Securing Web Services
There are many ways to secure Web Services running on WebLogic Server. Because Web Services run as standard Web applications, they can be secured in the same way. These are the ways in which Web Services can be secured:
Assign a security policy or role to the Web Service from the Administration Console.
Secure the Web Service URL by modifying web.xml and weblogic.xml in the Web Service WAR file.
Secure the backend Stateless Session Bean by modifying ejb-jar.xml and weblogic-ejb-jar.xml.
Use the HTTPS protocol for the Web Service by modifying web-services.xml. You must also turn on SSL in WebLogic Server. For more information about using SSL with Web Services, please visit http://e-docs.bea.com/wls/docs81/webserv/security.html.