This chapter describes how to secure and administer WebLogic Web services, including the following sections:
Table 17-1 summarizes the steps required to administer and secure WebLogic Web services. For information about developing WebLogic Web services, see Getting Started With JAX-WS Web Services for Oracle WebLogic Server.
Table 17-1 Steps to Administer and Secure WebLogic Web Services
| # |
Step | Description |
|---|---|---|
|
1 |
Deploy and administer the WebLogic Web service. |
Use the Oracle WebLogic Server Administration Console to perform the following deployment and administration tasks:
For more information, see "Web Services" in the Oracle WebLogic Server Administration Console Online Help. |
|
2 |
Attach the security and management policies to your WebLogic Web services and clients. |
You can attach two types of policies to WebLogic Web services and clients at design and deployment time: Oracle WSM and WebLogic Web Service policies. For details, see "Attaching Policies to WebLogic Web Services and Clients". |
|
3 |
Test the WebLogic Web services. |
|
|
4 |
Monitor the performance of WebLogic Web services. |
In Oracle Fusion Middleware 11g Release 1 (11.1.1), you can provide security and management policy enforcement of WebLogic Web services using one of the following policy types: Oracle WSM or WebLogic Web service.
The following table describes each policy type.
Table 17-2 Policy Types Supported by WebLogic Web Services
| Type | Description |
|---|---|
|
Oracle Web Services Manager (WSM) Policy |
Provided by the Oracle WSM. For more information about the Oracle WSM and the predefined policies, see "Understanding Oracle WSM Policy Framework". You can attach Oracle WSM policies to WebLogic JAX-WS Web services only. |
|
WebLogic Web Service Policy |
Provided by Oracle WebLogic Server. For more information about the WebLogic Web service policies, see Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server. A subset of WebLogic Web service policies interoperate with Oracle WSM policies. For more information, see "Interoperability with Oracle WebLogic Server 11g Web Service Security Environments". |
Note:
It is recommended that you use Oracle WSM policies whenever possible. You cannot mix your use of Oracle WSM and WebLogic Web service policies.The following sections describe how to attach each type of policy to WebLogic Web services and clients.
Attaching Oracle WSM Policies to WebLogic Web Service Clients
Attaching WebLogic Web Service Policies to WebLogic Web Services
Attaching WebLogic Web Service Policies to WebLogic Web Service Clients
You attach Oracle WSM policies to WebLogic Web services at design time and after the Web service has been deployed.
At design time, use the @SecurityPolicy and @SecurityPolicies JWS annotations in your JWS file to associate policy files with your Web Service. You can associate any number of policy files with a Web Service, although it is up to you to ensure that the assertions do not contradict each other. You can specify a policy file at the class level of your JWS file. For more information, see the following sections:
"Using Oracle Web Service Security Policies" in Securing WebLogic Web Services for Oracle WebLogic Server.
"Using Policies with Web Services" in "Designing and Developing Applications" in the Oracle JDeveloper online help.
After the Web service has been deployed, use the Oracle WebLogic Server Administration Console to attach Oracle WSM policies to WebLogic Web services. For more information, see "Associate a WS-Policy file with a Web Service" in the WebLogic Server Administration Console Online Help.
You attach policies to WebLogic Web service clients at design time, using JAX-WS Stubs. For more information, see "Using Oracle Web Service Security Policies" in Securing Web Services for Oracle WebLogic Server.
You attach policies to WebLogic Web services at both design time and after the Web service has been deployed.
At design time, use the @Policy and @Policies JWS annotations in your JWS file to associate policy files with your Web Service. You can associate any number of policy files with a Web Service, although it is up to you to ensure that the assertions do not contradict each other. You can specify a policy file at the class level of your JWS file. For more information, see the following sections:
"Using Policies with Web Services" in "Designing and Developing Applications" in the Oracle JDeveloper online help.
After the Web service has been deployed, use the Oracle WebLogic Server Administration Console to attach WebLogic Web service policies to WebLogic Web services. For more information, see "Associate a WS-Policy file with a Web Service" in the WebLogic Server Administration Console Online Help.
You attach policies to WebLogic Web service clients at design time, using JAX-WS Stubs. For more information, see "Using a Client-side Security Policy File" in Securing Web Services for Oracle WebLogic Server.