Securing WebLogic Web Services

      

Overview of Web Services Security

Overview of Web Services Security

What Type of Security Should You Configure?

Configuring Message-Level Security

Overview of Message-Level Security

 

Web Services Security Supported Standards

Web Services Trust and Secure Conversation

Web Services SecurityPolicy 1.2

Main Use Cases of Message-Level Security

Using Policy Files for Message-Level Security Configuration

 

Using Policy Files With JAX-WS

 

WS-Policy Namespace

 

WS-SecurityPolicy Namespace

 

Version-Independent Policy Supported

Configuring Simple Message-Level Security: Main Steps

 

Ensuring That WebLogic Server Can Validate the Client's Certificate

 

Updating the JWS File with @Policy and @Policies Annotations

Loading a Policy From the CLASSPATH

 

Using Key Pairs Other Than the Out-Of-The-Box SSL Pair

Updating a Client Application to Invoke a Message-Secured Web Service

 

Invoking a Message-Secured Web Service From a Client Running in a WebLogic Server Instance

Creating and Using a Custom Policy File

Configuring the WS-Trust Client

 

Supported Token Types

 

Configuring WS-Trust Client Properties

Obtaining the URI of the Secure Token Service

Configuring STS URI: Standalone Client

Configuring STS URI Using WLST: Client Running On Server Side

Configuring STS URI Using Console: Client Running On Server Side

Configuring STS Security Policy: Standalone Client

Configuring STS Security Policy Using WLST: Client Running On Server Side

Configuring STS Security Policy: Using the Console

Configuring the STS SOAP Version and WS-Trust Version: Standalone Client

Configuring and Using Security Contexts and Derived Keys (WS-SecureConversation)

 

Specification Backward Compatibility

 

WS-SecureConversation and Clusters

 

Updating a Client Application to Negotiate Security Contexts

Associating Policy Files at Runtime Using the Administration Console

Using Security Assertion Markup Language (SAML) Tokens For Identity

 

Using SAML Tokens for Identity: Main Steps

 

Specifying the SAML Confirmation Method

Specifying the SAML Confirmation Method (Proprietary Policy Only)

Associating a Web Service with a Security Configuration Other Than the Default

Valid Class Names and Token Types for Credential Provider

Using System Properties to Debug Message-Level Security

Using a Client-Side Security Policy File

 

Associating a Policy File with a Client Application: Main Steps

 

Updating clientgen to Generate Methods That Load Policy Files

 

Updating a Client Application To Load Policy Files (JAX-RPC Only)

Using WS-SecurityPolicy 1.2 Policy Files

 

Transport Level Policies

 

Protection Assertion Policies

 

WS-Security 1.0 Username and X509 Token Policies

 

WS-Security 1.1 Username and X509 Token Policies

 

WS-SecureConversation Policies

 

SAML Token Profile Policies

Choosing a Policy

Unsupported WS-SecurityPolicy 1.2 Assertions

Using the Optional Policy Assertion

Configuring Element-Level Security

 

Define and Use a Custom Element-Level Policy File

Adding the Policy Annotation to JWS File

 

Implementation Notes

Smart Policy Selection

 

Example of Security Policy With Policy Alternatives

 

Configuring Smart Policy Selection

How the Policy Preference is Determined

Configuring Smart Policy Selection in the Console

Understanding Body Encryption in Smart Policy

Smart Policy Selection for a Standalone Client

 

Multiple Transport Assertions

Example of Adding Security to MTOM Web Service

 

Files Used by This Example

 

SecurityMtomService.java

 

MtomClient.java

 

configWss.py Script File

 

Build.xml File

 

Building and Running the Example

 

Deployed WSDL for SecurityMtomService

Example of Adding Security to Reliable Messaging Web Service

 

Overview of Secure and Reliable SOAP Messaging

 

Overview of the Example

How the Example Sets Up WebLogic Security

 

Files Used by This Example

 

Revised ReliableEchoServiceImpl.java

 

Revised configWss.py

 

Revised configWss_Service.py

 

Building and Running the Example

Proprietary Web Services Security Policy Files (JAX-RPC Only)

 

Abstract and Concrete Policy Files

 

Auth.xml

 

Sign.xml

 

Encrypt.xml

 

Wssc-dk.xml

 

Wssc-sct.xml

Configuring Transport-Level Security

Configuring Transport-Level Security Through Policy

 

Configuring Transport-Level Security Through Policy: Main Steps

Configuring Transport-Level Security Via UserDataConstraint: Main Steps (JAX-RPC Only)

Configuring Two-Way SSL for a Client Application

Using a Custom SSL Adapter with Reliable Messaging

Configuring Access Control Security (JAX-RPC Only)

Configuring Access Control Security: Main Steps

Updating the JWS File With the Security-Related Annotations

Updating the JWS File With the @RunAs Annotation

Setting the Username and Password When Creating the Service Object


  Back to Top       Previous