Shay Shmeltzer's Oracle Development Tools Tips

Accessing Secure Web Services from ADF Mobile

Shay Shmeltzer
Director of Product Management - Oracle

Most of the enterprise Web services you'll access are going to be secured - meaning they'll require you to pass a user/password in order to get to their data. 

If you never created a secured Web service, it's simple in JDeveloper! For the below video I just right clicked on a Java class that I exposed as a Web service, and chose  "Web Service Properties" and then checked the "oracle/wss_username_token_service_policy" box from the list of options (that's the option supported by ADF Mobile right now):

In the demo below we are going to use a "remote" login server that does the authentication of the user/pass.

The easiest way to "create" a remote login server is to create a "regular" web ADF application, secure it, and deploy it on a server. The secured ADF application can just require ADF Authentication with a simple HTTP Basic Authentication - basically the next two images in the Application->Secure->Configure ADF Security menu wizard.

ok - so now you have a secured ADF application - deploy it on a server and get the URL for that application. 

From this point on you'll see the process in the video which deals with the configuration of your ADF Mobile app.

First you'll need to enable security for your ADF mobile application, so it will prompt users to provide a user/pass combination.

You'll also need to configure security on specific features. And you can have them use remote login pointing to your regular secured ADF application.

Next define your Web service data control. Right click on the web service data control to "define Web Service Security".

You'll also need to define the adfCredentialStoreKey property for the Web Service data control in the connections.xml file.

This should be it. Here is the flow:

If you haven't already - you can read more about this in the Mobile developer guide, and Andrejus has a sample for you.

Join the discussion

Comments ( 13 )
  • Ben Thursday, January 3, 2013


    Would you be able to create a future post showing how to create a disconnected ADF Mobile app that uses the local SQLite database, and uses the secure web service to synchronize enterprise data with the local database? Is there a declarative way to define the SQLite DB and data controls?

  • guest Monday, April 1, 2013

    +1 for Ben's comment, I want to see some approach like this

  • Laxmi Nadageri Wednesday, April 3, 2013

    Hi Shay,

    this example is very useful to people like us who are just entered into ADF mobile world..

    I created same application as you showed but the problem is I am not able to run it on android emulator..

    it is showing error as "Cannot connect to login server..."

    & sometimes as "Authentication error with unknown cause..Please contact administrator"

    This is really irritating..

    can you please tell me why this error is coming?

  • Shay Tuesday, April 9, 2013

    Laxmi, make sure that the emulator can actually access your Web service by trying to access the WSDL through the browser on the emulator.

  • guest Sunday, August 25, 2013

    Hi Shay,

    Can we provide an authentication url of the adf app developed using for adf mobile?

  • Shay Monday, August 26, 2013

    guest - yes you can use any ADF version for the login app, and in fact it doesn't even need to be an ADF app, just an app that prompts for a login.

  • Veeresh Wednesday, February 19, 2014

    Hi Shay,

    Is it possible to access secured web service, without securing the mobile application? You are using some remote server to authenticate the login, in my use case I don't want to do that.

    One more question I have is, I am new to OWSM policies, how can I send username and password to web service using this policies ?

    I am struck here, Please suggest.



  • Shay Shmeltzer Thursday, February 20, 2014

    Veeresh, you might be able to pass security information by customizing the SOAP Header as shown in the doc here: http://docs.oracle.com/cd/E37975_01/doc.111240/e24475/amxwebservices.htm#CHDIBIIE

  • pratik Thursday, June 26, 2014

    i m new to adf mobile...on trying the steps above i just keep on getting conifugration error..shutdown

    getting no clue what to look n where

  • guest Monday, June 30, 2014


    i am getting error <b> "Authentication error with unknow cause. Please contact Administrator. Error code :4.Details 4:Tokens there are requested are not available in server"</b>

  • mrashid Thursday, July 10, 2014


    on trying the steps above i just keep on getting

    configuration error..shutdown

    getting no clue what to look n where



  • guest Sunday, August 10, 2014

    Hi, Shay,

    I had got the same message as marshid, can you tell me why?

    Thank you!

    gt fan

  • Poorni Tuesday, December 4, 2018
    Hi Shay,

    I am doing the same in a web application instead of mobile application. My application uses ADF Single Secure Login but when I try to hit a rest web service(accessed using web service data control) deployed in my own server which again uses the same single secure login, it says that I am unauthorized with 401 error when I did not give any authorization while creating the web service data control. Can you please explain me how can I pass the security token from the web application to the rest web service data control? Thanks in advance.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.