This discussion is archived
1 Reply Latest reply: Jan 15, 2013 9:35 AM by Faisal Khan RSS

Weblogic Server Security scenarios

856276 Newbie
Currently Being Moderated
Hi All,

My client has a requirement to implement enterprise level security ( for all the webservices developed usinig SOA suite or for services including EJBs deployed onto weblogic server ) and we haven't purchased products like OEG , OAM , SSO etc. But ideally would wish to implement security ( common layer ) within weblogic server. I believe we could use the below scenarios to acheve the same.

1) Mutual authentication ( SSL certificate exchange ) for all services.
2) User Authentication access ( don't know how exactly to achieve this at a domain level).

Would request your feedback and comments on the same to achieve domain level security. Any other scenarios also would be much appreciated.

Regards,
Kris
  • 1. Re: Weblogic Server Security scenarios
    Faisal Khan Expert
    Currently Being Moderated
    You can guarantee message level security by using securing the webservices usiing canned policies...

    http://weblogic-wonders.com/weblogic/2011/05/24/securing-webservices-using-username-password-mechanism/

    http://weblogic-wonders.com/weblogic/2010/01/19/using-canned-policy-with-weblogic-server/


    You can ensure transport level security by making the Webservice accessible over SSL, you can also enable two way SSL on WLS.
    In that case, the client trying to connect to WLS will have to pass a certificate.

    -Faisal

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points