Forum Stats

  • 3,854,635 Users
  • 2,264,392 Discussions
  • 7,905,744 Comments

Discussions

Oracle WSM policies in Server side or Client side or both?

Salman5
Salman5 Member Posts: 206
edited Jun 8, 2014 12:12AM in JDeveloper and ADF

Introduction:

I am trying to create simple web severs from Jdeveloper 11.1.1.7. I created simple class with one method called sayHi() that simply return a welcome message.

The web servers has been created and tested on this is simple example.

Question and discussion:

There is an option to configure or add Oracle police in BOTH client and server side. Why do we need to configure polices in both client and sever? Is it enough to configure the policy in the server side only, So , when any client try to call the method on the sever he/she has to meet the police requirements in the server?

What do we mean by adding police in the client side? I don't get it, Is it mean that in the client side no one can send request unless the polices requirements is met by the sender him self? Is this police has anything to do with the sever side?

Best Answer

  • Dimitar Dimitrov
    Dimitar Dimitrov Member Posts: 921 Bronze Trophy
    edited Jun 5, 2014 4:25PM Answer ✓

    Server-side policies are executed at server side when receiving a Web service request and before giving it to the corresponding Web service object. Client-side policies are executed at client side after creating a new request and before submitting it to the server. In most cases it is not enough to configure a policy at server side only. It is necessary to configure the corresponding "client" policy at client side too, or client and server would not communicate properly.

    For example, it you apply a security policy at server side that requires a username token validation, you must configure the corresponding client-side security policy at client side in order for the Web service client to add the necessary username token to the SOAP message before submitting the request to the server. If you do not configure this client-side policy at client-side, then the Web service client will not add an username token to the SOAP request and the server will not accept the request.

    Dimitar

Answers

  • Dimitar Dimitrov
    Dimitar Dimitrov Member Posts: 921 Bronze Trophy
    edited Jun 5, 2014 4:25PM Answer ✓

    Server-side policies are executed at server side when receiving a Web service request and before giving it to the corresponding Web service object. Client-side policies are executed at client side after creating a new request and before submitting it to the server. In most cases it is not enough to configure a policy at server side only. It is necessary to configure the corresponding "client" policy at client side too, or client and server would not communicate properly.

    For example, it you apply a security policy at server side that requires a username token validation, you must configure the corresponding client-side security policy at client side in order for the Web service client to add the necessary username token to the SOAP message before submitting the request to the server. If you do not configure this client-side policy at client-side, then the Web service client will not add an username token to the SOAP request and the server will not accept the request.

    Dimitar

  • Salman5
    Salman5 Member Posts: 206

    The idea is clear to me Dimitar thank you

This discussion has been closed.