Skip Headers
Oracle® Fusion Middleware Security and Administrator's Guide for Web Services
11g Release 1 (11.1.1.7)

Part Number B32511-08
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

18 Securing and Administering WebLogic Web Services

This chapter describes how to secure and administer WebLogic Web services, including the following sections:

Steps to Secure and Administer WebLogic Web Services

Table 18-1 summarizes the steps required to administer and secure WebLogic Web services. For information about developing WebLogic Web services, see Getting Started With JAX-WS Web Services for Oracle WebLogic Server.

Table 18-1 Steps to Administer and Secure WebLogic Web Services

#
Step Description

1

Deploy and administer the WebLogic Web service.

Use the Oracle WebLogic Server Administration Console to perform the following deployment and administration tasks:

  • Deploy a WebLogic Web service and view deployed services.

  • Start and stop a WebLogic Web service.

  • View the WebLogic Web service configuration.

  • Delete a WebLogic Web service.

  • View the SOAP message handlers.

  • View the WSDL.

For more information, see "Web Services" in the Oracle WebLogic Server Administration Console Help.

2

Attach the security and management policies to your WebLogic Web services and clients.

You can attach two types of policies to WebLogic Web services and clients at design and deployment time: Oracle WSM and WebLogic Web service policies. You can use Oracle Enterprise Manager Fusion Middleware Control to attach Oracle WSM security policies to WebLogic Java EE Web services and clients. For details, see "Attaching Policies to WebLogic Web Services and Clients".

3

Test the WebLogic Web services.

See "Testing Web Services".

4

Monitor the performance of WebLogic Web services.

See "Monitoring the Performance of Web Services".


Attaching Policies to WebLogic Web Services and Clients

In Oracle Fusion Middleware 11g Release 1, you can provide security and management policy enforcement of WebLogic Web services using one of the following policy types: Oracle WSM or WebLogic Web service.

The following table describes each policy type.

Table 18-2 Policy Types Supported by WebLogic Web Services

Type Description

Oracle Web Services Manager (WSM) Policy

Provided by the Oracle WSM. For more information about Oracle WSM and the predefined policies, see "Understanding Oracle WSM Policy Framework". You can attach Oracle WSM policies to WebLogic JAX-WS Web services and clients.

WebLogic Web Service Policy

Provided by Oracle WebLogic Server. For more information about the WebLogic Web service policies, see Securing WebLogic Web Services for Oracle WebLogic Server.

A subset of WebLogic Web service policies interoperate with Oracle WSM policies. For more information, see "Interoperability with Oracle WebLogic Server 11g Web Service Security Environments" in Interoperability Guide for Oracle Web Services Manager.


Note:

It is recommended that you use Oracle WSM policies whenever possible. You cannot mix your use of Oracle WSM and WebLogic Web service policies.

The following sections describe how to attach each type of policy to WebLogic Web services and clients.

Attaching Oracle WSM Policies to WebLogic Web Services

You attach Oracle WSM policies to WebLogic Web services at design time and after the Web service has been deployed.

  • At design time, use the weblogic.wsee.jws.jaxws.owsm.SecurityPolicy and weblogic.wsee.jws.jaxws.owsm.SecurityPolicies JWS annotations in your JWS file to associate policy files with your Web service. You can associate any number of policy files with a Web service, although it is up to you to ensure that the assertions do not contradict each other. You can specify a policy file at the class level of your JWS file. For more information, see the following sections:

  • After the Web service has been deployed, you can use the Oracle WebLogic Server Administration Console or Oracle Enterprise Manager Fusion Middleware Control to attach Oracle WSM policies to WebLogic Web services. For more information about attaching policies using the WebLogic Server Administration Console, see "Attach a WS-Policy file to a Web Service" in the Oracle WebLogic Server Administration Console Help. For more information about attaching policies using Fusion Middleware Control, see Chapter 8, "Attaching Policies to Web Services."

Attaching Oracle WSM Policies to WebLogic Web Service Clients

Oracle recommends that you use Oracle Enterprise Manager Fusion Middleware Control to attach Oracle WSM policies to a Web service client post-deployment. For more information, see "Attaching Policies to Java EE Web Service Clients". If you attach Oracle WSM policies programmatically at development time, you will not be able to modify or delete the policies using Fusion Middleware Control after the client application is deployed.

Attaching WebLogic Web Service Policies to WebLogic Web Services

You attach policies to WebLogic Web services at both design time and after the Web service has been deployed.

  • At design time, use the weblogic.jws.Policy and weblogic.jws.Policies JWS annotations in your JWS file to associate policy files with your Web service. You can associate any number of policy files with a Web service, although it is up to you to ensure that the assertions do not contradict each other. You can specify a policy file at the class level of your JWS file. For more information, see the following sections:

  • After the Web service has been deployed, use the Oracle WebLogic Server Administration Console to attach WebLogic Web service policies to WebLogic Web services. For more information, see "Attach a WS-Policy file to a Web Service" in the Oracle WebLogic Server Administration Console Help.

Attaching WebLogic Web Service Policies to WebLogic Web Service Clients

You attach policies to WebLogic Web service clients at design time, using JAX-WS Stubs. For more information, see "Using a Client-side Security Policy File" in Securing WebLogic Web Services for Oracle WebLogic Server.