A couple of weeks ago I wrote about consuming ws-security enabled webservices in PLSQL.
The problem was that, even using Oracle 11g and Jpublisher 11g, I was not able to generate a usertoken and password in the SOAP header according to the WS-Security standard.
My twisted solution was to put a WS proxy (or gateway if you like) in between the consumer (database) and the provider.
I would then place the proxy in the DMZ - and on behalf of the consumer :
- the proxy would set up an SSL connection to the provider
- receive the plsql/jpub generated XML
- inject a WS-Security header in the SOAP envelop
- adjust http headers (especially HOST & Content-Length)
- send the new SOAP message to the provider
- receive the response from the provider
- send the response to the consumer
It's not a real proxy in the sense that it proxies the complete http traffic. The proxy/gateway needs to alter the message and that wouldn't be possible if we would use SSL encryption straight out of the database :
Oracle rdbms --- http/s ----> proxy ---- http/s -----> WS provider (endpoint)
So instead we do something like this :
Kurt Van Meerbeeck
Cell : +32 495 580714
Henrik Bjerknæs Rasmussen
Service & Support Manager
Cell: +45 53 747 110
Cell : +1 303 885 4526
South Africa :
Cell : +27 82 7799275
East Asia Pacific
Cell : +61 2 9191 7427 ext. 1270