Security Policy Does Not Get Applied On Web Services
(Doc ID 2628722.1)
Last updated on FEBRUARY 16, 2023
Applies to:Oracle WebLogic Server - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
In this case, there is the need to restrict access to a JAX-WS Web Service by a security policy using the Admin console.
Yet, the policy doesn't take effect and the web service remains unprotected.
To reproduce it, the steps are:
1. Deploy the archive <application_name>.ear on WebLogic 12.2.1.x as application, with security model CustomRolesAndPolicies.
2. Create a group <group_name> and a user <username> in the domain’s security realm (DefaultAuthenticator). Add <username> to <group_name> as member.
3. Navigate to the Web Service Module <EJB_Module_name> under <application_name>.ear
4. Add the policy condition “Group: <group_name>”
5. Start the deployment and send a request to the web service
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document