Configuring Service Oriented Architecture Authorization Policies

This section describes how to configure SOA authorization roles and policies to allow the oracle/binding_permission_authorization_policy to determine which users or groups are authorized to access the web services to which they are applied.

Note: Much of this information is derived from Policy Authorization Examples in SOA Suite 11g.

Configuring SOA authorization includes the following:

• Creating WebLogic Server Groups

• Creating Application Roles

• Creating Application Policies

Creating WebLogic Server Groups

In the WebLogic Server Console, create a group which includes the internal and external users defined for your implementation. For example, you might create the following group:

• CustomerGroup

Creating Application Roles

To create an application role,

1. Right-click the WebLogic domain (or click the WebLogic Domain drop-down list), and select Security and then Application Roles.

The Application Roles page opens.

2. Select "soa-infra" from the Application Stripe drop-down list (in the Search section) and click Create.

The Create Application Role page opens.

3. Enter a Role Name, Display Name, and Description for the role and click Add (under Members).

The Add Principals screen opens.

4. In the Search section, select "Group" from the Type drop-down list, and enter search criteria to find the group you created earlier, and click the search icon. Select the group you created earlier from the Searched Principals list, and click OK.

The selected group will appear in the Members list.

5. Click OK (upper right corner).

An Information panel will display indicating that your application role has been added.

Creating Application Policies

To create an application policy:

1. Right-click the WebLogic domain(or click the WebLogic Domain drop-down list), and select Security and then Application Policies.

The Application Policies page opens.

2. In the Search section, select "soa-infra" from the Application Stripe drop-down list, select "Application Role": from the Principal Type drop-down list, and click Create.

The Create Application Grants page opens.

3. Under Permissions, click Add.

The Add Permission screen opens.

4. Click Continue.

5. Enter the following:

• Permission Class: oracle.wsm.security.WSFunctionPermission

• Resource Name: *

• Permission Actions: * (asterisk)

Note: Restrictions can be added via the Resource Name and Permission Actions fields for more granular control over individual composites.

6. Click Select.

The "oracle.wsm.security.WSFunctionPermission" class will appear in the Permissions list

7. Under Grantee, click Add.

The Add Principals screen opens.

8. Select "Group" from the Type drop-down list, and enter search criteria to find the group you created earlier, and click the search icon. Select the group you created earlier from the Searched Principals list, and click OK.

The selected group will appear in the Permissions list.

9. Click OK (upper right corner).

An Information panel will display indicating that new security grant has been added.