[OSB] Invoking OSB HTTP proxy as a part of a global transaction

Similar Messages

• Are the updates in branches visible in other parts of a global transaction

  Hi,
  We have a business service inside an EJB (using CMT) which deals with Tuxedo and jdbc using XA in both places. Below is how it is supposed work
  1. A call to a tuxedo service is made
  2. Upon success, we want to read that updated data using JDBC and write to another table. The second steps has to happen to before the transaction is commited, but will be done only after the success of step 1.
  What we find is that - in steps 2 we can't see the update data from step 1.
  If I do step 1 and 2 in reverse - i.e do an update using jdbc and read the updated data in tux, I can read it without any issues.
  Also, if I call two tux services - one to update and one to query within the same transaction. No issues here too...i.e the second service can read the updates done by first service.
  On enabling the logs ...it looks like the jdbc part is creating its own transaction. We can see in oracle database level..that two global trxn ids are seen. Any ideas on this behavior and what I might be doing wrong ?
  Thanks
  Kishore

  It's logical that you can't read out any uncommitted data from a different transaction. So indeed, your solution lies in defining a transaction on the EJB method level, which would then be used for both the Tuxedo call as well as the JDBC step.
  I haven't worked yet with Tuxedo, so I couldn't tell you whether it supports existing transaction.

• Custom WS Policy with Service account in OSB while invoking a https service

  Hi,
  I need your help on one of my issue in invoking an https service from OSB. I read through various posting and tried the below steps in this forum
  -Added the certificate for the https site to soa domain
  -Registered the https webservice as a Business service
  -Registerd a proxy service on top of this Business service
  -In the service call out on Proxy service I did a replace operation on the entire soap header with the below string
  <soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
       <wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>sysuser@yahoo</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ABIHAIKLPLKLPMLERLER</wsse:Password>
       </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  -After doing all the above steps my call out worked from the test console, If you see closely the userid(sysuser@yahoo) and password(ABIHAIKLPLKLPMLERLER) is hard coded here.
  I need a way to mask the credentials and have the user pass them when they invoke the proxy service. I read through some posting and it was listed that we can create a custom policy and attach that custom policy to the Business service. But my problem here is the userid has an extra char @, so I wasn't able to create the user account with those credentials in OSB, but I was able to create the userid and password using a service account. Iam not sure how I can use this service account along with the custom policy.
  Can you please provide me a suitable approach, which will solve my issue. I appreciate your time and help
  Thanks
  Jagan.

  Hi,
  Below are the steps followed
  - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
  - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
  - I can invoke the osb proxy from bpel by passing credentials - No Issues.
  Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
  -I used Role=Admin as a policy condition restriction under security in Proxy service.
  -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
  -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
  All Iam trying to do is to protect my proxy by authrorization policy.
  Thanks
  Jagan.

• Invoke External HTTPS Web Service from OSB 11G

  Hi,
  We have a requirement to invoke a HTTPS web service hosted by third-party and we have to send HTTP basic authentication detials also.
  Third party given us the HTTP basic authentication details and only certificate nothing else.
  After some research service account can be used for basic authentication and service key provider for https requirement.
  But before service key provider creation there are steps to import the certificate into weblogic server and do some config steps (PKI cred mapping and all )I have gone through the forums but i am new to OSB and SSL i could not understand.
  Can some one help with detailed steps.
  Thanks in Advance
  Srikanth

  You can simply use "Execute Script" operation in Workbench and make use of java.net.URL. Below links should help :
  http://www.mkyong.com/webservices/jax-rs/restfull-java-client-with-java-net-url/
  http://www.adobe.com/devnet/livecycle/articles/building-xml.html
  http://help.adobe.com/en_US/livecycle/9.0/workbenchHelp/help.htm?content=000581.html
  Hope this helps.
  -Wasil

• OSB call to remote Web Service via https proxy and https CONNECT problem

  Hi
  I have a service that calls a web service on another server as a web service. This call is via https and the certificate validation raises no errors.
  I now want this call to go via a squid httpd proxy on port 3128 on some machine. So I would like to use HTTP CONNECT (RFC 2817) proxying,. But when I set up this as a proxy, I am getting "Certificate chain" error messages. The certifcate chains is no different now from when I called without the http proxy, so what am I doing wrong? Does OSB support HTTP CONNECT?
  -Johan

  The exeption we are getting is BEA-380000
  General runtime error: [Security:090477]Certificate chain received from XXX - 123.123.123.123 --> test.salesforce.com was not trusted causing SSL handshake failure.
  This is of course not relevant if the callout were using CONNECT. In the CONNECT scenario, OSB would not care about XXX's certificate.

• Osb cluster- HTTP proxy service 404 error

  Hi All,
  I have a cluster set up with 2 managed servers. I crated a Any SOAP proxy from sbconsole to test If I can reach managed server form an external service. I do not have front load balancer set yet.
  osb server1: rdoelapp001011:61703
  osb:server2:rdoelapp001013:61703
  admin server : rdoelapp001011:61701
  when I am trying to access http proxy using any of osb server host and port I am getting 404 error ( From the admin console I could see all the servers are running)
  surprisingly I am getting success (200) when I am using admin server host and port.
  That means the proxy is not got deployed to the managed server, it deployed to admin server
  I looked into few weblogic/OSB document, I could not see anything specific regarding deploying HTTP proxy to osb servers in a cluster
  How would I make sure to deploy to the cluster not to admin server
  I also tried creating a file poller proxy to see if I get "Managed server" option to set. But I do not see that option here.
  Any help will be greatly appreciated.
  Edited by: 818591 on Feb 21, 2011 8:52 PM

  According to your suggestion, I created a domain from scratch using config wizard with a cluster with two managed server
  I started admin server then started managed server
  I do not have any JMS stuff created/configured yet
  while starting up managed OSB server I am getting below error. I think it is related JMS reporting stuff. In my scenario we do not need any reporting feature.
  How would I disable it? while creating domain I did not select the ckeckbox for reporting. Then where did it come from?
  Please suggest.
  <Feb 22, 2011 9:47:02 AM EST> <Error> <OSB-Reporting> <BEA-473500> <JMS Reporting Data Manager failed to deploy during server start up weblogic.application.ApplicationException: [OSB-Reporting:473517]The JMS Reporting Provider Database tables werent created and the JMS Reporting Data Manager didnt deploy.
  weblogic.application.ApplicationException: [OSB-Reporting:473517]The JMS Reporting Provider Database tables werent created and the JMS Reporting Data Manager didnt deploy.
  at com.bea.wli.reporting.jmsprovider.init.JmsReportingDBCreate.createDBObjects(JmsReportingDBCreate.java:78)
  at com.bea.wli.reporting.jmsprovider.init.JmsReportingStartupAndShutdown$1.run(JmsReportingStartupAndShutdown.java:58)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
  at weblogic.security.Security.runAs(Security.java:61)
  Truncated. see log file for complete stacktrace
  >
  <Feb 22, 2011 9:47:02 AM EST> <Error> <Deployer> <BEA-149231> <Unable to set the activation state to true for the application 'JMS Reporting Provider'.

• OSB: When does invokation from http Business Service result into an error

  Hi,
  I want to know when does invokation from http Business Service in OSB result into an error.
  I have a http based business service which is calling an external service on http url.
  I want to know when this business service is invoke/tested, what are the cases in which the invokation will result into an error.
  What does OSB read to cause the invokation an error.
  I am aware that it reads the http-response-code. If its not 200 or 0, it will result into an error.
  Want to validate this understanding and also want to know what are the other case that will cause this happen. Is it by any way dependent on body content?
  Please help. Please share any good links for the topics related to this.
  TIA.
  Regards,
  Ashish

  Hi,
  Some info here...
  http://svgonugu.wordpress.com/2011/06/15/fault-handling-in-osb/
  Cheers,
  Vlad

• Reset the HTTP response code in OSB for proxy service

  Hi,
  I created a HTTP proxy service in ALSB with any XML message option. There are some business scnearios for which i need to send a custom error message in the HTTP body. I am replacing the $body variable with the error message and sending reply with success.As i am using reply with success it sends a HTTP response status code as 200 Ok.
  However based on different error conditions i want to send appropraite http response code. How can this be achieved?

  I would like to share the solution so that it would be useful to all the users of the forum.
  There is a http:http-response-code element in the $inbound variable which is optional element. You need to insert this element to the $inbound using the insert action. Here is the extract of the code:
  Insert [<http:http-response-code>401</http:http-response-code>] [ as last child of ] [./con:transport/con:response] in [inbound]
  Please note namespace con belongs to "http://www.bea.com/wli/sb/context".
  Edited by: [email protected] on Aug 12, 2009 10:47 PM

• OSB Http Transport Custom Authenticatiion (X509 in Http header)

  Hello!
  I'm trying to solve this case. We have F5 Load balancer that terminates SSL Connections From client to the OSB. When terminating the SSL, the LB adds the clients certificate into headers of the Http request going to OSB.
  OSb proxy service is configured to use custom authentication with token type X509 (only choice in the OSB console).
  What happens when I send the request to OSB, is that I get http code 401 (unauthorized) this error on server log:
  ####<Sep 27, 2011 3:08:05 PM EEST> <Error> <WliSbTransports> <appserver02> <MANSERV02> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1317125285598> <BEA-381327> <Transport-level custom token identity assertion failed
  java.lang.ClassCastException: java.lang.String cannot be cast to [Ljava.security.cert.X509Certificate;
  The HTTP header sent to OSB is in the messages below.
  It has also been wihotu the BEGIN CERTIFICATE and END CERTIFICATE lines with same results.
  Can somebody help me in:
  a) Should the certificate be sent in what form from LB to OSB.
  b) How should the OSB/WLS be configured for this to work?
  OSB version is 10.3.1.
  Request to the server is:
  POST /prjTemplateService/ProxyServices/psvcHelloWolrdWSSSLInterface HTTP/1.1
  Accept-Encoding: gzip,deflate
  Content-Type: text/xml;charset=UTF-8
  SOAPAction: "urn:#HelloWorldOperation"
  User-Agent: Jakarta Commons-HttpClient/3.1
  Host: <ip_here>
  Content-Length: 459
  SSLClientCertStatus: ok
  SSLClientCertb64: -----BEGIN CERTIFICATE-----
  MIICHDCCAYUCBE2sABcwDQYJKoZIhvcNAQEEBQAwVTELMAkGA1UEBhMCRkkxCzAJ
  BgNVBAgTAkZJMQ4wDAYDVQQHEwVFc3BvbzEMMAoGA1UEChMDRVpaMQswCQYDVQQL
  EwJUQzEOMAwGA1UEAxMFSnVzc2kwHhcNMTEwNDE4MDkxMDQ3WhcNMTEwNzI3MDkx
  MDQ3WjBVMQswCQYDVQQGEwJGSTELMAkGA1UECBMCRkkxDjAMBgNVBAcTBUVzcG9v
  MQwwCgYDVQQKEwNFWloxCzAJBgNVBAsTAlRDMQ4wDAYDVQQDEwVKdXNzaTCBnzAN
  BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvEPjEn3tvG3YuXlsLZnE7ZOKUJIF0Foy
  c1hp+k7dyGUoHu3Phva7eVOO1cmHaGkFHkg+EnnK3+/Y58EMQAEwPOfQTj0/vSSk
  cEx2X/2p2W7ACldJlYMxx2ZdFa1qaKTXtoieLy23/kJI+ZTfIoB+nmZiPRE9Hq8p
  LTPlcMWVFnkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQC3EZMQieOy4PFh+95R6W7/
  3xaaRm/BzmEU/Wf9JweEwrnttdSmRKsxx9vSkADnD0J7jGO+koym5CWvJHbox4Sk
  QMRPFaTOBRD4hzZeJMidds1LSzUm/QE9PXzjS/HLSjBBs5DmZfdR+uXPSFqTROkd
  87R5veuPX5KeKQHs8iesTw==
  -----END CERTIFICATE-----
  SSLClientCertSN: 4d:ac:00:17
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Hello:client">
  <soapenv:Body>
  <urn:HelloWorldRequest>
  <urn:FirstName>Jolly</urn:FirstName>
  <urn:Surname>Roger</urn:Surname>
  </urn:HelloWorldRequest>
  </soapenv:Body>
  </soapenv:Envelope>
  Response from OSB:
  HTTP/1.1 401 Unauthorized
  Connection: close
  Date: Fri, 30 Sep 2011 08:32:33 GMT
  Content-Length: 1518
  Content-Type: text/html
  X-Powered-By: Servlet/2.5 JSP/2.1
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
  <HTML>
  <HEAD>
  <TITLE>Error 401--Unauthorized</TITLE>
  <META NAME="GENERATOR" CONTENT="WebLogic Server">
  </HEAD>
  <BODY bgcolor="white">
  <FONT FACE=Helvetica><BR CLEAR=all>
  <TABLE border=0 cellspacing=5><TR><TD><BR CLEAR=all>
  <FONT FACE="Helvetica" COLOR="black" SIZE="3"><H2>Error 401--Unauthorized</H2>
  </FONT></TD></TR>
  </TABLE>
  <TABLE border=0 width=100% cellpadding=10><TR><TD VALIGN=top WIDTH=100% BGCOLOR=white><FONT FACE="Courier New"><FONT FACE="Helvetica" SIZE="3"><H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
  </FONT><FONT FACE="Helvetica" SIZE="3"><H4>10.4.2 401 Unauthorized</H4>
  </FONT><P><FONT FACE="Courier New">The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.</FONT></P>
  </FONT></TD></TR>
  </TABLE>
  </BODY>
  </HTML>

  >
  by using Client Cert authentication I have to set HTTPS required to true.
  >
  Yes.
  >
  When I try to invoke this service with http request, it redirects to https service.
  This actually just trashes the entire idea of terminating SSL in the load balancer.
  >
  Not necessarily. Although direct HTTP request to WebLogic is redirected to HTTPS enabled port, you can still use this settings with WebLogic plugin. I'm not aware of your deployment, but I use Apache plugin for WebLogic, terminate SSL on Apache and I'm still able to send requests authenticated by certificate from client through HTTPS.
  I don't know about F5, but I guess there should be similar feature as well.
  http://download.oracle.com/docs/cd/E12840_01/wls/docs103/cluster/load_balancing.html

• SOAP Header based user/password authentication in OSB 11g Proxy Service

  Hi,
  I have implemented SOAP Header based authentication in my OSB 11g Proxy Service.
  In the Security settings of my AnySOAP(Soap 1.1) HTTP Proxy service, I have amde the following changes:
  1.
  In Transport Access Control link, i selected the User predicate, and provided an user already existing on weblogic server with following roles(AppTesters, Monitors, Operators).
  The AuthorizationProvider was XACMLAuthorizer
  2.
  Under Custom Authentication, I selected the Custom User Name and Password option, and provided the below mentiioned xpaths
  User Name XPath: ./*/*:Username/text()
  User Password XPath: ./*/*:Password/text()
  3.
  In Message Access Control link, i selected the User predicate with the same user as mentioned in Transport Access Control link.
  Now, when I am testing this service from OSB Test Console, I am providing the following input.
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:N1="http://abcd.com/common/bodcomponents/transactional/model/1.0/">
  <soap:Header>
  <AuthHeader>
  <N1:Username>userXYZ</N1:Username>
  <N1:Password>passXYZ</N1:Password>
  </AuthHeader>
  </soap:Header>
  <soap:Body>
  <!-- body payload -->
  </soap:Body>
  </soap:Envelope>
  The response is "The invocation resulted in an error: ."
  The OSB server logs show the below error:
  ####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-387082> <Proxy service access denied (proxy: ABCD/Services/Common_HTTP_Proxy, subject: Subject: 0
  )>
  ####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Kernel> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-382004> <Failed to process request message for service ProxyService ABCD/Services/Common_HTTP_Proxy: com.bea.wli.sb.security.AccessNotAllowedException
  com.bea.wli.sb.security.AccessNotAllowedException
       at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:136)
       at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:117)
       at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:586)
       at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:329)
       at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMessageSender.java:76)
       at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:134)
       at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:132)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:137)
       at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:454)
       at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
       at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:167)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(TestService_sqr59p_EOImpl.java:353)
       at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
       at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
       at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Please suggest where I am going wrong in this. I have cross checked the user/pass credentials with what I am giving in the input, and it is perfectly fine.

  I have added the Username and Password as follows, since the namespace declaration was required due to the namespace prefix 'N1' in the XPath
  declare namespace N1="http://abcd.com/common/bodcomponents/transactional/model/1.0/";./AuthHeader/N1:Username/text()
  declare namespace N1="http://abcdp.com/common/bodcomponents/transactional/model/1.0/";./AuthHeader/N1:Password/text()
  I have removed the Message Access Control conditions, have only kept Transport Access Control conditions.
  If i keep the condition in Transport Access Control as "Allow access to everyone", and test with proper credentials in the Username/Password tags in SOAP Header, then it works fine. However, if I try to give an incorrect password in the SOAP Header, it denies the access. So that means the XPaths given for Username/Password are working fine. The OSB logs show the below message
  +####<Feb 10, 2011 12:59:21 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000ef2> <1297322961536> <BEA-386008> <Message level username/password authentication failed: [Security:090304]Authentication Failed: User weblogic javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied>+
  However if i add the condition with predicate as "User" and user name argument as "weblogic", and try to pass the same in the SOAP Header as well with the correct password, it denies the access with below message in the logs.
  +####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-387082> <Proxy service access denied (proxy: ABCD/Services/Common_HTTP_Proxy, subject: Subject: 0+
  +)>+
  +####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Kernel> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-382004> <Failed to process request message for service ProxyService ABCD/Services/Common_HTTP_Proxy: com.bea.wli.sb.security.AccessNotAllowedException+
  com.bea.wli.sb.security.AccessNotAllowedException
  at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:136)
  at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:117)
  at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:586)
  at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:329)
  at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMessageSender.java:76)
  at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:134)
  at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:132)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
  at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:137)
  at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:454)
  at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
  at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:167)
  at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(TestService_sqr59p_EOImpl.java:353)
  at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
  at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
  at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
  at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

• OSB 1031: proxy service and publishing JMS messages with no duplicates

  Hi all,
  we have a Web Service proxy that publishes messages into a JMS queue. The queue is persistent and the related connection factory is XA enabled.
  The proxy does the call to the JMS business service from a route node.
  If a failure occurrs after the publishing returns successfully, the caller receives back an error and it will try again to call the web service proxy.
  As the message has been published successfully and was not rollbacked by the proxy, the second call could put on the JMS queue a duplicate message.
  As far as we know only with JMS proxy service, OSB starts a transaction within the pipeline or are we wrong ?
  What do you suggest in order to avoid such a scenario described above ?
  Thanks and regards
  ferp

  Try this link to depict the behavior
  http://allthingsmdw.blogspot.com.au/2012/09/osb-service-callouts-and-oql-part-1.html

• [OSB] Customize proxy with variable string

  Hi all,
  I've got this scenario:
  I need that my proxy service append a enviroment string to the output. I'm thinking to add this enviroment string on customization file. Is possible do this?
  For example i call a webservice that give me a link (ex. http://oracle.org), and i need that the proxy return link concat my string ("http://oracle.org" + mystring)
  Regards

  I got the same error with $accinfo/*:OutputParameters --->> BEA-382107: No value could be bound to variable: accsinf
  *$accinfo goes like this:*
  <get:OutputParameters      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:get="http://xmlns.oracle.com/pcbpel/adapter/db/SMS/GET_ACCOUNT_INFO/">
       <get:RESULTRECORDSET>
       <get:RESULTRECORDSET_Row>
       <get:BRANCH>87400</get:BRANCH>
  the XSLT:
  xmlns:ns1="http://xmlns.oracle.com/pcbpel/adapter/db/SMS/GET_ACCOUNT_INFO/"
  <!-- Where the variable is defined -->
  <xsl:param name="v_accinfo"/>
  <xsl:template match="/">
  <inp1:something>
  <accounts>
  <!-- Here's how I use the variable: -->
  <xsl:for-each select="$v_accinfo/ns1:OutputParameters/ns1:RESULTRECORDSET/ns1:RESULTRECORDSET_Row">
  <xsl:if test="(ns1:BRANCH = $br) and ((ns1:ACC_NUM = $ac) and (ns1:CURRENCY = $cr))">
  <acc_description1>
  <xsl:value-of select="ns1:TYPE"/>
  </acc_description1>
  </xsl:if>
  </xsl:for-each>
  I tested the XSLT in JDeveloper. I just used the content of the $accinfo and $body from "Invocation Trace" (OSB Console > Proxy Service >Test) and the transformation works Fine. But I have problems when I use it in the Proxy Service's flow in OSB.
  Edited by: 849874 on Apr 5, 2011 6:43 AM

• Javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header error while invoking FinancialUtilService using HTTP proxy client

  I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
  javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
  Process exited with exit code 0.
  Message was edited by: Oliver Steinmeier
  Removed attachment

  Hi Jani,
  Thanks for your reply.
  I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command. 
       keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
  Invoking
      SecurityPolicyFeature[] securityFeature =
      new SecurityPolicyFeature[] { new
      SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
      financialUtilService_Service = new FinancialUtilService_Service();
      FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
      // Get the request context to set the outgoing addressing properties
      WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
      WSEndpointReference replyTo =
        new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
      String uuid = "uuid:" + UUID.randomUUID();
      wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
      wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
      wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY,  "Welcome1");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
      wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
  SEVERE: WSM-00057 The certificate, client, is not retrieved.
  SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
  SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
  SEVERE: WSM-00005 Error in sending the request.
  SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
  SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
  SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
  oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
    at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
    at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
    at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
    at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
    at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
    at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
    at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
    ... 30 more
  Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
    at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
    at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
    at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
    ... 32 more
  SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
  File upload failed
  javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
    at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
    at com.sun.xml.ws.client.Stub.process(Stub.java:259)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at $Proxy43.uploadFileToUcm(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
    at $Proxy44.uploadFileToUcm(Unknown Source)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
    at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
  Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
    at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
    ... 19 more

• Local transport proxy service vs http proxy service

  Hi,
  Can anybody tell me why it is better to use Local transport proxy service in OSB than http for modularity?

  Hi Atheek,
  Thanks for you reply.
  My doubt is where local transport proxy service is deployed?
  Like if we invoke a http based proxy service which is deployed at certain Endpoint and jms based proxy service is deployed as MDB which kepps listening to a queue.
  Similarly, when i invoke local transport proxy service where and how OSB runtime looks for it?
  Edited by: user12883209 on Jan 10, 2012 6:58 AM

• HTTP Proxy setting for SOA server

  Hi,
  my intention is to enable SOA Server to connect through HTTP Proxy to external services. This occurred when I am trying to connect to Yahoo Mail Server, via User Messaging Service but it keep throwing connection time out. One of the possible solution is to make the service to connect via the HTTP Proxy server in our network.
  There are no mention of how to setup HTTP Proxy connection for UMS, as well as SOA Server in any documents.
  Please advice or direct me to the relevant solutions.
  Appreciate any help rendered :)
  yee thian

  I have not worked in SoA server, but since it uses weblogic server underlying (I assume), you can try setting the -Dhttp.proxyHost , -Dhttp.proxyPort system properties ( https for secured URL's) to WLS to specify the proxy details. Also the product might not have the capability to pass user credentials for authentication at the proxy. The version of OSB we are using had this problem. To overcome this you might require to add the URL to the proxy free list in your proxy server. This prevents the proxy from prompting for the user name when you access that URL.