My Oracle Support Banner

Security Policy Does Not Get Applied On Web Services (Doc ID 2628722.1)

Last updated on JANUARY 19, 2021

Applies to:

Oracle WebLogic Server - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

In this case, there is the need to restrict access to a JAX-WS Web Service by a security policy using the Admin console.
Yet, the policy doesn't take effect and the web service remains unprotected.

To reproduce it, the steps are:

1. Deploy the archive <application_name>.ear on WebLogic 12.2.1.x as application, with security model CustomRolesAndPolicies.
2. Create a group <group_name> and a user <username> in the domain’s security realm (DefaultAuthenticator). Add <username> to <group_name> as member.
3. Navigate to the Web Service Module <EJB_Module_name> under <application_name>.ear
4. Add the policy condition “Group: <group_name>”
5. Start the deployment and send a request to the web service




Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.