Developing Asynchronous Web Services 4-9

4.4.4 Securing the Request and Response Queues

It is recommended that you secure the JMS request and response queues with a user- or role-based security policy to secure access to these resources. The steps to secure the JMS request and response queues include:

1. Optionally, configure the JMS System User, as described in

Section 4.4.4.1, Configuring a JMS System User Optional . By default, the JMS System User that is authorized to access the JMS queues is set as OracleSystemUser. In most cases, the default user is sufficient.

2. Run the WLST script to secure the request and response queues, as described in

Section 4.4.4.2, Running the WLST Script to Secure the Request and Response Queues .

4.4.4.1 Configuring a JMS System User Optional

By default, the JMS System User that is authorized to access the JMS queues is set as OracleSystemUser. In most cases, this default value is sufficient. However, if you need to change this value to a custom user in your security realm, you can specify a custom system user using the systemUser attribute of the AsyncWebService annotation. For example: AsyncWebServicesystemUser = ABCIncSystemUser In order for this change to take effect, you need to regenerate the application EAR file using JDeveloper or the ojdeploy command line utility. For more information about that AsyncWebService annotation, see Section A.3, AsyncWebService Annotation . After your application has been deployed, you can change the JMS System User in Oracle Enterprise Manager Fusion Middleware Control and in the WebLogic Server Administration Console as described in Changing the JMS System User for Asynchronous Web Services in Security and Administrators Guide for Web Services.

4.4.4.2 Running the WLST Script to Secure the Request and Response Queues

An online WLST script is provided to assist you in securing the request and response queues. You pass the JMS system module name that you want to secure and the security role to be assigned, in addition to the Administration Server connection details URL, username, and password. The script is available at the following location: MW_HOMEoracle_commonwebservicesbinsecure_jms_system_resource.py The following provides an example of how you might execute this script: java -classpath some_pathweblogic.jar weblogic.WLST .secure_jms_system_ resource.py --username AdminUserName --password AdminPassword --url AdminServer_t3_url --jmsSystemResource JMSSystemResourceName --role SecurityRoleToUse Note: This section applies to ADF Web services only. It does not apply to SOA Web services. 4-10 Concepts Guide for Oracle Infrastructure Web Services

4.4.5 Confirming the Request and Response Queue Configuration