Download - Web Service Secure
-
8/14/2019 Web Service Secure
1/67
utorial: Security for Web Services
Tutorial: Security for Web Services
his tutorial describes how to make Web Services secure using the Public Key
frastructure (PKI), Secure Sockets Layer (SSL), and other features provided by
racle9iApplication Server (Oracle9iAS).
ontents
1. Concepts
2. Design
3. Required Software
4. Setup
5. Implementation
6. Resources
7. Feedback
le:///D|/otnDocs/sample_code/tutorials/wspki/toc.htm [01/29/2003 12:12:41 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
2/67
Concepts
Concepts
ffective Internet security requires secure information exchange mechanisms that arecalable and that support the security of distributed systems. Public Key Infrastructure
PKI) meets these requirements with minimal inconvenience.
racle9iApplication Server (Oracle9iAS) can use elements of PKI to provide a secure
silient environment for deploying electronic commerce. This reliable environment
upports building systems to handle virtually any type of electronic interaction, from
orporate intranets to e-business applications designed for deployment on the Interne
trong system security starts with the physical security of systems and the
ustworthiness of personnel. With these in place, PKI enhances secure electronic
ommerce and Internet communications by supporting the following processes:
q Authentication. Verifying the identity of users and machines becomes crucial
when an organization opens its doors to the Internet. Strong authentication
mechanisms, of which PKI is one, verify identities without allowing transmission
storage of reusable passwords. They ensure that persons and machines are theentities they claim to be. This is typically done by a trusted third-party
authentication or certification service using conventional cryptography. Proper u
of PKI makes impersonation virtually impossible and supports mechanisms
enabling systems and applications to trust each other's connections and
transmissions.
q Encryption. Encryption and integrity algorithms are used to secure
communications and ensure the privacy of data sent from one computer to
another. They ensure that data remains confidential, that it cannot be modified,
that lost packets can be detected.
q Non-repudiation. Non-repudiation means that senders of digitally signed
transactions or email cannot claim they did not do so. Digital signatures using P
can provide reliable proof that the person signing the electronic transmission re
is that person, since no one else can create their unique digital signature. This f
also prevents impersonation, because the impostor cannot create that person's
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (1 of 3) [01/29/2003 12:12:43 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
3/67
Concepts
digital signature. A PKI digital signature proves that a specific user performed
certain operations.
or public-key cryptography, entities that want to communicate in a secure manner m
ossess certain security credentials. This collection of security credentials is stored in
allet. Security credentials consist of:
q Public and private keys. This form of cryptography uses a secret private key a
a mathematically-related public key. Only the public key can be used to encrypt
information, and only the corresponding private key can be used to decrypt that
information. Only the owner of the key pair knows the private key; the public ke
can be distributed widely and remains associated with its owner. A message
encrypted with the public key can only be decrypted by the owner who knows th
associated private key. Such keys are also used in digital signatures to prevent
Internet impersonation and repudiation of valid messages. In the process ofseeting up this sample application, you will obtain and install certificates for the
client and server.
q Digital certificates. Certificates are digital identities, issued by trusted third
parties, that identify users and machines. Certificates are issued when that third
party receives trusted information proving to its satisfaction the validity of those
identities. The certificates can then be securely stored in wallets or in directorie
and used to prove the claimed identity to anyone on the Internet who trusts that
third party.q Certificate Authority (CA). A CA is a third party that acts as a trusted,
independent provider of digital certificates.
se of a cryptographic key pair to set up a secure, encrypted channel ensures the
ivacy of a message and can validate the authenticity of the sender of the message.
Wide distribution of the public key on a server, or in a central directory, does not
opardize security because the private key is never shared. The public key for an ent
published by a certificate authority in a user certificate. Entities that want to send
ecure information can encrypt the information with the recipient entity's public key. A
ntity that receives a communication encrypted by this method can use its own private
ey to decrypt the message. (In some cases, the sender might need to reassure the
cipient regarding who sent the message. Encrypting the coded message again usin
s own public key would do the trick. The recipient could decrypt the doubly-encoded
essage using his private key, and then decrypt the resulting coded message using t
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (2 of 3) [01/29/2003 12:12:43 PM]
-
8/14/2019 Web Service Secure
4/67
Concepts
ender's public key. If the original message was not encoded using both public keys,
sult of decrypting will be unreadable.)
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (3 of 3) [01/29/2003 12:12:43 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
5/67
utorial: Security for Web Services
Tutorial: Security for Web Services
his tutorial describes how to make Web Services secure using the Public Key
frastructure (PKI), Secure Sockets Layer (SSL), and other features provided by
racle9iApplication Server (Oracle9iAS).
ontents
1. Concepts
2. Design
3. Required Software
4. Setup
5. Implementation
6. Resources
7. Feedback
le:///D|/otnDocs/sample_code/tutorials/wspki/toc.htm [01/29/2003 12:06:36 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
6/67
Concepts
Concepts
ffective Internet security requires secure information exchange mechanisms that arecalable and that support the security of distributed systems. Public Key Infrastructure
PKI) meets these requirements with minimal inconvenience.
racle9iApplication Server (Oracle9iAS) can use elements of PKI to provide a secure
silient environment for deploying electronic commerce. This reliable environment
upports building systems to handle virtually any type of electronic interaction, from
orporate intranets to e-business applications designed for deployment on the Interne
trong system security starts with the physical security of systems and the
ustworthiness of personnel. With these in place, PKI enhances secure electronic
ommerce and Internet communications by supporting the following processes:
q Authentication. Verifying the identity of users and machines becomes crucial
when an organization opens its doors to the Internet. Strong authentication
mechanisms, of which PKI is one, verify identities without allowing transmission
storage of reusable passwords. They ensure that persons and machines are theentities they claim to be. This is typically done by a trusted third-party
authentication or certification service using conventional cryptography. Proper u
of PKI makes impersonation virtually impossible and supports mechanisms
enabling systems and applications to trust each other's connections and
transmissions.
q Encryption. Encryption and integrity algorithms are used to secure
communications and ensure the privacy of data sent from one computer to
another. They ensure that data remains confidential, that it cannot be modified,
that lost packets can be detected.
q Non-repudiation. Non-repudiation means that senders of digitally signed
transactions or email cannot claim they did not do so. Digital signatures using P
can provide reliable proof that the person signing the electronic transmission re
is that person, since no one else can create their unique digital signature. This f
also prevents impersonation, because the impostor cannot create that person's
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (1 of 3) [01/29/2003 12:06:37 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
7/67
Concepts
digital signature. A PKI digital signature proves that a specific user performed
certain operations.
or public-key cryptography, entities that want to communicate in a secure manner m
ossess certain security credentials. This collection of security credentials is stored in
allet. Security credentials consist of:
q Public and private keys. This form of cryptography uses a secret private key a
a mathematically-related public key. Only the public key can be used to encrypt
information, and only the corresponding private key can be used to decrypt that
information. Only the owner of the key pair knows the private key; the public ke
can be distributed widely and remains associated with its owner. A message
encrypted with the public key can only be decrypted by the owner who knows th
associated private key. Such keys are also used in digital signatures to prevent
Internet impersonation and repudiation of valid messages. In the process ofseeting up this sample application, you will obtain and install certificates for the
client and server.
q Digital certificates. Certificates are digital identities, issued by trusted third
parties, that identify users and machines. Certificates are issued when that third
party receives trusted information proving to its satisfaction the validity of those
identities. The certificates can then be securely stored in wallets or in directorie
and used to prove the claimed identity to anyone on the Internet who trusts that
third party.q Certificate Authority (CA). A CA is a third party that acts as a trusted,
independent provider of digital certificates.
se of a cryptographic key pair to set up a secure, encrypted channel ensures the
ivacy of a message and can validate the authenticity of the sender of the message.
Wide distribution of the public key on a server, or in a central directory, does not
opardize security because the private key is never shared. The public key for an ent
published by a certificate authority in a user certificate. Entities that want to send
ecure information can encrypt the information with the recipient entity's public key. A
ntity that receives a communication encrypted by this method can use its own private
ey to decrypt the message. (In some cases, the sender might need to reassure the
cipient regarding who sent the message. Encrypting the coded message again usin
s own public key would do the trick. The recipient could decrypt the doubly-encoded
essage using his private key, and then decrypt the resulting coded message using t
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (2 of 3) [01/29/2003 12:06:37 PM]
-
8/14/2019 Web Service Secure
8/67
Concepts
ender's public key. If the original message was not encoded using both public keys,
sult of decrypting will be unreadable.)
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (3 of 3) [01/29/2003 12:06:37 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
9/67
utorial: Security for Web Services
Tutorial: Security for Web Services
his tutorial describes how to make Web Services secure using the Public Key
frastructure (PKI), Secure Sockets Layer (SSL), and other features provided by
racle9iApplication Server (Oracle9iAS).
ontents
1. Concepts
2. Design
3. Required Software
4. Setup
5. Implementation
6. Resources
7. Feedback
le:///D|/otnDocs/sample_code/tutorials/wspki/toc.htm [12/04/2002 3:37:54 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
10/67
Concepts
Concepts
ffective Internet security requires secure information exchange mechanisms that arecalable and that support the security of distributed systems. Public Key Infrastructure
PKI) meets these requirements with minimal inconvenience.
racle9iApplication Server (Oracle9iAS) can use elements of PKI to provide a secure
silient environment for deploying electronic commerce. This reliable environment
upports building systems to handle virtually any type of electronic interaction, from
orporate intranets to e-business applications designed for deployment on the Interne
trong system security starts with the physical security of systems and the
ustworthiness of personnel. With these in place, PKI enhances secure electronic
ommerce and Internet communications by supporting the following processes:
q Authentication. Verifying the identity of users and machines becomes crucial
when an organization opens its doors to the Internet. Strong authentication
mechanisms, of which PKI is one, verify identities without allowing transmission
storage of reusable passwords. They ensure that persons and machines are theentities they claim to be. This is typically done by a trusted third-party
authentication or certification service using conventional cryptography. Proper u
of PKI makes impersonation virtually impossible and supports mechanisms
enabling systems and applications to trust each other's connections and
transmissions.
q Encryption. Encryption and integrity algorithms are used to secure
communications and ensure the privacy of data sent from one computer to
another. They ensure that data remains confidential, that it cannot be modified,
that lost packets can be detected.
q Non-repudiation. Non-repudiation means that senders of digitally signed
transactions or email cannot claim they did not do so. Digital signatures using P
can provide reliable proof that the person signing the electronic transmission re
is that person, since no one else can create their unique digital signature. This f
also prevents impersonation, because the impostor cannot create that person's
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (1 of 3) [12/04/2002 3:37:56 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
11/67
Concepts
digital signature. A PKI digital signature proves that a specific user performed
certain operations.
or public-key cryptography, entities that want to communicate in a secure manner m
ossess certain security credentials. This collection of security credentials is stored in
allet. Security credentials consist of:
q Public and private keys. This form of cryptography uses a secret private key a
a mathematically-related public key. Only the public key can be used to encrypt
information, and only the corresponding private key can be used to decrypt that
information. Only the owner of the key pair knows the private key; the public ke
can be distributed widely and remains associated with its owner. A message
encrypted with the public key can only be decrypted by the owner who knows th
associated private key. Such keys are also used in digital signatures to prevent
Internet impersonation and repudiation of valid messages. In the process ofseeting up this sample application, you will obtain and install certificates for the
client and server.
q Digital certificates. Certificates are digital identities, issued by trusted third
parties, that identify users and machines. Certificates are issued when that third
party receives trusted information proving to its satisfaction the validity of those
identities. The certificates can then be securely stored in wallets or in directorie
and used to prove the claimed identity to anyone on the Internet who trusts that
third party.q Certificate Authority (CA). A CA is a third party that acts as a trusted,
independent provider of digital certificates.
se of a cryptographic key pair to set up a secure, encrypted channel ensures the
ivacy of a message and can validate the authenticity of the sender of the message.
Wide distribution of the public key on a server, or in a central directory, does not
opardize security because the private key is never shared. The public key for an ent
published by a certificate authority in a user certificate. Entities that want to send
ecure information can encrypt the information with the recipient entity's public key. A
ntity that receives a communication encrypted by this method can use its own private
ey to decrypt the message. (In some cases, the sender might need to reassure the
cipient regarding who sent the message. Encrypting the coded message again usin
s own public key would do the trick. The recipient could decrypt the doubly-encoded
essage using his private key, and then decrypt the resulting coded message using t
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (2 of 3) [12/04/2002 3:37:56 PM]
-
8/14/2019 Web Service Secure
12/67
Concepts
ender's public key. If the original message was not encoded using both public keys,
sult of decrypting will be unreadable.)
le:///D|/otnDocs/sample_code/tutorials/wspki/concepts.htm (3 of 3) [12/04/2002 3:37:56 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
13/67
Design
Design
he Online Product Store demonstrates an e-Business application that uses Web
ervices to handle credit card-based transactions.There are two ways to ensure secu
th Web Services:
q Security at XML level. Options include XML Encryption, XML Digital signature A
XKMS (XML Key Management Specification), and SAML (Security Assertion
Markup Language).q Security at the transport level. Implementing security at the transport level mean
securing the network protocol a Web Service uses for communication. SSL is th
industry-accepted standard protocol for secured encrypted communications ove
TCP/IP. In this model, a Web Service client uses SSL to open a secure socket t
Web Service. The client then sends and receives SOAP messages over this
secured socket using HTTPS. The SSL implementation takes care of ensuring
privacy by encrypting all the network traffic on the socket. SSL can also
authenticate the Web Service to the client using the PKI infrastructure.
ecause the standards for enabling security at XML level are in their infancy, OTN
evelopers opted for security at the transport level using SSL and the PKI infrastructu
racle9iAS provides a solid framework for building and deploying Web applications u
e Apache-based Oracle HTTP Server, Oracle9iAS Containers for J2EE, and
racle9iAS Portal, which use the advanced security functionality provided by Oracle9
frastructure. Oracle9iAS Infrastructure consists of Oracle9iAS Metadata Repository
racle Internet Directory, Oracle9iAS Single Sign-On, and Oracle Management Serve
his sample application requires a user ID and a password for login. Three users are
eated by running SQL scripts given in the Install.html file. Following is the informatio
r accessing this application.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (1 of 3) [12/04/2002 3:37:57 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
14/67
Design
User ID PasswordCredit Card
Number
C101 welc0me 1234567887654321
C102 otn 1234567887654322
C103 welcome 1234567887654323
y providing credentials, a user gains access to a catalog of products from which they
an add items to their shopping cart. To buy products, a user checks out and enters a
edit card number, and this application contacts the Credit Card Web Service via SS
ereby demonstrating how to access a Web Service securely.
he directory structure of the sample code is as shown below (Xxx represents the top
vel directory).
Directory Files Description
Xxx\docs
Readme.htmlGives an overview of
the application.
Install.html,
InstallContd.html
These files describe
how to install and
deploy the application.
Xxx\sql
Security.sql
Sets up the data
required by the Online
Product Store which
will be created in the
"security" user
schema.
Creditdb.sql
Sets up up the datarequired by the Credit
Card Web Service
which will be created
in the "creditdb" user
schema.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (2 of 3) [12/04/2002 3:37:57 PM]
-
8/14/2019 Web Service Secure
15/67
Design
Xxx\CreditCardService *.java
Directory containing
the source of the
Credit Card Web
Service and the
supporting files
Xxx\JSPApplication *.java
Directory containing
the source code and
supporting files for the
Online Product Store.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (3 of 3) [12/04/2002 3:37:57 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
16/67
Required Software
Required Software
ou can download the sample application source code (35 KB) from:
q http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_securit
he following software is required to build and run this tutorial. OTN members can
ownload developer-license versions of these products for free.
q Oracle9iDatabase Server Version 9.2.0 or higher .
q Oracle9iAS Release 2 - Installation must include Oracle HTTP Server and OC4J.
q Oracle9iJDeveloper - Version 9.0.2 or higher.
ee the Setup section for information about installing and running the tutorial.
le:///D|/otnDocs/sample_code/tutorials/wspki/reqsw.htm [12/04/2002 3:37:58 PM]
http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jarhttp://software/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/jdev/content.htmlhttp://software/products/jdev/content.htmlhttp://software/products/jdev/content.htmlhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078http://software/products/jdev/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/content.htmlhttp://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jarhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
17/67
etup
Setup
his section lists the steps to install and configure the tutorial. It assumes that you hav
stalled and configured the software described in the Required Software section.
1. Extract the Sample
2. Get a Server Certificate
3. Get a Client Certificate
4. Set up Oracle9iAS to use this Certificate5. Database Setup
6. Oracle Java SSL libraries
7. Compile the Web Service
8. Deploy the Web Service to Oracle9iAS through Enterprise Manager
9. Prepare the Online Store application
10. Deploy the Online Store application to Oracle9iAS through Enterprise Manager
le:///D|/otnDocs/sample_code/tutorials/wspki/setup.htm [12/04/2002 3:37:59 PM]
http://-/?-http://-/?-http://-/?-http://-/?-http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078http://-/?-http://-/?-http://-/?-http://-/?-http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
18/67
mplementation
Implementation
his sample application achieves security by deployment to Oracle9iApplication Serv
Oracle9iAS). There is nothing unusual about the code that implements the Web Serv
he key is to follow the steps presented in the Setup section of this tutorial. The steps
volve a slight modification of the Web Service source code, as explained in the Prep
e Online Store application section.
racle9iAS security starts from the well-tested and highly configurable Web securityervices provided by Oracle HTTP Server, adds a comprehensive set of Web single s
n services, and extends them further with centralized user provisioning that is availa
Oracle Internet Directory, an LDAP, version 3-compliant directory service. In additio
racle9iAS provides the Oracle implementation of Java Authorization and Authentica
ervices (JAAS) for J2EE application security, and extensive portal authorization and
pplication integration mechanisms. Oracle9iAS also supports secure access to Orac
atabase systems using Oracle Advanced Security.
Oracle9i Application Server Implementation of Public Key
nfrastructure (PKI)
he Oracle9i Application Server PKI implementation provides a variety of security
ervices, in compliance with industry-standard specifications. It incorporates a whole
uite of products and features, including the following:
Secure Sockets Layer The Secure Sockets Layer (SSL) is an application layer
protocol that can be employed for certificate-based
authentication. All of the major components of Oracle9iAS
support SSL.
le:///D|/otnDocs/sample_code/tutorials/wspki/impl.htm (1 of 2) [12/04/2002 3:38:00 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
19/67
mplementation
Oracle Wallets An Oracle wallet is a container in which certificates and
trusted certificates are stored and managed. These data
structures securely store a user private key, a user
certificate, and a set of trusted certificates (the list of root
certificates which the user trusts).
Oracle Wallet Manager This is a Java-based application that security administratouse to manage public-key security credentials on both
Oracle clients and servers. It creates an Oracle wallet.
Oracle Wallet Manager creates a public-private key pair a
manages credentials for a user. It issues PKCS#10
certificate requests to the certificate authority, and installs
the certificate in the wallet. It ships with trusted certificates
from VeriSign, RSA, and Baltimore CyberTrust, and can u
a site's own in-house certificate authority.
Oracle Internet
Directory
Oracle Internet Directory, an LDAP V3-compliant directory
built on the Oracle9idatabase, helps to enable PKI-based
single sign-on. It enables you to securely manage the use
and system configuration environment, including security
attributes and privileges, for users authenticated using X.5
certificates. Oracle Internet Directory enforces attribute-levaccess control, enabling the directory to restrict read, write
or update privileges on specific attributes to specific name
users (for example, a security administrator). It also suppo
protection and authentication of directory queries and
responses through SSL encryption.
le:///D|/otnDocs/sample_code/tutorials/wspki/impl.htm (2 of 2) [12/04/2002 3:38:00 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
20/67
Resources
Resources
llowing are links to resources that can help you understand and apply the concepts and techniques
esented in this tutorial. See the Required Software section to obtain the tutorial source code and re
es.
Resource URL
Oracle9i
pplication
erver
ecurityGuide
http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/core.902/a90146/toc
OTN Web
ervices
echnolgy
enter
http://otn.oracle.com/tech/webservices/content.html
Oracle by
xample:
uild a
ecure
nternet
ata
enter
http://otn.oracle.com/products/oracle9i/htdocs/9iober2/obe9ir2/player_otn.htm
le:///D|/otnDocs/sample_code/tutorials/wspki/rsrc.htm [12/04/2002 3:38:00 PM]
http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/core.902/a90146/toc.htmhttp://otn.oracle.com/tech/webservices/content.htmlhttp://otn.oracle.com/products/oracle9i/htdocs/9iober2/obe9ir2/player_otn.htmhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078http://otn.oracle.com/products/oracle9i/htdocs/9iober2/obe9ir2/player_otn.htmhttp://otn.oracle.com/tech/webservices/content.htmlhttp://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/core.902/a90146/toc.htmhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
21/67
eedback
Feedback
you have questions or comments about this tutorial, you can:
q Post a message in the OTN Sample Code discussion forum. OTN developers a
other experts monitor the forum.
q Send email to the author. mailto:[email protected]
you have suggestions or ideas for future tutorials, please send email to:
q mailto:[email protected]
le:///D|/otnDocs/sample_code/tutorials/wspki/fdbk.htm [12/04/2002 3:38:01 PM]
http://www.oracle.com/forums/message.jsp?id=1153142&gid=428078mailto:[email protected]?subject=WS%20and%20PKImailto:[email protected]?subject=Tutorial%20Suggestionhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078mailto:[email protected]?subject=Tutorial%20Suggestionmailto:[email protected]?subject=WS%20and%20PKIhttp://www.oracle.com/forums/message.jsp?id=1153142&gid=428078http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
22/67
Design
Design
he Online Product Store demonstrates an e-Business application that uses Web
ervices to handle credit card-based transactions.There are two ways to ensure secu
th Web Services:
q Security at XML level. Options include XML Encryption, XML Digital signature A
XKMS (XML Key Management Specification), and SAML (Security Assertion
Markup Language).q Security at the transport level. Implementing security at the transport level mean
securing the network protocol a Web Service uses for communication. SSL is th
industry-accepted standard protocol for secured encrypted communications ove
TCP/IP. In this model, a Web Service client uses SSL to open a secure socket t
Web Service. The client then sends and receives SOAP messages over this
secured socket using HTTPS. The SSL implementation takes care of ensuring
privacy by encrypting all the network traffic on the socket. SSL can also
authenticate the Web Service to the client using the PKI infrastructure.
ecause the standards for enabling security at XML level are in their infancy, OTN
evelopers opted for security at the transport level using SSL and the PKI infrastructu
racle9iAS provides a solid framework for building and deploying Web applications u
e Apache-based Oracle HTTP Server, Oracle9iAS Containers for J2EE, and
racle9iAS Portal, which use the advanced security functionality provided by Oracle9
frastructure. Oracle9iAS Infrastructure consists of Oracle9iAS Metadata Repository
racle Internet Directory, Oracle9iAS Single Sign-On, and Oracle Management Serve
his sample application requires a user ID and a password for login. Three users are
eated by running SQL scripts given in the Install.html file. Following is the informatio
r accessing this application.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (1 of 3) [01/29/2003 12:06:39 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
23/67
Design
User ID PasswordCredit Card
Number
C101 welc0me 1234567887654321
C102 otn 1234567887654322
C103 welcome 1234567887654323
y providing credentials, a user gains access to a catalog of products from which they
an add items to their shopping cart. To buy products, a user checks out and enters a
edit card number, and this application contacts the Credit Card Web Service via SS
ereby demonstrating how to access a Web Service securely.
he directory structure of the sample code is as shown below (Xxx represents the top
vel directory).
Directory Files Description
Xxx\docs
Readme.htmlGives an overview of
the application.
Install.html,
InstallContd.html
These files describe
how to install and
deploy the application.
Xxx\sql
Security.sql
Sets up the data
required by the Online
Product Store which
will be created in the
"security" user
schema.
Creditdb.sql
Sets up up the datarequired by the Credit
Card Web Service
which will be created
in the "creditdb" user
schema.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (2 of 3) [01/29/2003 12:06:39 PM]
-
8/14/2019 Web Service Secure
24/67
Design
Xxx\CreditCardService *.java
Directory containing
the source of the
Credit Card Web
Service and the
supporting files
Xxx\JSPApplication *.java
Directory containing
the source code and
supporting files for the
Online Product Store.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (3 of 3) [01/29/2003 12:06:39 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
25/67
Required Software
Required Software
ou can download the sample application source code (35 KB) from:
q http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_securit
he following software is required to build and run this tutorial. OTN members can
ownload developer-license versions of these products for free.
q Oracle9iDatabase Server Version 9.2.0 or higher .
q Oracle9iAS Release 2 - Installation must include Oracle HTTP Server and OC4J.
q Oracle9iJDeveloper - Version 9.0.2 or higher.
ee the Setup section for information about installing and running the tutorial.
le:///D|/otnDocs/sample_code/tutorials/wspki/reqsw.htm [01/29/2003 12:06:54 PM]
http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jarhttp://software/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/jdev/content.htmlhttp://software/products/jdev/content.htmlhttp://software/products/jdev/content.htmlhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078http://software/products/jdev/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/content.htmlhttp://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jarhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
26/67
etup
Setup
his section lists the steps to install and configure the tutorial. It assumes that you hav
stalled and configured the software described in the Required Software section.
1. Extract the Sample
2. Get a Server Certificate
3. Get a Client Certificate
4. Set up Oracle9iAS to use this Certificate5. Database Setup
6. Oracle Java SSL libraries
7. Compile the Web Service
8. Deploy the Web Service to Oracle9iAS through Enterprise Manager
9. Prepare the Online Store application
10. Deploy the Online Store application to Oracle9iAS through Enterprise Manager
le:///D|/otnDocs/sample_code/tutorials/wspki/setup.htm [01/29/2003 12:06:54 PM]
http://-/?-http://-/?-http://-/?-http://-/?-http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078http://-/?-http://-/?-http://-/?-http://-/?-http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
27/67
mplementation
Implementation
his sample application achieves security by deployment to Oracle9iApplication Serv
Oracle9iAS). There is nothing unusual about the code that implements the Web Serv
he key is to follow the steps presented in the Setup section of this tutorial. The steps
volve a slight modification of the Web Service source code, as explained in the Prep
e Online Store application section.
racle9iAS security starts from the well-tested and highly configurable Web securityervices provided by Oracle HTTP Server, adds a comprehensive set of Web single s
n services, and extends them further with centralized user provisioning that is availa
Oracle Internet Directory, an LDAP, version 3-compliant directory service. In additio
racle9iAS provides the Oracle implementation of Java Authorization and Authentica
ervices (JAAS) for J2EE application security, and extensive portal authorization and
pplication integration mechanisms. Oracle9iAS also supports secure access to Orac
atabase systems using Oracle Advanced Security.
Oracle9i Application Server Implementation of Public Key
nfrastructure (PKI)
he Oracle9i Application Server PKI implementation provides a variety of security
ervices, in compliance with industry-standard specifications. It incorporates a whole
uite of products and features, including the following:
Secure Sockets Layer The Secure Sockets Layer (SSL) is an application layer
protocol that can be employed for certificate-based
authentication. All of the major components of Oracle9iAS
support SSL.
le:///D|/otnDocs/sample_code/tutorials/wspki/impl.htm (1 of 2) [01/29/2003 12:06:55 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
28/67
mplementation
Oracle Wallets An Oracle wallet is a container in which certificates and
trusted certificates are stored and managed. These data
structures securely store a user private key, a user
certificate, and a set of trusted certificates (the list of root
certificates which the user trusts).
Oracle Wallet Manager This is a Java-based application that security administratouse to manage public-key security credentials on both
Oracle clients and servers. It creates an Oracle wallet.
Oracle Wallet Manager creates a public-private key pair a
manages credentials for a user. It issues PKCS#10
certificate requests to the certificate authority, and installs
the certificate in the wallet. It ships with trusted certificates
from VeriSign, RSA, and Baltimore CyberTrust, and can u
a site's own in-house certificate authority.
Oracle Internet
Directory
Oracle Internet Directory, an LDAP V3-compliant directory
built on the Oracle9idatabase, helps to enable PKI-based
single sign-on. It enables you to securely manage the use
and system configuration environment, including security
attributes and privileges, for users authenticated using X.5
certificates. Oracle Internet Directory enforces attribute-levaccess control, enabling the directory to restrict read, write
or update privileges on specific attributes to specific name
users (for example, a security administrator). It also suppo
protection and authentication of directory queries and
responses through SSL encryption.
le:///D|/otnDocs/sample_code/tutorials/wspki/impl.htm (2 of 2) [01/29/2003 12:06:55 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
29/67
Resources
Resources
llowing are links to resources that can help you understand and apply the concepts and techniques
esented in this tutorial. See the Required Software section to obtain the tutorial source code and re
es.
Resource URL
Oracle9i
pplication
erver
ecurityGuide
http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/core.902/a90146/toc
OTN Web
ervices
echnolgy
enter
http://otn.oracle.com/tech/webservices/content.html
Oracle by
xample:
uild a
ecure
nternet
ata
enter
http://otn.oracle.com/products/oracle9i/htdocs/9iober2/obe9ir2/player_otn.htm
le:///D|/otnDocs/sample_code/tutorials/wspki/rsrc.htm [01/29/2003 12:06:56 PM]
http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/core.902/a90146/toc.htmhttp://otn.oracle.com/tech/webservices/content.htmlhttp://otn.oracle.com/products/oracle9i/htdocs/9iober2/obe9ir2/player_otn.htmhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078http://otn.oracle.com/products/oracle9i/htdocs/9iober2/obe9ir2/player_otn.htmhttp://otn.oracle.com/tech/webservices/content.htmlhttp://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/core.902/a90146/toc.htmhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
30/67
eedback
Feedback
you have questions or comments about this tutorial, you can:
q Post a message in the OTN Sample Code discussion forum. OTN developers a
other experts monitor the forum.
q Send email to the author. mailto:[email protected]
you have suggestions or ideas for future tutorials, please send email to:
q mailto:[email protected]
le:///D|/otnDocs/sample_code/tutorials/wspki/fdbk.htm [01/29/2003 12:06:56 PM]
http://www.oracle.com/forums/message.jsp?id=1153142&gid=428078mailto:[email protected]?subject=WS%20and%20PKImailto:[email protected]?subject=Tutorial%20Suggestionhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078mailto:[email protected]?subject=Tutorial%20Suggestionmailto:[email protected]?subject=WS%20and%20PKIhttp://www.oracle.com/forums/message.jsp?id=1153142&gid=428078http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
31/67
Web Services Security Sample Install document
Web Services Security Sample Installation
atabase Setup
Log into SQLPlus as system/manager.
Create two users "security" and "creditdb" as follows:
SQL> create user security identified by security;SQL> grant all privileges to security;SQL> create user creditdb identified by creditdb;SQL> grant all privileges to creditdb;
Log into SQLPlus as security/security. Run the file Security.sql which creates the tables
eeded by thisapplication and populates the tables with data.
SQL> @d:\\sql\Security.sql
where is the directory where you have extracted this sample.
Log into SQLPlus as creditdb/creditdb. Run the file Creditdb.sql which creates the tableseeded by this
application and populates the tables with data.
SQL> @d:\\sql\Creditdb.sql
where is the directory where you have extracted this sample.
racle Java SSL libraries
he files jcert.jar, jsse.jar and jssl-1_2.jar are needed for running this sample. They are availa
the following directories
jsse.jar - /libjcert.jar - /jdk/jre/lib/extjssl-1_2.jar - /jlib
opy them to /jdk/jre/lib/ext directory so that these classes are loaded by theystem class loader.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/InstallContd.html (1 of 5) [01/29/2003 12:06:57 PM]
-
8/14/2019 Web Service Secure
32/67
Web Services Security Sample Install document
ote: If this step is not followed, the application will throw a ClassNotFoundException.
ompile the Web Service
From the command prompt, traverse to the CreditCardService\src directory.
Edit the file ConnectionParams.java and substitute the variable values with your settings. M
ure to have theusername and password as "creditdb" and creditdb"
Make sure to have classes12.jar (JDBC library) in the CLASSPATH. This library is availableIAS_HOME/jdbc/lib directory.
Compile the source files as follows
javac *.java
Copy the created class files into WEB-INF\classes directory.
Go to the parent directory CreditCardService and create a WAR file as follows
jar -Mcvf CreditCardValidator.war WEB-INF\*
his creates a WAR file in the CreditCardService directory.
eploy the Web Service to Oracle9iAS through Enterprise Manager
Access the Enterprise Manager Web Site as follows http://:1810Provide the admin user name and password as per your settings. Default username is
s_admin and thepassword should be the one given during Oracle9iAS installation.
Go the OC4J_home component by clicking on the link.
Click on the "Deploy WAR file" button in the OC4J_home page.
In the Deploy Web Application page, click on the "Browse" button and select thereditCardValidator.warfilefrom the CreditCardService directory. Please note that this WAR file was created during the
xecution of step fin the previous section.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/InstallContd.html (2 of 5) [01/29/2003 12:06:57 PM]
-
8/14/2019 Web Service Secure
33/67
Web Services Security Sample Install document
Mention the name of the application as "CreditCardService".
Provide "/CreditCardValidator" as the value to the Map to URL attribute.
Click Deploy.
he above steps completes the deployment of the Credit card Web Service to Oracle9iAS.
repare the Online Store application
Open the workspace "WS_Security.jws" from the JSPApplication directory.
Edit the file ConnectionParams.java and substitute the variable values with your settings.ake sure to have theusername and password as "security" and "security".
This application needs a proxy stub for accessing the Web Service. This stub can be acquiry accessing theWeb Service as followshttp://:/CreditCardValidator/CreditCardValidator?proxy_sourcewhere is the machine on which Oracle9iAS is running and is Oracle HT
erver port.
Save the zip file in any convenient directory and extract the filereditCardValidatorInterfaceProxy.java in
/JSPApplication/src/oracle/otnsamples/webservices/security directory.Note: is the directory where you had initially extracted this application.
Click on the project WS_Security.jpr and add the file CreditCardValidatorInterfaceProxy.javis project.
Walk through the source to understand this file. Add the following lines in the methodalidateCard()
System.setProperty("ssl.SocketFactory.provider","oracle.security.ssl.OracleSSLSocketFactoryImpl");
ystem.setProperty("ssl.ServerSocketFactory.provider","oracle.security.ssl.OracleSSLServerSocketFactoryIm
System.setProperty("java.protocol.handler.pkgs","HTTPClient");System.setProperty("oracle.wallet.location","/home1/otn9i/ClientCert/wallet.txt");System.setProperty("oracle.wallet.password","client12");
ote : The parameters oracle.wallet.location and oracle.wallet.password should be changed a
er your settings. Remember, we exported the client certificate in text format. The value for
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/InstallContd.html (3 of 5) [01/29/2003 12:06:57 PM]
-
8/14/2019 Web Service Secure
34/67
Web Services Security Sample Install document
racle.wallet.location should be the complete path to this text file. Ensure to specify client12 ae value to the oracle.wallet.password parameter as this was mentioned while creating the clallet.
Edit the file CreditCardValidatorInterfaceProxy.javaChange the value of the m_soapURLariable to https and
the port to https port.
For eg.private String m_soapURL = "http://insn104a.idc.oracle.com:7777/CreditCardValidator/CreditCardValidato
should be changed toprivate String m_soapURL = "https://insn104a.idc.oracle.com:4443/CreditCardValidator/CreditCardValidato
ote: This is the port with which we have setup Oracle HTTP Server to use SSL.
Now we have to compile this application. For compiling this, we need to have the Oracle Ja
SL libraries inthe CLASSPATH. The libraries jsse.jar, jcert.jar and jssl-1_2.jar can be added to the projec
asspath asfollows:
Right click on WS_Security.jpr -> Project Settings -> Development -> Libraries -> New. Proname to thislibrary and click on Edit to add the jar files. Click OK to dismiss this dialog box. Make sure to
ave this library in
the "Selected Libraries" list.
Right click on WS_Security.jpr -> Build Project. The project should compile without any error
Right click on webapp2.deploy and choose to deploy to an EAR file. This step creates an EAtheJSPApplication directory.
he above steps prepares the application which can now be deployed.
eploy the Online Store application to Oracle9iAS
Access the Enterprise Manager Web Site as follows http://:1810
Provide the admin user name and password as per your settings. Default username iss_admin and thepassword should be the one given during Oracle9iAS installation.
Go the OC4J_home component by clicking on the link.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/InstallContd.html (4 of 5) [01/29/2003 12:06:57 PM]
-
8/14/2019 Web Service Secure
35/67
Web Services Security Sample Install document
Click on the "Deploy EAR file" button in the OC4J_home page.
Skip Step 1 of 8. In Step 2, click on the "Browse" button and choose the file OTNStore.earfeJSPApplication directory. This EAR file was created as part of preparing this application.ention the name of
the application as OTNStore. Click Next.
In Step 3, make sure that the value for URL Binding is/WS_Security. Click Next.
Skip Steps 4, 5, 6 and 7. In Step 8, Click on the "Deploy" button.
he application will now be deployed as an Enterprise application to Oracle9iAS. The applicatan now be accessed as shown here.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/InstallContd.html (5 of 5) [01/29/2003 12:06:57 PM]
http://-/?-http://-/?- -
8/14/2019 Web Service Secure
36/67
Web Services Security with PKI
Online Product Storemplementing security with Web
Services through PKI
Table Of Contents
q Overview of the sample application
q Installation and Configurationq Description of Sample files
q Running the sample on Oracle9iAS
Overview of the sample application
his Sample demonstrates an e-Business Application which implementsecurity with Web services using PKI. As we are aware, Web Services is
aining momentum in the Industry and companies have started accepting its a new way to conduct business over the Web. Web Services currentlyevolves around three important protocols: SOAP, WSDL and UDDI. Theserotocols have reached a stage of maturity and the focus now is onecurity with Web Services. There are two ways with which we can ensureecurity with Web Services. They are:
q Security at Transport levelq Security at XML level
ecurity at Transport level
mplementing security at the transport level means, securing the networkrotocol, a Web Service uses for communication. SSL is the Industryccepted standard protocol for secured encrypted communications overCP/IP. In this model, a Web Service client will use SSL to open a secureocket to a Web Service. The client then sends and receives SOAP
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Readme.html (1 of 4) [01/29/2003 12:06:59 PM]
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
8/14/2019 Web Service Secure
37/67
Web Services Security with PKI
messages over this secured socket using HTTP. The SSL implementationakes care of ensuring privacy by encrypting all the network traffic on theocket. SSL can also authenticate the Web Service to the client using agital certificate issued by a Certificate authority.
ecurity at XML level
here are some standards available for securing Web Services at XMLvel. They are:
q XML Encryptionq XML Digital Signature APIq XKMS (XML Key Management Specification)q SAML (Security Assertion Markup Language)
ince the standards for enabling security at XML level is at its infancy, thisample aims on securing Web Services at the transport level using the PKIfrastructure.
application users are created as part of running the SQL scripts as given the Install.html file. Following is the information for accessing thispplication
User Id Password Credit Card NumberC101 welc0me 1234567887654321
C102 otn 1234567887654322
C103 welcome 1234567887654323
his sample application requires an User Id and a password for login. Oncehe sample users provide the above mentioned credentials, they canccess the functionality provided by this application. Once the users
uccessfully login to this application, they will be shown a catalog ofroducts from which they can add items to their shopping cart. Once theyecide to purchase the items, they can choose to buy the products where
his application mandates the users to enter their credit card numbers.Once the users enter the credit card number shown above depending uponhe User Id they have used, this application will contact the Credit Card
Web Service via SSL thereby demonstrating how to access a Web Serviceecurely.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Readme.html (2 of 4) [01/29/2003 12:06:59 PM]
-
8/14/2019 Web Service Secure
38/67
Web Services Security with PKI
nstallation and Configuration
efer to Install.html for step-by-step instructions on extracting files,
stalling and configuring any other systems to successfully run this sample
pplication.
Description of Sample Files
he sample is provided as a jar file. This jar file contains all the filesequired for the sample.
Filename Description
Readme.html This file
nstall.htmlInstructions for setting up this sampleapplication on Oracle9iAS
nstallContd.htmlContinuation of the instructions for setting upthis sample
sql\Security.sqlSQL script required for setting up the datarequired by the Online store which will be
created in the "security" user schema
sql\Creditdb.sql
SQL script required for setting up the datarequired by the Credit Card Web Servicewhich will be created in the "creditdb" userschema
CreditCardService directoryDirectory containing the source of the CreditCard Web Service and the supporting files
JSPApplication directoryDirectory containing the source of the Online
Product store and the supporting files
Running the sample using Oracle9iAS
1. Install the sample application on Oracle9iAS using the instructionsgiven in the Install.html file.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Readme.html (3 of 4) [01/29/2003 12:06:59 PM]
-
8/14/2019 Web Service Secure
39/67
Web Services Security with PKI
2. Access the application using the following URL
http://:/WS_Security/Login.jsp,
where is the machine on which your Oracle9iAS isunning and is the port at which
your Oracle HTTP Server is running.
Example: http://incq210a.idc.oracle.com:7777/WS_Security/Login.jsp
lease enter your comments about this sample in the OTN Sample
ode discussion forum.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Readme.html (4 of 4) [01/29/2003 12:06:59 PM]
http://www.oracle.com/forums/forum.jsp?id=466592http://www.oracle.com/forums/forum.jsp?id=466592http://www.oracle.com/forums/forum.jsp?id=466592http://www.oracle.com/forums/forum.jsp?id=466592 -
8/14/2019 Web Service Secure
40/67
Web Services Security Sample Install document
Web Services Security Sample Installation
his document presents following topics:
q Required software
q Installation steps
equired Software
q Oracle Database Server Version 9.2.0 or higher
q Oracle9iAS Release 2 - Installation should contain Oracle HTTP Server and
OC4J
q Oracle9i JDeveloper
You may download this software from OTN site.
nstallation Steps
1. Extract the Sample
2. Get a Server Certificate
3. Get a Client Certificate
4. Set up Oracle9iAS to use this Certificate
5. Database Setup
6. Oracle Java SSL libraries
7. Compile the Web Service
8. Deploy the Web Service to Oracle9iAS through Enterprise Manager
9. Prepare the Online Store application
10. Deploy the Online Store application to Oracle9iAS through Enterprise
Manager
xtract the Sample
his sample is provided as a jar file. Extract WS_Security.jar in any of your
vorite directories. The jar can be extracted as follows
r xvf WS_Security.jar
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (1 of 5) [01/29/2003 12:07:00 PM]
http://otn.oracle.com/software/content.htmlhttp://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://otn.oracle.com/software/content.html -
8/14/2019 Web Service Secure
41/67
Web Services Security Sample Install document
et a Server Certificate
or setting up PKI infrastructure, this sample needs digital certificates which can
e acquired from any one of the CAs. For this sample, we will get a test certificate
om Verisign.
Create directory called ServerCert in the machine where Oracle9iAS is installed.
Start Oracle Wallet Manager by running the following command from
AS_HOME/bin directory:
./owm
Click on Wallet/New Option, to create a new Wallet. This step asks for a wallet
assword.
nter "client12" as the wallet password.
nter "client12" to confirm the wallet password. Then click on Yes to create a new
ertification request.
Enter the following information :
ommon Name : OTN_SAMPLE
rganization Unit : Your Group Name e.g. 'OTN'rganization : Your company Name e.g. 'Oracle'
ocality\City : Your City Name e.g. 'Bangalore'
tate/Province : Your State Name e.g. 'Karnataka'
ountry : Choose Appropriate Country Name
hoose key size as 1024 bits. Click OK, OK. This generates a Certificate Request
hich you can send to any Certificate Authority.
Click on the menu 'Certificate:[Requested]'. This displays a window in whichertificate Request is displayed. Note that the Certificate Request starts
ith
----- BEGIN NEW CERTIFICATE REQUEST -----
nd ends with
----- END NEW CERTIFICATE REQUEST -----
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (2 of 5) [01/29/2003 12:07:00 PM]
-
8/14/2019 Web Service Secure
42/67
Web Services Security Sample Install document
Click on 'Operations/ Export Certificate Request' to export the Certificate
equest to a local file.
nter the file name as 'client.cer.req'. Save this file in the ServerCert directory
eated as part of step 2.
Minimize Oracle Wallet Manager. Note: Do not close OWM but just minimize.
Generating Test certificates:
sing your favorite editor, open the file 'client.cer.req' created in Step 6.
pen your favorite browser. Go to the location :
tp://www.verisign.com
ollow the steps as given below.
Click on Free SSL trial ID link on right hand side.
In the resulting page, enter your personal information as applicable.
Read the instructions and click Continue.
In Step 1, click Continue.
In Step 2, copy and paste the CSR from client.cer.req file in the textbox shown
nd click Continue.
In Step 3, provide your information. Make sure you provide a valid email
ddress. Click Accept.
ou will get the certificate at the mail address you specified in Step 3.
opy and paste your certificate to a local file namely 'client.cer' in the ServerCert
rectory.
ote : Please copy and paste the lines from and including line ---BEGIN
ERTIFICATE----- till the line
-- END CERTIFICATE----.
The mail also contains links to the Root Certificate using whose key yourertificate was signed. Follow the link and click Accept. This install the root
ertificate in your browser.(Use Internet Explorer).
0.Then Open IE, choose Tools -> Internet Options -> Content -> Certificates ->
rusted Root Certificate Authorities .
earch for For VeriSign authorized testing only.No assurances. and click on
xport. Choose "Base64 encoded X.509 (.CER)" format
nd click Next. Save the file as verisignroot.cer in the ServerCert directory. You
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (3 of 5) [01/29/2003 12:07:00 PM]
-
8/14/2019 Web Service Secure
43/67
Web Services Security Sample Install document
ill be importing this verisignroot.cer file into the
racle Wallet.
1.Now, open (maximize) your Oracle Wallet Manager. Click on 'Trusted
ertificates'. Using 'Operations/Import Trusted Certificate',
mport the root certificate as follows. Check the option 'Select a file that contains
rusted Certificate'. Click OK. Choose the file
erisignroot.cer' from the ServerCert directory.
2.Now import the user certificate obtained earlier into this wallet. Select
Operations/Import User Certificate' . Check the option 'Select a
le that contains the Certificate'. Click OK. Choose the file 'client.cer' from the
erverCert directory.
3.Using 'Wallet/Close' option, close the Wallet. Using 'Wallet/Exit' option, exit
e OWM.
his completes the steps for preparing a Wallet for PKI Credential Management.
et a Client Certificate
Follow the steps c through m in the "Get a Server Certificate" section. Give
client12" as the password for this wallet. While providing information for creating
Certificate Signing Request, give wss as the value for the Common Name
tribute. Save the generated certificate in the ClientCert directory as client.cer and
ot.cer. Save the wallet in the ClientCert directory. The remaining steps will be
e same.
One more additional step is needed. Click on Operations -> Export Wallet
ption. Save the file as wallet.txt in ClientCert directory.
etup Oracle9iAS to use this Certificate
Open the file httpd.conf available in the IAS_HOME/Apache/Apache/confrectory.
Search for a parameter called "SSLWallet" and provide the directory where you
ave saves the first wallet.
E.g. ServerCert
SSLWallet file:/home1/otn9i/ServerCert
Search for a parameter called "SSLWalletPassword" and provide "server12" as
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (4 of 5) [01/29/2003 12:07:00 PM]
-
8/14/2019 Web Service Secure
44/67
Web Services Security Sample Install document
e value. This was given by us
while creating the wallet
SSLWalletPassword server12
Restart Oracle HTTP Server. Restarting Oracle HTTP Server with the new
ettings will enable Oracle9iAS to
use the newly acquired certificate for SSL. You can check this by accessing theRL
https://:4443/
where is the host on which Oracle9iAS is running and 4443 is
e https port. The server will throw the certificate issued by Verisign thereby
lowing you to ensure that your setup is proper.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (5 of 5) [01/29/2003 12:07:00 PM]
-
8/14/2019 Web Service Secure
45/67
Design
Design
he Online Product Store demonstrates an e-Business application that uses Web
ervices to handle credit card-based transactions.There are two ways to ensure secu
th Web Services:
q Security at XML level. Options include XML Encryption, XML Digital signature A
XKMS (XML Key Management Specification), and SAML (Security Assertion
Markup Language).q Security at the transport level. Implementing security at the transport level mean
securing the network protocol a Web Service uses for communication. SSL is th
industry-accepted standard protocol for secured encrypted communications ove
TCP/IP. In this model, a Web Service client uses SSL to open a secure socket t
Web Service. The client then sends and receives SOAP messages over this
secured socket using HTTPS. The SSL implementation takes care of ensuring
privacy by encrypting all the network traffic on the socket. SSL can also
authenticate the Web Service to the client using the PKI infrastructure.
ecause the standards for enabling security at XML level are in their infancy, OTN
evelopers opted for security at the transport level using SSL and the PKI infrastructu
racle9iAS provides a solid framework for building and deploying Web applications u
e Apache-based Oracle HTTP Server, Oracle9iAS Containers for J2EE, and
racle9iAS Portal, which use the advanced security functionality provided by Oracle9
frastructure. Oracle9iAS Infrastructure consists of Oracle9iAS Metadata Repository
racle Internet Directory, Oracle9iAS Single Sign-On, and Oracle Management Serve
his sample application requires a user ID and a password for login. Three users are
eated by running SQL scripts given in the Install.html file. Following is the informatio
r accessing this application.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (1 of 3) [01/29/2003 12:12:46 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
46/67
Design
User ID PasswordCredit Card
Number
C101 welc0me 1234567887654321
C102 otn 1234567887654322
C103 welcome 1234567887654323
y providing credentials, a user gains access to a catalog of products from which they
an add items to their shopping cart. To buy products, a user checks out and enters a
edit card number, and this application contacts the Credit Card Web Service via SS
ereby demonstrating how to access a Web Service securely.
he directory structure of the sample code is as shown below (Xxx represents the top
vel directory).
Directory Files Description
Xxx\docs
Readme.htmlGives an overview of
the application.
Install.html,
InstallContd.html
These files describe
how to install and
deploy the application.
Xxx\sql
Security.sql
Sets up the data
required by the Online
Product Store which
will be created in the
"security" user
schema.
Creditdb.sql
Sets up up the datarequired by the Credit
Card Web Service
which will be created
in the "creditdb" user
schema.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (2 of 3) [01/29/2003 12:12:46 PM]
-
8/14/2019 Web Service Secure
47/67
Design
Xxx\CreditCardService *.java
Directory containing
the source of the
Credit Card Web
Service and the
supporting files
Xxx\JSPApplication *.java
Directory containing
the source code and
supporting files for the
Online Product Store.
le:///D|/otnDocs/sample_code/tutorials/wspki/design.htm (3 of 3) [01/29/2003 12:12:46 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
48/67
Required Software
Required Software
ou can download the sample application source code (35 KB) from:
q http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_securit
he following software is required to build and run this tutorial. OTN members can
ownload developer-license versions of these products for free.
q Oracle9iDatabase Server Version 9.2.0 or higher .
q Oracle9iAS Release 2 - Installation must include Oracle HTTP Server and OC4J.
q Oracle9iJDeveloper - Version 9.0.2 or higher.
ee the Setup section for information about installing and running the tutorial.
le:///D|/otnDocs/sample_code/tutorials/wspki/reqsw.htm [01/29/2003 12:12:46 PM]
http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jarhttp://software/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/jdev/content.htmlhttp://software/products/jdev/content.htmlhttp://software/products/jdev/content.htmlhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078http://software/products/jdev/content.htmlhttp://software/products/ias/content.htmlhttp://software/products/oracle9i/content.htmlhttp://software/content.htmlhttp://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jarhttp://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
49/67
etup
Setup
his section lists the steps to install and configure the tutorial. It assumes that you hav
stalled and configured the software described in the Required Software section.
1. Extract the Sample
2. Get a Server Certificate
3. Get a Client Certificate
4. Set up Oracle9iAS to use this Certificate5. Database Setup
6. Oracle Java SSL libraries
7. Compile the Web Service
8. Deploy the Web Service to Oracle9iAS through Enterprise Manager
9. Prepare the Online Store application
10. Deploy the Online Store application to Oracle9iAS through Enterprise Manager
le:///D|/otnDocs/sample_code/tutorials/wspki/setup.htm [01/29/2003 12:12:47 PM]
http://-/?-http://-/?-http://-/?-http://-/?-http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078http://-/?-http://-/?-http://-/?-http://-/?-http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
50/67
mplementation
Implementation
his sample application achieves security by deployment to Oracle9iApplication Serv
Oracle9iAS). There is nothing unusual about the code that implements the Web Serv
he key is to follow the steps presented in the Setup section of this tutorial. The steps
volve a slight modification of the Web Service source code, as explained in the Prep
e Online Store application section.
racle9iAS security starts from the well-tested and highly configurable Web securityervices provided by Oracle HTTP Server, adds a comprehensive set of Web single s
n services, and extends them further with centralized user provisioning that is availa
Oracle Internet Directory, an LDAP, version 3-compliant directory service. In additio
racle9iAS provides the Oracle implementation of Java Authorization and Authentica
ervices (JAAS) for J2EE application security, and extensive portal authorization and
pplication integration mechanisms. Oracle9iAS also supports secure access to Orac
atabase systems using Oracle Advanced Security.
Oracle9i Application Server Implementation of Public Key
nfrastructure (PKI)
he Oracle9i Application Server PKI implementation provides a variety of security
ervices, in compliance with industry-standard specifications. It incorporates a whole
uite of products and features, including the following:
Secure Sockets Layer The Secure Sockets Layer (SSL) is an application layer
protocol that can be employed for certificate-based
authentication. All of the major components of Oracle9iAS
support SSL.
le:///D|/otnDocs/sample_code/tutorials/wspki/impl.htm (1 of 2) [01/29/2003 12:12:48 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
51/67
mplementation
Oracle Wallets An Oracle wallet is a container in which certificates and
trusted certificates are stored and managed. These data
structures securely store a user private key, a user
certificate, and a set of trusted certificates (the list of root
certificates which the user trusts).
Oracle Wallet Manager This is a Java-based application that security administratouse to manage public-key security credentials on both
Oracle clients and servers. It creates an Oracle wallet.
Oracle Wallet Manager creates a public-private key pair a
manages credentials for a user. It issues PKCS#10
certificate requests to the certificate authority, and installs
the certificate in the wallet. It ships with trusted certificates
from VeriSign, RSA, and Baltimore CyberTrust, and can u
a site's own in-house certificate authority.
Oracle Internet
Directory
Oracle Internet Directory, an LDAP V3-compliant directory
built on the Oracle9idatabase, helps to enable PKI-based
single sign-on. It enables you to securely manage the use
and system configuration environment, including security
attributes and privileges, for users authenticated using X.5
certificates. Oracle Internet Directory enforces attribute-levaccess control, enabling the directory to restrict read, write
or update privileges on specific attributes to specific name
users (for example, a security administrator). It also suppo
protection and authentication of directory queries and
responses through SSL encryption.
le:///D|/otnDocs/sample_code/tutorials/wspki/impl.htm (2 of 2) [01/29/2003 12:12:48 PM]
http://tech/webservices/htdocs/series/content.htmlhttp://www.oracle.com/forums/message.jsp?id=1440460&gid=428078 -
8/14/2019 Web Service Secure
52/67
Web Services Security Sample Install document
Web Services Security Sample Installation
his document presents following topics:
q Required software
q Installation steps
equired Software
q Oracle Database Server Version 9.2.0 or higher
q Oracle9iAS Release 2 - Installation should contain Oracle HTTP Server and
OC4J
q Oracle9i JDeveloper
You may download this software from OTN site.
nstallation Steps
1. Extract the Sample
2. Get a Server Certificate
3. Get a Client Certificate
4. Set up Oracle9iAS to use this Certificate
5. Database Setup
6. Oracle Java SSL libraries
7. Compile the Web Service
8. Deploy the Web Service to Oracle9iAS through Enterprise Manager
9. Prepare the Online Store application
10. Deploy the Online Store application to Oracle9iAS through Enterprise
Manager
xtract the Sample
his sample is provided as a jar file. Extract WS_Security.jar in any of your
vorite directories. The jar can be extracted as follows
r xvf WS_Security.jar
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (1 of 5) [01/29/2003 12:12:49 PM]
http://otn.oracle.com/software/content.htmlhttp://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://otn.oracle.com/software/content.html -
8/14/2019 Web Service Secure
53/67
Web Services Security Sample Install document
et a Server Certificate
or setting up PKI infrastructure, this sample needs digital certificates which can
e acquired from any one of the CAs. For this sample, we will get a test certificate
om Verisign.
Create directory called ServerCert in the machine where Oracle9iAS is installed.
Start Oracle Wallet Manager by running the following command from
AS_HOME/bin directory:
./owm
Click on Wallet/New Option, to create a new Wallet. This step asks for a wallet
assword.
nter "client12" as the wallet password.
nter "client12" to confirm the wallet password. Then click on Yes to create a new
ertification request.
Enter the following information :
ommon Name : OTN_SAMPLE
rganization Unit : Your Group Name e.g. 'OTN'rganization : Your company Name e.g. 'Oracle'
ocality\City : Your City Name e.g. 'Bangalore'
tate/Province : Your State Name e.g. 'Karnataka'
ountry : Choose Appropriate Country Name
hoose key size as 1024 bits. Click OK, OK. This generates a Certificate Request
hich you can send to any Certificate Authority.
Click on the menu 'Certificate:[Requested]'. This displays a window in whichertificate Request is displayed. Note that the Certificate Request starts
ith
----- BEGIN NEW CERTIFICATE REQUEST -----
nd ends with
----- END NEW CERTIFICATE REQUEST -----
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (2 of 5) [01/29/2003 12:12:49 PM]
-
8/14/2019 Web Service Secure
54/67
Web Services Security Sample Install document
Click on 'Operations/ Export Certificate Request' to export the Certificate
equest to a local file.
nter the file name as 'client.cer.req'. Save this file in the ServerCert directory
eated as part of step 2.
Minimize Oracle Wallet Manager. Note: Do not close OWM but just minimize.
Generating Test certificates:
sing your favorite editor, open the file 'client.cer.req' created in Step 6.
pen your favorite browser. Go to the location :
tp://www.verisign.com
ollow the steps as given below.
Click on Free SSL trial ID link on right hand side.
In the resulting page, enter your personal information as applicable.
Read the instructions and click Continue.
In Step 1, click Continue.
In Step 2, copy and paste the CSR from client.cer.req file in the textbox shown
nd click Continue.
In Step 3, provide your information. Make sure you provide a valid email
ddress. Click Accept.
ou will get the certificate at the mail address you specified in Step 3.
opy and paste your certificate to a local file namely 'client.cer' in the ServerCert
rectory.
ote : Please copy and paste the lines from and including line ---BEGIN
ERTIFICATE----- till the line
-- END CERTIFICATE----.
The mail also contains links to the Root Certificate using whose key yourertificate was signed. Follow the link and click Accept. This install the root
ertificate in your browser.(Use Internet Explorer).
0.Then Open IE, choose Tools -> Internet Options -> Content -> Certificates ->
rusted Root Certificate Authorities .
earch for For VeriSign authorized testing only.No assurances. and click on
xport. Choose "Base64 encoded X.509 (.CER)" format
nd click Next. Save the file as verisignroot.cer in the ServerCert directory. You
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (3 of 5) [01/29/2003 12:12:49 PM]
-
8/14/2019 Web Service Secure
55/67
Web Services Security Sample Install document
ill be importing this verisignroot.cer file into the
racle Wallet.
1.Now, open (maximize) your Oracle Wallet Manager. Click on 'Trusted
ertificates'. Using 'Operations/Import Trusted Certificate',
mport the root certificate as follows. Check the option 'Select a file that contains
rusted Certificate'. Click OK. Choose the file
erisignroot.cer' from the ServerCert directory.
2.Now import the user certificate obtained earlier into this wallet. Select
Operations/Import User Certificate' . Check the option 'Select a
le that contains the Certificate'. Click OK. Choose the file 'client.cer' from the
erverCert directory.
3.Using 'Wallet/Close' option, close the Wallet. Using 'Wallet/Exit' option, exit
e OWM.
his completes the steps for preparing a Wallet for PKI Credential Management.
et a Client Certificate
Follow the steps c through m in the "Get a Server Certificate" section. Give
client12" as the password for this wallet. While providing information for creating
Certificate Signing Request, give wss as the value for the Common Name
tribute. Save the generated certificate in the ClientCert directory as client.cer and
ot.cer. Save the wallet in the ClientCert directory. The remaining steps will be
e same.
One more additional step is needed. Click on Operations -> Export Wallet
ption. Save the file as wallet.txt in ClientCert directory.
etup Oracle9iAS to use this Certificate
Open the file httpd.conf available in the IAS_HOME/Apache/Apache/confrectory.
Search for a parameter called "SSLWallet" and provide the directory where you
ave saves the first wallet.
E.g. ServerCert
SSLWallet file:/home1/otn9i/ServerCert
Search for a parameter called "SSLWalletPassword" and provide "server12" as
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (4 of 5) [01/29/2003 12:12:49 PM]
-
8/14/2019 Web Service Secure
56/67
Web Services Security Sample Install document
e value. This was given by us
while creating the wallet
SSLWalletPassword server12
Restart Oracle HTTP Server. Restarting Oracle HTTP Server with the new
ettings will enable Oracle9iAS to
use the newly acquired certificate for SSL. You can check this by accessing theRL
https://:4443/
where is the host on which Oracle9iAS is running and 4443 is
e https port. The server will throw the certificate issued by Verisign thereby
lowing you to ensure that your setup is proper.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/Install.html (5 of 5) [01/29/2003 12:12:49 PM]
-
8/14/2019 Web Service Secure
57/67
Web Services Security Sample Install document
Web Services Security Sample Installation
atabase Setup
Log into SQLPlus as system/manager.
Create two users "security" and "creditdb" as follows:
SQL> create user security identified by security;SQL> grant all privileges to security;SQL> create user creditdb identified by creditdb;SQL> grant all privileges to creditdb;
Log into SQLPlus as security/security. Run the file Security.sql which creates the tables
eeded by thisapplication and populates the tables with data.
SQL> @d:\\sql\Security.sql
where is the directory where you have extracted this sample.
Log into SQLPlus as creditdb/creditdb. Run the file Creditdb.sql which creates the tableseeded by this
application and populates the tables with data.
SQL> @d:\\sql\Creditdb.sql
where is the directory where you have extracted this sample.
racle Java SSL libraries
he files jcert.jar, jsse.jar and jssl-1_2.jar are needed for running this sample. They are availa
the following directories
jsse.jar - /libjcert.jar - /jdk/jre/lib/extjssl-1_2.jar - /jlib
opy them to /jdk/jre/lib/ext directory so that these classes are loaded by theystem class loader.
le:///D|/otnDocs/sample_code/tutorials/wspki/wspki_files/InstallContd.html (1 of 5) [01/29/2003 12:12:50 PM]
-
8/14/2019 Web Service Secure
58/67
Web Services Security Sample Install document
ote: If this step is not followed, the application will throw a ClassNotFoundException.
ompile the Web Service
From the command prompt, traverse to the CreditCardService\src directory.
Edit the file ConnectionParams.java and substitute the variable values with your settings. M
ure to have theusername and password as "creditdb" and creditdb"
Make sure to have classes12.jar (JDBC library) in the CLASSPATH. This library is availableIAS_HOME/jdbc/lib directory.
Compile the source files as follows
javac *.java
Copy the created class files into WEB-INF\classes directory.
Go to the parent directory CreditCardService and create a WAR file as follows
jar -Mcvf CreditCardValida