Secure Web Service client

Similar Questions

• Access a secure web service of ADF Mobile Application

  Hello

  We try to create an ADF Mobile application that uses a secure web service located in Oracle EBS (with SOA Suite).

  We use JDeveloper 11 g 11.1.2.4.0

  Initially, create usd a Control(SOAP/REST) Gallery Web Service data and provided the WSDL document. We tried to run on a simulator, but not did not do anything. We have also found a way to provide the user name and password. So we left it there.

  Then we tried to create a Java desktop app to check if it was a problem with our server. In the desktop application, we created a "Web Service Client and Proxy" new gallery followed the steps and used oracle/wss_username_token_client_policy, added the code below to put the username and password and was able to call the service and retrieve data.

  (reqContext.put (BindingProvider.USERNAME_PROPERTY, "DBAKER");

  reqContext.put (BindingProvider.PASSWORD_PROPERTY, "xxxxx");

  So we thought to return to the application the ADF Mobile and creating a "Web Service Client and Proxy" it, but when we built this project, we had the ' annotations are not supported in - source 1.4 "&" generics are not supported in - source 1.4 "errors and found that ADF Mobile does not support beyond Java 1.4" "» (Is that right?)

  We then found the video "to access the secure Services of ADF Mobile Web" by Shay (https://www.youtube.com/watch?v=rk5om3o3Pas) and saw that he was using a login server.

  We wanted to confirm if you use a login server is the right path to access a secure web service of an Oracle ADF Mobile application?

  Are there other ways to do it?

  If we need to create a login server, can provide you links that will put us on the right track in establishing a connection server that can connect to the EBS?

  Thank you.

  The URL must point to a protected page that prompts the user for basic authentication.

  See an example here:

  https://blogs.Oracle.com/Shay/entry/accessing_secure_web_services_from

  As well as the blogs linked at the bottom of this entry.

• ADF Mobile | using secure web services

  
  Hi all

  I'm pretty new to ADF Mobile, I use JDev 11.1.2.4.

  In my Mobile application I want to use the secure web service.

  Here's what I do:

  1. creation of a data control based on the WSDL binding.

  2. get the web service methods in the data control.

  3. during the race, I'm getting that error "oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client from server SOAP fault: Missing < wsse: Security > in the SOAP header.

  When trying to run the WSDL binding in SOAP UI, I need set request username and passwordproperties, then only I will be able to invoke this web service.

  Here, my question is where can I set these properties for the data control to the web service ?

  Please suggest.

  Thank you

  Vieu

  Hi Shay,

  Thank you very much for the reply, I'm able to resolve the problem with the approach mentioned user guide.

  I forgot to set it up for the first time: ADF Mobile allows you to specify a custom provider class in your DataControls.dcx file. This custom class extends oracle.adfinternal.model.adapter.webservice.provider.soap.SOAPProvider . You can use it to specify an implementation of the SoapHeader[] getAdditionalSoapHeaders() method

  Example 9-1 shows how to extend the SOAPProvider and create a custom header has shown in example 9-2

  package provider.ebs.soap;

  Import oracle.adfinternal.model.adapter.webservice.provider.soap.SOAPProvider;

  Import oracle.adfinternal.model.adapter.webservice.provider.soap.SoapHeader;

  SerializableAttribute public class EBSSOAPProvider extends SOAPProvider {}

  SoapHeader public getAdditionalSoapHeaders() {}]

  SoapHeader header [] = SoapHeader News [2];

  SoapHeader token = null;

  SoapHeader user = null;

  SoapHeader pass = null;

  header [0] = new SoapHeader ("http://xmlns.oracle.com/apps/fnd/soaprovider/plsql/fnd_user_pkg/",

  "SOAHeader");

  header [0] .addChild (new SoapHeader)

  "http://xmlns.oracle.com/apps/fnd/soaprovider/plsql/fnd_user_pkg/,"

  "Responsibility."

  'SYSTEM_ADMINISTRATOR'));

  header [0] .addChild (new SoapHeader)

  "http://xmlns.oracle.com/apps/fnd/soaprovider/plsql/fnd_user_pkg/,"

  "RespApplication,"

  'SYSADMIN'));

  header [0] .addChild (new SoapHeader)

  "http://xmlns.oracle.com/apps/fnd/soaprovider/plsql/fnd_user_pkg/,"

  "SecurityGroup."

  'STANDARD'));

  header [0] .addChild (new SoapHeader)

  "http://xmlns.oracle.com/apps/fnd/soaprovider/plsql/fnd_user_pkg/,"

  "NLSLanguage,"

  'AMERICAN'));

  header [0] .addChild (new SoapHeader)

  "http://xmlns.oracle.com/apps/fnd/soaprovider/plsql/fnd_user_pkg/,"

  "Org_Id."

  "0"));

  header [1] = (new) SoapHeader

  "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd,"

  'Security');

  Token = new (SoapHeader

  "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd,"

  "UsernameToken");

  User = new (SoapHeader

  "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd,"

  "Username."

  "sysadmin");

  pass = new (SoapHeader

  "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd,"

  "Password."

  "sysadmin");

  Header [1]. AddChild (Token);

  token.addChild (user);

  token.addChild (pass);

  Returns the header;

  }

  }

  Kind regards

  Vieira

• BPM 11 g: call a secure web service

  Hi all

  I need to invoke a web service secured a BPM process. I do the following

  1. to add a reference, I added the customer strategy security "oracle/wss_username_token_client_policy' using option set up political WS on the reference. I also added oracle/log_policy to see SOAP requests being generated.

  2. I added the below properties in the composite.xml slot of the reference binding.ws

  < name = "oracle.webservices.auth.username property" type = "xs: String" "

  much = 'false' override = "may" > SomeUserName < / property >

  < name = "oracle.webservices.auth.password property" type = "xs: String" "

  Override = 'may' many 'false' = > SomePassword < / property >

  But I get an exception during the invocation

  MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd} Security] are not included

  Also the SOAP request sent to the service of reference I think newspapers don't have the password or a usernametoken anywhere. What else must be configured or set to invoke the secure web service.

  Thank you

  Siva Renon

  Hi all

  I got it working to create a new key - basic.credentials - in oracle.wsm.security map the credentials of the domain. You can check this link for the steps.

  Thank you

  Siva Renon

• JDeveloper Web Service Client/Proxy basic authentication

  Hi, I recently migrated a 10g Web Service to a Web Service that uses authentication of database 11g.
  
  Then I generated the proxy/client by using the WSDL for my consumer application in JDeveloper 11 g. However, I can't find all the functions that will allow me to set the user name and password to access the web service.
  
  For example, in 10g Client, I had simply to this:
  
  myPort = new SoapHttpPortClient();
  myPort.setUsername ("username");
  myPort.setPassword ("password");
  
  I don't know how to do the same thing in the Web Service client generated in 11g.
  
  Thanks in advance.

  Hello

  See the beginning of this blog entry: http://biemond.blogspot.de/2009/04/jax-ws-web-service-proxy-client-and.html

  Frank

  BTW. : I used Google

• Problem with creating Web Service Client using Oracle JDeveloper

  Hi all
  
  I am trying to create a Web Service Client using Oracle JDeveloper. The property of the compiler of the project I updated JRE 1.4
  
  When I run the web service client, he gives me a lot of errors saying:
  ' Error (32.2): annotations are not supported in - source 1.4'
  
  I wonder why JDeveloper uses annotations even after that I set the compiler property to 1.4
  
  I'm following this link to create the Web service client:
  http://www.Oracle.com/technetwork/developer-tools/forms/WebServices-forms-11g-094111.html
  
  Any help in this regard would be greatly appreciated.
  
  Thank you
  Scott.

  Scott, when you run the proxy Web service in JDeveloper, you will see a bunch of jars listed in the classpath in the Journal JDeveloper window.
  All of these classes must be in the classpath of your server when the class is deployed there.
  Note that by default, I don't think they are going to be included in the JAR that you build for the proxy when you deploy.

• Secure Web Service call

  Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - production
  PL/SQL Release 10.2.0.2.0 - Production
  
  Hello
  Is it possible to contact a secure Web service (ws-security) with pl/sql code?
  I can communicate with a https without problem, but I don't see how I can do for the ws-security header.
  
  Thanks in advance.

  Unfortunately, WS-Security is not supported with the Oracle DBWS utility legend, right now. However, we have a very high improvement gravity request filed for this internallt - so it's probably in one of the upcoming releases soon.

  In the meantime, you may want to consider going back to using UTL_HTTP for it where you can create your own custom SOAP (WS-Security headers in this case) headers-, but keep in mind that UTL_HTTP can be used with types only very basic of Web Services with simple data types, methods, etc. Another and a better solution would be to have a 'bridge' Web Service (via the SSL protocol, perhaps) who speaks to your main Web Service using WS-Security. This WS bridge can then be invoked by your database using the utility DBWS legend.

  HTH,
  Yogesh

• Integration with the secure web service IS deployed on EBS

  Hello experts,

  I have a REST webservice deployed to an Instance of the EBS. I try to call the web service using a mobile application in the ADF. However, the web service is secure and requires security settings to be sent in the request header.

  Anyone can recall or explain how I can add a custom header to the object of the application for the REST web service? Any help will be appreciated.

  Thank you

  Abhishek

  Hi Abhishek,

  You can do the following:

  String theUsername = "abc";

  String thePassword = "pass";

  String userPassword = theUsername + ': ' + thePassword.

  String encoding = new sun.misc.BASE64Encoder () .encode (userPassword.getBytes ());

  restServiceAdapter.addRequestProperty ("Authorization", "Basic" + coding);

  If you use Webservice DataControl, then automatically the connection information in the login form is injected into the webservice framework.

  Kind regards

  Deepak

• The unauthorized JAX - RPC web service client?

  I try to call a 3rd web service part using a WSDL I can't control.  I was unable to send requests by using a style JAX - WS client and errors have led me to believe that this was due to the WSDL using the RPC/Document model.  Checks showed there is, in fact, the primitive methods of return base schema.  My understanding is that I have to use a JAX - RPC client in this case.

  JDev generated successfully objects, but I got whitelist errors that I have deployed in the cloud.  Basically, any class that referred to java.rmi failed (as documented) - and that's almost all main objects for the customer.

  Is there a way around this problem?

  • Is there another method to generate JAX - RPC clients?
  • The cloud is possible to accept the java.rmi. * classes?
  • Is there a way to force the web services JAX - WS upset WSDL RPC/Document?

  Thank you

  Alex

  I do not think that RPC is supported, see unsupported features and API which States:

  Feature not supported	Alternative
  Web services based on JAX - RPC.	Convert in JAX - WS web services.
  Remote invocations with a transport protocol other than HTTPS (including the HTTP text).	Does not apply.

  --

  Jani Rautiainen

  Relationship with the developers of Applications in fusion

  https://blogs.Oracle.com/fadevrel/

• The secure web service call error.

  Hello
  
  I try to access a web service secured through a simple BPEL process in SOA Suite 11 g. When I test it through the company Manager, I get the following error. Since this is a guarantee websecure I put the policy(oracle/wss_username_token_client_policy) WS in the external reference and also provided identifying information. If someone had a similar error or know the solution please let me know. Also, I'm not sure if its related to security, or is - the way I am calling the service.
  
  Error message:
  Error ID reference: 80014
  Lack of time may 22, 2011 12:54:45
  Anomaly of the non-recoverable system:
  javax.xml.ws.soap.SOAPFaultException: 99999: unknown Service
  
  Error message: {http://schemas.oracle.com/bpel/extension} remoteFault
  Error default/Mocking!1.0*soa_be35cb3e-5f05-49df-a696-a653d5703681/BPELProcess1/30017-BpInv0-BpSeq0.3-3 ID
  Lack of time may 22, 2011 12:54:46
  
  Anomaly of the non-recoverable system:
  < bpelFault > < faultType > 0 < / faultType > < remoteFault xmlns = "http://schemas.oracle.com/bpel/extension" > < a name = "summary" part > < summary > 99999: unknown Service < / summary > < / part > < part name = "detail" > < details > & lt; con xmlns:Con: fault = "http://www.bea.com/wli/sb/context" > & lt; Con: errorCode > 99999 & lt; / con: error code > & lt; Con: reason > unknown Service & lt; / con: reason > & lt; Con: location > & lt; Con: node > PipelinePairNode1 & lt; / con: node > & lt; Con: pipeline > PipelinePairNode1_request & lt; / con: pipeline > & lt; Con: Stadium > stage1 & lt; / con: Stadium > & lt; / con: location > & lt; / con: fault > < / detail > < / part > < part name = "code" > < SOAP: server code > < / code > < / piece > < / remoteFault > < / bpelFault >

  This occurs if you have several (different webservices) WSDL imported into your project and they share common artifacts(XSD's). In this case, what you do, it's just that you separated from xsd to wsdl and deleted conflicts. This approach is suggested when you do not have control on WSDL that may be provided by different team and they all share common XSD.

  Thank you
  Smail
  http://soadiscovery.blogspot.com

• Errors of auditor of host name in the web service client

  We have a Web service consumer who runs in WebLogic, and we receive a host name error check whenever the consumer trying to communicate with the external Web service. The error occurs because the subject of the certificate is for a host name that is different from the URL that uses the consumer.
  
  A possible solution is to write a custom hostname Verifier, but we would prefer not to do so. Can mitigate this error if we import the external Web service certificate is added to the WebLogic truststore?
  
  Thank you

  NO, it can't be mitigated...

  Import the certificate into the trust store means that you trust the certificate, but if the CN of the certificate does not match the hostname... we must disable hostname checking / write a custom host name auditor...

• How to create the Webservice data control with a secure Web service?

  I am creating a data control with a Web service that requires authentication (SSO)
  There are two ports for my server OC4J 7777 (requires authentication) and 7779 (authentication is not required).
  (The service Web application is deployed in OC4J)
  
  I am able to create a data control with port 7779 not, but I'm not able to create with the port 7777. In my app, I'll go "user email" the SSO. I require it a data control with authentication. How to pass the user name and password when creating the data control? I'm not able to go "Point endpoint authentication" stage also. I get the error message "the WSDL document is not found" when I type the URL in the first step.
  
  I created the data control with port 7779 and after I modified the 'DataControls.dcx' file with port 7777. (IE "wsdl ="http://ipaddress:7777/../..?WSDL"), but I do not get the appropriate data.
  
  I work with JDeveloper 11.1.1.0.0g
  
  Please help me,
  
  Thanks in advance
  Vinod

  There was a few bugs in this area, who are already fixed in our current code line, then they should do it in the next version.

• Deploy the Web service client application

  I built a webservice client in FB3. It works very well in FB3. I can also run by referring to the SWF directly in the file
  Directory - bin-debug (not in the FB3) and it works very well also.
  
  Now, I copied the directory bin-debug outside the workspace of FB3 and evokes the swf file. "This time I got errors when accessing the webservice server:"Error of security to access the url"faultCode ="Channel.Security.Error"faultDetail =" Destination: DefaultHTTP '...
  
  Why I run the swf file when it is in the FB3 workspace and can't when it is out of the workspace?
  
  Also, I did the Release version and run the swf file in the bin-release directory. He gave me the same error messages when I ran in FB3.
  
  Am I missing some configurations?
  

  FlexBuilder installed in a trusted location. It can access anything whatsoever. That's nice for development, but cause a lot of grief the first time you deploy an application.

  This crossdomain isn't enough for FP9, especailly with WebService. There are several other parameters need to be defined. Here's what I have:
  
  http://www.Macromedia.com/XML/DTDs/cross-domain-policy.DTD">
  
  
  
  
  
  

  Tracy

• Web services security

  Hello
  
  How can I secure web services native Oracle (PL/SQL)? How can I make sure that calls (from PHP, ASP.NET, etc.) to these PL/SQL web services are authenticated and authorized? What other software do I need to implement security?
  
  Thank you.
  
  Andy

  andychow wrote:

  I've been using Oracle APEX since its initial release (1.6 HTMLDB?).

  Has been called Marvel project. :-)

  However, web services is really a new object me - until now, I need to learn more about this topic.

  A web service is not that much different. He gets a HTTP request and responds to it. The difference from a technical point of view is the payload. A SOAP payload is received and a load XML is the answer.

  I think that, especially with Java developers, which is described by using several acronyms and definitions more and more moving parts. But it's especially stuffed animals. This is the client-server tcp using the HTTP application protocol to send and receive payloads.

  This means that all of the basic concepts and standards and security issues with HTTP client-server, remain valid.

  What I'm not clear, is that, with respect to web services Oracle XML DB, do I really need to set a port in the server that is running the database for the XDB HTTP listener

  For the web service procedure or method to receive the call and answering the call, a layer of HTTP communication is necessary. This can be Apache, IIS, Tomcat or servlet HTTP in XDB.

  I feel very uncomfortable allow access to resources of database directly through a browser without worrying it's http or https.

  I don't see that as the real problem. If the customer uses OIC via tcp or HTTP over tcp to communicate with the database, basic security issues and principles remain the same.

  What offer the XDB is the elimination of a layer external s/w (like Apache) to deal with the aspect of communication tcp and HTTP interface. This can be useful sometimes (deletes an external point of failure and external complexity). Maybe it's not ideal at other times. As usual, it depends on the security requirements and the physical communications infrastructure.

  We can expose web services Oracle XML DB with Oracle HTTP instead of use the XDB HTTP listener in an Oracle database?

  Yes. The caller specifies what exactly? A URL that refers to a procedure from PL/SQL web active. So if that is served by Apache mod_plsql or via a servlette XDB is neither here or there - both are interface HTTP communication layers. Their main goal is to provide the interface between the client and the web service.

  I find the documentation on web services to confusion at times because it is too abstract and does not address the fundamental workings of its operation. And Oracle API web service in the data base is (AFAIK), on ito Java classes complex configuration and use of the PL/SQL wrappers and cryptic in error responses.

  So when it comes to web services, I generally prefer to roll my own using PL/SQL only.

• Access to an external client Web service proxy

  How access a Web service proxy? It is identical to a client accesses a web service?

  I don't know exactly what you mean by "Web proxy service", but I think that the answer is 'yes', a piece of code running on a server application can access a webservice in acting as a Web service client (get a draft for the service and that invokes it).

  (If this isn't answering your question, you can ask in the forum of webservice weblogic)