How do I secure webservices on Weblogic10 using Certificates?

I want to configure access control for securing webservices.Weblogic Docs mention abt the JWS File to be edited, where is this JWS File located?

Can we create the users and groups externally from the WL Admin console instead of editing the JWS FIle?

A JWS file is a "Java Web Service" file, with extension .jws.  It's an extension used by Weblogic Workshop.  If you're not coding in Weblogic Workshop you can't use their value added services to secure your web services.  You need to still do things by hand.  The URLs I provided in my previous post go through how to secure your web services step by step.  If you wish to secure web services based on user authentication (i.e. only authorized users may consume the service, you want to look at the last link in my post.

Are your users and groups located on an LDAP server?  You can hook Weblogic into an LDAP server and it will pull in all your users (as Weblogic "principals") and groups and you can secure web services against those groups.  You can also secure against users, but it's not recommended to do so for individuals.  Instead place them into a group.

I'm sorry about the general/vague answers, but your questions don't contain enough detail to provide specific answers. If you would provide more details, like what framework you're using to create web services, what you've got done so far, etc...