Pete Finnigan's Oracle Security Weblog

I noticed this evening when surfing around that a new Oracle related web log has been started by Colin Maxwell (I found his blog on Brian Duff's excellent http://www.orablogs.com - (broken link) orablogs website). I am always on the lookout for new Oracle and security information and Colin has provided this in one of hist posts yesterday entitled http://www.orablogs.com/cmaxwell/archives/000629.html - (broken link) Securing Web Services using JDev and WS-Security.

This is an interesting post for me as I am not a JDeveloper expert so I am happy to learn. Colin discusses some new wizards that are available in JDeveloper 10.1.3. These include wizards to help users specify WS-Security, WS-Reliability and WS-Management. Colin takes us through a step-by-step guide showing how to spot the pitfalls that might occur when using JDevelopers wizards to secure a web service.

Colin starts with creating a simple web service which can be secured; he shows us how to use the example key store first and then fires up the WS-Security wizard and discusses each of the screens and choices in detail. Colin then goes on to show us how to deploy the secured web service to the oc4j server along with the key store. He does this with an EAR deployment file. He deploys the web service and goes on to create a web service client which uses the "create proxy wizard", finally he goes on to test the client after building it and confirms with a packet monitor that the transmission is signed and encrypted.

This is an excellent article, http://www.orablogs.com/cmaxwell/archives/000629.html - (broken link) again it is available here.