2-26 Securing WebLogic Web Services for Oracle WebLogic Server
if debug { e.printStackTrace;
} }
} }
2.7 Creating and Using a Custom Policy File
Although WebLogic Server includes a number of predefined Web services security policy files that typically satisfy the security needs of most programmers, you can also
create and use your own WS-SecurityPolicy file if you need additional configuration. See
Section 2.3, Using Policy Files for Message-Level Security Configuration for
general information about security policy files and how they are used for message-level security configuration.
When you create a custom policy file, you can separate out the three main security categories authentication, encryption, and signing into three separate policy files, as
do the predefined files, or create a single policy file that contains all three categories. You can also create a custom policy file that changes just one category such as
authentication and use the predefined files for the other categories Wssp1.2-2007-SignBody.xml, Wssp1.2-SignBody.xml and
Wssp1.2-2007-EncryptBody, Wssp1.2-EncryptBody. In other words, you can mix and match the number and content of the policy files that you associate with a
Web service. In this case, however, you must always ensure yourself that the multiple files do not contradict each other.
Your custom policy file needs to comply with the standard format and assertions defined in WS-SecurityPolicy 1.2. Note, however, that this release of WebLogic Server
does not completely implement WS-SecurityPolicy 1.2. For more information, see Section 2.18, Unsupported WS-SecurityPolicy 1.2 Assertions
. The root element of your WS-SecurityPolicy file must be Policy.
The following namespace declaration is recommended in this release: wsp:Policy
xmlns:wsp=http:schemas.xmlsoap.orgws200409policy xmlns:sp=http:docs.oasis-open.orgws-sxws-securitypolicy200702
. . . wsp:Policy
WLS also supports other namespaces for Security Policy. For example, the following two namespaces are also supported:
wsp:Policy xmlns:wsp=http:schemas.xmlsoap.orgws200409policy
xmlns:sp=http:docs.oasis-open.orgws-sxws-securitypolicy200512 . . .
wsp:Policy
Note: Use of element-level security always requires one or more
custom policy files to specify the particular element path and name to be secured.
Configuring Message-Level Security 2-27
or wsp:Policy
xmlns:wsp=http:www.w3.orgnsws-policy xmlns:sp=http:docs.oasis-open.orgws-sxws-securitypolicy200702
. . . wsp:Policy
You can also use the predefined WS-SecurityPolicy files as templates to create your own custom files. See
Section 2.16, Using WS-SecurityPolicy 1.2 Policy Files .
2.8 Configuring the WS-Trust Client