Securing WebLogic Web Services

     Previous  Next    Contents    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Overview of Web Services Security

Overview of Web Services Security

What Type of Security Should You Configure?

Configuring Message-Level Security

Overview of Message-Level Security

Web Services Security Supported Standards

Web Services Trust and Secure Conversation

Web Services SecurityPolicy 1.2

Main Use Cases of Message-Level Security

Using Policy Files for Message-Level Security Configuration

Using Policy Files With JAX-WS

WS-Policy Namespace

WS-SecurityPolicy Namespace

Version-Independent Policy Supported

Configuring Simple Message-Level Security: Main Steps

Ensuring That WebLogic Server Can Validate the Client’s Certificate

Updating the JWS File with @Policy and @Policies Annotations

Loading a Policy From the CLASSPATH

Using Key Pairs Other Than the Out-Of-The-Box SSL Pair

Updating a Client Application to Invoke a Message-Secured Web Service

Invoking a Message-Secured Web Service From a Client Running in a WebLogic Server Instance

Creating and Using a Custom Policy File

Configuring the WS-Trust Client

Supported Token Types

Configuring WS-Trust Client Properties

Obtaining the URI of the Secure Token Service

Configuring STS URI: Standalone Client

Configuring STS URI Using WLST: Client Running On Server Side

Configuring STS URI Using Console: Client Running On Server Side

Configuring STS Security Policy: Standalone Client

Configuring STS Security Policy Using WLST: Client Running On Server Side

Configuring STS Security Policy: Using the Console

Configuring the STS SOAP Version and WS-Trust Version: Standalone Client

Configuring and Using Security Contexts and Derived Keys (WS-SecureConversation)

Specification Backward Compatibility

WS-SecureConversation and Clusters

Updating a Client Application to Negotiate Security Contexts

Associating Policy Files at Runtime Using the Administration Console

Using Security Assertion Markup Language (SAML) Tokens For Identity

Using SAML Tokens for Identity: Main Steps

Specifying the SAML Confirmation Method

Specifying the SAML Confirmation Method (Proprietary Policy Only)

Associating a Web Service with a Security Configuration Other Than the Default

Valid Class Names and Token Types for Credential Provider

Using System Properties to Debug Message-Level Security

Using a Client-Side Security Policy File

Associating a Policy File with a Client Application: Main Steps

Updating clientgen to Generate Methods That Load Policy Files

Updating a Client Application To Load Policy Files (JAX-RPC Only)

Using WS-SecurityPolicy 1.2 Policy Files

Transport Level Policies

Protection Assertion Policies

WS-Security 1.0 Username and X509 Token Policies

WS-Security 1.1 Username and X509 Token Policies

WS-SecureConversation Policies

SAML Token Profile Policies

Choosing a Policy

Unsupported WS-SecurityPolicy 1.2 Assertions

Using the Optional Policy Assertion

Configuring Element-Level Security

Define and Use a Custom Element-Level Policy File

Adding the Policy Annotation to JWS File

Implementation Notes

Smart Policy Selection

Example of Security Policy With Policy Alternatives

Configuring Smart Policy Selection

How the Policy Preference is Determined

Configuring Smart Policy Selection in the Console

Understanding Body Encryption in Smart Policy

Smart Policy Selection for a Standalone Client

Multiple Transport Assertions

Example of Adding Security to MTOM Web Service

Files Used by This Example

SecurityMtomService.java

MtomClient.java

configWss.py Script File

Build.xml File

Building and Running the Example

Deployed WSDL for SecurityMtomService

Example of Adding Security to Reliable Messaging Web Service

Overview of Secure and Reliable SOAP Messaging

Overview of the Example

How the Example Sets Up WebLogic Security

Files Used by This Example

Revised ReliableEchoServiceImpl.java

Revised configWss.py

Revised configWss_Service.py

Building and Running the Example

Proprietary Web Services Security Policy Files (JAX-RPC Only)

Abstract and Concrete Policy Files

Auth.xml

Sign.xml

Encrypt.xml

Wssc-dk.xml

Wssc-sct.xml

Configuring Transport-Level Security

Configuring Transport-Level Security Through Policy

Configuring Transport-Level Security Through Policy: Main Steps

Configuring Transport-Level Security Via UserDataConstraint: Main Steps (JAX-RPC Only)

Configuring Two-Way SSL for a Client Application

Using a Custom SSL Adapter with Reliable Messaging

Configuring Access Control Security (JAX-RPC Only)

Configuring Access Control Security: Main Steps

Updating the JWS File With the Security-Related Annotations

Updating the JWS File With the @RunAs Annotation

Setting the Username and Password When Creating the Service Object


  Back to Top       Previous  Next