| Next Tip »Home
Home » Web Services

Introduction to Secure Web Services

10 November 2009 1,594 views No Comment
OkAvarageGoodVery GoodExcellent (5 votes, average: 4.20 out of 5)
Loading ... Loading ...
<< Previous in series     Next in series >>

If would like start from the basics of Web Services then I will suggest going through these articles first and also basic tutorial of creating an outbound web service.

A lot of people have asked me to put light on implementing Secure Web Services but due to time constraint I haven’t been able to do that. Few days back I received an article from Babu Rajendra Prasad Mungara outlining basic steps of implementing a secure outbound web service but before I publish his post I thought it was necessary to provide an introduction of secure web services and then publish his article.

As we all know that there are two types of web services available to us.

  • Inbound Web Services
  • Outbound Web Services

Now, both services can be implemented in two ways:

  • Insecure Web Services
  • Secure Web Services

Insecure Web Services: Web Services which have their authentication type set to “None” and the username and password is made part of the web service URL are known as insecure web services. The URL of insecure web service will look like:

http:// webserver/eai_ enu/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&Username=SADMIN&Password=SADMIN

Secure Web Services: The only difference is that username and password are sent along with SOAP header (instead of being part of URL) and their authentication type is set to “Username/Password – clear text

There are some changes needed in eapps.cfg and at server level to create a secure inbound web service in Siebel. Here is the list of things that you need to do before you can implement a secure inbound web service in Siebel.

  • In eapps.cfg create the following parameter
    UseAnonPool = TRUE
  • Create a named subsystem using the following command at srvrmgr
    create named subsystem SecureWebService for subsystem EAITransportDataHandlingSubsys with DispatchService="Web Services Inbound Dispatcher",DispatchMethod="Dispatch",Impersonate="true"
  • Change the inbound web service URL to point to correct virtual directly and named subsystem. Your URL will now start looking as:

    http://myserver/eai_anon_enu/start.swe&SWEExtCmd=Execute&SWEExtSource=SecureWebService

For secure outbound web service you can follow steps provided in next article sent by Babu Rajendra Prasad Mungara

<< Previous in series     Next in series >>
  • Share/Bookmark

Related Posts

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.