Go to main content
1/11
Contents
Title and Copyright Information
Preface
Documentation Accessibility
Conventions
What's New in This Guide
New and Changed Features for 12c (12.2.1.2.0)
New and Changed Features for 12c (12.2.1.1.0)
1
Overview of Web Services Security
What Type of Security Should You Configure?
Thread Safety
2
Configuring Message-Level Security
Overview of Message-Level Security
Web Services Security Supported Standards
Web Services Trust and Secure Conversation
Web Services SecurityPolicy 1.2
Main Use Cases of Message-Level Security
Using Policy Files for Message-Level Security Configuration
Using Policy Files With JAX-WS
WS-Policy Namespace
WS-SecurityPolicy Namespace
Version-Independent Policy Supported
Using the SHA-256 Secure Hash Algorithm
Update the Predefined SHA-1 Policies to SHA-256
SAML Policies
Wss1.0 Policies
Wss1.1 Policies
Secure Conversation Policies
Using the Extended Algorithm Suite (EAS)
Configuring Simple Message-Level Security
Configuring Simple Message-Level Security: Main Steps
Ensuring That WebLogic Server Can Validate the Client's Certificate
Updating the JWS File with @Policy and @Policies Annotations
Setting the uri Attribute
Setting Additional Attributes
Example of Using the @Policy and @Policies JWS Annotations
Loading a Policy From the CLASSPATH
Using Key Pairs Other Than the Out-Of-The-Box SSL Pair
Updating a Client Application to Invoke a Message-Secured Web Service
Invoking a Web Service From a Client Running in a WebLogic Server Instance
Example of Adding Security to a JAX-WS Web Service
Creating and Using a Custom Policy File
Configuring the WS-Trust Client
Supported Token Types
Configuring WS-Trust Client Properties
Obtaining the URI of the Secure Token Service
Configuring STS URI for WS-SecureConversation: Standalone Client
Configuring STS URI for SAML: Standalone Client
Configuring STS URI Using WLST: Client On Server Side
Configuring STS URI Using Console: Client On Server Side
Configuring STS Security Policy: Standalone Client
Configuring STS Security Policy Using WLST: Client On Server Side
Configuring STS Security Policy: Using the Console
Configuring the STS SOAP and WS-Trust Version: Standalone Client
Configuring the SAML STS Server Certificate: Standalone Client
Sample WS-Trust Client for SAML 2.0 Bearer Token Over HTTPS
Sample WS-Trust Client for SAML 2.0 Bearer Token with WSS 1.1 Message Protections
Configuring and Using Security Contexts and Derived Keys
Specification Backward Compatibility
WS-SecureConversation and Clusters
Updating a Client Application to Negotiate Security Contexts
Associating Policy Files at Runtime Using the Administration Console
Using Security Assertion Markup Language (SAML) Tokens For Identity
SAML Token Overview
Using SAML Tokens for Identity: Main Steps
Specifying the SAML Confirmation Method
Specifying the SAML Confirmation Method (Proprietary Policy Only)
Sample of SAML 1.1 Bearer Token Over HTTPS
Configuring SAML Attributes in a Web Service
Using SAML Attributes: Available Interfaces and Classes
Using SAML Attributes: Main Steps
SAML Attributes Example
Associating a Web Service with a Security Configuration Other Than the Default
Valid Class Names and Token Types for Credential Provider
Using System Properties to Debug Message-Level Security
Using a Client-Side Security Policy File
Associating a Policy File with a Client Application: Main Steps
Updating clientgen to Generate Methods That Load Policy Files
Updating a Client Application To Load Policy Files (JAX-RPC Only)
Using WS-SecurityPolicy 1.2 Policy Files
Transport-Level Policies
Protection Assertion Policies
WS-Security 1.0 Username and X509 Token Policies
WS-Security 1.1 Username and X509 Token Policies
WS-SecureConversation Policies
SAML Token Profile Policies
Choosing a Policy
Unsupported WS-SecurityPolicy 1.2 Assertions
Using the Optional Policy Assertion
Configuring Element-Level Security
Define and Use a Custom Element-Level Policy File
Adding the Policy Annotation to JWS File
Implementation Notes
Smart Policy Selection
Example of Security Policy With Policy Alternatives
Configuring Smart Policy Selection
How the Policy Preference is Determined
Configuring Smart Policy Selection in the Console
Understanding Body Encryption in Smart Policy
Smart Policy Selection for a Standalone Client
Multiple Transport Assertions
Example of Adding Security to MTOM Web Service
Files Used by This Example
SecurityMtomService.java
MtomClient.java
configWss.py Script File
Build.xml File
Building and Running the Example
Deployed WSDL for SecurityMtomService
Example of Adding Security to Reliable Messaging Web Service
Overview of Secure and Reliable SOAP Messaging
Overview of the Example
How the Example Sets Up WebLogic Security
Files Used by This Example
Revised ReliableEchoServiceImpl.java
Revised configWss.py
Revised configWss_Service.py
Building and Running the Example
Securing Web Services Atomic Transactions
Proprietary Web Services Security Policy Files (JAX-RPC Only)
Abstract and Concrete Policy Files
Auth.xml
Sign.xml
Encrypt.xml
Wssc-dk.xml
Wssc-sct.xml
3
Configuring Transport-Level Security
Configuring Transport-Level Security Through Policy
Available Transport-Level Policies
Prerequisite: Configure SSL
OPSS Keystore Service Supported
Configuring SSL: Main Steps
Configuring Two-Way SSL for a Client Application
Configuring Transport-Level Security Through Policy: Main Steps
Example of Configuring Transport Security for JAX-WS
One-Way SSL (HTTPS and HTTP Basic Authentication Example)
Persisting the State of a Request over SSL (JAX-WS Only)
Example of Getting SSLSocketFactory From System Properties
Configuring Transport-Level Security Via UserDataConstraint: Main Steps (JAX-RPC Only)
Using a Custom SSL Adapter with Reliable Messaging (JAX-RPC Only)
4
Configuring Access Control Security (JAX-RPC Only)
Configuring Access Control Security: Main Steps
Updating the JWS File With the Security-Related Annotations
Updating the JWS File With the @RunAs Annotation
Setting the Username and Password When Creating the Service Object
A
Using Oracle Web Services Manager Security Policies
Overview of OWSM Security Policies
Which OWSM Policies Are Supported for Java EE Web Services?
When Should You Use OWSM Security Policies?
Interoperability Between WebLogic Web Service Policies and OWSM Policies
Attaching OWSM Security Policies to JAX-WS Web Services
Attaching OWSM Security Policies Using the Administration Console
Refreshing the Cache After Attaching Policies
Attaching OWSM Security Policies to JAX-WS Web Service Clients
Disabling a Globally Attached OWSM Policy
Configuring Policies
Overriding the Policy Configuration for the Web Service Client
Monitoring and Testing the Web Service
Scripting on this page enhances content navigation, but does not change the content in any way.