Skip to Main Content
WebLogic: The Definitive Guide
book

WebLogic: The Definitive Guide

by Jon Mountjoy, Avinash Chugh
February 2004
Intermediate to advanced content levelIntermediate to advanced
848 pages
27h 25m
English
O'Reilly Media, Inc.
Content preview from WebLogic: The Definitive Guide

Security

There are three aspects to securing WebLogic web services:

Access control security

You can secure the entire web service by restricting access to the URLs that invoke the web service (or its WSDL). This approach automatically secures any backend components used to implement the web service. Alternatively, you can secure the individual components that make up the web service: the web application that hosts the web-services.xml descriptor file, the stateless session EJBs, a subset of the methods of the EJB, and so on. You also can prevent access to the home page and WSDL, which is by default publicly accessible.

Connection level security

You can modify the web-services.xml descriptor file to indicate that clients can invoke the web services only over HTTPS. Moreover, if the client authenticates itself using SSL, you need to configure SSL security for WebLogic as well.

Message security

WebLogic 8.1 lets you use a mixture of digital signing, data encryption, and security token propagation to provide you with message integrity and confidentiality.

Like other J2EE components, WebLogic allows you to assign a security policy to a web service component. These policies allow WebLogic to enforce authorization checks on clients who invoke the web service. Because a web service relies on multiple backend components for its implementation, you can independently secure the web service backends as well. Configuring SSL security for a web service is equally easy — most of the work lies in ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Building Microservices with Spring Boot, Second Edition

Building Microservices with Spring Boot, Second Edition

Josh Long / Phillip Webb
Spring Microservices in Action, Second Edition

Spring Microservices in Action, Second Edition

John Carnell, Illary Huaylupo Sanchez
Kubernetes: Up and Running, 2nd Edition

Kubernetes: Up and Running, 2nd Edition

Brendan Burns, Joe Beda, Kelsey Hightower
Learn OpenShift

Learn OpenShift

Denis Zuev, Artemii Kropachev, Aleksey Usov

Publisher Resources

ISBN: 059600432XErrata Page