Implementing security for a webservice

Similar Messages

• Implementing security for the Projects in OWB

  Hi,
  Can we able to implement the security for the individual projects?
  Thanks
  Vinay

  Hi,
  do not know exactly what kind of security you want to implement. But the below is the excerption from OWB User guide about implementing security at Project level...
  You should be able to find more info in OWB User Guide.
  Freezing Projects
  If you want to freeze the project MY_PROJECT and prevent access to all its contents,
  the following restrictions will apply:
  You cannot create, edit, or delete any objects under a frozen project.
  You cannot invoke any of the services that modify objects within this frozen
  project. For example, you cannot perform an MDL import, a source import, or a
  snapshot restore in this project.
  You can deploy, export, and execute runtime procedures within a frozen project.
  You can validate and generate within a frozen project.
  You cannot add or remove any objects from a frozen project to a snapshot.
  The frozen project security policy is implemented within Warehouse Builder through
  the following files. These files are located on your installation CD under:
  samples/security_feature/frozenproject.
  frozenProject.pkb: Holds the implementation of the security policy.
  frozenProject.sql: Contains a table of the structure as shown in Table 19–2. The
  administrator can freeze projects by inserting them into this table and setting the
  isFrozen flag to 1.
  HTH
  mahesh

• Implementing Security for BPEL Process

  Hi,
  We have a requirement to add security layer to BPEL processes (BPEL 10.1.3.4) deployed on WL 9.2. Client has asked us to implement PKI for WL domain.
  Please guide me regarding the same.
  Regards,
  Prabodh Mitra
  P.S. we are not using OWSM due to some business reasons

  Hi,
  Can you please provide any docs related to implementing pki/ssl in a BPEL-WLS env ? I have tried, but in vain.
  These are the questions I have,
  1. BPEL is installed on a separate domain in WLS. How will we enable SSL here? Is it ok if we enable at admin server level ?
  2. Do we need to do some configuration on BPEL side as we do in OAS setup?
  Thanks in advance.
  Regards,
  AP

• Configuring Security  for Weblogic webservice

  We have developed a webservice using WLS 7.0 , now comes the next question how
  to make it secured from unauthorized access. We tried to get info from "Programming
  WebLogic Web Service" documentation (Chapter - Configuring Security) from bea
  site, but we couldnt get much info from this. We want to know what are all the
  different ways in which we can secure the webservices in weblogic 7.0. It will
  be better to get some code samples which implements security.

  Hello,
  I'd recommend starting with the simpleSSL example:
  http://webservice.bea.com/index.html#qz24
  Also you may want to visit the security section:
  http://webservice.bea.com/wswa.html
  HTHs,
  Bruce
  Anish wrote:
  >
  We have developed a webservice using WLS 7.0 , now comes the next question how
  to make it secured from unauthorized access. We tried to get info from "Programming
  WebLogic Web Service" documentation (Chapter - Configuring Security) from bea
  site, but we couldnt get much info from this. We want to know what are all the
  different ways in which we can secure the webservices in weblogic 7.0. It will
  be better to get some code samples which implements security.

• Implementing Security For ADF Pages when integrated with Oracle APPS

  Hi,
  Can anyone please let me know the solution to the below problem ?
  I have an ADF application that is deployed on a weblogic server. An URL is generated to access the ADF Pages.
  I have created one more simple jsp (Launch.jsp) which redirects to this URL on page load.
  I am using Oracle APPS where:
  ->I registered a form function referring to Launch.jsp
  ->I am referring form function in a responsibility , attaching that to a menu
  ->When the valid oracle user logs in, I am sending all oracle apps environment variables (User id , Responsibility id, application id ) for that session
  What my issue is :
  ->The URL along with the parameters that I am sending from the Launch.jsp to the ADF Page is visible to the user. So, even if the Oracle APPS user has not logged in, anybody who knows the URL can access the ADF Pages.
  ->So, Is there any way to implement the security so as, even if anyone knows the URL of the ADF Page cannot access the ADF Pages without the valid user being logged-in through the Oracle APPS.
  I am using Jdeveloper 11g.
  Please let me know if you need anymore details.
  Thanks in advance,
  Kavitha

  Please help me out if anyone has a solution to this problem.
  Thanks,
  Kavitha

• Implementing security for a custom Java Webdynpro

  We have a webdynpro that was developed and forces a user to log in w/their UME credentials.  I've been trying to find out where/how to implement specific security to the app (as in, which roles/groups can access it).  In the security provider of the admin tool, i don't even see the app listed under the components, if that's even the right place to look.
  Basically we want to create a UME role (which we've done) to assign it to this app, and then we'll assign a user group to the role.  As of now, pretty much anyone with an account on this instance can access the app.

  Hi David,
  This is done using UME programmatic security. On the help portal there's a tutorial to explain how to go about doing it. Here's a link:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/fa/a64d401be96913e10000000a1550b0/frameset.htm
  Once you setup the application, use the UME user admin to assign the application's actions to UME roles, which are then assigned to users.
  Regards,
  Yonko

• Implementing Security in web services developed using JAX WS approach

  Hi ,
  Our Organization has developed a Web service using JAX WS approach exposing EJB as EndPoint .This wsdl file URL is only used by third party companies that register with us (Means i want to say that this wsdl url is not world wide accessable).
  Now we need to implement security for this service , please tell me what is the appropiate for doing so ??
  Thank you in advance .
  Waiting for your valuable suggestions .
  Please help .

  You can implement message level security in many ways. Some of the ways are
  SAML
  Digital certificates etc
  You may have to work with your vendor specific API to achieve this. Take a look at one case study.
  http://www.ibm.com/developerworks/webservices/library/ws-security.html
  You will find lot of articles on google to implement message level security however my recommendation would be to get in touch with security expert.

• How to add security for webservice invoke

  Hi All,
  Please let me know how to invoke the webservice in BPEL process with security details.
  Thanks,
  Suresh

  Hi Santhosh,
  You may add security for your API's by using:
  Mutual certificate authentication
  Using OAuth 2.0
  Manage developer accounts
  Regards,
  Manu Rekhar

• Methodology for implementing SECURITY on Oracle Applications 11

  Hi,
  I wonder if anyone could indicate me any documentation that brings the best-practices in implementing SECURITY (users-profiles)on OA11.
  For example, a step-by-step methodology:
  * Identify your users
  * Define the user-profiles
  * Match each user profile level with its affect on the way applications run.
  * Match the user profile option with its description.
  * etc...
  This is URGENT!!!!
  I would be THANKFUL for any indication!
  If possible, please copy the [email protected] e-mail address.
  Cheers
  Chris

  Hi Jail,
  What release of Oracle Apps are you running 11.5.x (provide us with the value of x). dcmctl is available only on latest releases of Application Server viz., 10g and not available in iAS 10222 RP4.
  I believe your iAS version should be anywhere below 10222 RP4, reason you couldnt find dcmctl.
  For changing the ports, there are two options.
  1. Update s_webport value to the new port number in the context file ($APPL_TOP/admin) and run autoconfig.
  2. Update the new value manually in the following files:
  a. httpd.conf
  b. $COMMON_TOP/admin/portal/<sid>_<hostname>/aplogon.html
  c. context file
  Prefered method is option 1, since if you run autoconfig in the future without changing the value in the context file, all the configuration files will reflect the old value.
  cheers,
  Ram.

• Webinar: How to implement secure scenarios with SAP NW PI 7.1

  SAP Intelligence Platform & NetWeaver RIG APJ Expert Call
  Dear valued SAP Experts,
  Next SAP Intelligence Platform & NetWeaver RIG Expert Call Session will take place on Tuesday, August 18.
  The SAP Intelligence Platform & NetWeaver RIG Expert Call Sessions are designed to support consultants, partners and customers  during their implementation projects. The sessions cover all different aspects of SAP NetWeaver and are aimed at
  thus provide knowledge which is not available via standard training courses. The session duration is typically 60min and includes questions and answers.
  Tuesday, August 18, 2009:
  How to implement secure scenarios with SAP NetWeaver Process Integration 7.1
  Time: 2.00 - 3.00 p.m. Singapore Time (UTC +8)
  This event will feature Makoto Sugishita with the SAP Intelligence Platform & NetWeaver Regional Implementation Group.
  Makoto provides the following abstract:
  In this session you will learn more about the core security concepts that are provided with the service-oriented architecture (SOA)
  management capabilities in SAP NetWeaver Process Integration (SAP NetWeaver PI). This session will cover main use cases and
  supported scenarios of secure SAP NetWeaver PI deployments. 
  SAP Connect Link: https://sap.emea.pgiconnect.com/I016095
  (no passcode needed)
  Dial in:
  For dial in details please register here http://www.surveymonkey.com/s.aspx?sm=EFeuZl9PxrwKOW5i5W556g_3d_3d
  Kind regards,
  Sarma Sishta
  SAP Intelligence Platform & NetWeaver RIG APJ

  hi,
  I'm making this a sticky thread till August 18 so it will have better visibility
  Regards,
  Michal Krawczyk

• More than one outbound interface for the webservice scenario

  Hi Experts,
  Is it possible to have more than one outbound interface for the Webservice synchronous scenario? I have tried it , but I couldn't implement it.
  I would like to have your suggestions.
  Regards
  Sara

  Hey,
  Creation of a wsdl file
  /people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
  N:1 seemz he was refering to multimapping scenario.
  <b>Cheers,
  *RAJ*
  *REWARD POINTS IF FOUND USEFULL*</b>

• Implementing secure print in solaris 10

  Hi Team,
  We have planned to implement secure print in solaris 10 for xerox printer 5230 which will support to secure print
  And i have checked cups server there's no option like printing secure print,same we implemented secure print in windows side and its working fine.
  Refer URL for secure print in windows side : http://www.ubc.ca/okanagan/itservices/service-catalogue/computers-printers/printcopy/secureprinting.html
  Objective : Printer needs to ask password if any thing print given from solaris server or workstation.?
  is ther any way to implement secure print in solaris 10?
  Please suggest me solution with your valuable post?
  Regards
  Sreekanth   

  Thanks for your suggestion.
  I dont have clear picture about centerware and surely i will start study on this,
  Clarify me some doubts:
  is centreware having option to implement secure print now the users are giving print on normal basis & its production system?
  if i install centreware on this production any effect on the print services?

• Security for report group 6OBU (transaction S_ALR_87013019)

  I have a situation where a user with access to the transaction S_ALR_87013019, does not return any data during execution. Another user with much lesser access can return data with the same selection criteria.
  A security trace doesn't display any authorization failure. I believe there is a user exit EXIT_SAPFGRWS_001 which can be used to add some extra security for this report group but its not implemented.
  Are there any special user specific configurations which control display of data for this report?

  Hi Aninda,
  I agree. Authorization trace might not be appropriate in this situation.
  Also, user parameters are only to pass on specific values, such as company code, default layout etc and doesn't restrict the user from viewing a report.
  As mentioned in my earlier reply, the issue could be with a user exit where the user ID should be maintained in a table or the restriction is applied at the table level.
  The other issue could be with the version of SAP GUI. You may ask the user who has issue with viewing the report to login on a different system to identify if the issue is with the authorizations or the SAP GUI.
  Hope this helps!!
  Regards,
  Raghu

• Data level security for Dashboard pages.

  Hi all,
  I have a question.I want to apply data level security to the data in Dashboard pages .
  Any Answers.
  Thanks Sunny.

  Thanks Srikanth and Aravind .
  I have studied abt the data level security for dashboard.
  My question is : Is there any way to apply dataleve security to dashboard pages . like id dashboard D1 has pages p1,p2,p3
  and if we want to implement datalevel security to page is that possible.
  Thanks
  Sunny.

• Security for Message Monitor

  What is the best practice for implementing dialogue security for the XI message monitor (SXI_MONITOR or the like and in the RWB) by which you only allow users access to specific integration scenarios?  For example, I have 2 different business units with both their integration scenarios defined in the same XI instance.  However, I want to ensure one business unit can not view or manipulate another business units messages.

  HI,
  Have a look into Michal's blog-To control the access to Messages
  /people/michal.krawczyk2/blog/2006/01/02/xi-sxmbmoni--controlling-access-to-message-display
  Hope this helps,
  Regards,
  Moorthy