How Oracle IDM secure web services ?

Similar Messages

• How to invoke secure web service from BPEL in SOA 11g

  In SOA 11g I have a simple bpel process in which I am invoking a secured webservice as partnerlink. The webservice which is used in bpel process is deployed in weblogic and the SSL port is enabled on weblogic server. The wsdl url starts with "https:\\hostname:port\servicename?wsdl"
  But I am getting compilation errors when i compiled the BPEL code
  Error(16,65): Load of wsdl "AddressBookManager.wsdl" failed
  Error(19,30): Load of wsdl "https://hostname:port/DV900/AddressBookManager?wsdl" failed
  Error(35,102): Cannot find Port Type "{http://oracle.e1.bssv.JP010000/}Oracle_E1_SBF_SEI_PkgBldFile_AddressBookManager" for "AddressBookManager" in WSDL Manager
  Can anyone please help me out in resolving this.
  Thanks,
  Shameem banu.

  Solution is you need to import the keystore into Jdeveloper jdk first.
  keytool -import -alias <name> -file <name>.pem -keystore <name>.jks -storepass <passwd>
  All details in <> are your specific keystore,pwd details.
  Then go to Jdeveloper/jdev/bin
  add the following to
  jdev.conf file
  AddVMOption -Djavax.net.ssl.trustStore=path_to_keystore\keystorename.jks
  AddVMOption -Djavax.net.ssl.trustStorePassword=password
  Then you can create partner link for https based wsdl
  Good Luck

• Error while invoking a WS-Security secured web service from Oracle BPEL..

  Hi ,
  We are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
  For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
  but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
  &ldquo;Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message&rdquo;
  Any pointers in this regard will be highly appreciated.
  Thanks,
  Saurabh

  Hi James,
  Thanks for the quick reply.
  We've tried to call that web service from an HTML designed in Visual Studios with the same username and password and its working fine.
  But on the BPEL console, we are getting the error as mentioned.
  Also if you can tell me how to set the user name and password in the header of the parter link.I could not find how to do it.
  Thanks,
  Saurabh

• How to call a web Service from Oracle Applications?

  Hi friends,
  I've posted this question on OA Framework forum , but may be it's more appropiated put it here. Sorry for do it again:
  It's about how to call a web service from a Form or a .sql (via Request) in Oracle Applications:
  Could you please explain here the detailed steps (with code example if it's possible) to invoke a webservice from Oracle Applications?.. how did yo do it...?
  I've read differents posts here and the 33097.1 metalink note (by the way, the first recommended link in this note is broken...), but there are lots of theorical concepts and no real examples to see how/from where invoke the WS
  I'll have to call one webservice (I suppose the customer will give me the interface implementation)...but I've never did it with Applications so that's why I ask you for all the detailed steps...
  I work with Forms 6i, Apps 11.5.10.2 and DB 9.2.0.7.
  Thanks a lot.
  Jose.

  Hello Jose,
  I did using java program to call BPEL web services in 11.5.10.
  I pasted below the metalink note for your reference (Note:250964.1)
  The idea is first write a java program to call the webservice (in my case it is calling an BPEL web service, so this may not help directly), test it.
  Then port the java program as specified in the note, so that you could call your web service through concurrent manager scheduler.
  Is this ok?
  Thanks
  Arun.
  ======================================================
  Checked for relevance on 25-Apr-2007
  Application Install - Version: 11.5.8 to 11.5.10
  Goal
  ====
  How to register and create a Java concurrent program for Oracle Applications
  Release 11i
  Solution
  ========
  1. Create your Java Concurrent Program (JCP) , using a text editor.
  /*===========================================================================+
  | Concurrent Processing Sample Code |
  | |
  | FILENAME |
  | Hello.java |
  | |
  | DESCRIPTION |
  | Sample Java concurrent program |
  | About the simplest possible program, just writes a message to the |
  | logfile and output file. |
  | |
  | HISTORY |
  | $Log$ |
  | |
  +===========================================================================*/
  package oracle.apps.fnd.cp.sample;
  import oracle.apps.fnd.cp.request.*;
  public class Hello implements JavaConcurrentProgram {
  public static final String RCS_ID = "$Header$";
  public void runProgram(CpContext ctx) {
  ctx.getLogFile().writeln("-- Hello World! --", 0);
  ctx.getOutFile().writeln("-- Hello World! --");
  ctx.getReqCompletion().setCompletion(ReqCompletion.NORMAL, "");
  =======================================
  End Sample
  =======================================
  2. Create a sample directory under $JAVA_TOP:
  $ mkdir $JAVA_TOPoracle/apps/fnd/cp/sample
  3. Copy Hello.java into $JAVA_TOP/oracle/apps/fnd/cp/sample:
  $ cp $HOME/Hello.java $JAVA_TOP/oracle/apps/fnd/cp/sample
  4. Compile your java program:
  javac $JAVA_TOP/oracle/apps/fnd/cp/sample/Hello.java
  5. Test at the command line with following syntax:
  jre -Ddbcfile=$FND_TOP/secure/your_dbc_file.dbc \
  -Drequest.outfile=./outfile \
  oracle.apps.fnd.cp.request.Run \
  oracle.apps.fnd.cp.sample.Hello
  6. Register your custom java concurrent program with Oracle Applications.
  a. Navigate: Concurrent > Program > Executable
  b. Enter details into the form
  Executable: JCPHELLO
  Shortname: JCPHELLO
  Application: Application Object Library
  Execution Method: Java Concurrent Program
  Execution File Name: Hello (Insert a name that does not contain space or period)
  Execution File Path: oracle.apps.fnd.cp.sample
  c. Save the details
  d. Navigate: Concurrent > Program > Define
  e. Enter details into the form
  Program Name: JCPHELLO
  Program Shortname: JCPHELLO
  Application: Application Object Library
  Executable: Choose JCPHELLO from LOV
  Executable Options :
  f. Save the details
  7. Add this new concurrent request to your responsibility request group.
  a. Navigate > Security > Responsiblity > Request
  b. Query System Administrator
  c. Add new row and choose TestJava
  d. Save the changes.
  8. Run your new Hello Java Concurrent Program
  Navigate: Request > Run
  References
  ~~~~~~~~~~~
  Oracle Applications Developers Manual for Release 11i A75545-01
  ====================================================

• How to call a secure web service via XAI Sender in CC&B

  Hi All,
              I want to a call a secure web service from CC&B through out bound message. I have configured the calling  WSDL in XAI Sender. The wevservice is secured one.I tried to call it by configuring user name and password in XAI sender context.But still i am not able to call the service.
  Can anybody help me how to over come this issue ??
  I have cretaed the same post under utilities,but i am not able reply it.
  I am using HTTPSNDR  as XAI class.
  Thanx in advance.
  Regards
  sunil

  Are you getting any errors? What type of XAI Class are you using?
  One thing I've noticed is that if you are making changes to the XAI Sender you will have to restart the environment before the changes can take effect.
  Also, if you are using RTHTTPSNDR as XAI Class you may have to include the HTTP Method - Post in the context.
  Hope this helps.
  Regards,
  Philip

• How to create a crystal report using secured web service as a datasource?

  Hi All Expert,
  I having some challenges on how to create a report using secured web service as a datasource in crystal report designer (CR11 R3).
  Secured Web Service including the certificate trusting, token authentication, header and/or body encryption. All web services running on https protocal.
  Could you please suggest me on the solution?
  Thank you and Best Regards,
  Cherr

  Please re-post if this is still an issue or purchase a case and have a dedicated support engineer work with you directly:
  http://store.businessobjects.com/store/bobjamer/DisplayProductByTypePage&parentCategoryID=&categoryID=11522300?resid=-Z5tUwoHAiwAAA8@NLgAAAAS&rests=1254701640551

• How to deploy a web service on Oracle Application Server 10.1.2.0.2?

  Hi everyone,
  I followed the instructions of the following link to create a web service using jDeveloper 10.1.3.1.0 on Oracle Application Server 10.1.2.0.2. [http://st-curriculum.oracle.com/obe/jdev/obe1013jdev/10131/devdepandmanagingws/devdepandmanagingws.htm#t1]
  The web service created was deployed & used with no errors on the standalone OC4J instance.
  But my goal is to deploy my web service on Oracle Application Server 10.1.2.0.2.
  So after several attempts, I was able to deploy it on the Oracle Application Server 10.1.2.0.2 but unfortunately I didn't know the URL needed to use the web service.
  I tried the following link (http://192.168.0.91:18100/JavaWebService-GetDates-context-root/GetDatesWSSoapHttpPort) but also didn't work :(
  I also tried converting to J2EE 1.3 and still not knowing how to access the web service.
  Please advice with a solution.
  Thanks in advance.
  Lana

  Thanks everyone for your help :)
  The problem turned out to be that Oracle application server 10.1.2 is unlike the others servers, it uses 2 ports:
  - port (19100) is dedicated for the console.
  - port (7779) is to view your applications.
  So the URL needed turned out to be "http://acteos-109.beirut.acteos:7779/beanTest" instead of "http://acteos-109.beirut.acteos:18100/beanTest"
  Hope this info is useful
  Lana

• How Can I install Web Service on Oracle 11g r1?

  How Can I install Web Service on Oracle 11g r1?

  Hi,
  Is necesary install XDB?
  Because i have executed;
  select * from dba_registry
  where COMP_ID = 'XDB'
  Oracle XML Database
  Regards

• Confirming method to secure web services through oracle web service manager

  Hi All,
  I am just wondering about the method to secure web service through oracle web service manager.
  I have a unsecure web service "helloworld" which is deployed on JWSDP1.6 toolkit.I want to secure it through oracle web service manager.
  Inorder to secure this unsecure web service,I use gateway(web service manager for securing web service using message level security through certificate).
  So when client want to access the helloworld service,it contacts the gateway securely and gateway intern connect to original web service after decrypting and verification of the signature.When gateway gets response from the web service,it signs the response message and then encrypt and passs on to the client.
  So my question is,is it the right way to secure web service?
  As I am getting the following fault exception :
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Body>
  <SOAP-ENV:Fault>
  <faultcode "http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode>
  <faultstring>Step execution failed with an exception
  </faultstring>
  <detail></detail>
  </SOAP-ENV:Fault>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  I checked the log at :
  C:\coresv_install_home\external\oc4j-10.1.2.0.0\j2ee\home\log\http-web-access
  but there is no helpful information available.Thanks for any help.
  Kash

  Hi Rajesh,
  Thanks for your reply.I am using the following policy steps:
  1)for Request (Decrypt and Verify signature).
  2)for Response(Sign Message and Encrypt).
  The configuration for Request is shown below:
  Pipeline "Request"
  Pipeline Steps:
  Start Pipeline
  Log
  Decrypt and Verify Signature
  Basic Properties Type Default Value
  Enabled (*) boolean true true
  XML Decryption Properties Type Default Value
  Decryptor''s keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
  Decrypt Keystore Type (*) string jks jks
  Decryptor''s keystore password string *******
  Decryptor''s private-key alias (*) string s1as
  Decryptor''s private-key password string *******
  Enforce Encryption (*) boolean true true
  XML Signature Verification Properties Type Default Value
  Verifying Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
  Verifying Keystore type (*) string jks jks
  Verifying Keystore password string *******
  Signer''s public-key alias (*) string xws-security-client
  Enforce Signing (*) boolean true true
  End Pipeline
  And the configuration for Response is shown below:
  Pipeline "Response"
  Pipeline Steps:
  Start Pipeline
  Log
  Sign Message and Encrypt
  Basic Properties Type Default Value
  Enabled (*) boolean true true
  Signing Properties Type Default Value
  Signing Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
  Signing Keystore Type (*) string jks jks
  Signing Keystore password string *******
  Signer''s private-key alias (*) string s1as
  Signer''s private-key password string *******
  Signed Content (*) string BODY BODY
  Sign XPATH Expression string
  Sign XML Namespace string[]
  Encryption Properties Type Default Value
  Encryption Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
  Encrypt Keystore Type (*) string jks jks
  Encryption Keystore password string *******
  Decryptor''s public-key alias (*) string xws-security-client
  Encrypted Content (*) string BODY BODY
  Encrypt XPATH Expression string
  Encrypt XML Namespace string[]
  End Pipeline
  I checked the log again but nothing useful there,it is just giving the following values:
  2006-08-14 16:32:50,372 INFO [Thread-21] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
  2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - INSERT INTO MEASUREMENT_PERSISTED_STORE (ID,DEF_ID,CONTEXT_ID,PARENT_CONTEXT_ID,TIME,STORETIME,KEY0,KEY1,KEY2,KEY3,KEY4,KEY5,KEY6,KEY7,KEY8,KEY9,KEY10,KEY11,KEY12,KEY13,KEY14,KEY15,KEY16,KEY17,KEY18,KEY19,KEY20,KEY21,KEY22,KEY23,KEY24,KEY25,KEY26,KEY27,KEY28,KEY29,KEY30,KEY31,KEY32,KEY33,KEY34,KEY35,KEY36,KEY37,KEY38,KEY39,DBM0,MEASUREMENT_STR) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,'R',empty_clob())
  2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
  Any help would be appreciated.Thanks.
  Kash

• How to consume a secure web service?

  Could someone post me an sample to invoke the certificate based secure web service?
  All I have is wsdl, certificate (.pfx file) and password and client jar file. Searching for the sample program to access the secure web service.
  I work on weblogic workshop.

  Unfortunately, I have just been provided with the endpoint and the SOAP action. Don't have any other details :(

• How to call OWSM secured web-service from ADF application

  I have a OWSM secured web-service, which takes username/password.
  I want to invoke this webservice from ADF application. ADF application has its own security and it takes its own username/password. End user can't provide the username/password for web-service call. My ADF application should call the webservice and provide it appropriate username/password.
  What is the best practice to handle such scenario. I don't want to hardcode username/password in Java (ADF) code.
  Thanks
  Sanjeev.

  it is not clear to me if you are having problems with calling java code from OIM or if the problem is the web service API.
  Lets do some divide and conquer:
  Can you create a simple java class that just writes a couple of lines to the log? Please attach this code to the OIM task and make sure it runs.
  Once this works we can start looking at the web service call.
  Best regards
  /Martin

• How to call "https" web service from Oracle without certification.

  The reuirement is to call a secured web service (*https web service*) from Oracle9i without involving any additional cost.
  Initialy I tried with UTL_HTTP package but in vain as it is needed some certification. As per the requirement no additional cost should be involved with the implementation.
  So is there any way to achieve the above mentioned problem?
  Please let me know the responses with the sample code/steps.

  Please try not to double post. You have the ability to edit your original thread.
  Oh, BTW, try searching the forum. A quick search turned up this: HTTPS request signed by client certificate from PL/SQL procedure
  Check that out and maybe that will solve your problems.
  Thanks!

• Failed Calling A X.509 Certificate Secured Web Service From OSB

  Hi,
  I have wsdl resource, business service and proxy service setup in OSB 11.1.1.6 on Linux. The business service will consume a X.509 certificate secured web service running on a remote server.
  Below is my approach:
  The consumer of the proxy service of OSB signs its saop request header.
  My OSB proxy service authenticates the signature and forward the request to business service.
  The business service signs the outbound soap request header. (To do this I configured the keystore in Security Provider Configuration of my SOA_domain in Enterprise Manager. Also I applied Web Service Policy of Service Client type to the business service.)
  This is not working yet. Not sure if my approach is correct or not?
  Thank you,
  Eric

  I validated the keystore, all the certificates used and the value for keystore.sig.csf.key / value for keystore.recipient.alias. They are all as expected. Restarted the server. Still failed for OSB to invoke the remote secured web service, but worked if only use soapUI to invoke the same remote secured web service directly.
  The error message is:
  General security error (WSSecurityEngine: No crypto property file supplied for decryption); nested exception is org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto property file supplied for decryption)
  In the soap request / reponse message shown in the OSB Test Console, there seems to be two signature sections in the header and encryption section although I tried not to encrypt the soap request. I am using Web Service Client Policy "calpers/wss11_x509_token_with_message_integrity_client_policy_osb" which was created based on "oracle/wss11_x509_token_with_message_protection_client_policy". The difference between the two policies is my policy not to sign nor to encrypt entire body.
  In the "Message Signing Setting" section, I unchecked the "Include Entire Body" and left the three default namespaces under the Header Elements.
  In the "Message Encrypt Setting" section, I unchecked the "Include Entire Body" and also left the one default namespace under the Header Elements.
  I don't know how to attach document here, so i add long saop message here.
       Business Service Testing - BookSec_Biz_Svc_52
       Request Document
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  </soap:Header>
  <soapenv:Body>
  <book:BookRequest xmlns:book="http://www.dortman.com/books/BookService">
  <book:bookId>10</book:bookId>
  <book:bookTitle>eric</book:bookTitle>
  <book:bookAuthor>Z</book:bookAuthor>
  </book:BookRequest>
  </soapenv:Body>
  </soapenv:Envelope>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsu:Timestamp wsu:Id="Timestamp-eEud1RcUOPcnV0fDqd6gZQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsu:Created>2013-03-14T18:10:00Z</wsu:Created>
  <wsu:Expires>2013-03-14T18:15:00Z</wsu:Expires>
  </wsu:Timestamp>
  <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-VnzMtSwHMI8THKi2hhG2SQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  MIICazCCAdSgAwIBAgIEUTY65zANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxEzARBgNVBAcTCk1ldHJvcG9saXMxFjAUBgNVBAoTDUp1c3RpY2UgTGVhZ2UxFjAUBgNVBAsTDUp1c3RpYyBMZWFndWUxEzARBgNVBAMTCkNsYXJrIEtlbnQwHhcNMTMwMzA1MTgzNTE5WhcNMTMwNjAzMTgzNTE5WjB6MQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxEzARBgNVBAcTCk1ldHJvcG9saXMxFjAUBgNVBAoTDUp1c3RpY2UgTGVhZ2UxFjAUBgNVBAsTDUp1c3RpYyBMZWFndWUxEzARBgNVBAMTCkNsYXJrIEtlbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJhF0cMUwB/EjAyIOy9Cq8KCDqTXvlnlvMGq6LEhiGOtrATYy+JnHURcPUeusi65Ua3bE7JACWhHJ0fYEl7NtxPPSN3Q1RovkWGQ6I5O2XuEyMHg3MISh2CHhnkGSR+W6riDSUoB0ZC0KTgu14OTwqo54JSY/ugQszY7QC9DAuabAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAWeQ6LjMo12bY65GmnrmLdbRNm95RkL6gJCKa9pyUaMfvaIqKpmMQW8RM+eB90CR5DrM8oO2+8uKcqTt/pGNRYi2UJh2X0CdmyQQTmf3mCfgoZ597VTl+k3mKHKeeST7ZwAyBRL2jI0VisopFHpUhIwABoDgwOMpLcCF974AZ2rA=
  </wsse:BinarySecurityToken>
  *<dsig:Signature* Id="XSIG-oISn2AADumTdR86sONuz8g22" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  <dsig:SignedInfo>
  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
  <dsig:Reference URI="#Timestamp-eEud1RcUOPcnV0fDqd6gZQ22">
  <dsig:Transforms>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <dsig:DigestValue>3LQ1IpQR3rKHvP6Ov/m9ZRoecZM=</dsig:DigestValue>
  </dsig:Reference>
  </dsig:SignedInfo>
  <dsig:SignatureValue>X2BUn9TLL26Ay9A3HGEn/mnGCCE=</dsig:SignatureValue>
  <dsig:KeyInfo>
  <wsse:SecurityTokenReference>
  <wsse:Reference URI="#EK-h7saqC1VyBKZw2n1IHz8GQ22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
  </wsse:SecurityTokenReference>
  </dsig:KeyInfo>
  +*</dsig:Signature>*+
  *<dsig:Signature* xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  <dsig:SignedInfo>
  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <dsig:Reference URI="#BST-VnzMtSwHMI8THKi2hhG2SQ22">
  <dsig:Transforms>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <dsig:DigestValue>dau9qjB2lxIvlaoDIHuWVHqjulI=</dsig:DigestValue>
  </dsig:Reference>
  <dsig:Reference URI="#STR-QC3ZDBRwsXv8unEWVns9rQ22">
  <dsig:Transforms>
  <dsig:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
  <wsse:TransformationParameters>
  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </wsse:TransformationParameters>
  </dsig:Transform>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <dsig:DigestValue>nPO9mKSC9cMg2fEkGZI+ujy5O1Q=</dsig:DigestValue>
  </dsig:Reference>
  <dsig:Reference URI="#XSIG-oISn2AADumTdR86sONuz8g22">
  <dsig:Transforms>
  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
  <dsig:DigestValue>qXkW/ZFFNc8Bu0VL9eF6c4np7IA=</dsig:DigestValue>
  </dsig:Reference>
  </dsig:SignedInfo>
  <dsig:SignatureValue>
  MuHCTh5cW8TiVKtkWFl+Of2EFAiHwuPTR7J9b4/n2KZtPy2OCrgi1lBpuzhFKLhoBxYNOK8TMOa/3b223Vv+CQUfUP7z0YVj5Ck7QETYngaQlS07KulnstJjsAgHBV8Zk3A0EafuWF2c3t5wBzEkgEC99v0EdY3mRiCzt7vh2qs=
  </dsig:SignatureValue>
  <dsig:KeyInfo Id="KeyInfo-0LT1QavoIVXOHesZfrxTwg22">
  <wsse:SecurityTokenReference>
  <wsse:Reference URI="#BST-VnzMtSwHMI8THKi2hhG2SQ22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
  </wsse:SecurityTokenReference>
  </dsig:KeyInfo>
  +*</dsig:Signature>*+
  *<xenc:EncryptedKey* Id="EK-h7saqC1VyBKZw2n1IHz8GQ22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
  <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
  </xenc:EncryptionMethod>
  <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  <wsse:SecurityTokenReference wsu:Id="STR-QC3ZDBRwsXv8unEWVns9rQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">q9Z9yPxvNw4CvSLQNI4rxVlSF+w=</wsse:KeyIdentifier>
  </wsse:SecurityTokenReference>
  </dsig:KeyInfo>
  <xenc:CipherData>
  <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime">
  Tgdhxy6wMJBBrw23iq1GLCm0TYKBXSVQvBcN+7TXdXL6FPSjhcbfXqtoz7wzirbSwUZuu+DrYuWs
  0BjRXqw3auUSCMlkm4IoT1ag3wFQQ/PEbB8HNlYhW3gp/At3toTw+k5p9wOUd4BMFAiXyeHQ8+dQ
  8JUiohXhiHErTDn6fFQ=
  </xenc:CipherValue>
  </xenc:CipherData>
  </xenc:EncryptedKey>
  </wsse:Security>
  </soap:Header>
  <soapenv:Body>
  <book:BookRequest xmlns:book="http://www.dortman.com/books/BookService">
  <book:bookId>10</book:bookId>
  <book:bookTitle>eric</book:bookTitle>
  <book:bookAuthor>Z</book:bookAuthor>
  </book:BookRequest>
  </soapenv:Body>
  </soapenv:Envelope>
       Response Document
  The invocation resulted in an error: Internal Server Error.
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Body>
  <soapenv:Fault>
  <faultcode>soapenv:Client</faultcode>
  <faultstring xmlns:lang="en">
  General security error (WSSecurityEngine: No crypto property file supplied for decryption); nested exception is org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto property file supplied for decryption) </faultstring>
  </soapenv:Fault>
  </soapenv:Body>
  </soapenv:Envelope>
       Response Metadata
  <con:metadata xmlns:con="http://www.bea.com/wli/sb/test/config">
  <tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <tran:user-header name="Accept" value="text/xml"/>
  <tran:user-header name="Expires" value="Thu, 14 Mar 2013 18:10:01 GMT"/>
  <tran:user-header name="SOAPAction" value="&quot;&quot;"/>
  <http:Cache-Control>max-age=0</http:Cache-Control>
  <http:Connection>close</http:Connection>
  <http:Content-Type>text/xml; charset=UTF-8</http:Content-Type>
  <http:Date>Thu, 14 Mar 2013 18:10:01 GMT</http:Date>
  <http:Server>Apache</http:Server>
  <http:Transfer-Encoding>chunked</http:Transfer-Encoding>
  </tran:headers>
  <tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">2</tran:response-code>
  <tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">Internal Server Error</tran:response-message>
  <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">UTF-8</tran:encoding>
  <http:http-response-code xmlns:http="http://www.bea.com/wli/sb/transports/http">500</http:http-response-code>
  </con:metadata>

• Oracle 11g native web services

  Is there any formal explanation about how to configure and create Oracle 11g native web services and how to correctly secure these services? Since Oracle APEX now supports consumption of SOAP and REST web services, it makes sense to have more explanation about creating and securing web services. As many PL/SQL programmers know, it is always not an easy job to develop web services in jDeveloper to work with databases - with all those add-on technologies like jPublisher/Toplink to get tiny things work. It is not easy to find the "how-to" guide about creating and securing Oracle 11g native web services.
  Thanks.
  Andy

  Thanks for the link Tim...it is very useful. I was told that, in APEX 4.2, it will become able to create RESTful web services through APEX - if you run APEX through APEX Listener - by using resource templates in APEX Listener. I will wait for more information about this feature to come out.
  Thanks.
  Andy

• Users for secure web services

  Hello,
  if i define a secure web service, i also have to define one or more users which are allowed to access this web service. I only found instruction for defining such users on the application level. If i undeploy or redeploy the web service i lost this users.
  Is there any possibility to store users for an application permanently or to define allowed users during the deployment?

  Hello,
  I suppose that you are in OracleAS 10.1.3.x and you are using the WS-Security built in the product. If this is the case...
  The WS-Security handlers are based on the JAAS security model, this means that the security processing is based on the container security. The user credentials are not related to the WS application but how the J2EE application security provider has been configured.
  So by default you are using the FileBased Security provided that stores the data in the system-jazn-data.xml, but you can easily configure your application to use any other system to store user information such as a LDAP server for example.
  I am inviting you to take a look to the Security Provider documentation:
  - Introducing the OracleAS JAAS Provider and Security Providers
  Regards
  Tugdual Grall