Security

WebLogic Workshop’s security model allows you to:

The J2EE servlet security model lets you restrict access to any web resource, whether that resource is a web application, a web service within that application, or a particular method in that web service. In the J2EE model, users are assigned to groups, and different groups are granted different levels of access to different web resources as described by the resources' URLs. For more information on using the declarative security model, see Declarative Security.

The servlet security model also lets you expose the web services within a given application on HTTP- or HTTPS-enabled ports as necessary. HTTPS-enabled ports should be used whenever web service communication includes sensitive data that needs to be encrypted. For information on configuring your web service to be exposed on an HTTPS-enabled port see Using HTTPS to Secure a WebLogic Workshop Web Service.

The programmatic security model lets you make security decisions in the web service code itself to change web service behavior based on the permissions of the user. For more information, see Programmatic Security.

Note: WebLogic Workshop supports two modes of security infrastructure: the new WebLogic Server 7.0 security model and the WebLogic Server 6.1 realm-based model. If your WebLogic Workshop applications do not include WebLogic Portal or WebLogic Integration components running in the same server domain, use the new WebLogic Server 7.0 security model. An empty WebLogic Server domain template is provided to support configuration of a domain for such usage. If your WebLogic Workshop applications include WebLogic Portal or WebLogic Integration components running in the same domain, you must use the WebLogic Server 6.1 security model. Because security is configured on a domain-basis, this is true even if the components are running in different server instances. For information about how to run an application on a WebLogic Server 7.0 server while using the 6.1 security model, see Compatibility Security in the WebLogic Server 7.0 documentation

Topics Included in This Section

Samples

The following sample web services illustrate WebLogic Workshop's security features:

HelloWorldSecureClient.jws Sample
VeriCheck.jws Sample