Thursday, May 21, 2009
Oracle Securing Web services
A web service can be secured at the transport level (eg https) or at the message level (WS-Security).
Setting https on Oc4j standalone
https:
http://technology.amis.nl/blog/268/quick-and-easy-ssl-in-oc4j-standalone
http://tugdualgrall.blogspot.com/2006/10/using-https-with-web-services.html
http://www.coderanch.com/t/224567/Web-Services/java/Connecting-HTTPS-webservice-through-oracle
Note that when setting default-web-site.xml and secure-web-site.xml make also sure to include shared="true" to the applications or web services that need to support https.
Finally when generating the keystore file and answering to the question what is your first and last name, put there the domain of the application server.
WS-Security:
http://www.oracle.com/technology/oramag/oracle/05-jan/o15web.html
http://www.oracle.com/technology/oramag/oracle/05-mar/o25web.html
Also when oc4j supports http and https and you want to be able to switch from http to https without restarting a session you will follow these instruction to update to orion-web.xml of the application:
Set the cookie domain if shared="true" and the default ports are not used. When the client interacts with a Web server over separate ports, the cookie believes that each separate port denotes a separate Web site. If you use the default ports of 80 for HTTP and 443 for HTTPS, the client recognizes these as two different ports of the same Web site and creates only a single cookie. However, if you use nondefault ports, the client does not recognize these ports as part of the same Web site and will create separate cookies for each port, unless you specify the cookie domain.
Cookie domains track the client's communication across multiple servers within a DNS domain. If you use nondefault ports for a shared environment with HTTP and HTTPS, set cookie-domain in the element in the orion-web.xml file for the application. The cookie-domain attribute contains the DNS domain with at least two components of the domain name provided:
Setting https on Oc4j standalone
https:
http://technology.amis.nl/blog/268/quick-and-easy-ssl-in-oc4j-standalone
http://tugdualgrall.blogspot.com/2006/10/using-https-with-web-services.html
http://www.coderanch.com/t/224567/Web-Services/java/Connecting-HTTPS-webservice-through-oracle
Note that when setting default-web-site.xml and secure-web-site.xml make also sure to include shared="true" to the applications or web services that need to support https.
Finally when generating the keystore file and answering to the question what is your first and last name, put there the domain of the application server.
WS-Security:
http://www.oracle.com/technology/oramag/oracle/05-jan/o15web.html
http://www.oracle.com/technology/oramag/oracle/05-mar/o25web.html
Also when oc4j supports http and https and you want to be able to switch from http to https without restarting a session you will follow these instruction to update to orion-web.xml of the application:
Set the cookie domain if shared="true" and the default ports are not used. When the client interacts with a Web server over separate ports, the cookie believes that each separate port denotes a separate Web site. If you use the default ports of 80 for HTTP and 443 for HTTPS, the client recognizes these as two different ports of the same Web site and creates only a single cookie. However, if you use nondefault ports, the client does not recognize these ports as part of the same Web site and will create separate cookies for each port, unless you specify the cookie domain.
Cookie domains track the client's communication across multiple servers within a DNS domain. If you use nondefault ports for a shared environment with HTTP and HTTPS, set cookie-domain in the
The top down web service approach with Jdeveloper
Create xml schema and WSDL file and then generate the java classes from it.
http://www.oracle.com/technology/obe/obe1013jdev/10131/10131_wstopdown/wstopdown.htm
http://www.oracle.com/technology/obe/obe1013jdev/10131/10131_wstopdown/wstopdown.htm
Subscribe to:
Posts (Atom)
