I built web-service application in jdevelopler 11.1.1.7. Their is security policy applied in the web service from the default Oracle policies which is (policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml)
Now any one want to access the web-service application have to provide the username/password in the header section for the SOAP request to fulfill the policy requirement.
using the following steps I am trying to restrict the access to the web-service application to be with in specific group of users among weblogic users:
Login to the weblogic admin console
Create user or group of users
Click the deployments links
Select your web-service
Click the Security tab
Click the Policies sub-tab
Choose your authorization provider from the drop down (sounds like the default)
Choose Add Conditions -> Group -> Type in the group name
Finish
But the access is still available for all weblogic users (i.e users not in the group specified in the above security configuration). How can I restrict access to only allowed group? Any thing missing in my approach?