Oracle使用DBWS调用SSL/HTTPS的Webservice方法

要求:

Web Services - Version 10.1.3.0.0 或者更高
Oracle数据库版本 10.2.0.1 或者更高

概要

该文章主要介绍如何设置Oracle数据库的JVM,使UTL_DBWS可以通过HTTPS / SSL调用Web Service。

方法步骤

Note:
Please note that you will require to perform the following before generating the Web Service Client Proxy classes because to access the WSDL over HTTPS, you will need to have completed this configuration


Oracle Database 10.2.x
 comes with JVM 1.4.2 which already contains JSSE. This spares us of adding any additional Java packages to be able to talk SSL to the Web Service.

However, to access a Web Service over SSL, UTL_DBWS will first have to read the certificate from the Web Service's Certificate Authority (CA). For this, the Database will have to import the CA certificate in it's cacerts certificate stores.

To achieve this, perform the following :

  1. If you are using a CA that is not already trusted by the JVM (for example when you are using a test certificate, or you have your own CA), you need to add your CA's root certificate to the keystore. The following command can be used to list the trusted certificates stored in the JVM's keystore:
    keytool -list -v -keystore $ORACLE_HOME/javavm/lib/security/cacerts -storepass changeit

    The above command shows the command to list the certificates in the Database JVM's keystore. You might also want to see the certificates in the JRE/JDK used by Database utilities like JPublisher - these are usually located in $ORACLE_HOME/jre/1.4.2/lib/security/cacerts (JRE) and/or $ORACLE_HOME/jdk/jre/lib/security/cacerts (JDK). Note that the default keystore password is "changeit".
  2. Get the CA's Certificate file from the server hosting the Web Service.
  3. To add your CA's certificate to the Database keystores, use the keytool with the -import option:
    keytool -import -trustcacerts -alias  alias name -file  -keystore $ORACLE_HOME/javavm/lib/security/cacerts -storepass 
    Also, add the certificate to JPublisher's JRE and/or JDK keystores using the same command. The location of cacerts for these would be as explained in Step#1 above. You should see a confirmation message that the certificates have been successfully added to the keystores. (At this point, you might need to restart your database).
  4. Now you can proceed with generating your Web Service Client in the Database - see Note:838892.1 - FAQ : Oracle Database as a Web Services Client for further details on recommended ways to do this.

 

Note: Note that SSL Wallets are not supported by UTL_DBWS.

你可能感兴趣的:(Webservice&接口,DBWS,SSLHTTPS,Webservice)