Table of Contents

• Title and Copyright Information
• Preface
  • Documentation Accessibility
  • Conventions
• What's New in This Guide
  • New and Changed Features for 12c (12.1.2)
• 1 Overview of Web Services Security
  • Overview of Web Services Security
  • What Type of Security Should You Configure?
  • Thread Safety
• 2 Configuring Message-Level Security
  • Overview of Message-Level Security
    • Web Services Security Supported Standards
  • Main Use Cases of Message-Level Security
  • Using Policy Files for Message-Level Security Configuration
    • Using Policy Files With JAX-WS
    • WS-Policy Namespace
    • WS-SecurityPolicy Namespace
    • Version-Independent Policy Supported
    • Use the SHA-256 Secure Hash Algorithm
  • Configuring Simple Message-Level Security
    • Configuring Simple Message-Level Security: Main Steps
    • Ensuring That WebLogic Server Can Validate the Client's Certificate
    • Updating the JWS File with @Policy and @Policies Annotations
    • Using Key Pairs Other Than the Out-Of-The-Box SSL Pair
  • Updating a Client Application to Invoke a Message-Secured Web Service
    • Invoking a Web Service From a Client Running in a WebLogic Server Instance
  • Example of Adding Security to a JAX-WS Web Service
  • Creating and Using a Custom Policy File
  • Configuring the WS-Trust Client
    • Supported Token Types
    • Configuring WS-Trust Client Properties
    • Sample WS-Trust Client for SAML 2.0 Bearer Token Over HTTPS
    • Sample WS-Trust Client for SAML 2.0 Bearer Token with WSS 1.1 Message Protections
  • Configuring and Using Security Contexts and Derived Keys
    • Specification Backward Compatibility
    • WS-SecureConversation and Clusters
    • Updating a Client Application to Negotiate Security Contexts
  • Associating Policy Files at Runtime Using the Administration Console
  • Using Security Assertion Markup Language (SAML) Tokens For Identity
    • SAML Token Overview
    • Using SAML Tokens for Identity: Main Steps
    • Specifying the SAML Confirmation Method
    • Sample of SAML 1.1 Bearer Token Over HTTPS
    • Configuring SAML Attributes in a Web Service
  • Associating a Web Service with a Security Configuration Other Than the Default
  • Valid Class Names and Token Types for Credential Provider
  • Using System Properties to Debug Message-Level Security
  • Using a Client-Side Security Policy File
    • Associating a Policy File with a Client Application: Main Steps
    • Updating clientgen to Generate Methods That Load Policy Files
    • Updating a Client Application To Load Policy Files (JAX-RPC Only)
  • Using WS-SecurityPolicy 1.2 Policy Files
    • Transport-Level Policies
    • Protection Assertion Policies
    • WS-Security 1.0 Username and X509 Token Policies
    • WS-Security 1.1 Username and X509 Token Policies
    • WS-SecureConversation Policies
    • SAML Token Profile Policies
  • Choosing a Policy
  • Unsupported WS-SecurityPolicy 1.2 Assertions
  • Using the Optional Policy Assertion
  • Configuring Element-Level Security
    • Define and Use a Custom Element-Level Policy File
    • Implementation Notes
  • Smart Policy Selection
    • Example of Security Policy With Policy Alternatives
    • Configuring Smart Policy Selection
    • Multiple Transport Assertions
  • Example of Adding Security to MTOM Web Service
    • Files Used by This Example
    • SecurityMtomService.java
    • MtomClient.java
    • configWss.py Script File
    • Build.xml File
    • Building and Running the Example
    • Deployed WSDL for SecurityMtomService
  • Example of Adding Security to Reliable Messaging Web Service
    • Overview of Secure and Reliable SOAP Messaging
    • Overview of the Example
    • Files Used by This Example
    • Revised ReliableEchoServiceImpl.java
    • Revised configWss.py
    • Revised configWss_Service.py
    • Building and Running the Example
  • Securing Web Services Atomic Transactions
  • Proprietary Web Services Security Policy Files (JAX-RPC Only)
    • Abstract and Concrete Policy Files
    • Auth.xml
    • Sign.xml
    • Encrypt.xml
    • Wssc-dk.xml
    • Wssc-sct.xml
• 3 Configuring Transport-Level Security
  • Configuring Transport-Level Security Through Policy
  • Available Transport-Level Policies
  • Prerequisite: Configure SSL
    • Configuring SSL: Main Steps
    • Configuring Two-Way SSL for a Client Application
  • Configuring Transport-Level Security Through Policy: Main Steps
  • Example of Configuring Transport Security for JAX-WS
    • One-Way SSL (HTTPS and HTTP Basic Authentication Example)
  • Persisting the State of a Request over SSL (JAX-WS Only)
    • Example of Getting SSLSocketFactory From System Properties
  • Configuring Transport-Level Security Via UserDataConstraint: Main Steps (JAX-RPC Only)
  • Using a Custom SSL Adapter with Reliable Messaging (JAX-RPC Only)
• 4 Configuring Access Control Security (JAX-RPC Only)
  • Configuring Access Control Security: Main Steps
  • Updating the JWS File With the Security-Related Annotations
  • Updating the JWS File With the @RunAs Annotation
  • Setting the Username and Password When Creating the Service Object
• A Using Oracle Web Services Manager Security Policies
  • Overview of OWSM Security Policies
    • Which OWSM Policies Are Supported for Java EE Web Services?
    • When Should You Use OWSM Security Policies?
    • Interoperability Between WebLogic Web Service Policies and OWSM Policies
  • Attaching OWSM Security Policies to JAX-WS Web Services
    • Attaching OWSM Security Policies Using the Administration Console
    • Refreshing the Cache After Attaching Policies
  • Attaching OWSM Security Policies to JAX-WS Web Service Clients
  • Configuring Policies
  • Overriding the Policy Configuration for the Web Service Client
  • Monitoring and Testing the Web Service