Oracle® Application Server Web Services Security Guide 10g Release 3 (10.1.3) B15979-01 |
|
![]() Previous |
![]() Next |
This book describes the different security strategies that can be applied to a Web service in Oracle Application Server Web Services. The strategies that can be employed are username token, X.509 token, SAML token, XML encryption, and XML signature. The book describes the configuration options available for the client and the service, for inbound messages and outbound messages. It also describes how to configure these options for a number of different scenarios.
This book is intended for software developers and architects who want to add security to Web services. It is expected that the reader has some experience with Web technology, OracleAS Web Services, the J2EE environment, and Java and XML programming principles.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
TTY Access to Oracle Support Services
Oracle provides dedicated Text Telephone (TTY) access to Oracle Support Services within the United States of America 24 hours a day, seven days a week. For TTY support, call 800.446.2398.
For more information on OC4J, Web services, and security, see the following manuals:
Oracle Application Server Web Services Developer's Guide
This book describes how to use the WebServicesAssembler tool to assemble Web services from a variety of resources: Java classes, EJBs, database resources, JMS destinations and J2SE 5.0 Annotations. You can also assemble REST-style Web services. The Developers Guide also describes how to assemble J2SE and J2EE clients to access these services. This book includes descriptions of the message formats and datatypes supported by OracleAS Web Services.
Oracle Application Server Advanced Web Services Developer's Guide
This book describes topics beyond basic Web service assembly. For example, it describes how to diagnose common interoperability problems, how to enable Web service management features (such as reliability, auditing, and logging), and how to use custom serialization of Java value types.
This book also describes how to employ the Web Service Invocation Framework (WSIF), the Web Service Provider API, message attachments, and management features (reliability, logging, and auditing). It also describes alternative Web service strategies, such as using JMS as a transport mechanism.
Oracle Containers for J2EE Security Guide
This book (not to be confused with the Oracle Application Server 10g Security Guide), describes security features and implementations particular to OC4J. This includes information about using JAAS, the Java Authentication and Authorization Service, and other Java security technologies.
Oracle Containers for J2EE Services Guide
This book provides information about standards-based Java services supplied with OC4J, such as JTA, JNDI, JMS, JAAS, and the Oracle Application Server Java Object Cache.
Oracle Containers for J2EE Configuration and Administration Guide
This book discusses how to configure and administer applications for OC4J, including use of the Oracle Enterprise Manager 10g Application Server Control Console, use of standards-compliant MBeans provided with OC4J, and, where appropriate, direct use of OC4J-specific XML configuration files.
Oracle Containers for J2EE Deployment Guide
This book covers information and procedures for deploying an application to an OC4J environment. This includes discussion of the deployment plan editor that comes with Oracle Enterprise Manager 10g.
Oracle Containers for J2EE Developer's Guide
This discusses items of general interest to developers writing an application to run on OC4J—issues that are not specific to a particular container such as the servlet, EJB, or JSP container. (An example is class loading.)
Available from the Oracle Server Technologies group:
Oracle Database Advanced Security Administrator's Guide
From the Oracle Application Server core documentation group:
Oracle Application Server Security Guide
Oracle Application Server Certificate Authority Administrator's Guide
Oracle Application Server Single Sign-On Administrator's Guide
For Oracle Identity Management and Oracle COREid:
Oracle Identity Management Administrator's Guide
Oracle Identity Management Guide to Delegated Administration
Oracle Identity Management Application Developer's Guide
Oracle COREid Access and Identity Administration Guide
Oracle COREid Access and Identity Customization Guide
Oracle COREid Access and Identity Deployment Guide
Oracle COREid Access and Identity Developer Guide
Oracle COREid Access and Identity Integration Guide
Oracle COREid Access and Identity Installation Guide
Oracle COREid Access and Identity Introduction
Oracle COREid Access and Identity Schema Description
Oracle COREid Access and Identity Upgrade Guide
For Oracle Web Services Manager:
Oracle Web Services Manager User and Administrator Guide
Oracle Web Services Manager Extensibility Guide
Oracle Web Services Manager Installation and Deployment Guide
Oracle Web Services Manager Upgrade Guide
The following text conventions are used in this document:
Convention | Meaning |
---|---|
boldface | Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary. |
italic | Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. |
monospace |
Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter. |