Wednesday Apr 03, 2013

OWSM Mobile Agent for ADF Mobile

Oracle released Mobile Application development framework - called Oracle ADF Mobile sometime back. More details about the Oracle ADF Mobile framework can be found here.

In order to secure the REST/SOAP communication b/w the ADF Mobile App and the backend services - OWSM team has developed an OWSM Mobile Agent.

The capabilities right now are fairly limited - especially when you consider what is supported in the Non-Mobile case! The OWSM Mobile Agent only supports Basic Auth and Basic Auth over SSL and WS-Security Username Token and WS-Security Username Token over SSL policies.

More details about the policies supported can be found here. The good news is building a Mobile client to backend REST/SOAP web service is very similar to how you do in the "Big ADF" world i.e. you use Web Service Data Controls!

Here is the revised layered Service security diagram that I discussed initially in this post:

layered service security

P.S:I didn't see an example of how to build a Mobile App that can make Web Service calls on the Oracle ADF Mobile page; if time permits - I will post some How To's on this front...

Update: Some folks pointed me to this blog post on ADF Mobile Introduction that actually covers how to build and secure web service clients. There is also an official ADF Mobile blog for more details...

Tuesday Mar 13, 2012

How To - OWSM and WLS WS-Security Interop - 11g

Here is another How To that provides a detailed step by step guide for getting OWSM to Interop with WLS WS-Security using the Username Token with message protection policy.

Happy Reading!

Update:

A few things I forgot before I posted this entry:

  • The OWSM interop guide provides a high level overview of the steps involved in achieving this interop - however it does not provide a detailed step by step instructions and so I thought I would provide a more detailed How To for customers who are having problems following the interop guide. http://docs.oracle.com/cd/E23943_01/web.1111/e16098/interop_wls.htm#BABCCHIJ
  • As the doc makes it clear you only need to configure the "Confidentiality Key" - however in the How To I cover configuring both "Confidentiality and Signing Key". You can safely skip the steps relating to configuring the "Signing Key".
  • I have simplified things to a large extent in terms of the keystore setup. This setup is not always practical from a production setup perspective. However since I have not had a chance to post more on keystores, credential stores, etc - I have tried to keep it simple here. I hope to post more on the topic of Keystores, certificates, credentials, credential stores, etc in a future post.


About

In this blog I will discuss mainly features supported by Oracle Web Service Manager (OWSM).

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today