Databases Reference
In-Depth Information
This common pattern of authenticate and authorize reduces the number of valid
users at each step. Up to the point that we extract credentials from a request, all users
are authorized. The act of authentication restricts access to only authenticated users,
while applying specific authorization policies restricts the user base further to only
authorized users.
Creating a new policy to perform
authentication and authorization
The easiest way to manage policies is to have specific policies that combine the
various assertions into a single policy to be applied to multiple components. A policy
is a centralized definition of the security and other steps to be applied to a service.
As an example, we will create a policy that restricts access to users with a particular
role, and a separate policy performs basic authentication with the username and
password passed in a
Web Service Security
(
WSS
) header. The user credentials and
roles are stored in the identity store provided by the SOA infrastructure, which in
turn relies on the underlying WebLogic configured security. This policy could then
be applied to provide protection for multiple service policies. The beauty of policy
management is that if we need to change the policy, we can do it once and it will take
effect on all the endpoints that have had the policy applied to them.
