Providing basic security to webservice

Similar Messages

• How to provide basic security?

  My first form is about to go into use. I do not need or want anyone being able to alter the form design in any way.
  Users will be using Adobe Reader to complete the forms fields of information and email back to office.  I would like them to be able to save, email and print the form once completed. There will be a signature field, Im still trying to figure out.  With just Reader, I realize that just filling out the form is all they can do.  I just want to ensure that no one can edit the design itself.
  Thanks for any help.

  Set the security to not allow changes. This is not full proof, but is what Acrobat offers. If you did the form in Designer, then you may have to check there for security issues.
  Saving the file with Reader requires activating Reader Right's, but this is limited to 500 uses of the form.
  E-mail submission is a potential problem, unless you are able to control the user environment. E-mail may not work properly on all machines and this is a client issue, not your's. That is why e-mail is a bad choice for general use. As for submission, why not just send back the data? The data (FDF or XML) can simply be opened in the form and you have what would have been sent as a result.

• Securing WebService with Basic Security Profile

  Hi,
  I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
  I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
  WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

  Hi,
  I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
  I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
  WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

• Call secure RestFul WebService with basic authorization via https

  Hi,
  is there a way to call a secure RestFul WebService with basic authorization via https from APEX?
  Database: Oracle 11g XE
  APEX: 4.2.1
  I have a solution by calling the WebService from Java which was called from the database via scheduled job (execute).
  As my hosting partner does not support Java I am looking for another option.
  Regards
  Markus

  Hi,
  I think its not possible, in this link you can find in more detail why.
  Its related with the use of wallets to acess https requests.
  http://www.apexninjas.com/blog/2011/06/https-access-with-utl_http-on-oracle-xe-has-anyone-managed-to-do-this/
  Edit: Because you are using Oracle XE
  Edited by: carlos.pereira on Jan 23, 2013 6:15 PM

• Providing ADF security  to fusion WebAppliaction (ADF 11g)

  I created ADF application contains single page .
  i am able to deploy this on standalone WLS10.3
  But i need to provide the security to my application.
  I am reading the chapter :
  Enabling ADF Security in a Fusion Web Application in develpers guide.
  is there any other sources like demos / blogs/step by step tutorials about security which is helpful for begginers.if you have , pls provide me.
  Sailaja

  Here are some links:
  - [Adding Security(Oracle Doc)|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/adding_security.htm#BGBCEDDD]
  - [ADF Security Part 1: Container Managed Security (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt1/adfsec1.htm]
  - [ADF Security Part 2: Setup and Authentication (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt2/ADF%20Security%20Authentication%20and%20Setup.htm]
  - [ADF Security Part 3: Authorization (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt3/ADF%20Security%20-%20Authorization.htm]
  - [ADF Security Part 5: ADF BC Entity Security (By Frank Nimphius)|http://www.oracle.com/technology/products/jdev/tips/fnimphius/adfsec_camt5/ADF%20Entity%20Object%20Security%20through%20ADF%20Security.htm]
  Sireesha

• Open Directory is not providing a secure connection

  I've been setting up Yosemite Server, but I haven't been able to get a second Mac to join onto the Open Directory service. When clicking Join… in Accounts Preferences on the client machine, and entering the address, it asks me whether I want to trust the server's certificates, which I do; and then, in a second dialog, it says "This server does not provide a secure (SSL) connection. Do you want to continue?"
  My question, simply, is how do I confirm that my server is providing a secure Open Directory connection? If it's not, how do I enable it, and if it is, how do I convince my client to use it?
  Background:
  After doing the initial setup, I turned on Open Directory before noticing that the host name was not correct—I had not changed it from "Xxx.local". So I changed it to the correct domain as pointed to by an external DNS server. It mentioned that I'd have to reconfigure a number of services, Open Directory among them. I turned Open Directory off, then on, and confirmed in the Certificates section that all services were using the newly-generated certificate with the correct domain name. I turned on Profile Manager, and added a test network user, and an encrypted-only (SMB3) share for its home folder. For good measure, I turned on the Websites service.
  At several points along this process, I tried to get the client to join the server's Open Directory, each and every time with the same message that the server does not provide a secure connection. I removed the applicable certificates on the client and tried again, just to be sure it wasn't using an outdated version of them—to no avail. The error is exactly the same whether I use the global .com hostname, the .local hostname, the global IP, or the local 10.0.1.x IP.
  The server is running Mac OS X 10.10.1, and the client MBP is on 10.10.
  The client is currently on the local network, but I aim to use Portable Home Directories and sync from other locations, so an unsecured OD connection is obviously unacceptable.
  Any advice would be dearly appreciated!

  First, follow the instructions in this support article to configure the clients to use the server's certificate to bind via LDAPS. The common name in the certificate must match both the server's hostname and its domain name, as resolved by the clients. You will get nowhere if those conditions aren't met.

• Unable to provide custom security impelmentation (BPELProcessValidator)

  Hey Gurus,
  I got a question regarding custom implementation of BPELProcessValidator class.
  My project requires me to secure each Business Process hosted in Ora BPEL PM.
  I have implemented my custom class MyValidator that extends BPELProcessValidator.
  I would like to use this class as my security implementation. As per the documentation
  I invoke the oc4j instance that hosts Oracle BPEL with a directive -Doracle.bpel.customvalidator=D:\OraBPELPM\security.properties
  security.properties file contains the name of the Java class that provides the security implementation.
  This does not work though. BPEL PM doesnt even try to load this class. Do let me know if I am missing
  something.
  Please refer to the presentation at http://www.oracle.com/technology/products/ias/bpel/pdf/bpelsecextenstionphase2.pdf
  My BPEL build : 10.1.2.0.2 [build #2196 ] - type: release
  I would appreciate any pointers/code/doc that would help me implement custom security provider for BPEL.
  Abhijeet

  Hi Clemens,
  Thanks for quick reply. I got something going today. However I still have some issues. Now the BPEL engine is not able to find the class that I have implemented.
  at java.lang.Thread.run(Thread.java:534)
  <2006-02-28 12:31:53,296> <ERROR> <default.collaxa.cube.engine> <MessageHandle
  anager::createHandler>
  java.lang.ClassNotFoundException: BusinessProcess.MyValidator
  at com.evermind.naming.ContextClassLoader.findClass(ContextClassLoader
  ava:500)
  I tried to set the class path to point to the directory that contains BusinessProcess.MyValidator class. Set up the system CLASSPATH / Put this class in OC4J Lib and alike but never got it in with the classloader.
  Strange part is that through the same OC4J instace when i tried to invoke a method in this class through a JSP I got a response. This means the OC4J did have access to my class.
  Will you please let me know where I should put my classes so that collaxa implementation can find it.
  Also, may I know when the security tab in the BPEL domain manager will be available to external world.
  Regards
  Abhijeet

• The token provider was unable to provide a security token

  I am configuring workflow for SharePoint 2013. For that I am creating a workflow farm and selected custom settings and selecting certificates from personal store. When I am select the option where it will auto generate the certificate configuration 
  successful.
  while selecting the certs from personal store, configuration failed to add host to workflow farm and throwing below error
  Configuring Workflow Manager runtime settings.
  The token provider was unable to provide a security token while accessing 'https://hostname:9355/WorkflowDefaultNamespace/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the
  SSL/TLS secure channel.'.
  Thanks,
  Neetu
  neetu

  Hi,
  When I am trying to receive the same messages from a Azure service bus subscription using .net (C#) client,
  BusSubscriberbusSubscriber =
  newBusSubscriber("TestTopic2",
  "Endpoint=sb://overcasb.servicebus.windows.net/;SharedSecretIssuer=owner;SharedSecretValue=wqYlT4yHZimeUZacH+1V1hj/ZrKu7zK9ELaaLYDxqjc=",
  "AssetMovement",
  "AssetMovement");
  I am getting the same error here also.
  "The token provider was unable to provide a security token while accessing 'https://overcasb-sb.accesscontrol.windows.net/WRAPv0.9/'.
  Error Code: 407 Proxy Authentication Required. The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209)
  By setting  <defaultProxy useDefaultCredentials="true" /> in appconfig, I got rid of the above error. And now its working fine with .net(C#) client.
  <configuration>
    <system.net>
      <defaultProxy useDefaultCredentials="true" />
    </system.net>
  </configuration>
  The same setting I tried in BTSNTSvc.exe config file and ofcourse restarted the host instance but still getting the same error. Any help?
  gautam

• Can Acrobat XI Pro with videos provide good security?

  eBooks provide a good basis for use of videos. I reviewed the process to use videos within Acrobat X (I?). Much of the information related to completion of forms and collaborative projects.  Apparently InDesign does not have a way to include videos. I have prepared iBooks using iBooks Author. The result, even as a novice, was fine. However, Adobe's CC relationship encourages use of several robust software, such as Audition, that would enhance my use of videos.  Rather than switch between PC, needed for an only PC program, and a MAC  I would like to configure future eBooks within the PC environment.  Apple's iBooks environment provides indicated security, even with an assortment of media types(videos, slide shows, Qs and As).  Acrobat XI appears to be a good resource with its new video inclusion capability.  However, security is an important element.  Does Acrobat XI provide sufficient security to prevent abuse of copyright material?

  PhotoJournal wrote:
  ...  Does Acrobat XI provide sufficient security to prevent abuse of copyright material?
  No.

• Wait, so I have to spend $4500 on FMIS instead of $995 on FMSS just to get basic security features?

  So I have been navigating this forum looking for a tutorial on how to prevent unauthorized people from being able to publish streams to my server, but apparently this feature is not available in FMSS? I have to upgrade to FMIS for this option alone?
  All I'm doing is live broadcasting, and this very basic security feature is not available?
  This is a definite deal-breaker, and will cause me to purchase Wowza instead.

  Hi there,
  You're running an old version of Safari. Before troubleshooting, try updating it to the latest version: 6.0. You can do this by clicking the Apple logo in the top left, then clicking Software update.
  You can also update to the latest version of OS X, 10.8 Mountain Lion, from the Mac App Store for $19.99, which will automatically install Safari 6 as well, but this isn't essential, only reccomended.
  Thanks, let me know if the update helps,
  Nathan

• Trying to purchase Lion, but am asked "To use this apple ID you must first login to My Info Web page then provide additional security information.  It won't let me get there to provide info for this purchase?

  Trying to purchase Lion, but next window ask that I must login to my info web page to provide additional security info, in order to use this apple ID.  But the next page says that Safari can't load.  I emptied the cache and reset, but lost as to what to do next in order to purchase lion?

  solved

• Cannot get Shockwave playver 12 to work with users that have basic security

  Good Day,
  I've pushed out Shockwave player 12 to 2 test units that are Win 7 and IE 10.. I can log in with my account (ADmin access ) and 2 other accounts (1 Student and 1 Teacher) that have basic security access  and run a web page that will play properly.. I ran the testy and it came back as everything is ok...
  I created 2 other accounts with same access as the teacher and Student (basic domain access) and logged in to the same unit.. and the web page won't play... I ran the Adobe test and it tells me The Version 12 Shockwave is installed incorectly..
  As a test, I removed the 2 working profiles from a PC..., then re logged in, it worked...
  Tried removing shockwave player and re-installing, still fails for the 2 student and teacher (and all other accounts).. I've verified IE settings (as they are controlled via group policy..) everything is the same...
  Searched the WEB and seems to be acomon issue, any ideas?

  Hello,
  It was sorted out.. (somewhat)..  the fix for a specific website was to add it to the trusted list of sites..
  Could never figure out the blocking though… of IE10 and settings..
  Ron

• WS security on webservices with JAX-WS Provider Interface

  Hi Experts:
  I have developed webservices with JAX-WS Provider Interface (WSProvider),it gives message level handling and also eliminates POJOs for user defined types; but how to add operation level Weblogic security policy on such services ?
  In my Weblogic console, I can see the endpoint of the service, and my services has at least 10 operations as defined in the WSDL, but I do not see operations details in the server console when I try to attach Weblogic security policy; so how do I add security rule to decide which operation is allowed by which user?
  am I missing something? or this is not possible ?  I am using WSProvider Interface and wondering is any issue because of that?  Or my operations should be visible regards of any JAX-WS standards implementation ?
  Thanks in advance!

  appaerently with the switch to the oc4j ws providers - a regression was introduced - bug 5665917 ... which is to be fixed for 10.1.3.3 ..
  pls contact oracle support to retrieve the patch ..
  /clemens

• Calling a Secure (SSL) Webservice

  I'm working on an HTMLDB app that needs to call a secure (as in SSL) webservice. If I was hand-coding this in PL/SQL I'd pass the wallet location and password in my calls to UTL_HTTP.REQUEST(...) etc. I assume that somewhere under the covers HTMLDB is calling those same routines.
  I'd like to use the HTMLDB WebService Tools if possible, but is there anyway to make them SSL aware? Can I set the wallet location, password for HTMLDB to go look for, or is this just not supported at this time?
  Thanks
  (By the way: HTMLDB 2.0 on Oracle 10gR1)

  Hi Anil,
     You can call ur webservice in many ways.One which is the most basic is
     create an object of the method which u want to call e.g:
      RequsetXXXXX obj = new RequestXXXXX();
     wdCOntext.curentRequestXXXXXElement().bind(obj);
     obj._setUser(username);
     obj._setPassword(pasword);
    obj.execute();
  please reward points if it helps.
  Abhinav Sharma

• Invalid Provider URL deploying axis webservice application on OC4J 10.1.3

  Hi,
  I have an enterprise webservice application using axis running fine with OC4J 9.0.4. I tried to deploy it in OC4J 10.1.3 and it gives ConfigurationException inside axis. I tried both axis 1.3 and 1.4 and still has the same issue. Axis is catching the exception and throwing it out as a runtime exception: Invalid Provider URL. I tried to google it, but didn't found much help. Did anyone had similar problem like this.
  Thanks in Advance,
  Chandu

  Chandu,
  Perhaps you could post the entire error message and stack trace you are getting, as well as the part of your code that is causing the error? Are you using JDK 1.4 or JDK 1.5?
  Good Luck,
  Avi.