1 Reply Latest reply: Jan 15, 2013 11:35 AM by Faisal Khan RSS

    Weblogic Server Security scenarios

    856276
      Hi All,

      My client has a requirement to implement enterprise level security ( for all the webservices developed usinig SOA suite or for services including EJBs deployed onto weblogic server ) and we haven't purchased products like OEG , OAM , SSO etc. But ideally would wish to implement security ( common layer ) within weblogic server. I believe we could use the below scenarios to acheve the same.

      1) Mutual authentication ( SSL certificate exchange ) for all services.
      2) User Authentication access ( don't know how exactly to achieve this at a domain level).

      Would request your feedback and comments on the same to achieve domain level security. Any other scenarios also would be much appreciated.

      Regards,
      Kris
        • 1. Re: Weblogic Server Security scenarios
          Faisal Khan
          You can guarantee message level security by using securing the webservices usiing canned policies...

          http://weblogic-wonders.com/weblogic/2011/05/24/securing-webservices-using-username-password-mechanism/

          http://weblogic-wonders.com/weblogic/2010/01/19/using-canned-policy-with-weblogic-server/


          You can ensure transport level security by making the Webservice accessible over SSL, you can also enable two way SSL on WLS.
          In that case, the client trying to connect to WLS will have to pass a certificate.

          -Faisal