Skip Headers
Oracle® Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server
11
g
Release 1 (10.3.3)
Part Number E13713-03
Home
Book List
Master Index
Contact Us
Next
View PDF
Contents
Title and Copyright Information
Preface
Documentation Accessibility
Conventions
1
Overview of Web Services Security
Overview of Web Services Security
What Type of Security Should You Configure?
2
Configuring Message-Level Security
Overview of Message-Level Security
Web Services Security Supported Standards
Web Services Trust and Secure Conversation
Web Services SecurityPolicy 1.2
Main Use Cases of Message-Level Security
Using Policy Files for Message-Level Security Configuration
Using Policy Files With JAX-WS
WS-Policy Namespace
WS-SecurityPolicy Namespace
Version-Independent Policy Supported
Configuring Simple Message-Level Security: Main Steps
Ensuring That WebLogic Server Can Validate the Client's Certificate
Updating the JWS File with @Policy and @Policies Annotations
Loading a Policy From the CLASSPATH
Using Key Pairs Other Than the Out-Of-The-Box SSL Pair
Updating a Client Application to Invoke a Message-Secured Web Service
Invoking a Web Service From a Client Running in a WebLogic Server Instance
Example of Adding Security to a JAX-WS Web Service
Creating and Using a Custom Policy File
Configuring the WS-Trust Client
Supported Token Types
Configuring WS-Trust Client Properties
Obtaining the URI of the Secure Token Service
Configuring STS URI for WS-SecureConversation: Standalone Client
Configuring STS URI for SAML: Standalone Client
Configuring STS URI Using WLST: Client On Server Side
Configuring STS URI Using Console: Client On Server Side
Configuring STS Security Policy: Standalone Client
Configuring STS Security Policy Using WLST: Client On Server Side
Configuring STS Security Policy: Using the Console
Configuring the STS SOAP and WS-Trust Version: Standalone Client
Configuring the SAML STS Server Certificate: Standalone Client
Sample WS-Trust Client for SAML 2.0 Bearer Token over HTTPS
Sample WS-Trust Client for SAML 2.0 Bearer Token with WSS 1.1 Message Protections
Configuring and Using Security Contexts and Derived Keys
Specification Backward Compatibility
WS-SecureConversation and Clusters
Updating a Client Application to Negotiate Security Contexts
Associating Policy Files at Runtime Using the Administration Console
Using Security Assertion Markup Language (SAML) Tokens For Identity
Using SAML Tokens for Identity: Main Steps
Specifying the SAML Confirmation Method
Specifying the SAML Confirmation Method (Proprietary Policy Only)
Associating a Web Service with a Security Configuration Other Than the Default
Valid Class Names and Token Types for Credential Provider
Using System Properties to Debug Message-Level Security
Using a Client-Side Security Policy File
Associating a Policy File with a Client Application: Main Steps
Updating clientgen to Generate Methods That Load Policy Files
Updating a Client Application To Load Policy Files (JAX-RPC Only)
Using WS-SecurityPolicy 1.2 Policy Files
Transport Level Policies
Protection Assertion Policies
WS-Security 1.0 Username and X509 Token Policies
WS-Security 1.1 Username and X509 Token Policies
WS-SecureConversation Policies
SAML Token Profile Policies
Choosing a Policy
Unsupported WS-SecurityPolicy 1.2 Assertions
Using the Optional Policy Assertion
Configuring Element-Level Security
Define and Use a Custom Element-Level Policy File
Adding the Policy Annotation to JWS File
Implementation Notes
Smart Policy Selection
Example of Security Policy With Policy Alternatives
Configuring Smart Policy Selection
How the Policy Preference is Determined
Configuring Smart Policy Selection in the Console
Understanding Body Encryption in Smart Policy
Smart Policy Selection for a Standalone Client
Multiple Transport Assertions
Example of Adding Security to MTOM Web Service
Files Used by This Example
SecurityMtomService.java
MtomClient.java
configWss.py Script File
Build.xml File
Building and Running the Example
Deployed WSDL for SecurityMtomService
Example of Adding Security to Reliable Messaging Web Service
Overview of Secure and Reliable SOAP Messaging
Overview of the Example
How the Example Sets Up WebLogic Security
Files Used by This Example
Revised ReliableEchoServiceImpl.java
Revised configWss.py
Revised configWss_Service.py
Building and Running the Example
Securing Web Services Atomic Transactions
Proprietary Web Services Security Policy Files (JAX-RPC Only)
Abstract and Concrete Policy Files
Auth.xml
Sign.xml
Encrypt.xml
Wssc-dk.xml
Wssc-sct.xml
3
Configuring Transport-Level Security
Configuring Transport-Level Security Through Policy
Configuring Transport-Level Security Through Policy: Main Steps
Example of Using JWS Annotations in Your JWS File
Example of Configuring Transport Security for JAX-WS
One-Way SSL (HTTPS and HTTP Basic Authentication Example)
New Two-Way Persistent SSL Client API for JAX-WS
Example of Getting SSLSocketFactory From System Properties
Configuring Transport-Level Security Via UserDataConstraint: Main Steps (JAX-RPC Only)
Configuring Two-Way SSL for a Client Application
Using a Custom SSL Adapter with Reliable Messaging
4
Configuring Access Control Security (JAX-RPC Only)
Configuring Access Control Security: Main Steps
Updating the JWS File With the Security-Related Annotations
Updating the JWS File With the @RunAs Annotation
Setting the Username and Password When Creating the Service Object
A
Using Oracle Web Services Manager Security Policies
Overview
When Should You Use Oracle WS-Security Policies?
What Oracle WSM Security Policies Are Available?
Is There Compatibility Between WebLogic Policies and Oracle WSM Policies?
What Oracle WSM WS-Security Policies Are Not Available?
Where are the Oracle WSM Policies Documented?
Adding Oracle WSM WS-Security Policies to a Web Service
SecurityPolicy and SecurityPolicies Annotations
Configuring Oracle WSM Security Policies in Administration Console
Adding Oracle WSM WS-Security Policies to Clients
Associating a Policy File with a Client Application: Main Steps
Configuring Permission-Based Authorization Policies
Configuring the Credential Store Using WLST
How to Create and Use a Java Keystore
How to Create Private Keys and Load Trusted Certificates
Manage the Credential Store Framework
How to Update Your Credential Store Using WLST
Policy Configuration Overrides for the Web Service Client
Creating Custom Assertions
Overview of Custom Assertion Creation
Step 1: Create the Custom Policy File
Step 2: Add the Custom Policy to the Policy Store
Step 3: Create the Custom Assertion Class
Step 4: Create the Custom Assertion Class JAR File
Step 5: Update Your CLASSPATH
Step 6: Develop and Deploy a JAX-WS Web Service
Step 7: Attach the Custom Policy to the JAX-WS Web Service
Monitoring and Testing the Web Service
Scripting on this page enhances content navigation, but does not change the content in any way.