WS-Security Username Token Profile is a simple authentication scheme for SOAP-webservices using username an password sent in the requests‘ WS-Security headers. The password is hashed using a salt and a timestamp (password digest) to prevent replay attacks. It is specified in this document. As this does not involve any message encryption it should not be used without transport encryption.
In this post I will show how I configured this for a webservice to be deployed on a recent Weblogic Server (12.2.1.2).
If you try to implement with Java the client side for a HTTPS communication with client authenification and google for…
Inside an enterprise there are a lot of machines communicating with each other. It is necessary to keep these communications…
Most bigger companies are today building up a enterprise SOA. On of the key characteristic of the enterprise SOA is…
When developing enterprise applications it is best practice check in the source code into a version control system. Additionally to…
Virtual Private Database (VPD) ist ein Security Feature der Oracle Database Enterprise Edition (eingeführt mit Version 8i, teilweise auch unter…
Es gab am 20. Juni in Nürnberg den DOAG 2014 Konferenz. Mein Kollege Frank Burkhardt und ich haben dort einen…
Key words: IT-Security, WebLogic Server, WebLogic Security Framework, Authorization, authorization process, Role Mapping, Roles, Adjudication Process, Security Service Provider Interfaces…