4 Configuring Web Services Manager

Learn how to configure Oracle Communications Billing and Revenue Management (BRM) Web Services Manager by connecting the deployed application to the BRM system and configuring security, authorization, and Java logging for the deployed application.

Topics in this document:

Validating Input and Output XML Data

Web Services Manager validates the input and output XML by comparing the XML fields and values against the opcode XML schema.

The opcode specifications, schemas, and WSDL files are packaged along with Web Services Manager. The package includes the opspec.xsd file and the pin_opspec_to_schema utility. Use the opspec.xsd file to write opcode specifications for custom opcodes that need to be exposed as a web service. Use the pin_opspec_to_schema utility to generate the schema files from the opcode specification files.

For more information, see the following topics:

Validating Input and Output XML Data for a Standalone Server

To configure Web Services Manager to validate the input and output XML against the target opcode XML schema on a standalone server:

  1. Open the BRM_home/apps/brm_wsm/config/Infranet.properties file.

  2. Set the following entries in the file to true: 

    webservices.input.validation.enabled=true
webservices.output.validation.enabled=true

  3. (Optional) Set the following entries in the file to true if you want the system to log the error instead of failing the request: 

    webservices.soap.input.validation.reportonly=false
webservices.soap.output.validation.reportonly=false

  4. Set the following entry to the correct location of your .xsd files: 

    webservices.schema.location=fileLocation

    where fileLocation is a directory with appropriate permissions for Web Services Manager. The default is ${PIN_HOME}/apps/brm_wsm/schemas.

  5. Save and exit the file.

  6. Stop and restart the Web Services Manager. See "Running and Stopping Standalone Web Services Manager" for more information.

Validating Input and Output XML Data for WebLogic Server or Tomcat

To configure Web Services Manager to validate the input and output XML against the target opcode XML schema when using WebLogic Server or Tomcat:

  1. Open the local_dir/WEB-INF/classes/Infranet.properties file.

  2. Add the following entries to the file:

    • webservices.input.validation.enabled=true

    • webservices.output.validation.enabled=true

  3. Do one of the following:

    • If you are using WebLogic Server, copy the schema files packaged as a part of Web Services Manager installation from the BRM_home/deploy/web_services/schemas directory to the local_dir/common/lib directory.

    • If you are using any supported server, copy the schema files from the BRM_home/deploy/web_services/schemas directory to the local_dir/WEB-INF/classes directory.

About Connecting Web Services Manager to the BRM System

Web Services Manager connects to the BRM system through a BRM Connection Manager (CM). Figure 4-1 shows how BRM and the SOAP client communicate with the deployed application. Web Services Manager translates Portal Communication Module (PCM) communications sent from a CM in the BRM system into SOAP requests sent to the SOAP client over HTTP. Web Services Manager translates SOAP responses sent from the SOAP client over HTTP into PCM communications that are returned to the CM.

Figure 4-1 Architecture of Web Services Manager in the BRM System

Description of Figure 4-1 follows
Description of "Figure 4-1 Architecture of Web Services Manager in the BRM System"

Connecting Web Services Manager to the BRM System

If you customized web services, use the custom infranetwebsvc.war or BrmWebServices.war file. Otherwise, you should use the default infranetwebsvc.war or BrmWebServices.war file. For more information about customizing web services, see "Customizing Web Services for a Standalone Server" or "Customizing Web Services for WebLogic Server or Tomcat Deployments".

To connect Web Services Manager to the BRM system:

  1. On your application server, copy the BRM_home/deploy/web_services/Infranet.properties file to one of the following:

    • local_dir/WEB-INF/classes directory, where local_dir is a directory on the machine on which you installed your application server.

      Note:

      If you copy the Infranet.properties file to the local_dir/WEB-INF/classes directory, extract the infranetwebsvc.war file or BrmWebServices.war file to a local directory (local_dir) on the system on which your application server is installed.

    • The home directory on the machine on which you installed your application server.

  2. Open the Infranet.properties file in a text editor.

  3. If your BRM server and Web Services Manager instances are running on the same server, update these parameters:

    infranet.connection=pcp://root.0.0.0.1:password@ipAddress:port/0.0.0.1/service/admin_client 1
infranet.login.type=1

    where:

    • password is the password for the BRM server.

    • ipAddress is the IP address of the system on which BRM is installed.

    • port is the port number used by the application server on which BRM is installed.

  4. If your BRM server is running on a different server than Web Services Manager, comment out the infranet.connection parameter and add the infranet.wallet.location parameter: 

    #infranet.connection=
infranet.wallet.location=wallet_location

    where wallet_location is the PCP connection to your BRM server with the path to your client Oracle wallet. For example: pcp://root.0.0.0.1:password@ipAddress:port/0.0.0.1/service/admin_client/scratch/pin00/WALLET.

  5. If SSL is enabled in the CM, update these parameters:

    infranet.pcp.ssl.enabled=true
infranet.pcp.ssl.wallet.location=wallet_directory

    where wallet_directory is the path to your client Oracle wallet. The client Oracle wallet contains the optional client SSL certificate and the private key, and it contains the Trusted CA certificate.

  6. If you added custom opcodes or custom fields for web services, add the enum values of the custom fields.

    For example, if you created the custom_fld_usage_id field and the enum value for the custom_fld_usage_id field is 10001, add this entry: 

    infranet.custom.field.10001=custom_fld_usage_id

    For information about mapping enum values, see "Creating Custom Fields" in BRM Developer's Guide.

  7. (Optional) To configure the connection pool parameters, modify the following entries:

    infranet.connectionpool.minsize=min_connections
infranet.connectionpool.maxsize=max_connections
infranet.connectionpool.timeout=connection_timeout
infranet.connectionpool.maxrequestlistsize=connection_maxrequest
infranet.connectionpool.maxidletime=connection_maxidle

    where:

    • min_connections is the minimum number of connections allowed in the pool. The default number is 1.

    • max_connections is the maximum number of connections allowed in the pool. The default number is 8.

    • connection_timeout is the connection pool timeout in milliseconds. The default value is 30000 milliseconds.

    • connection_maxrequest is the maximum number of connection requests the connection pool can queue before returning an error. The default number is 50.
    • connection_maxidle is the time in milliseconds that an idle (unused) connection remains in the connection pool before it is removed. The default value is 10000 milliseconds.

  8. (Optional) To configure logging for Web Services Manager if it is deployed into a web server, modify the following entry:

    webservices.log.enabled=log_value

    where log_value is one of the following:

    • true enables logging. This option saves and displays the log files as standard output in the application server console.

    • false disables logging. This option saves the log files in the /domain/logs/BRMWebSvcMgr.log file. Configure the BRM_home/deploy/web_services/lib/weblogic_ws_startup.jar file to use this option.

  9. Save and close the file.

  10. (Optional) To configure logging if you are using Web Services Manager in standalone mode, set the appropriate parameters in the BRM_home/apps/brm_wsm/config/logging.properties file.

  11. If you are working in the local_dir/WEB-INF/classes directory, regenerate the WAR file by running one of the following commands:

    • To regenerate the infranetwebsvc.war file: 

      jar -cvf infranetwebsvc.war *

    • To regenerate the BrmWebServices.war file: 

      jar -cvf BrmWebServices.war *

  12. Deploy the regenerated infranetwebsvc.war or BrmWebServices.war file on the server. See "Deploying and Running Web Services Manager".

Connecting to a Different Instance of BRM

If you customized web services, use the custom infranetwebsvc.war or BrmWebServices.war file. Otherwise, you should use the default infranetwebsvc.war or BrmWebServices.war file. For more information about customizing web services, see "Customizing Web Services for WebLogic Server or Tomcat Deployments".

To change the instance of BRM to which Web Services Manager connects:

  1. On your application server, copy the BRM_home/deploy/web_services/Infranet.properties file to one of the following:

    • local_dir/WEB-INF/classes directory, where local_dir is a directory on the machine on which you installed your application server.

      Note:

      If you copy the Infranet.properties file to the local_dir/WEB-INF/classes directory, extract the infranetwebsvc.war or BrmWebServices.war file to a local directory (local_dir) on the system on which your application server is installed.

    • The home directory on the machine on which you installed your application server.

  2. Open the copied Infranet.properties file.

  3. If your BRM server and Web Services Manager instances are running on the same server, update these parameters:

    infranet.connection=pcp://root.0.0.0.1:password@ipAddress:port/0.0.0.1/service/admin_client 1
infranet.login.type=1

    where:

    • password is the password for the BRM server.

    • ipAddress is the IP address of the system on which BRM is installed.

    • port is the port number used by the application server on which BRM is installed.

  4. If your BRM server is running on different server than Web Services Manager, comment out the infranet.connection parameter and add the infranet.wallet.location parameter: 

    #infranet.connection=
infranet.wallet.location=wallet_location

    where wallet_location is the PCP connection to your BRM server with the path to your client Oracle wallet. For example: pcp://root.0.0.0.1:password@ipAddress:port/0.0.0.1/service/admin_client/scratch/pin00/WALLET.

  5. If SSL is enabled in the Connection Manager (CM), locate the following lines and update the parameters if necessary:

    infranet.pcp.ssl.enabled=true
infranet.pcp.ssl.wallet.location=wallet_directory

    where wallet_directory is the path to your client Oracle wallet. The client Oracle wallet contains the optional client SSL certificate and the private key, and it contains the Trusted CA certificate.

  6. If you added custom opcodes or custom fields for web services, add the enum values of the custom fields.

    For example, if you created the custom_fld_usage_id custom field and the enum value for the custom_fld_usage_id field is 10001, add the following entry: 

    infranet.custom.field.10001=custom_fld_usage_id

    For information about mapping enum values, see "Creating Custom Fields" in BRM Developer's Guide.

  7. (Optional) To configure the connection pool parameters, modify the following entries:

    infranet.connectionpool.minsize=min_connections
infranet.connectionpool.maxsize=max_connections
infranet.connectionpool.timeout=connection_timeout

    where:

    • min_connections is the minimum number of connections allowed in the pool. The default number is 1.

    • max_connections is the maximum number of connections allowed in the pool.

    • connection_timeout is the connection pool timeout in milliseconds.

  8. (Optional) To configure logging for Web Services Manager, modify the following entry:

    webservices.log.enabled=log_value

    where log_value is one of the following:

    • true enables logging. This option saves and displays the log files as standard output in the application server console.

    • false disables logging. This option saves the log files in the /domain/logs/BRMWebSvcMgr.log file. Configure the BRM_home/deploy/web_services/lib/weblogic_ws_startup.jar file to use this option.

  9. (Optional) To configure searching in BRM using the PCM_OP_SEARCH opcode, restrict the PCM_OP_SEARCH opcode to pre-defined search templates by modifying the following entry:

    allowed.search.template.ids=template_id

    where template_id is the template ID of the search template that you want the PCM_OP_SEARCH opcode to use for searching. Use a comma (,) to separate multiple template IDs. If you do not want to restrict the PCM_OP_SEARCH opcode to any pre-defined search templates, set template_id to None.

    For a list of template IDs, connect to the BRM database and check the list of POIDS and the respective templates in the SEARCH_T table in the BRM database. For more information, see "Searching for Objects in the BRM Database" in BRM Developer's Guide.

  10. If you added custom opcodes or custom fields for web services, add the enum values of the custom fields. For information about mapping enum values, see "Creating Custom Fields" in BRM Developer's Guide.

    For example, if you created the custom_fld_usage_id field and the enum value for the custom_fld_usage_id field is 10001, add the following entry: 

    infranet.custom.field.10001=custom_fld_usage_id

  11. Save and close the file.

  12. If you are working in the local_dir/WEB-INF/classes directory, regenerate the WAR file by running one of the following commands:

    • To regenerate the infranetwebsvc.war file: 

      jar -cvf infranetwebsvc.war *

    • To regenerate the BrmWebServices.war file: 

      jar -cvf BrmWebServices.war *

  13. Deploy the regenerated infranetwebsvc.war or BrmWebServices.war file on the server. See "Deploying and Running Web Services Manager".

Configuring Security for Web Services Manager

By default, secure sockets layer (SSL) security for Web Services Manager is enabled. If you disabled SSL during the BRM server installation, you can enable SSL in Web Services Manager by configuring security parameters and enabling the SSL security feature in the application server on which Web Services Manager is deployed.

For more information, see the following topics:

Configuring Security for Standalone Web Services Manager

To configure security for Web Services Manager in WebLogic Server, do the following:

  1. Obtain an SSL certificate and private key and convert them into PKCS12 (.p12) or JKS (.jks) format.

  2. Edit the BRM_home/deploy/web_services/Infranet.properties file.

  3. Uncomment the following lines in the file and set them all to the appropriate values for your environment:

    @HTTPS Socket
server.sockets.https.port=8081
server.sockets.https.host=0.0.0.0
server.sockets.https.tls.enabled=true
server.sockets.https.tls.endpoint-identification-algorithm=NONE
server.sockets.https.tls.client-auth=NONE
server.sockets.https.tls.private-key.keystore.passphrase=ABCD123#
server.sockets.https.tls.private-key.keystore.resource.path=/etc/example/server.p12
server.sockets.https.tls.trust.keystore.trust-store=true
server.sockets.https.tls.trust.keystore.passphrase=ABCD123#
server.sockets.https.tls.trust.keystore.resource.path=/etc/example/server.p12

Configuring Security for Web Services Manager in WebLogic Server

Before you configure security for Web Services Manager, ensure that WebLogic Server and Web Services Manager are installed and that Web Services Manager has been deployed on a WebLogic Server domain. See "Installing Web Services Manager" and "Deploying and Running Web Services Manager" for more information.

To configure security for Web Services Manager in WebLogic Server, do the following:

  1. Configure authentication for Web Services Manager. See "Configuring Authentication for WebLogic Server".

  2. Configure authorization for Web Services Manager. See "Configuring WebLogic Security Policy on BRM Web Services for JAX-WS in WebLogic Server".

Configuring Authentication for WebLogic Server

Before you configure authentication for Web Services Manager, create a user, group, and security realm for Web Services Manager in WebLogic Server. For more information about creating users and groups, see the discussion about users, groups, and security roles in Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server. For more information about security realms, see the discussion about security realms in WebLogic Server in Fusion Middleware Securing Oracle WebLogic Server.

To configure authentication for Web Services Manager in WebLogic Server:

  1. Open the local_dir/infranetwebsvc.war/WEB-INF/weblogic.xml file in a text editor, where local_dir is a directory on the WebLogic host where you copied the infranetwebsvc.war file.

  2. Remove the comment from the following lines:

    # <security-role-assignment>
   # <role-name>brmws</role-name>
   # <externally-defined/>
# </security-role-assignment>

  3. Save and close the file.

  4. Open the local_dir/infranetwebsvc.war/WEB-INF/web.xml file in a text editor.

  5. Remove the comment from the following lines:

    # <security-constraint>
  # <web-resource-collection>
   #  <web-resource-name>restricted web services</web-resource-name>
    # <url-pattern>/*</url-pattern>
    # <http-method>GET</http-method>
    # <http-method>POST</http-method>
  # </web-resource-collection>
 # <auth-constraint>
    # <role-name>brmws</role-name>
  # </auth-constraint>
  # <user-data-constraint>
   # <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  # </user-data-constraint>
# </security-constraint>

# <login-config>
 # <auth-method>BASIC</auth-method>
 # <realm-name>default</realm-name>
# </login-config>
# <security-role>
    # <role-name>brmws</role-name>
# </security-role>

  6. Save and close the file.

  7. Log in to WebLogic Server Remote Console.

  8. Click Edit Tree, then Environment, then Servers.

    A table containing the list of servers in the domain is displayed.

  9. Select the server for which you want to enable the SSL port.

  10. In the General subtab, select SSL Listen Port Enabled.

  11. In the SSL Listen Port field, enter a free port number. The default is 7002. Make a note of the values in the Listen Port and SSL Listen Port fields.

  12. Click Save.

    If you use a SOAP development application to generate a web service client and use port numbers other than the default port numbers, the URLs for the web services that take the payload as an XML element show port numbers that do not match the port numbers you configured in WebLogic Server Remote Console. Populate the correct port numbers in the URLs for the WSDL files that are generated dynamically by your SOAP development application by changing the port numbers manually in your SOAP development application request.

Configuring WebLogic Security Policy on BRM Web Services for JAX-WS in WebLogic Server

You define access restrictions for web services in security policies in WebLogic Server.

To configure WebLogic Security Policy on BRM Web Services for JAX-WS in WebLogic Server:

  1. Determine the port binding name for each of the endpoints that you intend to secure. For each endpoint, do the following:

    1. Look at the WSDL file for the endpoint. See "Determining the WSDL URLs for Web Services Manager" for information about accessing the WSDL.

    2. In the WSDL file, find the port name. It may be near the end of the file. For example, the following line contains the port name for the BRMReadServices_v2:

      <port binding="brm:BRMReadService_binding" name="BRMReadService_pt">

      For this endpoint, the name is BRMReadService_pt.

    3. Record the port name.

  2. Determine which of the policies supplied with WebLogic Server you would like to implement. For example:

    • If you want to use the policy for HTTPS with basic authentication, you could use Wssp1.2-2007-Https-BasicAuth.xml.

    • If you want to use the policy for HTTPS without authentication, you could use Wssp1.2-2007-Https.xml.

  3. Create the BRM_home/apps/deploy/web_services/brm_wsm_ws_policy and BRM_home/apps/deploy/web_services/brm_wsm_ws_policy/WEB-INF directories.

  4. In the BRM_home/apps/deploy/web_services/brm_wsm_ws_policy/WEB-INF directory, create a weblogic-webservices-policy.xml file in the following format: 

    <webservice-policy-ref xmlns=http://xmlns.oracle.com/weblogic/webservice-policy-ref
    xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
    xsi:schemaLocation=http://xmlns.oracle.com/weblogic/webservice-policy-ref
                       http://xmlns.oracle.com/weblogic/webservice-policy-ref/1.1/webservice-policy-ref.xsd> 
  <port-policy>
      <port-name>portName1</port-name>
      <ws-policy>     
          <uri>policy:policyFilename</uri>      
          <direction>both</direction>      
          <status>enabled</status>   
      </ws-policy>  
  </port-policy> 
  <port-policy>    
      <port-name>portName2</port-name>    
      <ws-policy>     
          <uri>policy:policyFilename</uri>      
          <direction>both</direction>      
          <status>enabled</status>   
      </ws-policy>  
  </port-policy>
. . .
  <port-policy>    
      <port-name>portNamen</port-name>    
      <ws-policy>     
          <uri>policy:policyFilename</uri>      
          <direction>both</direction>      
          <status>enabled</status>   
      </ws-policy>  
  </port-policy></webservice-policy-ref>

    where:

    • portName1 is the port name for the first endpoint, for example BRMReadService_pt.

    • portName2 is the port name for the second endpoint, for example BRMCustService_pt.

    • portNamen is the port name for the nth endpoint, for example BRMSubscriptionService_pt.

    • policyFilename is the name of the WebLogic Server policy file you are using, for example Wssp1.2-2007-Https-BasicAuth.xml.

  5. If you are using the services in the infranetwebsvc.war file, do the following:

    1. Create the following plan.xml file and put it in the appropriate deployment directory: 

      <deployment-plan xmlns="http://xmlns.oracle.com/weblogic/deployment-plan" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/deployment-plan http://xmlns.oracle.com/weblogic/deployment-plan/1.0/deployment-plan.xsd" global-variables="false">
  <application-name>deploymentName</application-name>
  <module-override>
    <module-name>infranetwebsvc.war</module-name>
    <module-type>war</module-type> 
    <module-descriptor external="true">
      <root-element>webservice-policy-ref</root-element>
      <uri>WEB-INF/weblogic-webservices-policy.xml</uri>
    </module-descriptor>
  </module-override>
  <config-root>policyPath</config-root>
</deployment-plan>

      where:

      • deploymentName is the name of the deployment in WebLogic that contains infranetwebsvc.war.

      • policyPath is the path to the brm_wsm_ws_policy directory you created above, that is, BRM_home/apps/deploy/web_services/brm_wsm_ws_policy.

    2. Redeploy the deployment in WebLogic that contains infranetwebsvc.war.

  6. If you are using the services in the BrmWebServices.war file:

    1. Create the following plan.xml file and put it in the appropriate deployment directory: 

      <deployment-plan xmlns="http://xmlns.oracle.com/weblogic/deployment-plan" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/deployment-plan http://xmlns.oracle.com/weblogic/deployment-plan/1.0/deployment-plan.xsd" global-variables="false">
  <application-name>deploymentName</application-name>
  <module-override>
    <module-name>BrmWebServices.war</module-name>
    <module-type>war</module-type> 
    <module-descriptor external="true">
      <root-element>webservice-policy-ref</root-element>
      <uri>WEB-INF/weblogic-webservices-policy.xml</uri>
    </module-descriptor>
  </module-override>
  <config-root>policyPath</config-root>
</deployment-plan>

      where:

      • deploymentName is the name of the deployment in WebLogic that contains BrmWebServices.war.

      • policyPath is the path to the brm_wsm_ws_policy directory you created above, that is, BRM_home/apps/deploy/web_services/brm_wsm_ws_policy.

    2. Redeploy the deployment in WebLogic that contains BrmWebServices.war.

  7. To verify that the security policy has been added, access the WSDL for the endpoint again, and look for text similar to the following:

    <wsp:UsingPolicy wssutil:Required="true"/>
<ns0:Policy xmlns:ns0="http://schemas.xmlsoap.org/ws/2004/09/policy" wssutil:Id="DefaultReliability.xml">
<ns1:RMAssertion xmlns:ns1="http://schemas.xmlsoap.org/ws/2005/02/rm/policy">
<ns1:InactivityTimeout Milliseconds="600000"/>
<ns1:BaseRetransmissionInterval Milliseconds="3000"/>
<ns1:ExponentialBackoff/>
<ns1:AcknowledgementInterval Milliseconds="200"/>
<ns2:Expires xmlns:ns2="http://www.bea.com/wsrm/policy" Expires="P1D"/>
</ns1:RMAssertion>
</ns0:Policy>

If you have enabled SSL, add the following entry in the session-config element of the BrmWebServices.war/WEB-INF/web.xml file to enable cookie security: 

<cookie-config>
    <secure>true</secure>
</cookie-config>

Configuring Security for Web Services Manager in Tomcat Server

Before you configure security for Web Services Manager, ensure that Tomcat server and Web Services Manager are installed and that Web Services Manager has been deployed on a Tomcat server domain. See "Installing Web Services Manager" and "Deploying and Running Web Services Manager" for more information.

To configure security for Web Services Manager in Tomcat server, do the following:

  1. Configure authentication for Web Services Manager for JAX-WS in Tomcat server. See "Configuring Authentication for Web Services Manager for JAX-WS in Tomcat Server".

  2. Enable SSL in Tomcat server. See "Enabling SSL in Tomcat Server".

Configuring Authentication for Web Services Manager for JAX-WS in Tomcat Server

To configure authentication for Web Services Manager for JAX-WS in Tomcat server:

  1. Open the local_dir/BrmWebServices.war/WEB-INF/web.xml file in a text editor.

  2. Add the following lines:

    # <security-constraint>
  # <web-resource-collection>
   #  <web-resource-name>restricted web services</web-resource-name>
    # <url-pattern>/*</url-pattern>
    # <http-method>GET</http-method>
    # <http-method>POST</http-method>
  # </web-resource-collection>
 # <auth-constraint>
    # <role-name>brmws</role-name>
  # </auth-constraint>
# <user-data-constraint>
    # <transport-guarantee>CONFIDENTIAL</transport-guarantee>
# </user-data-constraint>
# </security-constraint>

# <login-config>
 # <auth-method>BASIC</auth-method>
# </login-config>
# <security-role>
    # <role-name>brmws</role-name>
# </security-role>

  3. Save and close the file.

  4. Open the local_dir/apache-tomcat-version/conf/tomcat-users.xml file in a text editor.

  5. Locate the following lines and specify the login details of the user:

    <role rolename="brmws"/>
<user username="username" password="password" roles="brmws"/>

    where:

    • username is the username for accessing web services.

    • password is the password for accessing web services.

  6. Save and close the file.

  7. Open the config/server.xml file in a text editor.

  8. In the <Engine> section, add the following class path: 

     <Realm className="org.apache.catalina.realm.MemoryRealm" />

  9. Save and close the file.

  10. Restart the Tomcat server.

Enabling SSL in Tomcat Server

To enable secure communication for Web Services Manager, enable secure sockets layer (SSL) in the Tomcat server domain on which you deploy Web Services Manager.

To enable SSL for Tomcat server:

  1. Generate the KeyStore by running the following command:

    keytool -genkey -alias mykeys -keyalg RSA -keystore mykeystore

    where:

    • mykeys is the alias.

    • mykeystore is the name of the KeyStore.

  2. Open the conf/server.xml file in a text editor.

  3. Uncomment the following lines and specify the path for the KeyStore file:

    # <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
            # address="IPAddress" 
            # maxThreads="150" SSLEnabled="true" scheme="https" secure="true" 
            # clientAuth="false" sslProtocol="TLS" 
            # keystoreFile="filepath"
            # keystorePass="password"/>

    where:

    • IPAddress is the IP address of the machine on which you installed the Apache Tomcat server.

    • filepath is the KeyStore file path.

    • password is the password for the KeyStore file.

  4. Save and close the file.

Disabling the JarScanner Feature in Tomcat Server

The JarScanner feature in the Tomcat server is used to scan the web application for JAR files. To avoid unnecessary warnings displayed for optional JAR files, disable the JarScanner feature in the Tomcat server.

To disable the JarScanner feature in the Tomcat server:

  1. Open the local_dir/apache-tomcat-version/conf/context.xml in a text editor.

  2. Search for the following entry:

    <JarScanner  scanClassPath="true" scanAllFiles="false" scanAllDirectories="false"></JarScanner>

  3. Set the scanClassPath entry to false: 

    <JarScanner  scanClassPath="false" scanAllFiles="false" scanAllDirectories="false"></JarScanner>

  4. Save and close the file.

Configuring Java Logging for the Application Server

Depending on your configuration, you may wish to change the level of Java logging on the application server. To configure the Java logging level, do the following:

  • For WebLogic Server, see "Configuring Java Logging for WebLogic Server" for Web Services Manager-specific configuration. For more information, see the discussion about application logging and WebLogic logging services in Fusion Middleware Using Logging Services for Application Logging for Oracle WebLogic Server.

  • For Tomcat server, see the discussion about logging in Tomcat in Tomcat User Guide.

Configuring Java Logging for WebLogic Server

To configure Java logging in WebLogic Server:

  1. Specify the Java Unified Logging (JUL) mechanism. See "Specifying the Java Unified Logging (JUL) Mechanism".

  2. Create a startup class. See "Creating a Startup Class".

Specifying the Java Unified Logging (JUL) Mechanism

Specifying the JUL mechanism allows Web Services Manager to use JUL in addition to the WebLogic Server Remote Console logging.

To specify the JUL mechanism:

  1. Open the BRM_home/deploy/web_services/Infranet.properties file in a text editor.

  2. Uncomment the following entry:

    # webservices.log.enabled = true

  3. Change the value to false: 

    webservices.log.enabled = false

  4. Save and close the file.

Creating a Startup Class

You define a startup class to enable JUL and create log files for the following web service classes:

  • com.portal.webservices.BRMFlistToXML

  • com.portal.webservices.BRMXMLToFlist

  • com.portal.webservices.OpcodeCaller

  • com.portal.webservices.WebServicesUtilities

To create a startup class:

  1. Copy the BRM_home/deploy/web_services/weblogic_ws_startup.jar file to the domain_name/lib directory, where domain_name is the WebLogic Server domain in which Web Services Manager is deployed.

  2. Log in to WebLogic Server Remote Console.

  3. Click Edit Tree, then Environment, then Startup Classes.

    A list of any startup classes is displayed in a table.

  4. Click New.

  5. In the Name field, enter BRMWSLoggerStartUpClass and click Create.

  6. In the Class Name field, enter com.portal.webservices.BRMWSLoggerStartUp.

  7. In the Arguments field, set the log level. This field sets the log level for all the classes in Web Services Manager:

    • To log problems that require attention from the system administrator, enter SEVERE. This is the default.

    • To log the most detailed trace and debug messages, enter FINEST.

    • To log highly detailed trace and debug messages, enter FINER.

    • To log trace and debug messages for performance monitoring, enter FINE.

  8. Turn on Run Before Application Deployments and Run Before Application Activations.

  9. Click the Targets tab, move your administration server name in the Targets list to the Chosen area, and click Save.

  10. Restart the WebLogic Server, which applies changes.

  11. Redeploy any existing Web Services Manager deployments. See "Deploying and Running Web Services Manager".

By default, log files are created in the WebLogic_home/user_projects/domains/domain_name/logs/BRMWebServicesMgrLogs/BRMWebServicesMgr.log file.

where:

  • WebLogic_home is the directory in which WebLogic Server is installed.

  • domain_name is the name of the domain you are configuring.