My Oracle Support Banner

Web Service Role Authorization No Longer Applied After Migrating From WLS11g To 12c (Doc ID 2435136.1)

Last updated on AUGUST 15, 2018

Applies to:

Oracle WebLogic Server - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

On : 12.2.1.3.0 version, WLS Security

As part of an application, a set of web services is delivered in an ear file in which secure access is arranged by default requiring basic authentication. When using WLS 11g (10.3.6) the default security realm of WLS could be used  to define global roles and weblogic users to arrange authorization per web service and if needed per web service operation.

After migrating to WLS12c (12.2.1.1.3) and deploying exactly the same ear file in the same way as under WLS 11g the user authentication works fine (authentication is ok) but whatever roles are defined this configuration is completely ignored. Each new user that is defined in the default realm has access to all services.

The security configuration actions undertaken for 12c are identical to 11g. It is expected that a new user must not be entitled to access application.


Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.