Deploying Oracle Beehive Web Services APIs

This page discusses ways to make Oracle Beehive Web services API available within and outside your enterprise while ensuring secure access to your Oracle Beehive deployment.

Authenticated access to Oracle Beehive Web services APIs should, by default, be available to all users in your enterprise. However, the configuration of your Oracle Beehive deployment varies depending on how users access Oracle Beehive Web services API.

Browser-Based Clients

A primary concern for the application developer is how to account for modern browsers' protection against Cross Site Scripting (XSS). These browser prevent an application (for example) served by the host a.us.oracle.com to make HTTP calls to another domain, such as beehive.oracle.com.

This section describes several solutions to enable browser-based clients to handle data across multiple domains while maintaining the integrity of your Oracle Beehive deployment.

Reverse Proxy

Note that this configuration is not supported for production environments.

In this configuration, Oracle Beehive's Apache HTTP server is used to send HTTP requests as proxy requests.

Rich Internet Applications

Rich Internet applications run a virtual machine within the browser. They have similar XSS JavaScript safeguards. However, they provide another way to enable your application to handle data across multiple domains.

This accomplished with a crossdomain.xml file placed in the root directory of the HTTP Server to which the client application would like to connect. You may use a master policy site to dictate the policy for whole site. The master policy specifies which local files are allowed to change permissions.

Refer to one of the following pages depending on which technology you are using to develop your application: