode, use the -start option with weblogic.Deployer. Note: If using TLS is not feasible with your application, you can alternately change the Servlet role mapping rules to allow only 1 user on the newer version of the application. This enables you to deploy the newer version alongside the older version, while restricting access to the newer version. 18 Parlay X Web Services Architecture 18-1 18 Parlay X Web Services Architecture This chapter describes the architecture, security, and installation for the OWLCS Parlay X Web Services. This chapter contains the following sections: ■ Section 18.1, Architecture of Web Service Client Applications ■ Section 18.2, Web Service Security ■ Section 18.3, Installing the Web Services

18.1 Architecture of Web Service Client Applications

The architecture of client applications is such that one client of a Web service will be acting on behalf of many end users of the system. Multiple users can simultaneously connect to the same Web service client, which will act on behalf of those users when invoking the Web Service. Note the following usage guidelines: ■ Security – the OWLCS Web server on which the Web services are running authenticates the client and not the end users. The client is a trusted entity and once the client is authenticated it is assumed that all end users of the client are authenticated. This places the task of authenticating end users on the Web service client. For the client to be correctly authenticated, they must connect with pre-determined authentication credentials. ■ The Web client need not invoke all the Web services – that is, a web client might invoke methods on the SendMessage Web service only, and therefore has no need to concern itself with the other Web services. However, there are instances where the needs of the client application dictate that it invokes specific methods on the different web services in a specific order to achieve its goals. For example, a client application for sending messages that also wants to receive message notifications for all the messages sent must first call the startMessageNotification method of the MessageNotificationManager interface before it can receive notifications for messages sent.

18.2 Web Service Security

By default, all deployed OWLCS web services are unsecured. Web Service Security should be enabled for any services that will be deployed in a production environment. OWLCS supports the use of Oracle Web Services Manager WS-Security policies to protect OWLCS web services. For more information about Oracle Web Services Manager, see Using Oracle Web Service Security Policies, in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server.