To prepare an Oracle Service Bus installation for production, you must pay special attention to your security needs. The following list outlines some of the tasks you need to perform:
Read and follow the guidelines in Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server in the Oracle WebLogic Server documentation.
Create user accounts for the Oracle Service Bus administrators and assign them to one or more of the following groups as appropriate: IntegrationAdministrators, IntegrationOperators, IntegrationMonitors, and IntegrationDeployers. For more information, see "Security Configuration" in the Oracle Fusion Middleware Administrator's Guide for Oracle Service Bus.
In your file system, configure access control to the directory that contains Oracle Service Bus configuration data. This is the
sbconfig directory under the domain root. For example:
In your file system, configure access control to the directories used by the FTP, SFTP, file, and email transports.
If necessary, configure access control to the JMS resources used by your Oracle Service Bus installation.
Oracle Service Bus provides a resource servlet (MW_HOME/OSB_HOME/lib/sbresourceWar/sbresource.war) that is used to expose the resources registered in Oracle Service Bus. The resources registered with Oracle Service Bus include:
WSDL (a WSDL registered as a resource in Oracle Service Bus)
WSDL (an effective WSDL with resolved policies and port information for a proxy service—this effective WSDL is available if the proxy service was created using a WSDL).
However, this servlet provides anonymous HTTP access to metadata, and as such it may be considered a security risk in some high-security environments.
If you do not want the Oracle Service Bus resources to be available anonymously through HTTP, you can set security roles on
sbresources.war to control access to it, or completely undeploy the resource.
If you undeploy the SB resource you will no longer be able to use the UDDI subsystem.
As described in "The Message Context Model" in the Oracle Fusion Middleware Administrator's Guide for Oracle Service Bus for processing message content, you can specify that the Oracle Service Bus pipeline streams the content rather than loading it into memory. When you enable content streaming for a proxy service, you specify whether to buffer the streamed content to memory or a disk file as an intermediate step during the processing of the message.
If you use these temporary disk files, you should protect them.
To lock-down your Oracle Service Bus domain, set the
com.bea.wli.sb.context.tmpdir java system property to specify where these temporary files will be written.
Make sure this directory exists and has the right set of access permissions.
For more information see the file access permission and file system recommendations in Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server.
In a production environment, the Oracle Service Bus Administration Console should not be accessible to users other than administrators.
A denial of service attack can take the form of a high volume of requests from a single source or new connections being made to the server once resource constraints have reached a certain point.
Following are suggestions for protecting against denial of service attacks on the Oracle Service Bus Administration Console.
In a production environment, make sure the Admin Server—the server the Oracle Service Bus Administration Console runs on—is never made public. Only Managed Servers should be available to callers.
Instead of using the default Work Manager for the Oracle Service Bus Administration Console, configure and use a different Work Manager that sets a default limit on the number of users that can access the Oracle Service Bus Administration Console Web application (max-threads-constraint).
For information about Work Managers, see "Using Work Managers to Optimize Scheduled Work" in Oracle Fusion Middleware Configuring Server Environments for Oracle WebLogic Server.