Databases Reference
In-Depth Information
We need to edit the policy to reflect our changes. We begin by altering the name,
setting it to a directory other than Oracle, and altering the security permission from
permitAll
to
permitWesternRegion
to make it clear what this policy does. Having
changed the name, we will also want to alter the description to reflect what the
policy will now be doing. We will then change the policy authorization restriction by
choosing the
J2EE services Authorization
assertion and changing its
Authorization
Setting
from
Permit All
to
Selected Roles
.
We want to restrict the authorized users to those who are part of the
Western
Region
. This is using the SOA sample's user base that has been loaded into the
WebLogic server. We do this by clicking the
Add
button and selecting and moving
the
Western Region
role to the Roles Selected to
Add
List. After clicking
OK
, we
can then check that our role now appears in the list of authorized roles for the
J2EE
services Authorization
assertion.
This assertion means that only roles in the
Roles
list will be allowed access to the
service the policy is applied to.