Oracle SOA Suite Online Training

Interested in learning Oracle SOA Suite 12c?
Learn from the author of this blog!
A complete and comprehensive course on the #1 platform on SOA - Oracle SOA Suite

Click here to find the complete course details
Click here to check the first session on Oracle SOA Suite 12c


Server Policy vs Clinet Policy

When you start working with security policies, during initial days, often you get confused with server policy vs client policy.

Every policy will have a client and a server version

Server Policy : This policy does the actual work.
For ex,
The OWSM policy oracle/wss_http_token_server_policy does the http basic authentication, i.e. checks the provided userid/pwd against the server's LDAP/IDAM/watever...

Client Policy :: Adds the security information
On the other hand, the client policy asserts/includes the required security information to the SOAP HTTP header before sending the request out
For ex, OWSM policy oracle/wss_http_token_client_policy adds the security header with userid/pwd or csf-key to the outgoing request

So, a service policy will be applied to the service provider, whereas the client policy will be applied to the service consumer/caller

Without a client policy to the service caller, the security information cannot be propagated to the service provider and thus the service policy on the service rejects the message. So, a service caller will have the client version of the policy on the actual service

No comments:

Post a Comment