Oracle Application Server Logo

Oracle Web Services Manager

Feb 2007


Oracle Web Services Manager (WSM) is a comprehensive solution for securing and managing service-oriented architectures (SOA). It allows IT managers to centrally define policies that govern web services operations such as access control (authentication, authorization), logging, and content validation, and then attach these policies to one or multiple web services, with no modification to existing web services required. In addition, Oracle WSM collects runtime data to monitor access control, message integrity, message confidentiality, quality of service (defined in service-level agreements --SLAs) and displays that information in a graphical charts. Oracle WSM brings enterprises better control and visibility over their SOA deployments.

Key features of Oracle WSM include:

  • Policy Manager

  • Enforcement

  • Monitoring Dashboard

Policy Manager

Policy Manager is a graphical tool for building new security and operations policies, storing policies and managing distribution and updates to runtime policy enforcement points (gateways and agents). Policy Manager allows administrators to configure operational rules and propogate them to the appropriate enforcement components across an application deployment of any scale and complexity.


To ensure maximum deployment flexibility, Oracle WSM provides two kinds of policy enforcement components: Gateways and Agents. Gateways are deployed in front of a group of applications or services. Gateways can intercept inbound requests to these applications in order to enforce policy steps defined in the Policy Manager, adding application security and other operation rules to applications that are already deployed. Agents provide "last-mile" security by running directly into an application or service.

Monitoring Dashboard

Monitoring Dashboard collects data from Gateways and Agents as they execute policies and displays results in a graphical format. This allows administrators to set quality-of-service levels for each application and display alerts when the application exceeds established thresholds. Monitoring Dashboard provides IT operations staff with real-time visibility into the health, performance, security and utilization of crucial web services. By harnessing the realtime data collection capabilities of the enforcement components, Monitoring Dashboard enables administrators to analyze discrepancies between expected and actual performance and to monitor compliance with IT operational best practices.

Supported platforms and technologies

Oracle WSM works with multiple Web services platforms and providers including BEA Systems, IBM, JBoss, CA/Netegrity, etc. For example, sites using IBM's WebSphere or BEA's Weblogic Server can install Oracle WSM Agents to act as SOAP interceptors that enforce Web service policies.

Oracle WSM also supports Forum Systems' XWall product through a pre-built integration. Oracle customers thus benefit from centralized monitoring of both perimeter and internal operations from a single console. XWall sends its monitoring events to the Monitoring Dashboard, so that both firewall and management operations are viewable. This integration also provides links between the Oracle WSM's Policy Manager and XWall, so that customers can build and manage both firewall and Web service policies with a single tool.

Oracle WSM ships both as a standalone product running on Oracle Application Server 10g Release 3 (10.1.3) and as part of the Oracle SOA Suite (10.1.3).


Technical Overview

Key Features

  • Enterprise-ready

  • Simple to deploy

  • Easy to configure and administer using browser-based tools

  • Supports multiple and flexible deployment models

  • Supports clustering of server components for high availability and scalability

  • Extensible standards-based framework

  • Allows versioning of policies

  • Supports migration of policy from development to staging, and then on to full-blown production

  • Enables policy-caching for high-performance

Policy Management and Security Enforcement

  • Out-of-the-box support of authentication and authorization using HTTP basic authentication, Oracle Access Manager (OAM), CA/Netegrity SiteMinder, LDAP, and X.509 Certificates

  • Leverages OAM, LDAP and SiteMinder for role-based invocation access

  • Supports Security Assertion Markup Language (SAML) for interoperability between different security systems

  • Supports WS-Security for authentication and message-level security including encryption and signing

  • Enforces true end-to-end message-level security by using Agents at Web services endpoints

  • Supports both client-side (Web service consumer) and server-side (Web service provider) policy enforcement

  • Enforces policies globally across all Web services, or can apply policy management to individual Web services

  • Offers ability to restrict the modification of selected policies to security-level IT staff

  • Delegated administration of Oracle WSM Gateways

  • Full and partial encryption and decryption steps

Security Monitoring

  • Monitors authentication/authorization for all services

  • Audits security violations per Web service, per operation and per client

  • Provides rules to define thresholds that trigger alerts

Multiple Messaging and Routing Styles

  • Out-of-the-box, native support for multiple transports, including HTTP, HTTPS, JMS, and IBM WebSphere MQ

  • Support for processing of non-SOAP XML messages

  • Provides handlers for multiple messaging models, including synchronous and asynchronous messaging

  • Supports multiple invocation models, both RPC and Literal modes

  • Features built-in failure handling, including message queuing, fail-over routing, and configurable message retry

  • Content-based message routing

  • Attachment-based content routing

Configurable Logging and Metering

  • Easily configures logging per Web service

  • Logs service requests and responses with varying levels of detail

  • Writes logs to a file system or to a relational database

  • Monitors number of invocations and message size by Web service or by application

  • Tabular Views of services

SLA Monitoring

  • Measures availability and performance for service invocations

  • Monitors SLA adherence by defining service-level contracts with multiple performance indicators

  • Provides a powerful rule-based tool to easily define exception conditions and produce reports and alerts

Business Process Execution Monitoring

  • Monitors business process flows end-to-end

  • Provides alerts via propagation of SNMP events or SMTP messages

  • Allows administrators to easily view and track Web service dependencies

  • Allows multi-level alerts

  • Creates rules to easily govern alarms

Supported Agents

  • IBM WebSphere

  • BEA WebLogic Server

  • Red Hat JBoss


Top of Page


Oracle Corporation
World Headquarters
500 Oracle Parkway
Redwood Shores, CA 94065

Worldwide Inquiries:
Fax +1.650.506.7200

Copyright Oracle Corporation 2007
All Rights Reserved

This document is provided for informational purposes only,
and the information herein is subject to change
without notice.  Please report any errors herein to
Oracle Corporation.  Oracle Corporation does not provide
any warranties covering and specifically disclaims any
liability in connection with this document.

Oracle is a registered trademark of Oracle Corporation.

All other company and product names mentioned are used
for identification purposes only and may be trademarks of
their respective owners.