SOAP Request with Web Service Security

Similar Messages

• [OSB Kernel:398133]The service is based on WSDL with Web Services Security

  Team,
  I need to use the wsdl given by external client. When I create a osb business service, I am receiving the below error.
  OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.     ...
  WSDL:
  http://personator.melissadata.net/v3/SOAP/ContactVerify
  We don't have OWSM set up. Is there any workaround that I can use to connect to this service for OSB?

  As a workaround, you can try to remove the Policy definition and reference from the copy you will import in OSB.
  I would recommend to add OWSM to your domain. It's a straight forward process.
  Regards,
  Fabio.

• Issue with Web Service Security

  Dear Forum Members and Readers,
  I am a beginner to Web Services, and facing an issue with WS-Security.
  My issue seemingly is quite specific to my projects though, It will be great if you can provide me your views.
  Context Description:
  I am developing a Java Web Service application that is deployed on JBoss Application Server.
  This application will communicate with two other applications those are not deployed in same JBoss Application Server.
  These 2 applications are third party applications, one is C++ based web services and other is Java based web services.
  My application gives a call to Third Party Application1 and receives the response back form it. It then passes this received response to Third Party Application 2.
  Issue Description:
  I now need to enable https paradigm among these 3 applications. (I need to implement web service security model here)
  I started with looking in to JBoss specific WS-Security but found it not suitable in my case, as it requires to configure both the client and server. I have the control over my application but not on other 2 third party applications.
  To this extent, I am unable to identify a solution that can address my issue.
  Can anybody please provide me with initial thoughts or any reference material that might help me to give this a start.
  Any clue will be highly appreciated!
  Thanks in advance
  Mukul

  mukul.object wrote:
  Actually, my SOAP messages contains some critical information that needs to be encrypted.You think that its critical information however your third party doesn't. If they would have had same thought they would have enabled the security. As I said earlier, you will have to discuss this with them.
  Another solution (however I don't know the viability in your case) could be to deploy one component before each third party service. Your web service will call this new component (Which is installed in their environment i.e. local to third party web service) and new component will forward the request to third party service. Now you can apply security/encryption/decryption between your web service and your component.
  I have had a look in to XMLEncrytion using that I can encrypt my SOAP messages but I wonder how would other tools decrypt that.My above comments answers this.
  Is there anyway I can encrypt my SOAP messages (without having to customize third party tools) in this scenario ??My above comments answers this.

• Working with Web Service Security

  Hi... forum
  I really need your help.
  I created a web service client. with JDEV 10.1.3, when i crearted a function call i got this error
  javax.xml.rpc.soap.SOAPFaultException: SoapException
  at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:540)
  at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
  at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
  at com.ws.runtime.POSSoap_Stub.comprar(POSSoap_Stub.java:659)
  at com.ws.POSSoapClient.comprar(POSSoapClient.java:55)
  at com.ws.POSSoapClient.main(POSSoapClient.java:40)
  I debug the application and then get down in this line:
  send((String) getProperty(ENDPOINT_ADDRESS_PROPERTY), _state);
  i also using web Secure Proxy
  and i have another methor called ping and this work fine, but one method that needs webservice security doesn´t work.
  some body has work with Webservice Security ?
  How can i view the message that is sending ?
  i don´t know what´s happenning ?
  Can help me, please?
  thnks
  Josue

  HI Frank, thank you for your help...
  I run the HTTP analyzer and see the error.. the usernametoken doesn´t was put it...
  My proxy i put it like secure proxy and i check the option username token. but the service. doesn´t put me this tag.
  this the message send it.
  <?xml version = '1.0' encoding = 'UTF-8'?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:schemas-orbitel-com-co:pos">
  <env:Body>
  <ns0:SolicitudCompra>
  <ns0:IdTransaccion>123</ns0:IdTransaccion>
  <ns0:TipoTarjeta>Orbitel Europa</ns0:TipoTarjeta>
  <ns0:Localizacion>Colombia</ns0:Localizacion>
  <ns0:Valor>0</ns0:Valor>
  <ns0:ZonaHoraria>0</ns0:ZonaHoraria>
  </ns0:SolicitudCompra>
  </env:Body>
  </env:Envelope>
  And the error message is..:
  <soap:Fault>
  <faultcode>soap:Server</faultcode>
  <faultstring>SoapException</faultstring>
  <faultactor>urn:schemas-orbitel-com-co:pos</faultactor>
  <detail>
  <Error xmlns="urn:schemas-orbitel-com-co:pos">
  <Codigo>POS006</Codigo>
  <Descripcion>El UsernameToken no fue suministrado</Descripcion>
  </Error>
  </detail>
  </soap:Fault>
  Frank, what can i do. to put the usernametoken into the send message.. ?
  thnks four your help...
  thnks.
  Joshua

• SOAP Sender Adapter + Web Service Security

  Hi all
  We have a SOAP scenario, where Multiple clients will expose a same webservice and got the response back.
  While exposing a webservice calls its asking for credentails
  (yes we can create the service user with proper authentication and provide the information to client)
  But client dont want to use the credentials to expose a call. We are thinking to get the certificates from XI server (certificates are already installed) and give it to Client to by pass the credentials.
  Since the multiple Client are calling the same service, its tedious to install all  client certificates in XI.
  Kindly suggest your any ideas on how to perform this.
  Thanks
  Ramg

  Hello!
  Please refer to the three links below that may help you with using certificate in Web Services for Logon.
  Defining the Logon Procedure:
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/d3/2bb3405226bc4ee10000000a1550b0/frameset.htm
  Authentication for Web Services:
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/45/6bc1a021e80dece10000000a11466f/frameset.htm
  Authentication for Web Services:
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/57/07813ee3d32b44e10000000a114084/frameset.htm
  Regards,
  Caio Cagnani

• Web Service Security with SAML - Invalid XML signature

  Hello together,
  we want to build a scenario where we want to use Web Service Security  with SAML.
  The scenario will be
  WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
  SAP PI release is 7.11 (SP Level 4)
  We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
  The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
  But we get following error at calling the CRM system when we want to communicate with SAML:
    <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
  Has somebody an idea of the possible reason for the error.
  Thanks in advance
  Stefan

  Error Messages in the Trace/Log Viewer:
  CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
  A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
  Invalid XML signature

• Security with Web Service calling some EJBs

  Hi everybody,
  I have implemented some web services residing in a war file deployed on my Tomcat. The web services module is a client to some EJBs deployed on my JBoss. I need to log the user in my realm on each WS request and log the user out before the WS response.
  I have implemented security on web applications with JBoss and used JAAS realms succesfully but what do I do in this case with Web Services? I mean the requests are stateless. If I use the org.jboss.security.ClientLoginModule
  won't this override the credentials of another user who is already logged in the realm?
  I have also implemented a standalone application which spawns a thread for each user request and I am wondering about the same thing. This application is a service listening for some kind of messages; on a message the application should log the user in the realm before calling an EJB and log the user after the request is completed. So it's more or less the same situation as above.
  Is this possible? I mean logging many users in the same realm in one non-web application?
  Any ideas?
  Thank you in advance!!!
  thoism

  requests are stateless, just as are requests to webapps.
  Which is hardly surprising as a web services stack is typically implemented as a web application.
  If you could log in only a single user at the same time to an EJB application, it would be rather pointless to have the application as a distributed multiuser system :)
  What you might check is whether you're allowed to log in the same user several times, if I remember correctly this can be limited in the EJB module deployment descriptors.

• Java Web Services Security with 10.1.2.1

  I have developed a Java Web Service with J Developer 10.1.2.1 which was deployed onto Oracle 10.1.2.1 application server. Now I have to implement Security for this Web Service (similar to ws-security etc.,), how I can achieve Security with 10.1.2.1?
  J Developer 10.1.3.1 seems to have the feature to implement Web Service Security, but a Java Web Service developed using J Developer 10 .1.3.1 with security enabled cannot be deployed onto Oracle 10.1.2.1 application server.
  Please help as how I can implement Java Web Service Security with 10.1.2.1?
  Email: [email protected]
  Thanks for the help in advance.

  You can use Oracle Web Services Manager to virtualize the end point and still implement WS-Security.
  Thanks
  Ram

• Soap request with attachment --problem in deploye to jboss useing Jdevelope

  using Jdeveloper and oc4j application server i made two application.
  In application one i exposed a web service method.In this application their is a handler class which able to handle soap request and response with attachment.
  In application two a client is sends a soap request with attachment.
  If i deploye it in oc4j it is working fine. But if i Deploye to JBoss server [i made a jboss application server connection] and then trying to send the soap request with attachment from the client application i gets the following errors--
  Exception in thread "main" javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:152)
       at etrans.TripBean.a.ClientGateWay.msgEnvelope(ClientGateWay.java:50)
       at etrans.TripBean.a.ClientGateWay.main(ClientGateWay.java:60)
  Caused by: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:148)
       ... 2 more
  Caused by: javax.xml.soap.SOAPException: Message send failed: Connection refused
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:458)
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(HttpSOAPConnection.java:865)
       ... 4 more
  Caused by: java.net.ConnectException: Connection refused
       at java.net.PlainSocketImpl.socketConnect(Native Method)
       at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
       at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
       at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
       at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
       at java.net.Socket.connect(Socket.java:516)
       at java.net.Socket.connect(Socket.java:466)
       at java.net.Socket.<init>(Socket.java:366)
       at java.net.Socket.<init>(Socket.java:208)
       at javax.net.DefaultSocketFactory.createSocket(SocketFactory.java:202)
       at HTTPClient.HTTPConnection.getSocket(HTTPConnection.java:3115)
       at HTTPClient.HTTPConnection.doConnect(HTTPConnection.java:3858)
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:2921)
       at HTTPClient.HttpOutputStream.close(HttpOutputStream.java:421)
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.sendMessage(HttpSOAPConnection.java:724)
       at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:373)
       ... 5 more
  Am i made any mistake to deploye to jboss or it is not possiable to access the web service in such way?
  please suggest me what is the procedure to recover from this.

  Hello,
  How do you package you WS client application to be deployed in JBoss?
  The JAX-RPC clients are not that portable you may need to recompile the client with JBoss WebService implementation/tools, and check that you do have the different deployment descriptors for the client too.
  Regards
  Tugdual Grall

• How to send request to web service using .pem certificate.

  Dear All,
  I have a .pem, WSDL file and (Request and Response format), this files are provided by the customer, now I have generated the ServiceClass using WSDL file using wsdl.exe.
  Now when I send the request I am getting error as "The underlying connection was closed: An unexpected error
  occurred on a send" when I told my customer to remove the certificate validation from their web service the "Request
  and Response both are working fine".
  When I opened the .pem file in notepad the content was 
  -----BEGIN CERTIFICATE-----
  dfkhdfhsdfghgfjhAklajdaJHZKkjjHAKJhjkhkjhkjhkjhkjJKJHKJ......................................
  /R-----END CERTIFICATE-----
  and nothing else was there as per my client my code is proper for sending request to web service but the using of file i.e .pem file is not proper.
  I want to know what else I have to do my customer have given me only .pem file with -----BEGIN CERTIFICATE-----  and -----END CERTIFICATE----- nothing else in the file.
  Can anybody please help me in this, below is my code snapshot.
  try
  var pem = System.IO.File.ReadAllText(Application.StartupPath + "\\server_selfsigned.pem");
  byte[] certBuffer = GetBytesFromPEM(pem, "CERTIFICATE");
  SMSService sms = new SMSService(txtURL.Text.Trim());
  sms.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate2
  (certBuffer));
  SMSRequest smsReq = new SMSRequest();
  smsReq.UID = "2000";
  smsReq.SMSDetails = new SMSRequestSMSDetails { MessageText = txtMessage.Text.Trim(), MobileNumber = txtMobile.Text.Trim() };
  SMSReponse smsRes = sms.sendSMSOperation(smsReq);
  MessageBox.Show(smsRes.Code + " = " + smsRes.Message + " = " + smsRes.Status);
  catch (Exception ex)
  MessageBox.Show(ex.Message);
  Thanks in advance.
  Best Regards,
  Manoj Gupta.

  Hi,
  This issue might be due to the invalid .pem certificate file.
  Make sure to include the beginning and end tags on each certificate.                   
  The result should look like this:                
  -----BEGIN CERTIFICATE-----
  (Your Primary SSL certificate: your_domain_name.crt)
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  (Your Intermediate certificate: DigiCertCA.crt)
  -----END CERTIFICATE-----
  For more detailed information, you could refer to:
  https://www.digicert.com/ssl-support/pem-ssl-creation.htm
  Regards

• Details for 'Is Web service security available?'

  Hi i am working on scenario rfc to webservice.Its as secued webserivce i need to do ssl configuration.
  In component monitoring..for the integration engine its in yellow...
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
  can any one please help me out..
  Thanks
  sriram

  I have already installed certificates on the j2ee engine & i have given the paramaters for keystore entry & keystore value.Still i have the same error
  In component monitoring
  For integration engine
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client) 
  In message monitoring
  Audit Log for Message: f614df00-e9e0-11da-95ef-0004ac577b32
  Time Stamp Status Description
  2006-05-22 15:18:58 Success The message was successfully received by the messaging system. Profile: XI URL: http://saptst01:51000/MessagingSystem/receive/AFW/XI
  2006-05-22 15:18:58 Success Using connection AFW. Trying to put the message into the request queue.
  2006-05-22 15:18:58 Success Message successfully put into the queue.
  2006-05-22 15:18:58 Success The message was successfully retrieved from the request queue.
  2006-05-22 15:18:58 Success The message status set to DLNG.
  2006-05-22 15:18:58 Success Delivering to channel: ZCH_VERISIGNPPGR
  2006-05-22 15:18:58 Success SOAP: request message entering the adapter
  2006-05-22 15:18:58 Success SOAP: call failed
  2006-05-22 15:18:58 Error SOAP: error occured: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter
  2006-05-22 15:18:58 Error Exception caught by adapter framework: Peer sent alert: Alert Fatal: illegal parameter
  Can any one please help me out.
  Thanks
  sriram

• Web service security in PI

  Mine is PROXY to SOAP asynchronous.
  PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
  so that at receiver statem they can validate the user using these.
  When i am calling webservice from soapui with the header parameters
  Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>xxxxx</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
  <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
  <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  What configuration needs to be done in PI.

  I got this in Runtime work bench
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  - <SOAP:Header>
  - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
    <sap:MessageClass>ApplicationMessage</sap:MessageClass>
    <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
  - <sap:Sender>
    <sap:Party agency="" scheme="" />
    <sap:Service>test2310</sap:Service>
    </sap:Sender>
  - <sap:Receiver>
    <sap:Party agency="" scheme="" />
    <sap:Service>test_serivce</sap:Service>
    </sap:Receiver>
    <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
    </sap:Main>
  - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
    </sap:ReliableMessaging>
  - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:TraceLevel>Fatal</sap:TraceLevel>
    <sap:Logging>On</sap:Logging>
    </sap:Diagnostic>
  - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
  - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
    <sap:Engine type="BS">test_serivce</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
    <sap:Engine type="IS">is.68.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
    <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    </sap:Hop>
    </sap:HopList>
    </SOAP:Header>
  Edited by: Vamsi on Jul 15, 2009 7:06 PM

• How can I authenticate and authorize with Web Service on ESB ?

  Hello,
  I want to authenticate and authorize client with Web Service published
  by HTTP/SOAP BC.
  Simply if it is an Web Service as J2EE application, I will use
  Basic Authentication with JAX-RPC and Realm.
  But I think that Web Service published by HTTP/SOAP BC is not belong
  to J2EE Application. Threre is no place to describe security role mapping
  (like web.xml).
  JBI 1.0 the section "5.5.1.1.3 Normalized Message Properties" comments
  JAAS Subject is given in the NM Properties. Really in this package
  com.sun.jbi.internal.security.*
  implements JAAS autentication and authorization (at JaasAuthenticator).
  But I can't see how to configure my Service to use this.
  How can I authenticate and authorize with Web Service on ESB ?
  I referred to the resources.
  Mutual Authentication for Web Services: A Live Example
  http://developers.sun.com/prodtech/appserver/reference/techart/mutual_auth.html
  XML and Web Services Security
  http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security7.html
  JAAS Authentication Tutorial
  http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
  Thanks,
  Takurou
  - environment ---------------------------------------------
  OpenESB : Project Open ESB Starter Kit
  AppServer : Sun Java Systems Application Server 9.0 PE
  OS : Windows XP
  I don't assume to use SSL (if It's necessary I will try).
  User information is stored in a LDAP Server.
  -----------------------------------------------------------

  Hello,
  I read this resource.
  SecurityDesign
  http://www.glassfishwiki.org/jbiwiki/Wiki.jsp?page=SecurityDesign
  Then I think [non-ssl and ssl/tls and so on] securing by basic authentication is ongoing feature at this time.
  But I can't see well why this page comments 'HTTP over SSL, TLS'.
  HTTP/SOAP Binding Component Overview
  http://download.java.net/general/open-esb/docs/jbi-components/httpsoap-bc.html
  Does BC support only "SSL server authentication" ?
  Doesn't BC support "SSL client authentication" by username/password ?
  Thanks,
  Takurou

• "Define Web Service" - Security Issues

  Hello all,
  I have successfully defined a Web service with the wizard in ID. So I already have my WSDL file.
  Now, I need to use this WSDL file from a Web Application that exposed to all public internet. 
  Now my question is, how is security managed for this web service? I mean, if the web service is exposed to any user of the web application in the internet, how can I assure that, the information in the WSDL file will not be used to access the XI Server with out authorization?
  Who should be in charge of the security, the web application? the web service? or xi?
  Thanks,
  Felipe

  If you are using the SOAP Adapter for receiving the information it provides the features like
  1. HTTP without Client Authentication
  2. HTTP with Client Authentication
  Even you can select Security Prameters like
  1. Web Service Security
  2. S/MIME
  If you configure all this then which other kind of security you are looking for.
  Gaurav Jain
  Reward Point if answer is helpful

• Web Services Security Sample

  I colud not understand that:
  "9.The mail also contains links to the Root Certificate using whose key your Certificate was signed. Follow the link and click Accept. This install the root
  certificate in your browser.(Use Internet Explorer)."
  in the Web Services Security Sample Installation.
  Is there clear info for this and "Get a Client Certificate"?
  Thanks...

  When you get the certificate client certificate from Verisign( or any certificate authority), you also need a root certificate from Verisign which says that this client certificate was given by Verisign.
  When you provide all your info to Verisign (along with certificate request) you get the client certificate to your email address (which you gave to Verisign for sending certificate). This email address also contains the link to root address which you need to obtain in order to validate your certificate. Follow the link and do as instructed to import the root certificate in Internet Explorer. The root certificate will be imported into IE with the name "VeriSign authorized testing only.No assurances" in "Trusted Root Certificate Authorities tab"
  Your Oracle Wallet manager, Internert Explorer etc will accept and use the client certificate only if the corresponding root certificate is present.
  Hope this clarifies the doubt.
  Chandar