nteroperability Between Microsoft.NET WCF 4.

0 and Oracle WebLogic Server 11g Usi

ng Secure Web Service, Part 2
by Juan Carlos (John Charles) Olamendy Turruellas
Learn how to create secure Web services that support interoperability across Ora
cle and Microsoft technologies.
Published May 2011
In Part 1, I covered the scenario where we have a service running in Oracle WebL
ogic Server 11g and a client consuming this service using Microsoft WCF 4.0 tech
nology. In this second part of the series, I will cover the scenario where we ha
ve a service running in Microsoft WCF 4.0 platform and this service will be cons
umed using a service agent developed using Oracle ADF technology and running in
Oracle WebLogic Server.
Security is a fundamental requirement in enterprise solutions to guarantee the s
uccessful adoption of Service Oriented Architecture (SOA). Key actors in the ind
ustry and standard bodies have extended the SOAP protocol to produce a series of
security specifications, known as WS-* protocols, to provide end-to-end securit
y to Web services such as message confidentiality and integrity, token exchange
(SAML, Username/Password, Kerberos and X.509), trust and federation.
One recurring challenge in the integration of heterogeneous applications using W
eb services is the interoperability because software vendors interpret the WS sp
ecifications in order to adapt them to their platforms -- and sometimes this lea
ds to several problems. The solution approach is the use of rules and best pract
ices to implement interoperable Web services such as WS-I profiles.
A common interoperability scenario found in many organizations is to have an ent
erprise application running in Microsoft.NET platform and exposing the applicati
on functionalities using Web services approach (supporting the WS-* protocol sta
ck) as well as a client running in an Oracle WebLogic Server environment and con
suming these features in a secure way. In this article, I m going to talk about su
pporting the previous scenario using emerging technologies of Oracle and Microso
ft, specifically using Oracle WebLogic Server 11g and Microsoft Windows Communic
ation Foundation 4.0.
Microsoft Windows Communication Foundation (WCF) is the infrastructure to implem
ent distributed solutions in the Microsoft.NET world. In this programming model,
the WS-* protocol stack is abstracted as a bunch of artifacts known as protocol
channels. The protocol channels execute right before and after sending and rece
iving messages using the specific transport protocol channel. Oracle WebLogic Se
rver 11g is the most complete application server to develop, deploy and host J2E
E solutions, particularly Web services using the JAX-WS standards.
By using WCF and WebLogic Server technologies we can support several security sc
enarios in the enterprise environment. Among those scenarios, there is the messa
ge exchange in a distributed system using a Public Key Infrastructure (PKI) to p
rovide a secure channel between the underlying sub-systems.
In order to support the business case, the solution must support message-level s
ecurity by using WS-Security related protocols which provide the foundations for
the authentication, message protection and integrity as well as a high level of
interoperability. This article will focus on how to define the WS-Security conf
iguration (using X.509 certificates as the security mechanism) for a Web service
hosted in WCF 4.0 environment that can interoperate with a client running in th
e Oracle WebLogic Server 11g environment.
Developing the Server-side of the Solution
In order to keep things simple and to focus in the integration solution using se
cure Web services standards, our service will be very straightforward just doing
elemental arithmetical operations such as add and substract. In a real-world We
b service solution, the service implementation will be more complex consisting o
f invocations to the business objects that are exposing their functionalities to
the outside world.
Let s start with the development by opening the Visual Studio.NET 2010 IDE and cre
ating a new application and the underlying solution. Enter the application and s
olution name and the working directory and finally click OK.