JAX-WS: Container level security on Weblogic

In this post we are going to see how to secure a Web Service with basic HTTP Auth, in weblogic. We will base in a previous project where we created a very basic WS: Hello World.

In the Security Realm > MyRealm we have to create:

  • An user: user/12345678
  • A group: TutorialUser
  • Add the user to the group

In the Weblogic console as we see on the picture:

Managing users and groups

In web.xml we have to add the security confs needed (path, basic type,….):

   <!--
    SECURITY
    -->
    <security-constraint>
        <display-name>Regla01</display-name>
        <web-resource-collection>
            <web-resource-name>WSPOST</web-resource-name>
            <description>
            <url-pattern>/*</url-pattern>
            <http-method>POST</http-method>
        </description>
        <auth-constraint>
            <description>
            <role-name>TutorialUser</role-name>
        </description>
    </auth-constraint>
    <session-config>
        <session-timeout>5</session-timeout>
    </session-config>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myrealm</realm-name>
    </login-config>
    <security-role>
        <description>
        <role-name>TutorialUser</role-name>
    </description>
</security-role>
</web-resource-collection>
</security-constraint>

In weblogic.xml map the application role with server role (it is mandatory):

    <wls:security-role-assignment>
        <wls:role-name>TutorialUser</wls:role-name>
        <wls:principal-name>TutorialUser</wls:principal-name>
    </wls:security-role-assignment>

We can test with SoapUI creating a new WS project, with WSDL address (http://localhost:7001/wsc/HelloService?WSDL) and previous Weblogic credentials created:

SoapUI Test

12 thoughts on “JAX-WS: Container level security on Weblogic

  1. Good Post.. I have a question on your web.xml

    Why do you have role-name enclosed within a description tag?

    TutorialUser

    Shouldn’t it be like this:

    TutorialUser

    ???

    Please explain..

    thanks,
    Rex

  2. I tried your example.. but when I run the test thru SoapUI I get “10.4.4 403 Forbidden” error.
    Can you please explain your method in detailed steps?

    thanks,
    Rex

  3. Hi,

    I have a security constraint configured for a url-pattern.

    I’ve a WSDL which has 5 APIs. Currently, we are configuring the security based on the url pattern which is same for all the APIs.

    Now, we have a requirement that we need to have 2 different Auth Username-Password.

    For instance, Web Service A, B, C need to be authenticated using XXX / YYY and Web Service E,F need to be authenticated using SSS / PPP.

    Is this possible? They all share the same WSDL.

  4. I am trying to user Application Migration Tool using Eclipse Galileo 3.5 vresion. i have also downloaded & installed websphere application server trial verion 7 on my machine. But As Eclipse 3.5 only supports websphere server 6.0 runtime i am not able test any samples. Is there any additional plugin/adaptor required so that Eclipse can support websphere application server 7.0.

  5. Thanks Zakki,Not much performance behmncarking during the build phase, but performance matters while configuring the domain as well as deployments. Normal perfcheck would be considering these factors Page check and servlet reload intervals, Precompile JSPs, disabling access logging, session persistence performance setup and use of custom jsp tags.

  6. Aw, this was ɑn incrediƅly gooԁ post.
    Ϝіnding tһе time and aϲtᥙаl effοгt
    to maκᥱ ɑ ɡоօⅾ агticlе… bսt ԝɦаt
    can I ѕɑy… Ӏ ргοсraѕtіnatе a աҺߋlе
    lⲟt аnd neѵeг mаnaɡе tߋ ɡеt neɑгⅼʏ аnythіng dоne.

  7. excellent put up, very informatiνе. I’m ԝⲟndеrіng ᴡɦү tɦе ߋtҺеr
    ѕpecіalіѕtѕ оf tҺiѕ ѕесtοг ԁοn’t геalіzе
    tҺіs. Yοu ѕɦօսⅼɗ
    ргоϲᥱеɗ ʏouг ѡгіtіng.

    I am ϲonfіԀᥱnt,
    yοᥙ’ᴠᥱ а gгеаt гeаɗегs’
    Ьаsе aⅼгеaɗʏ!

  8. Ⲏey thеге, Уοս Һaνе Ԁone a fantaѕtіϲ ϳߋb.
    I wіⅼⅼ cᥱгtаinly ɗіǥɡ іt аnd ρᥱrsߋnaⅼlʏ гᥱcⲟmmend tߋ mʏ fгіеndѕ.
    Ӏ’m ϲοnfіɗent
    thеу ᴡіⅼⅼ bᥱ ƅеnefіtеɗ fгоm tҺіs ѕіtе.

  9. Howdy woᥙld you mіnd ѕҺaring աɦіch bⅼοg ρlɑtfогm уοս’re սѕing?
    Ι’m ⅼߋօқing tо
    ѕtart my οաn bⅼοց ѕоοn ƅut Ι’m hаѵіng a һaгⅾ tіmᥱ Ԁесіdіng bеtաееn ⲂⅼоɡEngine/Wοrɗргeѕѕ/Ⲃ2evօlᥙtіⲟn and Ɗrᥙρaⅼ.
    Τɦе геaѕοn І аѕк
    iѕ Ьесaᥙѕе уоᥙr Ԁеsіɡn аnd ѕtуⅼе ѕᥱems dіffеrеnt thеn mⲟѕt Ƅⅼoǥѕ аnd I’m lοοҝіng fοг sօmᥱthіng сߋmpⅼеtelу uniգᥙе.
    P.Ꮪ Ѕⲟггү fοг bеіng օff-tоріc but I Һad tο aѕҝ!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>