Overriding Policies Using a Deployment Plan Testing Secured Services using CAVS
26.2.2 Invoking Secured Application Services
To invoke a secured web service: 1. Determine what type of security is needed. AIA recommends using WS-security for authentication, encryption and integrity.2. Check if the global security policy is sufficient for the web service.
3. Find the WS-policy with the appropriate combination of features.
For example, if you need encryption and integrity, then you must find the policy which does both encryption and integrity.4. Attach policy to service to enable security for a service.
For more information about how to attach policies, see Attaching Policies to Web Services in the Oracle Fusion Middleware Security and Administrators Guide for Web Services.5. Configure policies.
You may need to perform additional configurations for each policy. In the case of WS-Security client side basic authentication policy, you must do the following:1. Configure credential store.
2. Add the UserID and password associating with a key into the store.
3. Use the key in the policy.
For more information about how to configure each policy, see Configuring Policies in the Oracle Fusion Middleware Security and Administrators Guide for Web Services.6. Diagnose problems.
For more information about how to diagnose problems, see Diagnosing Problems in the Oracle Fusion Middleware Security and Administrators Guide for Web Services.26.2.3 Overriding Policies Using a Deployment Plan
AIA Foundation Pack provides infrastructure to override the global policies in a declarative way. To override the policy, service developers must: 1. Create service configuration file as described in section Section 26.6.3, AIA Security Configuration Properties. 2. Place it in the project folder.26.2.4 Testing Secured Services using CAVS
To test secured services using CAVS, the element cavs:CAVSRequestInput_1 should have the element shown in Example 26–1 under the soap:Envelope. Working with Security 26-5 Example 26–1 soap:Envelope Content soapenv:Header wsse:Security xmlns=http:docs.oasis-open.orgwss200401oasis-200401-wss-wssecurity- secext-1.0.xsd xmlns:wsse=http:docs.oasis-open.orgwss200401oasis-200401-wss-wssecurity- secext-1.0.xsd wsse:UsernameToken Username[user name]Username Password[pwd]Password wsse:UsernameToken wsse:Security soapenv:Header If you are using a default user in the Identity store, then [user name] = weblogic and [pwd] = weblogic1.26.3 Security for Applications
This section contains the following topics: ■ Section 26.3.1, Enabling Security in Application Services ■ Section 26.3.2, Invoking Secured AIA Services26.3.1 Enabling Security in Application Services
You can use the built-in capabilities of participating applications to enable security for services. If you need to choose a product for enabling security, check if Oracle WSM has agent support for the application, and if so, use Oracle WSM. If the applications can enable any kind of security, use Web service security for authentication, encryption, and integrity. Otherwise, you can use SSL to secure the connection.26.3.2 Invoking Secured AIA Services
When interacting with an AIA service that is enabled for WS-security, you must add a security header in the SOAP header with all the information needed for security functions on AIA service. Based on the security of the AIA service, you must add information for any combination of authentication, encryption and integrity. Example 26–2 is a sample of a security header for authentication. Example 26–2 Security Header for Authentication wsse:Security env:mustUnderstand=1 wsse:UsernameToken wsu:Id=UsernameToken-dXtD14011QZUTlfIaSrMhw22 wsse:Usernameweblogicwsse:Username wsse:Password Type=http:docs.oasis-open.orgwss200401oasis-200401-wss-username-token- profile-1.0PasswordTextweblogic1wsse:Password wsse:UsernameToken wsse:Security If the AIA service requires SSL, then the application should configure SSL for both one way and two-way SSL.Parts
» Oracle Fusion Middleware Online Documentation Library
» How to Use the AIA Development Guide Introduction to Project Lifecycle Workbench
» Select a Service Type value: Requestor ABCS, Provider ABCS, Enterprise
» Use the query criteria in the Search area to locate the service solution component
» How to Set Up Environments to Enable Design-Time Harvesting
» Introduction to Bills of Material
» How to Generate a Bill of Material for an AIA Lifecycle Project
» How to View a Bill of Material for an AIA Lifecycle Project
» Introducing Project Lifecycle Workbench Seed Data
» Introduction Oracle Fusion Middleware Online Documentation Library
» Input for Deployment Plan Generator Executing Deployment Plan Generator
» Deploying New or Custom Built Artifacts
» Undeploying Services Oracle Fusion Middleware Online Documentation Library
» Understanding the ODIBOM.xml File
» Understanding the ODI Deployment Plan
» Understanding the Service Annotation Element
» Understanding the Reference Annotation Element Understanding the TransportDetails Element
» How to Annotate the Service Element in a Requester ABCS Composite
» How to Annotate the Service Element in Composite Business Process Composite
» Understanding EBS Types Working with the Enterprise Business Service Library
» Understanding Design Guidelines Understanding Design Considerations
» Creating Routing Rules Working with Message Routing
» Routing at the EBS Guidelines for EBS Routing Rules
» How to Implement Fire-and-Forget Pattern with EBS One-Way Calls Creating EBS WSDLs
» How to Implement the Request-Delayed Response Pattern with the Two One-Way Calls of the EBS
» ABCS Types Introduction to ABCS
» Defining the Role of the ABCS
» Constructing ABM Schemas Analyzing the Participating Application Integration Capabilities
» Introduction to MEPs Choosing the Appropriate MEP
» Outbound Interaction with the Application
» Using BPEL for Building ABCS
» Prerequisites Constructing an ABCS
» ABCS as a Composite Application How Many Components Need to Be Built
» How to Construct the ABCS Composite Using JDeveloper Developing the BPEL Process
» How to Create References, Services, and Components Moving Abstract Service WSDLs in MDS
» Setting Correlation for the Asynchronous Request-Delayed Response MEP
» Using the Programming Models for the Request-Delayed Response Pattern
» Create Invoking Enterprise Business Services
» Update Invoking Enterprise Business Services
» Delete Sync Invoking Enterprise Business Services
» Validate Invoking Enterprise Business Services
» Process Invoking Enterprise Business Services
» Query Invoking Enterprise Business Services
» Introduction to Enabling Requester ABCS for Extension
» Introduction to Enabling Provider ABCS for Extension
» How to Design Extensions-Aware ABCS
» Designing an ABCS Composite with Extension Defining Service at Extension Points
» How to Specify a Concrete WSDL at Deployment Time
» Interfacing with Transport Adapters
» How to Develop Transport Adapters When to Put Adapters in a Single Composite
» How to CAVS Enable the Requester ABCS Introduction to the CAVSEndpointURL Value Designation
» How to Ensure Transactions in AIA Services
» Transactions in Oracle Mediator Transactions in BPEL
» Developing ABCS to Participate in a Global Transaction How to Transaction-Enable AIA Services
» Guidelines for Versioning Versioning ABCS
» Introduction to Enterprise Business Flows
» How to Implement the EBF as a BPEL Service Overview of B2B Integration Using AIA
» B2B Support in AIA Error Handling Framework
» How to Identify the B2B Document Protocol
» How to Identify the B2B Document Type and Definition
» How to Identify the EBO, EBS, and EBM to Be Used How to Design Mappings for the B2B Document
» Introduction to a Provider B2B Connector Service How to Identify the Message Exchange Pattern
» How to Develop a B2BCS Service Contract
» How to Annotate B2B Connector Services
» How to Support Trading Partner-Specific Variants
» How to Enable Error Handling
» How to Route Based on Trading Partner B2B Preferences
» How to Test Using CAVS How to Test Using Dummy Trading Partner Endpoints
» Monitoring Using Oracle B2B Reports Monitoring Using Oracle Enterprise Manager Console
» How to Support Trading Partner-Specific Variants How to Enable Error Handling
» If an additional target is needed, click the Additional Target button on the Service
» Optionally, click the Save As button to save a service solution component request Click Finish.
» Updating SOA MDS with AIA MetaData Using MDS in AIA Content of AIA_HOMEAIAMetaData
» Working with AIA Components Content in AIA_HOMEAIAMetaData
» How to Change an Existing File How to Create a New File
» Introduction to the Tools Used
» Understanding Integration Styles with Integration Framework
» Bulk Data Processing Integration Style Choice Matrix
» Identifying the EBO Designing an Oracle AIA Integration Flow
» Enter your search criteria and click Search to execute a search for a particular
» Inbound Connectivity Outbound Connectivity
» When to Use Web Services with SOAPHTTP
» Session Management for Web Services with SOAPHTTP
» Error Handling for Web Services with SOAPHTTP
» Security for Web Services with SOAPHTTP Message Propagation Using Queues or Topics
» Ensuring Guaranteed Message Delivery When to Use JCA Adapters
» Outbound - Siebel Application Interaction with AIA Services Web Services with SOAPHTTP
» Inbound: E-Business Suite Application Interaction with AIA Services Concurrent Program Executable
» Business Event Subscription JCA Connectivity Using OAPPS Adapter
» Outbound: Oracle E-Business Suite Application Interaction with AIA Services
» Testing an Oracle AIA Integration Flow Design Guidelines
» Initial Data Loads High Volume Transactions with Xref Table Intermittent High Volume Transactions
» Using Error Handling Oracle Fusion Middleware Online Documentation Library
» Click OK to save your changes. Click the Generate and Deploy tab to deploy it on the OC4J server.
» Considerations for Creating Transformation Maps Handling Missing or Empty Elements
» How to Map an Optional Source Node to an Optional Target Node How to Load System IDs Dynamically
» Introduction to DVMs When to Use DVMs Using Cross-Referencing
» Standard Elements Introducing EBM Header Concepts
» Sender Introducing EBM Header Concepts
» Target Introducing EBM Header Concepts
» BusinessScope Introducing EBM Header Concepts
» Use Case: Request-Response Use Case: Asynchronous Process
» Use Case: Synchronous Process with Spawning Child Processes
» EBMTracking Introducing EBM Header Concepts
» Understanding Oracle BPEL Error Handling Understanding Oracle Mediator Error Handling
» What Do I Need to Know About Fault Policy Files
» How to Implement Fault Handling in BPEL Processes
» Guidelines for Defining Fault Policies
» Guidelines for BPEL Catch and Catch-All Blocks in Synchronous Request-Response
» Guidelines for Configuring Mediator for Handling Business Faults
» Overview Implementing Error Handling for the Synchronous Message Exchange Pattern
» Configuring Milestones Implementing Error Handling for the Synchronous Message Exchange Pattern
» Configuring Services Between Milestones
» Describing the EBMReference Element Describing the B2BMReference Element
» Describing the FaultNotification Element
» Introduction to Extending Fault Messages
» In the Error Extension Handler field on the Error Notifications page, enter the
» Introduction to Extending Error Handling Implementing an Error Handling Extension
» Synchronous Request-Reply Pattern: How to get Synchronous Response in AIA
» Asynchronous Fire-and-Forget Pattern AIA Message Processing Patterns
» Guaranteed Delivery Pattern: How to Ensure Guaranteed Delivery in AIA
» Service Routing Pattern: How to Route the Messages to Appropriate Service Provider in AIA
» Extending Existing Schemas in AIA
» Extending AIA Services Extending Existing Transformations in AIA
» Enabling Security for AIA Services
» Overriding Policies Using a Deployment Plan Testing Secured Services using CAVS
» Oracle AIA Recommendations for Policies
» AIA Security Configuration Properties
» Understanding the Structure for Security Context Using Attribute Names
» Interpreting Empty Element Tags in XML Instance Document
» Purging the Completed Composite Instances Syntactic Functional Validation of XML Messages
» Provide Provision for Throttling Capability Artifacts Centralization Separation of Concerns
» Adapters Inside ABCS Composite OR as Separate Composite AIA Governance
» Using BPEL as Glue, Not as a Programming Language
» Avoiding Global Variables Wherever Possible
» How to Use Baselines How to Handle Resource Saturation How to Use Proactive Monitoring
» How to Eliminate Bottlenecks
» How to Tune the Oracle Database Introducing Automatic Workload Repository
» Configuring Performance Related Database Initialization Parameters
» Tuning Redo Logs Location and Sizing Automatic Segment-Space Management ASSM
» Configuring Database Connections and Datasource Statement Caching
» Oracle Metadata Service MDS Performance Tuning
» Configuring SOA Infrastructure Properties
» Configuring BPEL Process Service Engine Properties
» Configuring BPEL Properties Inside a Composite
» Configuring Mediator Service Engine Properties
» How to Tune JMS Adapters How to Tune AQ Adapters
» Overview of AIA Error Handler Framework Purging the Completed Composite Instances
» How to Optimize the JVM Heap - Specifying Heap Size Values
» XML Naming Standards General Guidelines
» Composites Composite Business Process Enterprise Business Services
» Requester Application Business Connector Service Provider Application Business Connector Services
» DVMs DVMs and Cross References
Show more