10 Securing the System

This chapter explains how to secure deployed services with Oracle Web Services Manager. Using the Credit Validation Service of the SOA Order Booking Application as an example, it describes the facilities provided by Oracle Web Services Manager to protect web services and process flows in a service-oriented environment, without having to modify either client applications or web services.

Note: This chapter contains specific examples of securing web services with Oracle Web Services Manager. For comprehensive details about product features and capabilities, see the Oracle Web Services Manager Administrator's Guide.

Note: Enterprise level applications (for example, a J2EE application that uses Oracle ADF) may require application-level security. For example, a typical J2EE application may have a login page, and certain areas of the application should be restricted based on a user's role within an organization. This chapter focuses only on securing services within an SOA system. For more information about using application-level security, refer to the Oracle Containers for J2EE Security Guide. For more information about using security in an Oracle ADF application, refer to Oracle Application Development Framework Developer's Guide.

This chapter includes the following sections:

• Section 10.1, "Introduction to Oracle Web Services Manager"

• Section 10.2, "Securing Web Services Using Oracle Web Services Manager"

• Section 10.3, "Authenticating Users with an Oracle Web Services Manager Server Agent"

• Section 10.4, "Encryption with an Oracle Web Services Manager Gateway"