This chapter describes how to secure and administer WebLogic Web services, including the following sections:
Table 18-1 summarizes the steps required to administer and secure WebLogic Web services. For information about developing WebLogic Web services, see Getting Started With JAX-WS Web Services for Oracle WebLogic Server.
Table 18-1 Steps to Administer and Secure WebLogic Web Services
# |
Step | Description |
---|---|---|
1 |
Deploy and administer the WebLogic Web service. |
Use the Oracle WebLogic Server Administration Console to perform the following deployment and administration tasks:
For more information, see "Web Services" in the Oracle WebLogic Server Administration Console Help. |
2 |
Attach the security and management policies to your WebLogic Web services and clients. |
You can attach two types of policies to WebLogic Web services and clients at design and deployment time: Oracle WSM and WebLogic Web service policies. You can use Oracle Enterprise Manager Fusion Middleware Control to attach Oracle WSM security policies to WebLogic Java EE Web services and clients. For details, see "Attaching Policies to WebLogic Web Services and Clients". |
3 |
Test the WebLogic Web services. |
|
4 |
Monitor the performance of WebLogic Web services. |
In Oracle Fusion Middleware 11g Release 1 (11.1.1.9), you can provide security and management policy enforcement of WebLogic Web services using one of the following policy types: Oracle WSM or WebLogic Web service.
The following table describes each policy type.
Table 18-2 Policy Types Supported by WebLogic Web Services
Type | Description |
---|---|
Oracle Web Services Manager (WSM) Policy |
Provided by the Oracle WSM. For more information about Oracle WSM and the predefined policies, see "Understanding Oracle WSM Policy Framework". You can attach Oracle WSM policies to WebLogic JAX-WS Web services and clients. |
WebLogic Web Service Policy |
Provided by Oracle WebLogic Server. For more information about the WebLogic Web service policies, see Securing WebLogic Web Services for Oracle WebLogic Server. A subset of WebLogic Web service policies interoperate with Oracle WSM policies. For more information, see "Interoperability with Oracle WebLogic Server 11g Web Service Security Environments" in Interoperability Guide for Oracle Web Services Manager. |
Note:
It is recommended that you use Oracle WSM policies whenever possible. You cannot mix your use of Oracle WSM and WebLogic Web service policies.The following sections describe how to attach each type of policy to WebLogic Web services and clients.
Attaching Oracle WSM Policies to WebLogic Web Service Clients
Attaching WebLogic Web Service Policies to WebLogic Web Services
Attaching WebLogic Web Service Policies to WebLogic Web Service Clients
You attach Oracle WSM policies to WebLogic Web services at design time and after the Web service has been deployed.
At design time, use the weblogic.wsee.jws.jaxws.owsm.SecurityPolicy
and weblogic.wsee.jws.jaxws.owsm.SecurityPolicies
JWS annotations in your JWS file to associate policy files with your Web service. You can associate any number of policy files with a Web service, although it is up to you to ensure that the assertions do not contradict each other. You can specify a policy file at the class level of your JWS file. For more information, see the following sections:
"Using Oracle Web Services Manager Security Policies" in Securing WebLogic Web Services for Oracle WebLogic Server.
"Using Policies with Web Services" in "Developing with Web Services" in the Oracle JDeveloper online help.
After the Web service has been deployed, you can use the Oracle WebLogic Server Administration Console or Oracle Enterprise Manager Fusion Middleware Control to attach Oracle WSM policies to WebLogic Web services. For more information about attaching policies using the WebLogic Server Administration Console, see "Attach a WS-Policy file to a Web Service" in the Oracle WebLogic Server Administration Console Help. For more information about attaching policies using Fusion Middleware Control, see Chapter 8, "Attaching Policies to Web Services."
Oracle recommends that you use Oracle Enterprise Manager Fusion Middleware Control to attach Oracle WSM policies to a Web service client post-deployment. For more information, see "Attaching Policies to Java EE Web Service Clients". If you attach Oracle WSM policies programmatically at development time, you will not be able to modify or delete the policies using Fusion Middleware Control after the client application is deployed.
You attach policies to WebLogic Web services at both design time and after the Web service has been deployed.
At design time, use the weblogic.jws.Policy
and weblogic.jws.Policies
JWS annotations in your JWS file to associate policy files with your Web service. You can associate any number of policy files with a Web service, although it is up to you to ensure that the assertions do not contradict each other. You can specify a policy file at the class level of your JWS file. For more information, see the following sections:
"Using Policies with Web Services" in "Developing with Web Services" in the Oracle JDeveloper online help.
After the Web service has been deployed, use the Oracle WebLogic Server Administration Console to attach WebLogic Web service policies to WebLogic Web services. For more information, see "Attach a WS-Policy file to a Web Service" in the Oracle WebLogic Server Administration Console Help.
You attach policies to WebLogic Web service clients at design time, using JAX-WS Stubs. For more information, see "Using a Client-side Security Policy File" in Securing WebLogic Web Services for Oracle WebLogic Server.