Implementing security for a webservice
Hi,
I am working on a services app development project where our app/service is going to serve some consumer application requests in the form of JMS or webservice requests. Please let me know what is the best solution to implement security in this scenario? I am looking for answers pertaining to authentication( validating the user/ client app) and authorization(whether the client can make this request).
Please dont give me the links from java site , unless they are very lucid. Please ... I am looking for straight forward answers in this forum.
( I am a microsoft guy moved into J2EE and honestly, i never felt comfortable with the documentation in Sun site to be simple or easily understandable. [no offense intended to j2ee evangelists :) ] )
I would start with SSL for this and build in application authorization via a handshake listener, provided the SSLSocket is exposed. But you're going to have to look at Java documentation for that, there's no point in me giving you my own version of what it says when it's already documented. I have to say that if you think you're going to get a reliable answer that doesn't cite or quote from official Java documentation, you have very strange expectations, and frankly a very strange way of doing your job.
Similar Messages
-
Implementing security for the Projects in OWB
Hi,
Can we able to implement the security for the individual projects?
Thanks
VinayHi,
do not know exactly what kind of security you want to implement. But the below is the excerption from OWB User guide about implementing security at Project level...
You should be able to find more info in OWB User Guide.
Freezing Projects
If you want to freeze the project MY_PROJECT and prevent access to all its contents,
the following restrictions will apply:
You cannot create, edit, or delete any objects under a frozen project.
You cannot invoke any of the services that modify objects within this frozen
project. For example, you cannot perform an MDL import, a source import, or a
snapshot restore in this project.
You can deploy, export, and execute runtime procedures within a frozen project.
You can validate and generate within a frozen project.
You cannot add or remove any objects from a frozen project to a snapshot.
The frozen project security policy is implemented within Warehouse Builder through
the following files. These files are located on your installation CD under:
samples/security_feature/frozenproject.
frozenProject.pkb: Holds the implementation of the security policy.
frozenProject.sql: Contains a table of the structure as shown in Table 192. The
administrator can freeze projects by inserting them into this table and setting the
isFrozen flag to 1.
HTH
mahesh -
Implementing Security for BPEL Process
Hi,
We have a requirement to add security layer to BPEL processes (BPEL 10.1.3.4) deployed on WL 9.2. Client has asked us to implement PKI for WL domain.
Please guide me regarding the same.
Regards,
Prabodh Mitra
P.S. we are not using OWSM due to some business reasonsHi,
Can you please provide any docs related to implementing pki/ssl in a BPEL-WLS env ? I have tried, but in vain.
These are the questions I have,
1. BPEL is installed on a separate domain in WLS. How will we enable SSL here? Is it ok if we enable at admin server level ?
2. Do we need to do some configuration on BPEL side as we do in OAS setup?
Thanks in advance.
Regards,
AP -
Configuring Security for Weblogic webservice
We have developed a webservice using WLS 7.0 , now comes the next question how
to make it secured from unauthorized access. We tried to get info from "Programming
WebLogic Web Service" documentation (Chapter - Configuring Security) from bea
site, but we couldnt get much info from this. We want to know what are all the
different ways in which we can secure the webservices in weblogic 7.0. It will
be better to get some code samples which implements security.Hello,
I'd recommend starting with the simpleSSL example:
http://webservice.bea.com/index.html#qz24
Also you may want to visit the security section:
http://webservice.bea.com/wswa.html
HTHs,
Bruce
Anish wrote:
>
We have developed a webservice using WLS 7.0 , now comes the next question how
to make it secured from unauthorized access. We tried to get info from "Programming
WebLogic Web Service" documentation (Chapter - Configuring Security) from bea
site, but we couldnt get much info from this. We want to know what are all the
different ways in which we can secure the webservices in weblogic 7.0. It will
be better to get some code samples which implements security. -
Implementing Security For ADF Pages when integrated with Oracle APPS
Hi,
Can anyone please let me know the solution to the below problem ?
I have an ADF application that is deployed on a weblogic server. An URL is generated to access the ADF Pages.
I have created one more simple jsp (Launch.jsp) which redirects to this URL on page load.
I am using Oracle APPS where:
->I registered a form function referring to Launch.jsp
->I am referring form function in a responsibility , attaching that to a menu
->When the valid oracle user logs in, I am sending all oracle apps environment variables (User id , Responsibility id, application id ) for that session
What my issue is :
->The URL along with the parameters that I am sending from the Launch.jsp to the ADF Page is visible to the user. So, even if the Oracle APPS user has not logged in, anybody who knows the URL can access the ADF Pages.
->So, Is there any way to implement the security so as, even if anyone knows the URL of the ADF Page cannot access the ADF Pages without the valid user being logged-in through the Oracle APPS.
I am using Jdeveloper 11g.
Please let me know if you need anymore details.
Thanks in advance,
KavithaPlease help me out if anyone has a solution to this problem.
Thanks,
Kavitha -
Implementing security for a custom Java Webdynpro
We have a webdynpro that was developed and forces a user to log in w/their UME credentials. I've been trying to find out where/how to implement specific security to the app (as in, which roles/groups can access it). In the security provider of the admin tool, i don't even see the app listed under the components, if that's even the right place to look.
Basically we want to create a UME role (which we've done) to assign it to this app, and then we'll assign a user group to the role. As of now, pretty much anyone with an account on this instance can access the app.Hi David,
This is done using UME programmatic security. On the help portal there's a tutorial to explain how to go about doing it. Here's a link:
http://help.sap.com/saphelp_nw2004s/helpdata/en/fa/a64d401be96913e10000000a1550b0/frameset.htm
Once you setup the application, use the UME user admin to assign the application's actions to UME roles, which are then assigned to users.
Regards,
Yonko -
Implementing Security in web services developed using JAX WS approach
Hi ,
Our Organization has developed a Web service using JAX WS approach exposing EJB as EndPoint .This wsdl file URL is only used by third party companies that register with us (Means i want to say that this wsdl url is not world wide accessable).
Now we need to implement security for this service , please tell me what is the appropiate for doing so ??
Thank you in advance .
Waiting for your valuable suggestions .
Please help .You can implement message level security in many ways. Some of the ways are
SAML
Digital certificates etc
You may have to work with your vendor specific API to achieve this. Take a look at one case study.
http://www.ibm.com/developerworks/webservices/library/ws-security.html
You will find lot of articles on google to implement message level security however my recommendation would be to get in touch with security expert. -
How to add security for webservice invoke
Hi All,
Please let me know how to invoke the webservice in BPEL process with security details.
Thanks,
SureshHi Santhosh,
You may add security for your API's by using:
Mutual certificate authentication
Using OAuth 2.0
Manage developer accounts
Regards,
Manu Rekhar -
Methodology for implementing SECURITY on Oracle Applications 11
Hi,
I wonder if anyone could indicate me any documentation that brings the best-practices in implementing SECURITY (users-profiles)on OA11.
For example, a step-by-step methodology:
* Identify your users
* Define the user-profiles
* Match each user profile level with its affect on the way applications run.
* Match the user profile option with its description.
* etc...
This is URGENT!!!!
I would be THANKFUL for any indication!
If possible, please copy the [email protected] e-mail address.
Cheers
ChrisHi Jail,
What release of Oracle Apps are you running 11.5.x (provide us with the value of x). dcmctl is available only on latest releases of Application Server viz., 10g and not available in iAS 10222 RP4.
I believe your iAS version should be anywhere below 10222 RP4, reason you couldnt find dcmctl.
For changing the ports, there are two options.
1. Update s_webport value to the new port number in the context file ($APPL_TOP/admin) and run autoconfig.
2. Update the new value manually in the following files:
a. httpd.conf
b. $COMMON_TOP/admin/portal/<sid>_<hostname>/aplogon.html
c. context file
Prefered method is option 1, since if you run autoconfig in the future without changing the value in the context file, all the configuration files will reflect the old value.
cheers,
Ram. -
Webinar: How to implement secure scenarios with SAP NW PI 7.1
SAP Intelligence Platform & NetWeaver RIG APJ Expert Call
Dear valued SAP Experts,
Next SAP Intelligence Platform & NetWeaver RIG Expert Call Session will take place on Tuesday, August 18.
The SAP Intelligence Platform & NetWeaver RIG Expert Call Sessions are designed to support consultants, partners and customers during their implementation projects. The sessions cover all different aspects of SAP NetWeaver and are aimed at
thus provide knowledge which is not available via standard training courses. The session duration is typically 60min and includes questions and answers.
Tuesday, August 18, 2009:
How to implement secure scenarios with SAP NetWeaver Process Integration 7.1
Time: 2.00 - 3.00 p.m. Singapore Time (UTC +8)
This event will feature Makoto Sugishita with the SAP Intelligence Platform & NetWeaver Regional Implementation Group.
Makoto provides the following abstract:
In this session you will learn more about the core security concepts that are provided with the service-oriented architecture (SOA)
management capabilities in SAP NetWeaver Process Integration (SAP NetWeaver PI). This session will cover main use cases and
supported scenarios of secure SAP NetWeaver PI deployments.
SAP Connect Link: https://sap.emea.pgiconnect.com/I016095
(no passcode needed)
Dial in:
For dial in details please register here http://www.surveymonkey.com/s.aspx?sm=EFeuZl9PxrwKOW5i5W556g_3d_3d
Kind regards,
Sarma Sishta
SAP Intelligence Platform & NetWeaver RIG APJhi,
I'm making this a sticky thread till August 18 so it will have better visibility
Regards,
Michal Krawczyk -
More than one outbound interface for the webservice scenario
Hi Experts,
Is it possible to have more than one outbound interface for the Webservice synchronous scenario? I have tried it , but I couldn't implement it.
I would like to have your suggestions.
Regards
SaraHey,
Creation of a wsdl file
/people/riyaz.sayyad/blog/2006/05/07/consuming-xi-web-services-using-web-dynpro-150-part-i
N:1 seemz he was refering to multimapping scenario.
<b>Cheers,
*RAJ*
*REWARD POINTS IF FOUND USEFULL*</b> -
Implementing secure print in solaris 10
Hi Team,
We have planned to implement secure print in solaris 10 for xerox printer 5230 which will support to secure print
And i have checked cups server there's no option like printing secure print,same we implemented secure print in windows side and its working fine.
Refer URL for secure print in windows side : http://www.ubc.ca/okanagan/itservices/service-catalogue/computers-printers/printcopy/secureprinting.html
Objective : Printer needs to ask password if any thing print given from solaris server or workstation.?
is ther any way to implement secure print in solaris 10?
Please suggest me solution with your valuable post?
Regards
SreekanthThanks for your suggestion.
I dont have clear picture about centerware and surely i will start study on this,
Clarify me some doubts:
is centreware having option to implement secure print now the users are giving print on normal basis & its production system?
if i install centreware on this production any effect on the print services? -
Security for report group 6OBU (transaction S_ALR_87013019)
I have a situation where a user with access to the transaction S_ALR_87013019, does not return any data during execution. Another user with much lesser access can return data with the same selection criteria.
A security trace doesn't display any authorization failure. I believe there is a user exit EXIT_SAPFGRWS_001 which can be used to add some extra security for this report group but its not implemented.
Are there any special user specific configurations which control display of data for this report?Hi Aninda,
I agree. Authorization trace might not be appropriate in this situation.
Also, user parameters are only to pass on specific values, such as company code, default layout etc and doesn't restrict the user from viewing a report.
As mentioned in my earlier reply, the issue could be with a user exit where the user ID should be maintained in a table or the restriction is applied at the table level.
The other issue could be with the version of SAP GUI. You may ask the user who has issue with viewing the report to login on a different system to identify if the issue is with the authorizations or the SAP GUI.
Hope this helps!!
Regards,
Raghu -
Data level security for Dashboard pages.
Hi all,
I have a question.I want to apply data level security to the data in Dashboard pages .
Any Answers.
Thanks Sunny.Thanks Srikanth and Aravind .
I have studied abt the data level security for dashboard.
My question is : Is there any way to apply dataleve security to dashboard pages . like id dashboard D1 has pages p1,p2,p3
and if we want to implement datalevel security to page is that possible.
Thanks
Sunny. -
What is the best practice for implementing dialogue security for the XI message monitor (SXI_MONITOR or the like and in the RWB) by which you only allow users access to specific integration scenarios? For example, I have 2 different business units with both their integration scenarios defined in the same XI instance. However, I want to ensure one business unit can not view or manipulate another business units messages.
HI,
Have a look into Michal's blog-To control the access to Messages
/people/michal.krawczyk2/blog/2006/01/02/xi-sxmbmoni--controlling-access-to-message-display
Hope this helps,
Regards,
Moorthy
Maybe you are looking for
-
MacBook Pro: I have changed my old apple ID address but cannot update apps now as it still reverts to my old ID address as the primary holder (it is the apple ID that I have purchased the apps, etc). I have tried to edit back to the old address but
-
Hello everybody. I've coded a little programm which displays some figure when I click on a button. But I have a little problem with the "dirty painting". here 's my code : import java.awt.*; import javax.swing.*; import java.awt.event.*; import javax
-
MASTER DATA: HOW TO CHANGE SHIP TO INTO SOLD TO
Hi Gurus, can you please help? i need to change a ship to party into a sold to party. can you tell me how to do it? thanks C.
-
Hi all, How to do back order rescheduling? Thanks and Regards, Anil kumar panguluri
-
HT2845 finger motion on magic mouse does not cause scrolling
Finger motion on magic mouse does not produce scrolling????????