Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Frank Nimphius talks about disabling Forms builder security in 10g"] [Next entry: "Oracle VP database and server technology in Germany talks about Oracle patch schedules"]

Colin Maxwell talks about securing web services using JDev and WS-Security



I noticed this evening when surfing around that a new Oracle related web log has been started by Colin Maxwell (I found his blog on Brian Duff's excellent http://www.orablogs.com - (broken link) orablogs website). I am always on the lookout for new Oracle and security information and Colin has provided this in one of hist posts yesterday entitled http://www.orablogs.com/cmaxwell/archives/000629.html - (broken link) Securing Web Services using JDev and WS-Security.

This is an interesting post for me as I am not a JDeveloper expert so I am happy to learn. Colin discusses some new wizards that are available in JDeveloper 10.1.3. These include wizards to help users specify WS-Security, WS-Reliability and WS-Management. Colin takes us through a step-by-step guide showing how to spot the pitfalls that might occur when using JDevelopers wizards to secure a web service.

Colin starts with creating a simple web service which can be secured; he shows us how to use the example key store first and then fires up the WS-Security wizard and discusses each of the screens and choices in detail. Colin then goes on to show us how to deploy the secured web service to the oc4j server along with the key store. He does this with an EAR deployment file. He deploys the web service and goes on to create a web service client which uses the "create proxy wizard", finally he goes on to test the client after building it and confirms with a packet monitor that the transmission is signed and encrypted.

This is an excellent article, http://www.orablogs.com/cmaxwell/archives/000629.html - (broken link) again it is available here.