Skip Headers
Oracle® Fusion Middleware Developer's Guide for Imaging and Process Management
11g Release 1 (11.1.1)

Part Number E12784-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to current chapter
Up
Go to next page
Next
View PDF

3.1 HTTP Basic Authentication

When first installed, the Oracle I/PM Web Services are configured with no Oracle Web Service Manager security policies applied. When no security policies are applied, the services leverage the HTTP Basic Authentication mechanism where by user credentials (user ID and password) are transmitted in the web service HTTP message header. This mechanism is, however, not very secure since the users credentials are not encrypted in any way unless a Secure Socket Layer (SSL) transport mechanism is used. If SSL is properly configured for the Oracle I/PM server instance, I/PM can be configured to force the use of SSL in all web service communication. This done by setting the I/PM configuration MBean “RequireBasicAuthSSL” to true. By default, it is false. [Note, the RequireBasicAuthSSL setting only applies when no HTTP Basic Authentication is in use because no OWSM security policies have been applied.]