WLS 10.3: UNABLE TO PROTECT WEBLOGIC JAX-WS WEB SERVICES USING ROLES
(Doc ID 1072446.1)
Last updated on APRIL 14, 2018
Applies to:Oracle Weblogic Server - Version: 10.3
Information in this document applies to any platform.
When run on WebLogic, this code only works if using transport-level-security (eg. HTTP Basic Authentication).
However, when using message level security (eg. WS-Security UserToken with username/password in SOAP header), this code doesn't work and Weblogic doesn't seem to populate the roles correctly for the user.
As a result, there appears to be no way for Weblogic JAX-WS based Webservices to have role based access control enforced when using Message Level Security.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document