My Oracle Support Banner

Security Policy Does Not Get Applied On Web Services (Doc ID 2628722.1)

Last updated on FEBRUARY 16, 2023

Applies to:

Oracle WebLogic Server - Version and later
Information in this document applies to any platform.
***   ***


In this case, there is the need to restrict access to a JAX-WS Web Service by a security policy using the Admin console.
Yet, the policy doesn't take effect and the web service remains unprotected.

To reproduce it, the steps are:

1. Deploy the archive <application_name>.ear on WebLogic 12.2.1.x as application, with security model CustomRolesAndPolicies.
2. Create a group <group_name> and a user <username> in the domain’s security realm (DefaultAuthenticator). Add <username> to <group_name> as member.
3. Navigate to the Web Service Module <EJB_Module_name> under <application_name>.ear
4. Add the policy condition “Group: <group_name>”
5. Start the deployment and send a request to the web service


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.