3.7 Securing Web Services

Web services can be secured by applying security policies available in web logic sever. We can attach two types of policies to Web Logic Web services and clients at design and deployment time. Oracle WSM policy: We can attach Oracle Web Services Manager(WSM) policies to Web Logic JAX-WS Web services and clients

Web Logic Web service policy: These policies are provided by Oracle Web Logic Server and can be attached to any web service deployed in Web Logic.

We can use Oracle Enterprise Manager Fusion Middleware Control to attach Oracle WSM security policies to Web Logic Java EE Web services and clients.

We can attach policies to Web Logic Web services at both design time and after the Web service has been deployed.

At design time, use the weblogic.jws.Policy and weblogic.jws.Policies JWS annotations in JWS file to associate policy files with Web service. We can associate any number of policy files with a Web service, although it is up to us to ensure that the assertions do not contradict each other. We can specify a policy file at the class level of our JWS file.

After the Web service has been deployed, use the Oracle Web Logic Server Administration Console to attach Web Logic Web service policies to Web Logic Web services.