Introducing WebLogic Web Services
Interoperability with Microsoft WCF/.NET
In conjunction with Microsoft, Oracle has performed interoperability testing to ensure that the Web Services created using WebLogic Server can access and consume Web Services created using Microsoft Windows Communication Foundation (WCF)/ .NET 3.0 and 3.5 Framework and vice versa.
Interoperability tests were completed on JAX-RPC Web Services in the following areas:
Table 4-1 Completed Interoperability Tests Area Interoperability Guidelines Basic and complex data types Basic Data Types Interoperability Guidelines. Web Services Security (WS-Security) 1.0 and 1.1 WS-Security Interoperability Guidelines. Web Services Security Policy (WS-SecurityPolicy) 1.2 WS-SecurityPolicy Interoperability Guidelines Web Services Secure Conversation Language (WS-SecureConversation) 1.3 WS-SecureConversation Interoperability Guidelines Web Services Policy Framework (WS-Policy) 1.5 No interoperability guidelines provided. Web Services Addressing (WS-Addressing) 0.9 and 1.0 N/A Message Transmission Optimization Mechanism (MTOM) N/A Web Services Reliable Messaging (WS-ReliableMessaging) 1.0 and 1.1 WS-ReliableMessaging Interoperability Guidelines Web Services Trust (WS-Trust) 1.3 WS-Trust Interoperability Guidelines
In addition, the following combined features were tested:
- MTOM and WS-Security
- WS-ReliableMessaging and MTOM
- WS-ReliableMessaging 1.0 and WS-Addressing 0.9 and 1.0
- WS-ReliableMessaging 1.1 and WS-Addressing 0.9 and 1.0
- WS-ReliableMessaging 1.0 and WS-SecureConversation 1.3
- WS-ReliableMessaging 1.0 and WS-SecureConversation 1.3
- WS-Policy 1.5 and WS-SecurityPolicy 1.2
The following sections describe the interoperability issues and guidelines that were identified during the testing.
Basic Data Types Interoperability Guidelines
When using the anyType class with Microsoft .NET 3.0/3.5 the Java data type returned cannot be guaranteed. If a specific Java data type is required, avoid using anyType.
WS-Security Interoperability Guidelines
The following lists interoperability guidelines for WS-Security:
- Use of <sp:Strict> layout assertions (shown below) cannot be guaranteed.
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>Instead, you should define your policy as follows:
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>- The following assertions are not supported by .NET 3.0/3.5:
- Support of asymmetric binding for WS-Security 1.1 cannot be guaranteed on Microsoft .NET.
WS-SecurityPolicy Interoperability Guidelines
In this release, WebLogic Server supports Web Services Security Policy (WS-SecurityPolicy) 1.2. Microsoft .NET 3.0 supports the December 2005 draft version of the WS-SecurityPolicy specification.
In the December 2005 draft version of the specification, the <sp:SignedEncryptedSupportingTokens> policy assertion is not supported. As a result, Microsoft .NET 3.0 encrypts the UsernameToken in the <sp:SignedSupportingTokens> policy assertion. If you use the <sp:SignedSupportingTokens> policy assertion without encrypting the UsernameToken, the WebLogic Server and .NET Web Services will not interoperate.
WS-SecureConversation Interoperability Guidelines
The following lists interoperability guidelines for WS-SecureConversation:
- Use of WS-SecureConversation token for HTTPS authentication (in <sp:EndorsingSupportingTokens>) is not supported.
- Oracle recommends that you not use <sp:EncryptBeforeSigning/> unless there is a security requirement. Instead, use <sp:SignBeforeEncrypt> (the default).
- Although WebLogic Server Web Services support cookie mode conversations, this feature is a Microsoft proprietary implementation, and may not be supported by other vendors.
- When using <sp:BootstrapPolicy> policy assertion, you should refer to the guidelines defined in WS-Security Interoperability Guidelines.
- There is no standard method of supporting cancel and renew of WS-SecureConversation defined in the WS-SecurityPolicy or WS-SecureConversation specifications. The method used by Microsoft .NET to support cancel and renew of WS-SecureConversation is not compatible with WebLogic Server 10.x. As a result:
- For a .NET client to interoperate with a WebLogic Server Web Service, the Compatibility flag must be set on the server side via the Web service Security MBean using the setCompatibilityPreference("msft") method.
- For a WebLogic Server Web Service client to interoperate with a WebLogic Server Web Service that has the Compatibility flag set, the client must set this flag as well, as follows:
stub._setProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE,"msft");
WS-ReliableMessaging Interoperability Guidelines
The following lists interoperability guidelines for WS-ReliableMessaging:
- Anonymous request/response is not defined in the WS-ReliableMessaging specification and is, consequently, not supported by WebLogic Server.
- For WS-ReliableMessaging security, use WS-SecureConversation.
- Asynchronous reliable messaging plus WS-SecureConversation or WS-Trust is not supported.
WS-Trust Interoperability Guidelines
WebLogic Server does not interoperate with Microsoft .NET according to the .NET interoperability scenarios that use both SAML and WS-Trust, as defined in the following documents on the Microsoft .NET Web Services Interoperability site: