Bookshelf Home | Contents | Index | PDF |
Web Services Reference for Oracle Billing Insight > Overview of Web Services > About Web Services SecurityOracle Billing Insight Web services uses Basic authentication. Custom token authentication is supported, but requires the configuration, as described in Configuring Token-Based Authentication. HTTP Basic authentication (BA) implementation is the simplest method for enforcing access controls to Web resources because cookies, session identifiers, and login pages are not required. Instead, HTTP Basic authentication uses standard fields in the HTTP header, eliminating the need for handshakes. It is preferable to use HTTPS over or with Basic authentication. With Basic authentication, transmitted credentials are encoded with Base64 in transit, and are not encrypted or hashed. With custom token authentication, the authentication API generates a unique token for each registered API user, and then the token for the user is included with each request to the service. A token is a secure random text string with a default length of 48. The following string is an example of a token: Dlc7lkpeVp9InmOUB82dJMg6LF7WQ6ZnujTHq8zP94uCWtjg When a token is created, it stays on the server temporarily and expires automatically after a certain period. The default value is 20 minutes, and it is preconfigured. The valid token must be passed in an HTTP header for each subsequent Web service request. If a request is made with an invalid token, then an exception with status code 401, which is a standard code for unauthorized access, is returned. User roles determine which functionality and data a user can access. For details about permissions assigned to each user role, see Implementation Guide for Oracle Billing Insight. Using Basic AuthenticationFor basic authentication, you send the authentication credentials to the server for each service request.
Configuring Token-Based AuthenticationOracle Billing Insight uses Basic authentication by default. If you want to use token-based authentication, you must modify the configuration in the spring-security.xml file. To configure Oracle Billing Insight to use token-based authentication
|
Web Services Reference for Oracle Billing Insight | Copyright © 2017, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |