My Oracle Support Banner

How to Use JDeveloper 10.1.3 to Secure and Test a Web Service using a Remote Client (Doc ID 947993.1)

Last updated on SEPTEMBER 07, 2021

Applies to:

Web Services - Version 10.1.3.1.0 to 10.1.3.4.0 [Release Oracle10g]
Information in this document applies to any platform.

Purpose

Purpose


The purpose of this note is to detail the steps to use JDeveloper 10.1.3 to secure and test a web service when not using a self contained environment; that is, in a system using where the client is remote to the server, and the SSL communication is occurring in both directions.

For a self contained environment, please refer to the How-To document "Securing Web Services using JDeveloper and WS-Security".

Scope

Overview

This how-to shows how JDeveloper 10.1.3 can be used to develop, secure and test a web service.

JDeveloper provides a testing environment for securing and adding self-signed keypair integrity and encryption details to both the service and proxy to ensure the service is being used by an authenticated user, has not been tampered with in transit and cannot be read by a 'man-in-the-middle' attack.

Sun's Keytool utility is used to create RSA self-signed certificates in a keystore to test security of the service.

JDeveloper is used to deploy the secured service and keystore to OC4J. To maintain password security, the OC4J console is then used to add passwords from the keystore. JDeveloper is used to create a secure proxy to test the running, secured service. Finally, using the HTTP Analyzer, you can review the signed and encrypted SOAP messages being sent and received by the server.


Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
 Purpose
Scope
 Overview
Details
 Prerequisites
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.