Weblogic 10.3 EJB Exposed JAXWS Web Service Policies Are Not Enforced

(Doc ID 1362102.1)

Last updated on APRIL 15, 2018

Applies to:

Oracle Weblogic Server - Version: 10.3 and later   [Release: and later ]
Information in this document applies to any platform.


On : 10.3 version, WLS-WebServices

A session bean exposed as web service, which has security policy enabled:

public String echo(String e) throws RemoteException{
return "Web Service Echo + " + e;


Security policy is not applied, the web service works without security header.


Security policy should be applied, the web service should not work without security header.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms