Integration Business Services Policy-Based Security
6-2
BEA Systems, Inc.
Integration Business Services Policy-Based Security
Integration Business Services provide a layer of abstraction between the back-end business
logic they invoke and the user or application running the business service. This enables
easy application integration but raises the issue of controlling the use and execution of
critical and sensitive business logic that is run as a business service.
Servlet Application Explorer controls the use of business services that use adapters with a
feature called policy-based security. This feature enables an administrator to apply policies
to Integration Business Services (iBS) to deny or permit their execution.
A
policy
is a set of privileges associated with the execution of a business service that can be
applied to an existing or new iBS. When you assign specific rights or privileges inside a
policy, you need not recreate privileges for every iBS that has security issues in common
with other Integration Business Services. Instead, you can use one policy for many
Integration Business Services.
The goal is to secure requests at both the transport and the SOAP request level that are
transmitted on the wire. Some policies do not deal with security issues directly but affect
the run-time behavior of the business services to which they are applied.
The Integration Business Services Engine (iBSE) administrator creates an instance of a policy
type, names it, associates individual users and/or groups (a collection of users), and then
applies the policy to one or more business services.
You can assign a policy to an iBS or to a method within an iBS. If a policy is applied only to a
method, other methods in that iBS are not governed by it. However, if a policy is applied to
the iBS, all methods are governed by it. At run time, the user ID and password that are sent
to iBSE in the SOAP request message are checked against the list of users for all policies
applied to the specific iBS. The Resource Execution policy type is supported and dictates
who can or cannot execute the iBS.
When a policy is not applied, the default value for an iBS is to "grant all." For example,
anyone can execute the iBS until the Resource Execution policy is associated to the iBS. At
that time, only users granted execution permission, or those who do not belong to a group
that was denied execution permissions, have access to the iBS.
Summary of Contents for WebLogic Server
Page 1: ...BEA WebLogic Adapter for SAP User s Guide DN3501342 0406 April 19 2006 ...
Page 8: ...viii BEA Systems Inc ...
Page 22: ...Component Information for the BEA WebLogic Adapter for SAP 1 10 BEA Systems Inc ...
Page 54: ...Creating an XML Schema 3 20 BEA Systems Inc ...
Page 163: ...Management and Monitoring BEA WebLogic Adapter for SAP User s Guide 7 45 ...
Page 164: ...7 46 BEA Systems Inc ...
Page 294: ...Using Staging BAPIs to Retrieve SAP BW Metadata D 14 BEA Systems Inc ...