Web Services Security Sample Install Document

PRODUCTS

Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

TECHNOLOGIES

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Technologies A-Z

ARCHITECTURE

Enterprise Architecture
Enterprise 2.0
Grid
Service-Oriented Architecture
Virtualization

COMMUNITY

Join OTN
Oracle ACEs
Oracle Mix
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

Printer View

E-mail this page

Bookmark

Web Services Security Sample Installation

Database Setup

a. Log into SQLPlus as system/manager.

b. Create two users "security" and "creditdb" as follows:

    SQL> create user security identified by security;
    SQL> grant all privileges to security;
    SQL> create user creditdb identified by creditdb;
    SQL> grant all privileges to creditdb;

c. Log into SQLPlus as security/security. Run the file Security.sql which creates the tables needed by this
application and populates the tables with data.

SQL> @d:\<temp>\sql\Security.sql

where <temp> is the directory where you have extracted this sample.

d. Log into SQLPlus as creditdb/creditdb. Run the file Creditdb.sql which creates the tables needed by this
application and populates the tables with data.

SQL> @d:\<temp>\sql\Creditdb.sql

where <temp> is the directory where you have extracted this sample.

Oracle Java SSL libraries

The files jcert.jar, jsse.jar and jssl-1_2.jar are needed for running this sample. They are available in the following directories

    jsse.jar - <IAS_HOME>/lib
    jcert.jar - <IAS_HOME>/jdk/jre/lib/ext
    jssl-1_2.jar - <IAS_HOME>/jlib

Copy them to <IAS_HOME>/jdk/jre/lib/ext directory so that these classes are loaded by the System class loader.

Note: If this step is not followed, the application will throw a ClassNotFoundException.

Compile the Web Service

a. From the command prompt, traverse to the CreditCardService\src directory.

b. Edit the file ConnectionParams.java and substitute the variable values with your settings. Make sure to have the
username and password as "creditdb" and creditdb"

c. Make sure to have classes12.jar (JDBC library) in the CLASSPATH. This library is available in
IAS_HOME/jdbc/lib directory.

d. Compile the source files as follows

javac *.java

e. Copy the created class files into WEB-INF\classes directory.

f. Go to the parent directory CreditCardService and create a WAR file as follows

jar -Mcvf CreditCardValidator.war WEB-INF\*

This creates a WAR file in the CreditCardService directory.

Deploy the Web Service to Oracle9iAS through Enterprise Manager

a. Access the Enterprise Manager Web Site as follows http://<hostname>:1810
Provide the admin user name and password as per your settings. Default username is ias_admin and the
password should be the one given during Oracle9iAS installation.

b. Go the OC4J_home component by clicking on the link.

c. Click on the "Deploy WAR file" button in the OC4J_home page.

d. In the Deploy Web Application page, click on the "Browse" button and select the CreditCardValidator.war file
from the CreditCardService directory. Please note that this WAR file was created during the execution of step f
in the previous section.

e. Mention the name of the application as "CreditCardService".

f. Provide "/CreditCardValidator" as the value to the Map to URL attribute.

g. Click Deploy.

The above steps completes the deployment of the Credit card Web Service to Oracle9iAS.

Prepare the Online Store application

a. Open the workspace "WS_Security.jws" from the JSPApplication directory.

b. Edit the file ConnectionParams.java and substitute the variable values with your settings. Make sure to have the
username and password as "security" and "security".

c. This application needs a proxy stub for accessing the Web Service. This stub can be acquired by accessing the
    Web Service as follows
    http://<hostname>:<port>/CreditCardValidator/CreditCardValidator?proxy_source
    where <hostname> is the machine on which Oracle9iAS is running and <port> is Oracle HTTP Server port.

d. Save the zip file in any convenient directory and extract the file CreditCardValidatorInterfaceProxy.java in
<temp>/JSPApplication/src/oracle/otnsamples/webservices/security directory.
Note: <temp> is the directory where you had initially extracted this application.

e. Click on the project WS_Security.jpr and add the file CreditCardValidatorInterfaceProxy.java in this project.

f. Walk through the source to understand this file. Add the following lines in the method validateCard()

    System.setProperty("ssl.SocketFactory.provider","oracle.security.ssl.OracleSSLSocketFactoryImpl");
    System.setProperty("ssl.ServerSocketFactory.provider","oracle.security.ssl.OracleSSLServerSocketFactoryImpl");
    System.setProperty("java.protocol.handler.pkgs","HTTPClient");
    System.setProperty("oracle.wallet.location","/home1/otn9i/ClientCert/wallet.txt");
    System.setProperty("oracle.wallet.password","client12");

Note : The parameters oracle.wallet.location and oracle.wallet.password should be changed as per your settings. Remember, we exported the client certificate in text format. The value for oracle.wallet.location should be the complete path to this text file. Ensure to specify client12 as the value to the oracle.wallet.password parameter as this was mentioned while creating the client wallet.

g. Edit the file CreditCardValidatorInterfaceProxy.java Change the value of the m_soapURL variable to https and
the port to https port.

    For eg.
    private String m_soapURL = "http://insn104a.idc.oracle.com:7777/CreditCardValidator/CreditCardValidator";
    should be changed to
    private String m_soapURL = "https://insn104a.idc.oracle.com:4443/CreditCardValidator/CreditCardValidator";

Note: This is the port with which we have setup Oracle HTTP Server to use SSL.

h. Now we have to compile this application. For compiling this, we need to have the Oracle Java SSL libraries in
the CLASSPATH. The libraries jsse.jar, jcert.jar and jssl-1_2.jar can be added to the project's classpath as
follows:

    Right click on WS_Security.jpr -> Project Settings -> Development -> Libraries -> New. Provide a name to this
    library and click on Edit to add the jar files. Click OK to dismiss this dialog box. Make sure to have this library in
    the "Selected Libraries" list.

i. Right click on WS_Security.jpr -> Build Project. The project should compile without any errors.

j. Right click on webapp2.deploy and choose to deploy to an EAR file. This step creates an EAR in the
JSPApplication directory.

The above steps prepares the application which can now be deployed.

Deploy the Online Store application to Oracle9iAS

b. Go the OC4J_home component by clicking on the link.

c. Click on the "Deploy EAR file" button in the OC4J_home page.

d. Skip Step 1 of 8. In Step 2, click on the "Browse" button and choose the file OTNStore.ear from the
JSPApplication directory. This EAR file was created as part of preparing this application. Mention the name of
the application as OTNStore. Click Next.

e. In Step 3, make sure that the value for URL Binding is /WS_Security. Click Next.

f. Skip Steps 4, 5, 6 and 7. In Step 8, Click on the "Deploy" button.

The application will now be deployed as an Enterprise application to Oracle9iAS. The application can now be accessed as shown here.

E-mail this page

Printer View

	About Oracle \| \| Careers \| Contact Us \| Site Maps \| Legal Notices \| Terms of Use \| Privacy