How to add the OWSM to WS server side and client side

By W.ZH July 2011

Oracel Web Service Manager is to add the WS security policy to the  web service, can be add to the ADF BC WS, ADF data control WS, an SOA applications’s WS and also a normal WS, such as and EJB WS. I just  add some my experience here for future easily pick up OWSM.

Server Side:

For a normal WS, there are several ways you can add the WS security plicy to the WS Server Side:

1. Design time, when you design the WS in Jdeveloper, you can right click that WS to config’s policy and it will add some security related annotiona to your WS method signature.

2. Or, after your WS is deployed, you can add the security policy at run time, you can either do from EM fusion middleware control , or from WLS console.

In EM control, find the WS in your domain — select the endpoint and select the policy to attach and de-attach the policy to it.

In console, you can go to deployment– your WS project — ur WS — in its configuration, to select the WS-policies to config its policy.

Client Side:

1. Your client is the JAVA code in Jdeveloper, you can create an WS proxy client in Jdev first, after you have that proxy, you can right click the proxy to change its’ properties and, after you get the dialog for proxy prpoperties, there is one can let u change the client proxy, set it matches with your server side proxy and also change the related java code to input the data to make it can call the WS be secured. Something code like this:

   // set the WS service and security token
SecurityPolicyFeature[] securityFeatures =
new SecurityPolicyFeature[] { new SecurityPolicyFeature(“oracle/wss_username_token_client_policy”) };
myService =
new MYService(new URL(“”),
MyEJBBean myEJBBean =

Map<String, Object> myReqContext =
myReqContext.put(BindingProvider.USERNAME_PROPERTY, “user name”);
myReqContext.put(BindingProvider.PASSWORD_PROPERTY, “password”);

Then you can call the WS like normal proxy code to call the WS server side.

2. Your client is the SOA composite application, such as inside a BPEL process, you have a “invoke” to call the WS proxy outside the BPEL process. You can right click that invoke to config’s WS client policy too, you can refer the dev guide about this part. should not be too hard.