How to secure web services?

I am building some SOAP-RPC web services, but I don't know how to secure them.
Only authorized users can call the web services and get the result back.
what is the best method to implement that?
Thanks.
zfyang

Please see the following article:
http://java.sun.com/xml/jaxrpc/webservices_config_article.html

Similar Messages

Secure Web Services

How can secure web services with SUN Access Manager or Jcaps? exist others forms?

Error message says it all. Some security information is expected in the header of the request. Check out the web service documentation to get the details.

How to call a secure web service via XAI Sender in CC&B

Hi All,
I want to a call a secure web service from CC&B through out bound message. I have configured the calling WSDL in XAI Sender. The wevservice is secured one.I tried to call it by configuring user name and password in XAI sender context.But still i am not able to call the service.
Can anybody help me how to over come this issue ??
I have cretaed the same post under utilities,but i am not able reply it.
I am using HTTPSNDR as XAI class.
Thanx in advance.
Regards
sunil

Are you getting any errors? What type of XAI Class are you using?
One thing I've noticed is that if you are making changes to the XAI Sender you will have to restart the environment before the changes can take effect.
Also, if you are using RTHTTPSNDR as XAI Class you may have to include the HTTP Method - Post in the context.
Hope this helps.
Regards,
Philip

How to create a crystal report using secured web service as a datasource?

Hi All Expert,
I having some challenges on how to create a report using secured web service as a datasource in crystal report designer (CR11 R3).
Secured Web Service including the certificate trusting, token authentication, header and/or body encryption. All web services running on https protocal.
Could you please suggest me on the solution?
Thank you and Best Regards,
Cherr

Please re-post if this is still an issue or purchase a case and have a dedicated support engineer work with you directly:
http://store.businessobjects.com/store/bobjamer/DisplayProductByTypePage&parentCategoryID=&categoryID=11522300?resid=-Z5tUwoHAiwAAA8@NLgAAAAS&rests=1254701640551

How Oracle IDM secure web services ?

Hi,
I am using Oracle Product. Wanted to know How IDM can secure web services or one has to use OWSM/OPSS something like this or what security setting we can do at weblogic level?
Help Appreciated.

Hi,
I am using Oracle Product. Wanted to know How IDM can secure web services or one has to use OWSM/OPSS something like this or what security setting we can do at weblogic level?
Help Appreciated.

How to consume a secure web service?

Could someone post me an sample to invoke the certificate based secure web service?
All I have is wsdl, certificate (.pfx file) and password and client jar file. Searching for the sample program to access the secure web service.
I work on weblogic workshop.

Unfortunately, I have just been provided with the endpoint and the SOAP action. Don't have any other details :(

How to call OWSM secured web-service from ADF application

I have a OWSM secured web-service, which takes username/password.
I want to invoke this webservice from ADF application. ADF application has its own security and it takes its own username/password. End user can't provide the username/password for web-service call. My ADF application should call the webservice and provide it appropriate username/password.
What is the best practice to handle such scenario. I don't want to hardcode username/password in Java (ADF) code.
Thanks
Sanjeev.

it is not clear to me if you are having problems with calling java code from OIM or if the problem is the web service API.
Lets do some divide and conquer:
Can you create a simple java class that just writes a couple of lines to the log? Please attach this code to the OIM task and make sure it runs.
Once this works we can start looking at the web service call.
Best regards
/Martin

Error while invoking a WS-Security secured web service from Oracle BPEL..

Hi ,
We are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
“Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message”
Any pointers in this regard will be highly appreciated.
Thanks,
Saurabh

Hi James,
Thanks for the quick reply.
We've tried to call that web service from an HTML designed in Visual Studios with the same username and password and its working fine.
But on the BPEL console, we are getting the error as mentioned.
Also if you can tell me how to set the user name and password in the header of the parter link.I could not find how to do it.
Thanks,
Saurabh

Unable to consume secured Web service from a Dynpro application

Hello,
I have followed <a href="http://help.sap.com/saphelp_nw04/helpdata/en/c3/bac36a469e4c75aba646077e71516d/frameset.htm">this tutorial</a>
in order to protect and consume a secured Web service from a Dynpro application using SAP logon ticket.
The problem is that after implementing everything needed I receive 401 Unauthorized when I am trying to consume it from the web dynpro side.
If I manually transfer the request the credentials, before the execute i.e:
modObj._setUser
modObj._setPassword
modObj.execute();
I am able to call it, meaning the dynpro application doesn't transfer these credentials to the Webservice even though it's authentication property is set to true.
Any idea how to solve it?
Roy
Message was edited by:
Roy Cohen

Try below steps
Add jars
o security.class
o tc/sec/destinations/interface
Setting WebDynpro project property
o Project>Properties>Web Dynpro References-->Interface references
 Name=tcsecdestinations~interface
o Project>Properties>Web Dynpro References-->Service reference
 Name=webservices
 Name=tcsecdestinations~service
Dynamically Set httpdestination and Call web service
final InitialContext ctx = new InitialContext();
final DestinationService dstService = (DestinationService)ctx.lookup(DestinationService.JNDI_KEY);
if (dstService== null)
throw new NamingException ("Destination service not available");
final Destination destination = dstService.getDestination("HTTP"," DestinationName");
// getting user name
Properties destprop = destination.getDestinationProperties();
String username = destprop.getProperty("USERNAME");
String password = destprop.getProperty("PASSWORD");
final HTTPDestination httpDestination = (HTTPDestination) destination;
HttpURLConnection httpConnection = httpDestination.getURLConnection();
String httpURL = String.valueOf(httpConnection.getURL());
Request_AdvLocationVer1ViDocument_getLocation obj=wdContext.currentRequest_AdvLocationVer1ViDocument_getLocationElement().modelObject();
obj._setUser( user );
obj._setPassword(pass);
obj._setEndPoint(httpURL);
obj.execute();
Rahul

How to call web service using J2SE 1.3?

Dear All,
i have developed a web service by jdev 10.1.3 (JAX-RPC with web service security
enabled).
i generate the ws proxy (jdev 10.1.3) and run it with wsclient_extended.jar (required JDK 1.4.1 or above??).
but one of my client say he has to use J2SE 1.3.x (as OS=AIX 4.3 that without J2SE
1.4.x ), could anyone tell me how can generate ws proxy (with supporting
library) for jdk 1.3.x?
if oracle don't have such library / tools, any third party tools / library available?
thank you.
lsp

I'm found answer:
Java and SAP Portal blog: How to call web service from java code example

Secured web service for secured AM method

Hello,
I need to invoke method of secured Application Module (jbo.security.enforce = Must) from secured web service.
I have a simple java class with Configuration.createRootApplicationModule ... and a web service built for this java class.
I found I have to authentificate users twice. First time when invoking web service (this is ok) and second time when creating application module instance.
The problem is I can get name of user logged in web service but I cannot get his password. So I cannot login to application module with the same user.
How can I force adf business components to use user authentificated in web service to use him/her as adf bc user?
Rado

Hi Mayank,
Chapter 7, Custom Serialization of Java Value Types, of the Web services developer guide may be a good place to get started.
All the best,
-Eric

Securing Web Services

I am hoping others in this forum will share their experiences involving securing web services. What I would like to know is your thoughts on industry best practices for securing web services.
I have been asked to look at the different industry approaches. From what I have read SUN, the simplest approach may be using WS-Security standard. This uses XML Signatures and XML encryption and can be placed in the header portion of the SOAP message. On the other hand, the most complicated is using an LDAP server for single sign.
What is our driving forces is the least amount of effort is the best solution as long as security is not compromised.
Thanks in advance for all your comments.

The first thing you need to do is understand what your requirements are. The solution needs to match your requirements.
You need to distinguish authentication from authorization from data security and what your requirements are for each.
You need to understand the administrative overhead and how you will manage sertificates or userid/passwords. This can oftentimes involve more work than the web service itself.
Don't "overkill" the solution. For example, don't use message-level encryption when an SSL connection will suffice for data security.
-- Frank
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ThreatCounter.asp
http://searchwebservices.techtarget.com/qna/0,289202,sid26_gci995388,00.html
IBM: sg246891_WebSphere_Web_Services_Handbook_5_1_1.pdf

Failed Calling A X.509 Certificate Secured Web Service From OSB

Hi,
I have wsdl resource, business service and proxy service setup in OSB 11.1.1.6 on Linux. The business service will consume a X.509 certificate secured web service running on a remote server.
Below is my approach:
The consumer of the proxy service of OSB signs its saop request header.
My OSB proxy service authenticates the signature and forward the request to business service.
The business service signs the outbound soap request header. (To do this I configured the keystore in Security Provider Configuration of my SOA_domain in Enterprise Manager. Also I applied Web Service Policy of Service Client type to the business service.)
This is not working yet. Not sure if my approach is correct or not?
Thank you,
Eric

I validated the keystore, all the certificates used and the value for keystore.sig.csf.key / value for keystore.recipient.alias. They are all as expected. Restarted the server. Still failed for OSB to invoke the remote secured web service, but worked if only use soapUI to invoke the same remote secured web service directly.
The error message is:
General security error (WSSecurityEngine: No crypto property file supplied for decryption); nested exception is org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto property file supplied for decryption)
In the soap request / reponse message shown in the OSB Test Console, there seems to be two signature sections in the header and encryption section although I tried not to encrypt the soap request. I am using Web Service Client Policy "calpers/wss11_x509_token_with_message_integrity_client_policy_osb" which was created based on "oracle/wss11_x509_token_with_message_protection_client_policy". The difference between the two policies is my policy not to sign nor to encrypt entire body.
In the "Message Signing Setting" section, I unchecked the "Include Entire Body" and left the three default namespaces under the Header Elements.
In the "Message Encrypt Setting" section, I unchecked the "Include Entire Body" and also left the one default namespace under the Header Elements.
I don't know how to attach document here, so i add long saop message here.
     Business Service Testing - BookSec_Biz_Svc_52
     Request Document
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
<soapenv:Body>
<book:BookRequest xmlns:book="http://www.dortman.com/books/BookService">
<book:bookId>10</book:bookId>
<book:bookTitle>eric</book:bookTitle>
<book:bookAuthor>Z</book:bookAuthor>
</book:BookRequest>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-eEud1RcUOPcnV0fDqd6gZQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2013-03-14T18:10:00Z</wsu:Created>
<wsu:Expires>2013-03-14T18:15:00Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-VnzMtSwHMI8THKi2hhG2SQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
MIICazCCAdSgAwIBAgIEUTY65zANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxEzARBgNVBAcTCk1ldHJvcG9saXMxFjAUBgNVBAoTDUp1c3RpY2UgTGVhZ2UxFjAUBgNVBAsTDUp1c3RpYyBMZWFndWUxEzARBgNVBAMTCkNsYXJrIEtlbnQwHhcNMTMwMzA1MTgzNTE5WhcNMTMwNjAzMTgzNTE5WjB6MQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxEzARBgNVBAcTCk1ldHJvcG9saXMxFjAUBgNVBAoTDUp1c3RpY2UgTGVhZ2UxFjAUBgNVBAsTDUp1c3RpYyBMZWFndWUxEzARBgNVBAMTCkNsYXJrIEtlbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJhF0cMUwB/EjAyIOy9Cq8KCDqTXvlnlvMGq6LEhiGOtrATYy+JnHURcPUeusi65Ua3bE7JACWhHJ0fYEl7NtxPPSN3Q1RovkWGQ6I5O2XuEyMHg3MISh2CHhnkGSR+W6riDSUoB0ZC0KTgu14OTwqo54JSY/ugQszY7QC9DAuabAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAWeQ6LjMo12bY65GmnrmLdbRNm95RkL6gJCKa9pyUaMfvaIqKpmMQW8RM+eB90CR5DrM8oO2+8uKcqTt/pGNRYi2UJh2X0CdmyQQTmf3mCfgoZ597VTl+k3mKHKeeST7ZwAyBRL2jI0VisopFHpUhIwABoDgwOMpLcCF974AZ2rA=
</wsse:BinarySecurityToken>
*<dsig:Signature* Id="XSIG-oISn2AADumTdR86sONuz8g22" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<dsig:Reference URI="#Timestamp-eEud1RcUOPcnV0fDqd6gZQ22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>3LQ1IpQR3rKHvP6Ov/m9ZRoecZM=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>X2BUn9TLL26Ay9A3HGEn/mnGCCE=</dsig:SignatureValue>
<dsig:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#EK-h7saqC1VyBKZw2n1IHz8GQ22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
+*</dsig:Signature>*+
*<dsig:Signature* xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#BST-VnzMtSwHMI8THKi2hhG2SQ22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>dau9qjB2lxIvlaoDIHuWVHqjulI=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#STR-QC3ZDBRwsXv8unEWVns9rQ22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</dsig:Transform>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>nPO9mKSC9cMg2fEkGZI+ujy5O1Q=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#XSIG-oISn2AADumTdR86sONuz8g22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>qXkW/ZFFNc8Bu0VL9eF6c4np7IA=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
MuHCTh5cW8TiVKtkWFl+Of2EFAiHwuPTR7J9b4/n2KZtPy2OCrgi1lBpuzhFKLhoBxYNOK8TMOa/3b223Vv+CQUfUP7z0YVj5Ck7QETYngaQlS07KulnstJjsAgHBV8Zk3A0EafuWF2c3t5wBzEkgEC99v0EdY3mRiCzt7vh2qs=
</dsig:SignatureValue>
<dsig:KeyInfo Id="KeyInfo-0LT1QavoIVXOHesZfrxTwg22">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#BST-VnzMtSwHMI8THKi2hhG2SQ22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
+*</dsig:Signature>*+
*<xenc:EncryptedKey* Id="EK-h7saqC1VyBKZw2n1IHz8GQ22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
</xenc:EncryptionMethod>
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsu:Id="STR-QC3ZDBRwsXv8unEWVns9rQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">q9Z9yPxvNw4CvSLQNI4rxVlSF+w=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime">
Tgdhxy6wMJBBrw23iq1GLCm0TYKBXSVQvBcN+7TXdXL6FPSjhcbfXqtoz7wzirbSwUZuu+DrYuWs
0BjRXqw3auUSCMlkm4IoT1ag3wFQQ/PEbB8HNlYhW3gp/At3toTw+k5p9wOUd4BMFAiXyeHQ8+dQ
8JUiohXhiHErTDn6fFQ=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</wsse:Security>
</soap:Header>
<soapenv:Body>
<book:BookRequest xmlns:book="http://www.dortman.com/books/BookService">
<book:bookId>10</book:bookId>
<book:bookTitle>eric</book:bookTitle>
<book:bookAuthor>Z</book:bookAuthor>
</book:BookRequest>
</soapenv:Body>
</soapenv:Envelope>
     Response Document
The invocation resulted in an error: Internal Server Error.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Client</faultcode>
<faultstring xmlns:lang="en">
General security error (WSSecurityEngine: No crypto property file supplied for decryption); nested exception is org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto property file supplied for decryption) </faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
     Response Metadata
<con:metadata xmlns:con="http://www.bea.com/wli/sb/test/config">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:user-header name="Accept" value="text/xml"/>
<tran:user-header name="Expires" value="Thu, 14 Mar 2013 18:10:01 GMT"/>
<tran:user-header name="SOAPAction" value=""""/>
<http:Cache-Control>max-age=0</http:Cache-Control>
<http:Connection>close</http:Connection>
<http:Content-Type>text/xml; charset=UTF-8</http:Content-Type>
<http:Date>Thu, 14 Mar 2013 18:10:01 GMT</http:Date>
<http:Server>Apache</http:Server>
<http:Transfer-Encoding>chunked</http:Transfer-Encoding>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">2</tran:response-code>
<tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">Internal Server Error</tran:response-message>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">UTF-8</tran:encoding>
<http:http-response-code xmlns:http="http://www.bea.com/wli/sb/transports/http">500</http:http-response-code>
</con:metadata>

Accessing Secured Web Services fromPL/SQL Code.

Hi ,
This is an urgent requirement.We need to call a Web Sercured which is secured(That we need Authenticate using Digital Signatures).I don't how to call a Secured web service from PL/SQL code.with java it is possible.
Can anyone help me in confoguring/Writing code to call web services with Digital Certificates.
Regards,
Ram

In the XmlDigester class you would have to change the following 2 functions...
public int Compare(Object x, Object y)
XmlAttribute lhs = (XmlAttribute)x;
XmlAttribute rhs = (XmlAttribute)y;
string ls = lhs.NamespaceURI;
string rs = rhs.NamespaceURI;
if ((ls == rs) || (ls.Equals(rs) && ls != null && rs != null))
ls = lhs.LocalName;
rs = rhs.LocalName;
if (ls == null)
return -1;
if (rs == null)
return 1;
byte[] larr = Encoding.UTF8.GetBytes(ls);
byte[] rarr = Encoding.UTF8.GetBytes(rs);
int len = Math.Min(larr.Length, rarr.Length);
for (int i = 0; i < len; i++)
int li = (int)(larr[i] & 0xFF);
int ri = (int)(rarr[i] & 0xFF);
int d = li - ri;
if (d != 0)
return d;
return larr.Length - rarr.Length;
private void Serialize(string s, Stream outStream)
byte[] bytes = Encoding.UTF8.GetBytes(s);
int len = bytes.Length;
Serialize((byte)(len >> 8), outStream);
Serialize((byte)(len), outStream);
Serialize(bytes, outStream);
That should do the trick.

How to call web services from PL/SQL?

Hi,
Can one help in how to call web services from PL/SQL? Steps, pros and cons, etc....
Thanks in advance

Here's some example skeleton code to get you started...
PROCEDURE p_soap_request(p_username IN VARCHAR2, p_password IN VARCHAR2, p_proxy IN VARCHAR2) IS
    soap_request VARCHAR2(30000);
    soap_respond CLOB;
    http_req      utl_http.req;
    http_resp     utl_http.resp;
    resp          XMLType;
    soap_err      exception;
    v_code        VARCHAR2(200);
    v_msg         VARCHAR2(1800);
    v_len number;
    v_txt Varchar2(32767);
BEGIN
    UTL_HTTP.SET_PROXY(p_proxy);
    -- Define the SOAP request according the the definition of the web service being called
    soap_request:= '<?xml version = "1.0" encoding = "UTF-8"?>'||
                   '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">'||
                   ' <SOAP-ENV:Body>'||
                   '    <m:DownloadRequest xmlns:m="http://www.website.net/messages/GetDetails">'||
                   '      <m:UserName>'||p_username||'</m:UserName>'||
                   '      <m:Password>'||p_password||'</m:Password>'||
                   '    </m:DownloadRequest>'||
                   ' </SOAP-ENV:Body>'||
                   '</SOAP-ENV:Envelope>';
    http_req:= utl_http.begin_request
              ( 'http://www.website.net/webservices/GetDetailsService.asmx'
              , 'POST'
              , 'HTTP/1.1'
    utl_http.set_header(http_req, 'Content-Type', 'text/xml');
    utl_http.set_header(http_req, 'Content-Length', length(soap_request));
    utl_http.set_header(http_req, 'Download', ''); -- header requirements of particular web service
    utl_http.write_text(http_req, soap_request);
    http_resp:= utl_http.get_response(http_req);
    utl_http.get_header_by_name(http_resp, 'Content-Length', v_len, 1); -- Obtain the length of the response
    FOR i in 1..CEIL(v_len/32767) -- obtain response in 32K blocks just in case it is greater than 32K
    LOOP
        utl_http.read_text(http_resp, v_txt, case when i < CEIL(v_len/32767) then 32767 else mod(v_len,32767) end);
        soap_respond := soap_respond || v_txt; -- build up CLOB
    END LOOP;
    utl_http.end_response(http_resp);
    resp:= XMLType.createXML(soap_respond); -- Convert CLOB to XMLTYPE
END;Using secure web services (https)...
Web serivces call in Plsql
As for 'pros and cons'... there's nothing to compare against... either you want to call a web service or you don't.

How to secure web services?

Similar Messages

Maybe you are looking for