My Oracle Support Banner

Users Are Not Restricted To Access A Particular Service (Doc ID 2640140.1)

Last updated on OCTOBER 18, 2021

Applies to:

Oracle API Gateway - Version 11.1.2.4.0 and later
Information in this document applies to any platform.

Symptoms

Even after adding one user to one group and restricting the service to that group, it is allowing all users in the local store to access the service.

The policy is being accessed successfully but to all users instead of to one user


STEPS
------
1. Create a group.
2. Add the user to that group
3. Add Check Group Membership filter as a Start and connect it to WS-Security Username Token filter with a success path and connect this filter to the Service Handler
4. Deploy
5. Access the service from SoapUI using the OAG virtualized URL.
6. All the users can access the service. The expected behavior is that only the user belonging to the group should be able to access the service.



Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.