eDocs Home > BEA AquaLogic Data Services Platform Documentation > Data Services Developer's Guide > Contents

How To Configure Security for Web Services Applications

ALDSP Native Web Services supports the following security features:

• Basic authentication (Web Application Security)
• Transport level security (HTTPS)
• Message level security (Web Services Security)

Configuring Basic Authentication

To use basic authentication, set the Basic Auth Required property of the web services map file to true. For more information, see Web Services Map File Reference.

Configuring Transport Level Security (HTTPS)

Use the web service map file property editor to change the Transport Type to HTTPS. HTTP is the default. For more information, see Web Services Map File Reference.

For HTTPS, you can configure either 1-way or 2-way SSL. For detailed information on transport level security, see the WebLogic Server document Configuring Security: Configuring Transport-Level Security on e-docs.

Configuring Web Services Security (WSS)

WSS provides message level security. For WSS, ALDSP Native Web Services supports the same standards that are supported by WebLogic Server. For detailed information on WSS, see the WebLogic Server document, Configuring Security: Updating a Client Application to Invoke a Message-Secured Web Service on e-docs.

The supported standards include:

• SOAP Message Security
• Username Token Profile
• X.509 Certificate Token Profile
• SAML Token Profile

To use Web Services Security with an ALDSP web services application:

1. Choose the type of web services security you want to use with your ALDSP application.
2. Configure security policies through the appropriate policy file(s). See the WebLogic Server document Configuring Security : Overview of Web Services Security for detailed information on configuring policy files for each type of web services security.
3. Edit the web services mapping file to include your policy file(s). You can associate policies with an entire mapping file or for specific operations within the file. See "Specifying Policies" below for details.

Specifying Policies

You can specify policies for a map file or for individual operations in a map file.

Specifying Global Policies

To specify a policy for web services security for a map file:

1. Create the policy file. See the WebLogic Server document: "WebLogic Web Services: Security" for detailed information on configuring policy files for each type of web services security.
2. Import the policy file into your ALDSP project. The easiest way to do this is to use the IDE to import the file as a resource. The policy file must reside in the DSP-INF/policies directory.
3. Configure the web services map file to include the policy.

The following listing shows an example .ws file that includes the optional, top-level policies element. Each policy element describes one policy file. The policies element can contain one or more policy elements. The locator attribute contains either an ALDSP locator for the policy file or a fixed URI that describes the location of the standard WLS policy file.

ALDSP supports three security policy types. Their URIs are: policy: Auth, policy: Encrypt, policy: Sign. These are abstract policy files provided by WebLogic Server that describe authentication, encryption, and digital signature policies. These policy files do not have to physically reside in DSP project repository.

The policy element contains a required attribute Direction. This attribute represents at which direction the security policy will apply. The policy direction can be: REQUEST, RESPONSE, or REQUEST_RESPONSE.

• REQUEST - The policy applies only to the inbound request message.
• RESPONSE - The policy applies only to the response message.
• REQUEST_RESPONSE - The policy applies to both inbound request and the response message.

Refer to the schema definition for detailed information on the structure of the map file (see the topic Web Services Map File Reference).

Sample Map File

<?xml version="1.0" encoding="UTF-8"?>
<web:WebServicesMap targetNamespace="ld:myMapper.ws" soapVersion="SOAP_1.1" transportType="HTTP" ADODotNETEnabled="false" basicAuthRequired="false" xmlns:web="http://www.bea.com/dsp/management/configuration/webservices">
    <web:policies>
        <web:policy locator="ld:mypolicy.xml">
         <web:policy direction="REQUEST_RESPONSE">
    </web:policies>
    <web:dataServices>
        <web:dataService locator="ld:CUSTOMER.ds">
            <web:function name="deleteCUSTOMER" arity="1"            operation="deleteCUSTOMER" returnInHeader="false">
                <web:parameterMapping>
                    <web:parameter name="p" wsdlMapping="SOAP_BODY"/>
                </web:parameterMapping>
            </web:function>
            <web:function name="updateCUSTOMER" arity="1"            operation="updateCUSTOMER" returnInHeader="false">
                <web:parameterMapping>
                    <web:parameter name="p" wsdlMapping="SOAP_BODY"/>
                </web:parameterMapping>
            </web:function>
        </web:dataService>
    </web:dataServices>
</web:WebServicesMap>

Specifying Policies for a Function

To specify policies for a function in a map file:

1. Follow the same basic instructions for specifying a policy for a web service map file, described previously.
2. In the .ws file, add the policies element to the function element. The policies element contains one or more policy element. A policy element represents the security policy that applies to the WSDL operation. The optional child element ParameterMapping for the function element contains a list of parameters that are mapped to the SOAP header.