How to Use JDeveloper 10.1.3 to Secure and Test a Web Service using a Remote Client
(Doc ID 947993.1)
Last updated on SEPTEMBER 07, 2021
Web Services - Version 10.1.3.1.0 to 10.1.3.4.0 [Release Oracle10g] Information in this document applies to any platform.
The purpose of this note is to detail the steps to use JDeveloper 10.1.3 to secure and test a web service when not using a self contained environment; that is, in a system using where the client is remote to the server, and the SSL communication is occurring in both directions.
This how-to shows how JDeveloper 10.1.3 can be used to develop, secure and test a web service.
JDeveloper provides a testing environment for securing and adding self-signed keypair integrity and encryption details to both the service and proxy to ensure the service is being used by an authenticated user, has not been tampered with in transit and cannot be read by a 'man-in-the-middle' attack.
Sun's Keytool utility is used to create RSA self-signed certificates in a keystore to test security of the service.
JDeveloper is used to deploy the secured service and keystore to OC4J. To maintain password security, the OC4J console is then used to add passwords from the keystore. JDeveloper is used to create a secure proxy to test the running, secured service. Finally, using the HTTP Analyzer, you can review the signed and encrypted SOAP messages being sent and received by the server.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!