Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

TECHNOLOGIES

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Technologies A-Z

ARCHITECTURE

Enterprise Architecture
Enterprise 2.0
Grid
Service-Oriented Architecture
Virtualization

COMMUNITY

Join OTN
Oracle ACEs
Oracle Mix
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

Printer View

E-mail this page

Bookmark

Online Product Store implementing security with Web Services using PKI

This document is organized into following sub-sections :

Overview of the sample application
Application Usecase Diagram
User Notes with Screen Shots
Dependencies (if any)
Installation and Configuration
Description of Sample files

Overview of the Sample Application

This Sample demonstrates an e-Business Application which implements security with Web services using PKI. As we are aware, Web Services is gaining momentum in the Industry and companies have started accepting it as a new way to conduct business over the Web. Web Services currently revolves around three important protocols: SOAP, WSDL and UDDI. These protocols have reached a stage of maturity and the focus now is on security with Web Services. There are two ways with which we can ensure security with Web Services. They are:

Security at Transport level
Security at XML level

Security at Transport level

Implementing security at the transport level means, securing the network protocol, a Web Service uses for communication. SSL is the Industry accepted standard protocol for secured encrypted communications over TCP/IP. In this model, a Web Service client will use SSL to open a secure socket to a Web Service. The client then sends and receives SOAP messages over this secured socket using HTTP. The SSL implementation takes care of ensuring privacy by encrypting all the network traffic on the socket. SSL can also authenticate the Web Service to the client using a digital certificate issued by a Certificate authority.

Security at XML level

There are some standards available for securing Web Services at XML level. They are:

XML Encryption
XML Digital signature API
XKMS (XML Key Management Specification)
SAML (Security Assertion Markup Language)

Since the standards for enabling security at XML level is at its infancy, this sample aims on securing Web Services at the transport level using the PKI infrastructure.

3 application users are created as part of running the SQL scripts as given in the Install.html file. Following is the information for accessing this application.

User ID	Password	Credit card Number
C101	welc0me	1234567887654321
C102	otn	1234567887654322
C103	welcome	1234567887654323

This sample application requires an User Id and a password for login. Once the sample users provide the above mentioned credentials, they can access the functionality provided by this application. Once the users successfully login to this application, they will be shown a catalog of products from which they can add items to their shopping cart. Once they decide to purchase the items, they can choose to buy the products where this application mandates the users to enter their credit card numbers. Once the users enter the credit card number shown above depending upon the User Id they have used, this application will contact the Credit Card Web Service via SSL thereby demonstrating how to access a Web Service securely.

Application Usecase Diagram

This section will include the usecase diagram of the sample application.

User Notes with Screen Shots

This section shows the user a glimpse about the application.

Figure 1.1- First Main Screen

On successful login the product listing page is displayed (Ref Figure 1.2)

Figure 1.2 - Product listing page

Dependencies ( if any )

Back To Top

No additional software is required.

Installation and Configuration

Refer to Install document of the sample for step-by-step instructions on extracting files, installing and configuring any other systems to successfully run this application.

Description of Sample Files

The directory structure of the deliverable ws_security.jar will be as shown below

Xxx is the top level directory.

Directory	Files	Description
Xxx\docs	Readme.html	This file
Xxx\docs	Install.html	This file has instructions required to deploy the application.
Xxx\sql	Security.sql	SQL script required for setting up the data required by the Online store which will be created in the "security" user schema
Xxx\sql	Creditdb.sql	SQL script required for setting up the data required by the Credit Card Web Service which will be created in the "creditdb" user schema
Xxx\CreditCardService	*.java	Directory containing the source of the Credit Card Web Service and the supporting files
Xxx\JSPApplication	*.java	Directory containing the source of the Online Product store and the supporting files

Please enter your comments about this sample in the OTN Sample Code Discussion Forum.

E-mail this page

Printer View

	About Oracle \| \| Careers \| Contact Us \| Site Maps \| Legal Notices \| Terms of Use \| Privacy