WS-Security support

Does Apex-3.1.1 support WS-Security? We need to configure our Apex application as a client to consume a SOAP web services that is secured using the WS-Security protocol.

Hi Drew,
Our next release of WLS will include WS-Security support. This will include
XML Signatures/Encryption etc.
Thanks,
Chris
"Drew Haller" <[email protected]> wrote in message news:[email protected]..
>
Does Web Logic have (or plan to have) any libraries for handling ws-security.
This would include token creation and parsing, XML signing, and encryption. If
so, where? If not, when?
Thanks,
Drew

Similar Messages

  • Does ADF security support sub-roles? If not are there plans to support it?

    hi,
    I have following scenario: there are dozens of regions and each region has dozen of facilities and each facility dozens of offices.
    I would like to setup Office roles to have Query permission only and create a new role OfficeUpdate role that has update permissions for this office data, and at the same time to inherit permissions from Office role (e.g. Query permissions), so if I assign a user to Office role he will be able to query only and if I assign him to OfficeUpdate role he will be able to query and update the office data because privilege will be inherited from Office role.
    User can be a member of different offices/facilities/regions. So I would like to, in order to simplify user management, to be able to assign a whole role as a member of another role. By doing this I wouldn't have to assign users to different roles all over again (all users assigned to a sub-role would automatically become members of main role as well) as this is time-consuming.
    But it seems that ADF security does not support this. It seems that ADF security can only deal with roles and not sub-roles? Roles and sub-roles are supported by oc4j container but it seems that ADF security does not support it.
    I would like first to be sure that my observation is correct, and if yes to find out if there are any plans to support sub-roles in future Jdev releases?
    And also if somebody knows, if Acegi or JsfAcegi security supports role-sub-role privilege inheritance?

    I created a testcase that excludes ADF Security and the same behavior can be reproduced, so the problem doesn't seem to be with ADF Security but JAZN.
    Need to further track this issue, but so far it appears that a member role is not sufficient to authenticate and authorize a container managed constraint as used by ADF Security for authentication. This could be a problem with the embedded OC4J only but also a general problem with settings on the system-jazn-data.xml. This is what I need to further evaluate.
    So for now I can't say that this isn't working in ADF Security because its not even getting there
    Frank

  • Is role base security supported by WLS 5.1?

    To what extent is role based security supported by servlets under WLS 5.1?
              Declarative role based security does not seem to be supported?
              Are any of the following methods supported?
              HttpServletRequest.isUserInRole()
              HttpServletRequest.getUserPrincipal()
              If so, where are the roles declared? Where is the role/principal mapping
              done? Does getUserPrinicipal() return the principal using the WLS security
              realm?
              Thank you.
              Marko.
              

    Cool. Bonus mystery feature. I will call support.
              Thanks Winston.
              Marko.
              Winston Koh <[email protected]> wrote in message
              news:[email protected]...
              > no, i am not referring to ACL. to my knowledge, the servlet security
              > features docs do not make it into the WLS 5.1. I understand its a bit hard
              > to use the features properly without proper documentation. contact support
              > for more info
              >
              > thanx
              >
              > Winston
              > Marko Milicevic <[email protected]> wrote in message
              > news:[email protected]...
              > > The only servlet authorization mechanism I can see documented is ACL's.
              > Is
              > > this what you are referring to Winston? If so, I believe ACL are
              > different
              > > than declarative role based security. An ACL grants access to a servlet
              > for
              > > a set of principals (users and/or groups). But a role is not a
              > prinicipal.
              > > A role name is mapped to a set of principals.
              > >
              > > If you are referring to roles, can you give a URL to the documentation
              > which
              > > discusses this?
              > >
              > > Thanks Winston.
              > >
              > > Marko.
              > > .
              > >
              > > Winston Koh <[email protected]> wrote in message
              > > news:[email protected]...
              > > > both declarative and programmtic based security roles are supported by
              > WLS
              > > > 5.1.
              > > >
              > > > if you don't specify any specific security realm in the
              > > weblogic.properties
              > > > file, a default WebLogic Security realm is assumed. you could specify
              > the
              > > > group and its associated users and passwords there in the properties
              > file.
              > > > in the web.xml file associated with each web app, you could speciify
              the
              > > > security constraints for each servlet
              > > >
              > > > I would imagine when accessing a secured servlet within a web app, a
              > > client
              > > > would supply her credentials thru some sort of authentication, and
              based
              > > on
              > > > the credentials, we find out the role name from the
              weblogic.properties
              > > file
              > > > which in turn mapped to the web.xml which specify the security role
              that
              > > > could access the particular servlet. if the role matches, access to
              the
              > > > servlet is granted
              > > >
              > > > refer to WL Docs for more specific details
              > > >
              > > > thanx
              > > >
              > > > Winston
              > > > Marko Milicevic <[email protected]> wrote in message
              > > > news:[email protected]...
              > > > > To what extent is role based security supported by servlets under
              WLS
              > > 5.1?
              > > > >
              > > > > Declarative role based security does not seem to be supported?
              > > > >
              > > > > Are any of the following methods supported?
              > > > >
              > > > > HttpServletRequest.isUserInRole()
              > > > > HttpServletRequest.getUserPrincipal()
              > > > >
              > > > > If so, where are the roles declared? Where is the role/principal
              > > mapping
              > > > > done? Does getUserPrinicipal() return the principal using the WLS
              > > > security
              > > > > realm?
              > > > >
              > > > > Thank you.
              > > > >
              > > > > Marko.
              > > > > .
              > > > >
              > > > >
              > > > >
              > > >
              > > >
              > >
              > >
              >
              >
              

  • No up messages by email from security support team

    no up messages by email from security support team

    Hi lamarche,
    Welcome to the HP Support forums.  I see that you were having difficulties sending an ePrint job from a Gmail address.
    Are you still experiencing this issue?  I have checked with HP’s Cloud Services and I know that just recently there was a minor service disruption with Gmail being able to successfully send print jobs to any of the HP ePrint printers but it should now be resolved.
    If you are still experiencing this issue, please call HP’s Cloud Services at 1-855-785-2777 if you live in the USA/Canada region. If you live outside the USA/Canada region please click here to find the Technical Support number for your country/region.
    Regards,
    Happytohelp01
    Please click on the Thumbs Up on the right to say “Thanks” for helping!
    Please click “Accept as Solution ” on the post that solves your issue to help others find the solution.
    I work on behalf of HP

  • HT5699 I forgot my security support question and answer, what should i do?

    I forgot my security support question and answer, what should i do

    See Kappy's great User Tips.
    See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities https://discussions.apple.com/docs/DOC-4551
    Rescue email address and how to reset Apple ID security questions
    http://support.apple.com/kb/HT5312
    Send Apple an email request for help at: Apple - Support - iTunes Store - Contact Us http://www.apple.com/emea/support/itunes/contact.html
    Call Apple Support in your country: Customer Service: Contacting Apple for support and service http://support.apple.com/kb/HE57
     Cheers, Tom

  • About End of Vulnerability/Security Support OS SW

    Hello Expert,
    In SNTC portal or SNTC offline report, can we dig out the End of Vulnerability/Security Support OS SW (The last date that Cisco Engineering may release a planned maintenance release or scheduled software remedy for a security vulnerability issue)
    Thanks,
    Cristan

    SNTC does report on various "EOX" milestone alerts.  Please see the "Product Alerts" tab in the portal and drill into the Software Alerts section.  In there you'll find various "EOX" announcements related to devices in the customer's inventory.
    If you need more details, which it appears you want, you'll also find a URL that you can click that will take you to additional details on the "EOX" alerts.

  • ¿First-hop security support on 3750/4500/7600 platforms?

    Hello team:
    I am helping in the "IPv6 readiness assessment" of an infrastructure.
    I checked on Feature Navigator for First-hop Security support (ND Inspection, RA Guard, Device Tracking, ..) and found that only the CAT6K supports it.
    ¿Do you know if platforms like 3750, 4500 or even 7600 (the customer uses it like a Layer 2 switch in some segments) have the same support or if at least there is a plan for them?
    Your kind answers will be greatly appreciated.
    Best regards, Rogelio

    You can at least use inbound layer 3 ACL's to limit clients on 3750 switches, e.g.
       sdm prefer dual-ipv4-and-ipv6
       reload 
       ipv6 access-list v6client
       deny udp any eq 547 any eq 546
       deny icmp any any router-advertisement
       deny icmp any any redirect
       permit ipv6 any any
       interface Gi1/0/20
       ipv6 traffic-filter v6client in
    Abusive clients who deliberately fragment ICMPv6 packets containing long chains of next header options which don't occur in the first packet might be able to evade these ACL's, at least until Cisco starts rejecting fragmented ICMPv6 in line with current RFC recommendations.
    -- Jim Leinweber, WI State Lab of Hygiene

  • Is HR Org based security supported in OBIA

    Hi all
    I just wanna know whether HR Org-based Security is supported in OBIA with Oracle Apps as Source ?
    We have already implemented security based on Business Group Id and it is working good.
    Now we want to implement the security based on Organization ID.
    Plz advice..
    Thanx

    Hi all
    I just wanna know whether HR Org-based Security is supported in OBIA with Oracle Apps as Source ?
    We have already implemented security based on Business Group Id and it is working good.
    Now we want to implement the security based on Organization ID.
    Plz advice..
    Thanx

  • HTTP Strict Transport Security support in Weblogic 10.3.3+

    Hi Gurus,
    1) Does Weblogic 10.3.3+ support HTTP Strict Transport Security (HSTS)?
    2) Has anyone experienced with implementation of the HTTP Strict Transport Security (HSTS) header in Weblogic 10.3.3?
    Thanks in advance.
    James

    Hi John,
    Here are your answers :)
    1) WebLogic 10.3 supports SCA. The Tech Preview, as its name tells, was a preview of the final release which is now out. The full package installer will provide the latest version of WebLogic 10.3.
    2) Since the Tech Preview is incomplete compared to the version you can find on OTN, no need to download it.
    However, I experienced some problems using SCA on a sample domain.
    I had to unzip another complementary JAR to make it work. This JAR was supplied with the TP. I may send you a copy through email if you wish since the JAR is nowhere to be found.
    But please note that BEA has chosen to use a Fabric3 implementation. Oracle has its own. Thus I don't think this SCA implementation will last long in WebLogic ... (http://fabric3.codehaus.org/)
    I bet that in a very next future, with the 11G version, SCA will full work and won't have anything to do with Fabric3.
    Hope this helps.
    Regards.
    Edited by: Maxence Button on Nov 9, 2008 2:52 PM

  • Oracle OC4J: JAZNUserManager ready, now adding SSL security support...

    Hello,
    I developed a J2EE application with FORM
    based authentication security using the JAAS
    JAZN Oracle support for encrypted passwords.
    Now I would like to find the way to send it
    as encrypted data with SSL but don't know
    how to do it...
    I already tried adding something
    declaratively like:
    my web.xml
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>index.jsp</form-login-page>
    <form-error-page>login_error.jsp</form-error-page>
    </form-login-config>
    <security-constraint>
    <web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    But I only got it refusing to send any data... I guess there
    should be a way to do it?
    I also tried:
    <login-config>
    <login-config>
    <auth-method>CLIENT-CERT</auth-method>
    </login-config>
    </login-config>
    but again I received an error message stating I didn't
    have any valid certificates?
    Can anyone help please,
    Best Regards,
    Giovanni

    hi
    I just found a URL to a security guide on this forum, maybe it can help you.
    http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/core.902/a90146/toc.htm
    succes
    -Jan

  • I have a mac and continue to get messages to update to firefox 7.0 for security support is that from mozilla or a some thing else.

    I continue to get messages to upgrade firefox to a 7.0 version for security upgrade<, is this from firefox or a suspicious message. it does not use the firefox logo.

    You can use the portable Firefox version for websites that only work with older Firefox versions.
    You can find the portable Firefox 2.0.0.20 version under "Mozilla Firefox, P.E. Legacy > Mozilla Firefox":
    Win: http://sourceforge.net/projects/portableapps/files/Mozilla%20Firefox,%20P.E.%20Legacy/
    Are you sure that the HSBC bank site only supports such an old Firefox version?
    A bank site should known better then to force visitors to use old and no longer supported browser versions.
    Can you post a link to a page that you can access without authorization (log in) that gives such an error message ?
    Do they have a help page that list supported browsers?

  • End of Tiger security support?

    "Security Update 2009-6 Client" has been posted for Leopard, and the same new security features are included in Snow Leopard OS X 10.6.2, also released today.
    Details here:
    http://support.apple.com/kb/HT1222
    and
    http://support.apple.com/kb/HT3937
    All previous security updates had a Tiger version, but there has been no mention of an update for Tiger this time, at least not so far.

    I also use Firefox and NoScript for browsing.
    Security Update 2009-6 for Leopard included many vulnerability fixes, but the following vulnerabilities on the list seemed to be among the most important for the average user, and are presumably still present in Tiger:
    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
    Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution
    Impact: Downloading a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
    Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution
    Impact: Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution
    These seem to me to be possible openings for new Trojans to exploit. I would hope, though, that unless password-authenticated, the damage they could do via "arbitrary code execution" would still depend on the privilege level of the user account that ran them.
    I think one change that I will probably make now is something that a number of people have advocated all along - have a separate admin account for use only when truly needed, and change my "main" everyday user account to a standard account. I'm even wondering if it is worthwhile to have two standard accounts - one just for internet browsing, and the other to hold important stuff such as documents, music, etc.
    Of course you still have to be very careful if asked to "authenticate" a download with an admin password - that grants access to the entire system.

  • Internet Explorer Security Support on Windows 7 & WIndows 2008 Std Server

    I have an app page (tomcat https) that i was able to open from a windows 7 professional remotely but could not open from a windows 2008 std server.  Is there a security settings I need to disable from windows 2008 std server?  The firewall is disabled. 
    Both Win 7 & 2008 is on the same network.
    Thanks in advance.
    DT

    Hi,
    I need the error information from the Internet Explorer, if the error code is 404 that should be the webpage is not correctly developed, error code 500 means the tomcat server is not available, you should check the tomcat server, or another situation is
    the port number is in use by another application, normally the default port number is 8080, you can  try another port number in the comcat configuration file  to see the result.
    Regards
    Wade Liu
    TechNet Community Support

  • Please consider continuing security support for 3.6.25!

    Ever since i upgraded from ff 3.6 to 3.6.24, i get this error message every time i open firefox: ff cannot install the update. please make sure another version is not already running." then i click ok and the window opens to the home page. i do have 3.6.25 now, so the updates must be working despite this error message.
    The larger question for myself and probably others on older computers is this:
    If security for firefox 3.6 is being discontinued in the 1st quarter of this year, where does that leave us? We can't all afford new computers with the right speed of pentium processors. I have an old computer with an intel processor. Will I and others with intel or lower number pentium processors be unable to continue using firefox? I would gladly buy some memory, but the processor issue I cannot fix.
    i understand that things move with the times, and that the new improved versions are bigger and better. Still, I ask the FF team to please consider those of us who can't afford buying new computers, or keep up with the CPU loads from the latest versions.
    Won't the ff team please continue security for older versions, or come up with something smaller and lighter on resources for us? This upgrade is going to leave a lot of people behind who would rather stick with FF. I'll have to use chrome or opera, which is OK i guess, but FF has been my default browser for many years. I hate the thought of losing FF; it's been the best for years!

    Your computer is fast enough with a 3.33 GHz processor.<br />
    The only problem is the amount of RAM (368 MB), so maybe try to get an extra 512 MB RAM and it shouldn't be a problem to run current Firefox releases.<br />
    Having a sufficient amount of physical RAM is more important than the processor speed.

  • Staying Safe and Secure With Verizon's Premium Tech Support, Online Security, Cloud Storage Solution

    NEW YORK – No one wants to worry about online threats or how and where to store their many files. A new solution from Verizon will ease these concerns.
    The Security, Support & Storage Bundle provides Verizon small-business and residential  customers with comprehensive protection from viruses and malware on many connected devices; premium tech support to help keep customers’ technology running smoothly; and cloud storage for files, videos, photos and more.

    All I have to say about that is, "People fear what they do not know." Everyone has a comfort zone. Some people's comfort zone is larger than others, or encompasses different aspects of life. Most Windows users aren't comfortable with Mac or Unix operating systems. Most English speakers aren't comfortable with foreign languages. Most two-year-olds aren't comfortable with spinach.
    C'est la vie.
    If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
    "All knowledge is worth having."

Maybe you are looking for