Order Management Server Web Service
Order Management Server supports both HTTP and JMS as transport protocols for invoking SOAP-based web services. Order services in Order Management Server can be secured by enabling the user name token-based security. Order Management Server supports the WS-Security UserName Token mechanism, which lets for the sending and receiving of user credentials in a standards-compliant manner. The UserName token is a mechanism for providing credentials to a Web service where the credentials consist of the UserName and Password. The password must be passed in clear text.
The UserName token mechanism provides a web service with the ability to operate without having the user name and password in its URL or having to pass a session cookie with the HTTP request.
The following is a sample of the UserName token showing the username and password:
<soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>admin</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf"> admin</wsse:Password> <wsse:Nonce>WScqanjCEAC4mQoBE07sAQ==</wsse:Nonce> <wsu:Created>2010-05-11T01:24:32Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header>
The following table shows configurable properties for order related WebServices in Order Management Server.
Parameters | Description |
---|---|
Enable User Token based Security | The Order service provided by Order Management Server can be secured by enabling username token-based security. |
Enable Schema Validation | Defines a flag to specify if schema validation is required on the order requests submitted to Order Management Server. |
Enable Order Receiver Idempotency | Making the order Web services idem potent lets the client to submit orders with the same order reference multiple times without any side effects. The web service detects duplicate orders and responds with the same response for all the submission(s). |
HTTP Channel Type | Defines channel type to be used for the transport. Specifying channel type to be HTTPS lets the client and server to use mutual authentication and encrypts the communication. |
HTTP Port Number |
Port number of HTTP Channel. This port number must match the port number specified for the HTTP port transport. |
HTTPS Port Number |
Port number of HTTPS Channel. This port number must match the port number specified for the HTTPS transport. |