Web Service Security Management Locate
Overview Locate
Using the Administration Console, you can:
Control service endpoint authentication security mechanisms.
Specify who can invoke each service endpoint method.
Set service instance and service endpoint ACLs.
Web service Security is managed for each service instance or endpoint through the Web Services Management form. To load this form:
Click the Web Services tree node of the Administration Console. This returns the Runtime View..
Click on any service instance or endpoint in the Runtime Viewor click on the Web Service endpoint subnode of the Web Services tree node to load the service's Web Services Management form.
Managing Service Security Mechanisms Locate
Management of security mechanisms is accessed through the Service Endpoint>Security section of the Web Services Management form.
Click on the Set endpoint security button to set authorization and authentication. This loads the Authentication and Authorization form.
To require authorization for a service, check the Authorization Required button in the Authentication and Authorization form and then Save Changes. Authorization is now required for the service using the default authentication mechanism.
To change the authentication mechanism:
Click on the Custom Security Providers button.
On the expanded Authentication and Authorization form, choose a provider from the table of Accepting Security Providers.
From the menu of Initiating Security Providers, choose a provider.
When you have made your choices, press Save Changes.
To return to the default authorization mechanism, press the Use Default Security Providers button.
Managing Service Authorizations (ACLs) Locate
You can set the ACL for a service instance or endpoint, determining who can manage, monitor and set authentication for it. You can also set the ACL for each method of a service endpoint.
Setting Service Endpoint or Service Instance ACL Locate
This function is accessed through the Web Services Management form for the particular instance or endpoint (see the Overview for how to load this form).
To set the service endpoint ACL, click on the Set endpoint ACL button in the Service Endpoint>Security section (as shown in Figure 30).
To set the service instance ACL, click on the Set service instance ACL button in the Service Instance section, at the top of the form as shown in Figure 31.
Both the Set endpoint ACL and the Set service instance ACL buttons load the Permissions Management form, where details are provided for either endpoint or instance permissions, respectively.
The upper section of the Permissions Management form describes the function of each permission. Read this carefully. The center section gives context information including:
The service endpoint path.
Whether endpoint permissions are being managed.
The service instance name, context and target namespace.
The lower section of the form is a list of permission links. Click on a permission to reassign it. If a permission has more than one associated action, you can reassign individual actions rather than assigning all the actions as a group (see Figure 32).
Click on either a permission or one of its actions to load the Permission Assignment form. It includes a table of user permissions and a table of role permissions. Click on either revoke or grant in a permission's row in a table to change the state of that role accordingly.
Setting the ACL of a Method on a Service Endpoint Locate
This function is accessed through the Web Services Management form for the particular instance or endpoint. Please see the Overview for how to load this form.
To set the ACL of a method on a service endpoint:
Click on the Set endpoint method ACL button in the Service Endpoint>Security section. This loads the Set Endpoint Method ACL form. This form includes a table of all methods, or operations, on the endpoint.
Click Set ACL for a method to load the Permission Assignment form for that method. This form includes a table of user permissions and a table of role permissions.
Click on either revoke or grant in a permission's row in a table to change the state of that role accordingly.