48 Securing Oracle Service Bus in a Production Environment

This chapter describes recommended strategies for securing Oracle Service Bus in a production environment.

To prepare an Oracle Service Bus installation for production, you must pay special attention to your security needs. The following list outlines some of the tasks you need to perform:

48.1 Undeploying the Service Bus (SB) Resource

Oracle Service Bus provides a resource servlet (MW_HOME/OSB_HOME/lib/sbresourceWar/sbresource.war) that is used to expose the resources registered in Oracle Service Bus. The resources registered with Oracle Service Bus include:

  • WSDL (a WSDL registered as a resource in Oracle Service Bus)

  • Schema

  • MFL

  • WS-Policy

  • WSDL (an effective WSDL with resolved policies and port information for a proxy service—this effective WSDL is available if the proxy service was created using a WSDL).

However, this servlet provides anonymous HTTP access to metadata, and as such it may be considered a security risk in some high-security environments.

If you do not want the Oracle Service Bus resources to be available anonymously through HTTP, you can set security roles on sbresources.war to control access to it, or completely undeploy the resource.


If you undeploy the SB resource you will no longer be able to use the UDDI subsystem.

48.2 Protection of Temporary Files With Streaming body Content

As described in "The Message Context Model" in the Oracle Fusion Middleware Administrator's Guide for Oracle Service Bus for processing message content, you can specify that the Oracle Service Bus pipeline streams the content rather than loading it into memory. When you enable content streaming for a proxy service, you specify whether to buffer the streamed content to memory or a disk file as an intermediate step during the processing of the message.

If you use these temporary disk files, you should protect them.

To lock-down your Oracle Service Bus domain, set the com.bea.wli.sb.context.tmpdir java system property to specify where these temporary files will be written.

Make sure this directory exists and has the right set of access permissions.

For more information see the file access permission and file system recommendations in Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server.

48.3 Protecting Against Denial of Service Attacks on the Oracle Service Bus Administration Console

In a production environment, the Oracle Service Bus Administration Console should not be accessible to users other than administrators.

A denial of service attack can take the form of a high volume of requests from a single source or new connections being made to the server once resource constraints have reached a certain point.

Following are suggestions for protecting against denial of service attacks on the Oracle Service Bus Administration Console.

  • In a production environment, make sure the Admin Server—the server the Oracle Service Bus Administration Console runs on—is never made public. Only Managed Servers should be available to callers.

  • Instead of using the default Work Manager for the Oracle Service Bus Administration Console, configure and use a different Work Manager that sets a default limit on the number of users that can access the Oracle Service Bus Administration Console Web application (max-threads-constraint).

    For information about Work Managers, see "Using Work Managers to Optimize Scheduled Work" in Oracle Fusion Middleware Configuring Server Environments for Oracle WebLogic Server.