WLS 10.3: UNABLE TO PROTECT WEBLOGIC JAX-WS WEB SERVICES USING ROLES
Last updated on JUNE 09, 2016
Applies to:Oracle Weblogic Server - Version: 10.3
Information in this document applies to any platform.
When run on WebLogic, this code only works if using transport-level-security (eg. HTTP Basic Authentication).
However, when using message level security (eg. WS-Security UserToken with username/password in SOAP header), this code doesn't work and Weblogic doesn't seem to populate the roles correctly for the user.
As a result, there appears to be no way for Weblogic JAX-WS based Webservices to have role based access control enforced when using Message Level Security.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms