Oracle® Application Server Web Services Security Guide 10g (10.1.3.5.0) Part Number E13983-01 |
|
|
View PDF |
This book describes the different security strategies that can be applied to a Web service in Oracle Application Server Web Services. The strategies that can be employed are username token, X.509 token, SAML token, XML encryption, and XML signature. The book describes the configuration options available for the client and the service, for inbound messages and outbound messages. It also describes how to configure these options for a number of different scenarios.
This book is intended for software developers and architects who want to add security to Web services. It is expected that the reader has some experience with Web technology, OracleAS Web Services, the J2EE environment, and Java and XML programming principles.
Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/
.
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
Deaf/Hard of Hearing Access to Oracle Support Services
To reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html
, and a list of phone numbers is available at http://www.fcc.gov/cgb/dro/trsphonebk.html
.
For more information on OC4J, Web services, and security, see the following manuals:
Oracle Application Server Web Services Developer's Guide
This book describes how to use the WebServicesAssembler tool to assemble Web services from a variety of resources: Java classes, EJBs, database resources, JMS destinations, and J2SE 5.0 Annotations. You can also assemble REST-style Web services. The Developers Guide also describes how to assemble J2SE and J2EE clients to access these services. This book includes descriptions of the message formats and datatypes supported by OracleAS Web Services.
Oracle Application Server Advanced Web Services Developer's Guide
This book describes topics beyond basic Web service assembly. For example, it describes how to diagnose common interoperability problems and how to use custom serialization of Java value types.
This book also describes how to employ the Web Service Invocation Framework (WSIF), the Web Service Provider API, message attachments, and management features (reliability, logging, and auditing). It also describes alternative Web service strategies, such as using JMS as a transport mechanism.
Oracle Application Server Web Services Java API Reference
The Reference provides the output of the Javadoc tool for the OracleAS Web Services Java API.
Oracle Containers for J2EE Security Guide
This book describes security features and implementations particular to OC4J. This includes information about using JAAS (the Java Authentication and Authorization Service) and other Java security technologies.
Oracle Containers for J2EE Services Guide
This book provides information about standards-based Java services supplied with OC4J, such as JTA, JNDI, JMS, JAAS, and the Oracle Application Server Java Object Cache.
Oracle Containers for J2EE Configuration and Administration Guide
This book discusses how to configure and administer applications for OC4J, including use of the Oracle Enterprise Manager 10g Application Server Control Console, use of standards-compliant MBeans provided with OC4J, and, where appropriate, direct use of OC4J-specific XML configuration files.
Oracle Containers for J2EE Deployment Guide
This book covers information and procedures for deploying an application to an OC4J environment. This includes discussion of the deployment plan editor that comes with Oracle Enterprise Manager 10g.
Oracle Containers for J2EE Developer's Guide
This discusses items of general interest to developers writing an application to run on OC4J—issues that are not specific to a particular container such as the servlet, EJB, or JSP container. (An example is class loading.)
Available from the Oracle Server Technologies group:
Oracle Database Advanced Security Administrator's Guide
From the Oracle Application Server core documentation group:
Oracle Application Server Security Guide
Oracle Application Server Administrator's Guide
Oracle Application Server Certificate Authority Administrator's Guide
Oracle Application Server Single Sign-On Administrator's Guide
Oracle Application Server Enterprise Deployment Guide
For Oracle Identity Management and Oracle Access Manager:
Oracle Identity Management Infrastructure Administrator's Guide
Oracle Identity Management Guide to Delegated Administration
Oracle Identity Management Application Developer's Guide
Oracle Access Manager Identity and Common Administration Guide
Oracle Access Manager Customization Guide
Oracle Access Manager Deployment Guide
Oracle Access Manager Developer Guide
Oracle Access Manager Integration Guide
Oracle Access Manager Installation Guide
Oracle Access Manager Introduction
Oracle Access Manager Schema Description
Oracle Access Manager Upgrade Guide
Oracle Web Services Manager is a comprehensive solution for managing service oriented architectures. It allows IT managements to centrally define policies that govern Web services operations such as access policy, logging policy, and content validation, and then wrap these policies around services, with no modification to existing Web services required.
Oracle Web Services Manager Quick Start Guide
Oracle Web Services Manager Installation Guide
Oracle Web Services Manager User and Administrator Guide
Oracle Web Services Manager Deployment Guide
Oracle Web Services Manager Extensibility Guide
The following text conventions are used in this document:
Convention | Meaning |
---|---|
boldface | Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary. |
italic | Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. |
monospace |
Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter. |