Review Oracle WSM: Securing Your Web Services

As you might have noticed by my last posts I am currently investigating the posiblities of Oracle’s Web Service Manager. I do this investigation by reading the Packtpub book ‘Oracle Web Services Manager – Securing Your Web Services‘, written by Sitaraman Lakshminarayanan. As the back-cover says this book mainly targets developers and architects with expertise in developing and deploying web services. And I want to add that it is most interesting if you are going to use or are currently using Oracle WSM, of course.
One thing I do not really understand is that the author describes how to use .Net clients to test the setup (besides the test facility in OWSM itself). Hasn’t Oracle been busy for almost 10 years now to become a important player in the J2EE market. So why not some examples how to test the setup with Java clients? But well, I have described how to test the examples with SoapUI, so I will consider this issue as solved😉
Besides this .Net thing there are some other (small) issues in the example descriptions:

  • In chapter 4 you will start with using Oracle WSM by registering your first service in it. But you can only do that after you have registered the gateway first (I would suggest to start with the Oracle WSM Starters guide of Oracle first).
  • The description of testing the setup in chapter 6 is not correct. The test as described sends an unsigned request and checks if the response is signed. But in the configuration of the web service in this chapter the incoming request must be signed, so the test will always fail. The quick workaround is of course to disable the checking of incoming request. But a nicer solution would be to send in a signed request. To do this I used SoapUI as described here.

One thing I miss in the book is (high level) information about keystores and how to create these, but this might be caused by the fact that I am not using .Net so I don’t have the default keystore they use in the book. But with this addition you make the examples better accessible for others like me who don’t have .Net available.
Overall it is a nice books with lots of screenshots showing you how to deal with Oracle WSM and it gives you a good insight in how you can secure your web services.

About Pascal Alma

Pascal is a senior software developer and architect. Pascal has been designing and building applications since 2001. He is particularly interested in Open Source toolstack (Mule, Spring Framework, JBoss) and technologies like Web Services, SOA and Cloud technologies. Lately he is having great fun by building iOS apps with Swift. Specialties: JEE AWS XML/XSD/XSLT Web Services/SOA Mule ESB/ WSO2 ESB Maven Cloud Technology Swift/ iOS
This entry was posted in Security, Web Service and tagged , , , . Bookmark the permalink.