This chapter discusses various aspects of security in and round the SOA Suite. First we discuss access of human actors – administrators – to the SOA Suite run time tooling and the contents of service messages handled by service components. Next we look at accessibility of the services themselves: how to prevent unwarranted use of the services exposed from the SOA Suite?
Service security also stretches to the content of the messages sent to and from the services: we need to protect the confidentiality of certain messages (prevent unauthorized parties from reading them) as well as their integrity (make sure these messages cannot be tampered with). After discussing various inbound challenges we also discuss how we can invoke services from Service Bus and SOA composite applications, that are themselves protected by security measures. Finally we address auditing activities in and around the SOA Suite.
Sections in this chapter:
- Human Access to Run Time SOA Suite Tooling
- Authentication and Authorization of Services
- Confidentiality and Integrity of Message Content
- Invoke Protected Services from SOA Suite
Sources for this chapter can be found on Github: Chapter 24 sources.
Supporting On Line Documents
Lucas Jellema on the AMIS Technology Blog: Oracle SOA Suite 12c – Create, Deploy, Attach and Configure a Custom OWSM Policy – to report on service execution
Documentation on Web Services Manager – OWSM