Oracle SOA Suite Online Training

Interested in learning Oracle SOA Suite 12c?
Learn from the author of this blog!
A complete and comprehensive course on the #1 platform on SOA - Oracle SOA Suite

Click here to find the complete course details
Click here to check the first session on Oracle SOA Suite 12c

================================================================================================

Server Policy vs Clinet Policy

When you start working with security policies, during initial days, often you get confused with server policy vs client policy.

Every policy will have a client and a server version

Server Policy : This policy does the actual work.
For ex,
The OWSM policy oracle/wss_http_token_server_policy does the http basic authentication, i.e. checks the provided userid/pwd against the server's LDAP/IDAM/watever...

Client Policy :: Adds the security information
On the other hand, the client policy asserts/includes the required security information to the SOAP HTTP header before sending the request out
For ex, OWSM policy oracle/wss_http_token_client_policy adds the security header with userid/pwd or csf-key to the outgoing request

So, a service policy will be applied to the service provider, whereas the client policy will be applied to the service consumer/caller

Without a client policy to the service caller, the security information cannot be propagated to the service provider and thus the service policy on the service rejects the message. So, a service caller will have the client version of the policy on the actual service

No comments:

Post a comment