print Printer View e-mail E-mail this page Bookmark Bookmark
Discuss this tutorial. Printable version (PDF).
Go to Contents page. Go to previous page. Go up a level. Go to next page.

 

 

Design

The Online Product Store demonstrates an e-Business application that uses Web Services to handle credit card-based transactions.There are two ways to ensure security with Web Services:

  • Security at XML level. Options include XML Encryption, XML Digital signature API, XKMS (XML Key Management Specification), and SAML (Security Assertion Markup Language).
  • Security at the transport level. Implementing security at the transport level means securing the network protocol a Web Service uses for communication. SSL is the industry-accepted standard protocol for secured encrypted communications over TCP/IP. In this model, a Web Service client uses SSL to open a secure socket to a Web Service. The client then sends and receives SOAP messages over this secured socket using HTTPS. The SSL implementation takes care of ensuring privacy by encrypting all the network traffic on the socket. SSL can also authenticate the Web Service to the client using the PKI infrastructure.

Because the standards for enabling security at XML level are in their infancy, OTN developers opted for security at the transport level using SSL and the PKI infrastructure. Oracle9iAS provides a solid framework for building and deploying Web applications using the Apache-based Oracle HTTP Server, Oracle9iAS Containers for J2EE, and Oracle9iAS Portal, which use the advanced security functionality provided by Oracle9iAS Infrastructure. Oracle9iAS Infrastructure consists of Oracle9iAS Metadata Repository, Oracle Internet Directory, Oracle9iAS Single Sign-On, and Oracle Management Server.

This sample application requires a user ID and a password for login. Three users are created by running SQL scripts given in the Install.html file. Following is the information for accessing this application.

User ID Password Credit Card Number
C101 welc0me 1234567887654321
C102 otn 1234567887654322
C103 welcome 1234567887654323

By providing credentials, a user gains access to a catalog of products from which they can add items to their shopping cart. To buy products, a user checks out and enters a credit card number, and this application contacts the Credit Card Web Service via SSL, thereby demonstrating how to access a Web Service securely.

The directory structure of the sample code is as shown below (Xxx represents the top-level directory).

Directory
Files
Description
Xxx\docs Readme.html Gives an overview of the application.

Install.html,

InstallContd.html

 These files describe how to install and deploy the application.
Xxx\sql Security.sql Sets up the data required by the Online Product Store which will be created in the "security" user schema.
Creditdb.sql Sets up up the data required by the Credit Card Web Service which will be created in the "creditdb" user schema.
Xxx\CreditCardService *.java Directory containing the source of the Credit Card Web Service and the supporting files
Xxx\JSPApplication *.java Directory containing the source code and supporting files for the Online Product Store.
Discuss this tutorial. Printable version (PDF).
Go to Contents page. Go to previous page. Go up a level. Go to next page.
E-mail this page
Printer View Printer View
Oracle Is The Information Company About Oracle | Oracle RSS Feeds | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Privacy