How to set up WebLogic 10.3.3. security for JAX_WS web services?

Posted by Roman Kagan on Stack Overflow See other posts from Stack Overflow or by Roman Kagan
Published on 2011-01-06T23:34:44Z Indexed on 2011/01/10 18:53 UTC
Read the original article Hit count: 161

Filed under:

web-services

|

security

|

weblogic

|

weblogic-10.x

I have quite simple task to accomplish - I have to set up the security for web services ( basic authentication with hardcoded in WLES user id and password). I set the web.xml (see code fragment below) but I have tough time configuring WebLogic. I added IdentityAssertionAuthenticator Authentication Provider, set it as Required, modified DefaultAuthenticator as Optional and I went to deployed application's security and set the role to "thisIsUser" and at some point it worked, but not anymore (I redeployed war file and set web service security the same way but no avail.) I'd greatly appreciate for all your help.

    <security-constraint>
    <display-name>SecurityConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>ABC</web-resource-name>
        <url-pattern>/ABC</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>thisIsUser</role-name>
    </auth-constraint>
</security-constraint>

© Stack Overflow or respective owner

Related posts about web-services

Testing your Web services using the Data Web Services Test Client

as seen on Internet.com - Search for 'Internet.com'
Paul Zikopoulos introduces you to the Data Web Services Test Client that's available in IBM Data Studio Version 1.2 or later >>> More
Webservices error for dev.virtualearth.net/webservices/geocode

as seen on Stack Overflow - Search for 'Stack Overflow'
I am getting the following stacktrace and have no idea what I am looking at and how to debug and fix it: Here is the error: Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your… >>> More
Setting up Metro 2.0 with Jetty 7

as seen on Stack Overflow - Search for 'Stack Overflow'
This question relates to a previous question of mine. I am attempting to set-up a low overhead Web Container using Jetty 7 that I can deploy Web Services using Metro 2.0. I have installed the following Metro 2.0 libs into jetty/lib: webservices-extra-api.jar webservices-extra.jar webservices-rt… >>> More
Interview questions about ASP.NET Web services.

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I have seen there are lots of myth’s about asp.net web services in fresher level asp.net developers. So I decided to write a blog post about asp.net web services interview questions. Because I think this is the best way to reach fresher asp.net developers. Followings are few questions about asp.net… >>> More
Service-Oriented Architecture and Web Services

as seen on DotNetBlocks - Search for 'DotNetBlocks'
Service oriented architecture is an architectural model for developing distributed systems across a network or the Internet. The main goal of this model is to create a collection of sub-systems to function as one unified system. This approach allows applications to work within the context of a client… >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More