Checking users within spasfic group in weblogic server for web service application

Question

I built simple web service application with policy(Wssp1.2-2007-Https-UsernameToken-Plain.xml) in jdeveloper 11.1.1.7 and deploy it weblogic 10.3. Everything works fine both in the client and server side.

The client side can not invoke any method without specifying username/password properties. The server automatically checks the user values in users define within weblogic server in the following path (Summary of Security Realms>myrealm>Users and Groups).

By this the client can access the system if he enters any of the users in this group even with the default user weblogic/weblogic.

Question: How to restrict the username/password checking with in specific group of users?. i.e if the client mention username/password outside the group(even if the values are correct) the server will reject the request

Answer 1

If you're using the weblogic "default" authentication method for users, you can do the following to set up a policy for group access:

• Login to the weblogic admin console
• Click the deployments links
• Select your webservice
• Click the Security tab
• Click the Policies sub-tab
• Choose your authorization provider from the drop down (sounds like the default)
• Choose Add Conditions -> Group -> Type in the group name
• Finish

Now only the group you have added should be able to invoke the web service. All other users should see something like:

javax.xml.ws.soap.SOAPFaultException: Access denied to operation myWebService