Secure OSB Service with LDAP

Hi Friends,
Greetings!
Is there a way to secure an OSB service so that user will be able to access it only if they pass their AD/LDAP userid and password?
Note: I know I can add servie accounts. However I want to avoid adding a guge number of users/services acounts manually.
Thanks,
Sachin.

Hi Sachin,
You have to configure webogic security realm to add AD/LDAP Authentication provider.
http://onlineappsdba.com/index.php/2010/02/04/how-to-integrate-weblogic-with-oracle-internet-directory-for-login-authentication/
In order to secure OSB service you can enable HTTPS or have message level security for the same.
>know I can add servie accounts. However I want to avoid adding a guge number of users/services acounts manually.
No Need to maintain n nunber of accounts per n number of users.
use Basic Authentication/Custom Authentication/OWSM username token service policy to to authenticate username/password with AD/LDAP.
For Authorization: Use Transport/Message Level Authorization at OSB Service level
Regards,
Abhinav Gupta

Similar Messages

  • Securing web services with Sun Access Manager

    Hi!
    I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
    What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
    I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
    I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
    My questions are:
    1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
    2) Are there any documentation/tutorials/etc?
    Thanks in advance :-)
    Anders

    what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
    the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
    So.. having said that. here's what I'd recommend.
    1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
    2. configure it to use your access manager instance for authentication.
    3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
    4. voila... your webservices are not "protected" by acces manager ;-)

  • Connect to Secure web service with certificate from SAP EP

    Hi Experts,
    Here is the current situation:
    1. Our business requirement is to connect 3rd party RESTful web service which requires secure connection with private client certificate attached
    2. I've tested in my Java test application and successfully attached private certificate to HttpsURLConection request to the web service and made a connection. No problem at all.
    KeyStore keyStore  = KeyStore.getInstance("PKCS12");
    InputStream inputStream = new FileInputStream("privateKeyCert.p12");
    keyStore.load(inputStream, "myPassword".toCharArray());
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, "myPassword".toCharArray());
    KeyManager[] kms = keyManagerFactory.getKeyManagers();
    SSLContext sslContext = SSLContext.getInstance("SSL");
    sslContext.init(kms, null, new SecureRandom());
    SSLSocketFactory sockFact = sslContext.getSocketFactory();
    URL url = new URL("https://www.thirdpartywebservice.com/testroot/");
    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
    conn.setSSLSocketFactory(sockFact);
    conn.setRequestMethod("POST");
    conn.setDoOutput(true);
    conn.setDoInput(true);
    conn.setUseCaches(false);
    conn.setDefaultUseCaches (false);
    conn.setRequestProperty("Content-Type", "text/xml");
    3. Next, I tried to apply my Java application to SAP EP NetWeaver, and found that I have to use SecureConnectionFactory:
    https://help.sap.com/saphelp_nw70ehp1/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm
    4. So, I modified my Java code for SAP EP:
    KeyStore keyStore  = KeyStore.getInstance("PKCS12");
    InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("privateKeyCert.p12");
    keyStore.load(inputStream, "myPassword".toCharArray());
    SecureConnectionFactory scFactory = new SecureConnectionFactory(keyStore);
    HttpURLConnection conn = scFactory.createURLConnection("https://www.thirdpartywebservice.com/testroot/");
    conn.setRequestMethod("POST");
    conn.setDoOutput(true);
    conn.setDoInput(true);
    conn.setUseCaches(false);
    conn.setDefaultUseCaches (false);
    conn.setRequestProperty("Content-Type", "text/xml");
    And I'm facing the following error message:
    Exception: java.security.UnrecoverableKeyException: ja
    va.security.GeneralSecurityException: Unable to decrypt private key: javax.crypto.BadPaddingException: Invalid PKCS#5 padding length: 253
    Could you please help me what this error message means?
    Do you think do I need to to do some other configuration to make connection to web service with client certificate?
    This is our first approach. Please help...
    Thank you in advance.

    SunJSSE implement SSL server CertificateRequest in a strict mode, if client failed to find a proper certificate corresponding the server request, it does not guess what's the proper certificate and send to the server. In your case, because there is no intermediate certificate in the client context, so there is no way to make the decision which certificate would be acceptable by server, so client does not send any cert to server. That's why you got a handshaking error.
    I guess your client key store does not contains a full certificate path from the client end-entity certificate to the root CA. Please import the full certificate path into the key store.
    BTW, these approaches should work, but I found no reason why one does not adopt #1:
    1. import the full certification path of client certificate into client key store.
    2. as a workaround, configure the server to send a list including the intermediate certificates;
    3. as a workaround, you will have to customize the client KeyManager if you don't want to or are not able to configure the server to send a list including the intermediate certificates.

  • Securing RPC services with TCP Wrappers

    Hello All,
    I have two node cluster running solaris 10. Since SVM needs few rpc services like metad,metamedd and metamhd, I dont want to disable them. But at the same time, wants to block them from outside world.
    But readme page of TCP Wrappers (http://www.sunfreeware.com/README.tcpwrappers) says "The wrappers do not work with RPC services over TCP. These services are registered as rpc/tcp in the inetd configuration file". And other internet sources says same. So my question is this valid still?. Or it is possible to filter RPC services using TCP Wrappers.
    When I tested this with following entries in /etc/hosts.allow and /etc/hosts.deny, my two nodes did not give any trouble after couple of reboots. SVM is working fine. So I wonder whether RPC services area really blocked (other than the local host) or not.
    Content of /etc/hosts.deny
    ===========================
    rpcbind: ALL : severity debug
    rpc.metad: ALL : severity debug
    rpc.metamhd: ALL : severity debug
    rpc.metamedd: ALL : severity debug
    rpc.metacld: ALL : severity debug
    Content of /etc/hosts.allow
    =======================================
    rpcbind: KNOWN : severity debug
    rpc.metad: localhost : severity debug
    rpc.metamhd: localhost : severity debug
    rpc.metamedd: localhost : severity debug
    rpc.metacld: localhost : severity debug
    Any hints/information regarding this will be really appreciated.

    Hello Mark,
    Sorry that I missed to thank you in your last post.
    If I get it right, The RPC bind program is used to maintain a table of dynamically allocated ports for RPC-based services.
    From internet, "The file /etc/rpc contains a list of network services. Typically, when a remote machine wants to connect to one of those services on your machine, it first issues a query to the rpcbind program running on your computer. It knows the name of the services it wants to connect with, but doesn't know what port number to use. Your rpcbind will respond with a port number. The remote host will then attempt a connection to the specified port."
    Also, Note that blocking rpcbind doesn't block access to the/etc/rpc services altogether. It does block access for those programs which do an rpcinfo query in order to reach those services. So other possible ways also exist to make remote connection without querying. Here lies the problem. I wanted to secure RPC services completely.
    Coming to metad, it is true that ldd will result nothing related to libwrap*. But inetadm tells different story
    inetadm -l /network/rpc/meta | grep -i wrap
    default tcp_wrappers=TRUE
    So encapsulating with tcpd should work for metad and other RPC services, I believe.
    What is your opinion on this?.

  • Integrating Hyperion Shared services with LDAP

    Hi All,
    I have a quick question regarding managing LDAP users using Shared services. I was able to create connection with LDAP using "anonymous bind" but now when I try to see the LDAP users in Shared services , it says no records. How can I see the records ?
    Please help.

    Suggest you talk to your IT people who setup that specific id. Tell them you need the Distinguished Name (DN) of that user -- usually they will have the user placed in a set of containers which may be several levels deep depending on how they organize the directory.
    If you were using Active Directory rather than LDAP you could use AD Explorer to locate the user and you can find the DN yourself. AD Explorer is available at: http://technet.microsoft.com/en-us/sysinternals/bb963907
    Regards,
    John A. Booth
    http://www.metavero.com

  • Securing BPEL services with OWSM: problem resolving schema

    Hi,
    With the introduction of SOA Suite 10131 specification of XML objects types and elements is handled in a separate XSD file which is imported in the WSDL for the BPEL process. This is fine, it prevents cluttering up the WSDL.
    The import is like this:
    <import namespace="http://xmlns.oracle.com/MyFirstBPEL" schemaLocation="MyFirstBPEL.xsd" />
    Now, when I secure this service using an OWSM gateway, OWSM is not able to generate a test page for this service. It cannot resolve the XSD that it needs for constructing the test form. The same happens when you try to generate a proxy for the Web Service.
    A solution is to put the schema file in BPEL's xmllib and change the schemaLocation of the import tag accordingly, e.g.:
    <import namespace="http://xmlns.oracle.com/MyFirstBPEL" schemaLocation="http://localhost/orabpel/xmllib/MyFirstBPEL.xsd" />
    Can anyone think of a better solution, i.e. one that does not require changing the WSDL and avoids dragging the XSD around?
    Thanks. Regards, Sjoerd

    Hi Bastiaan,
    The XSD that is generated is automatically packaged and deployed with the BPEL process. And publishing it in a place is exactly what I do by putting it in /xmllib. I am all for controlled publication of XML Schema, but I would rather choose which XML constructs to publish (e.g. for re-use).
    Thanks. Sjoerd

  • Calling a Axis2 Secure Web Service with JDeveloper 11g

    We are attempting call a Blackboard (Axis2) web service using Oracle JDeveloper 11g. We are currently unable to generate the security header required, could anyone please point me in the right direction?
    I have following the following steps highlighting my issue. What steps might I be missing? Should I have created a keystore? Should I implement this with the metro stack? Any help or suggestions to go in a different direction would be greatly appreciated.
    1. Install JDeveloper 11.1.1.5.0 (accept defaults)
    2. Open JDeveloper
    3. Create a Project by selecting File > New > Generic Project > Finish
    4. Right-click newly created project and select New
    a. Select Web Services in the Categories
    b. Select Web Service Proxy, then Next
    c. Next
    d. Select JAX-WS Style, then Next
    e. Enter http://gpstc.blackboard.com/webapps/ws/services/Context.WS?wsdl for the WSDL Document URL, then Next
    f. Next
    g. Remove “:80” from the Endpoint URL in each row, the first row should be http://gpstc.blackboard.com/webapps/ws/services/Context.WS, then Next
    h. Next
    i. I don’t see an option for WSSOAP12Binding which this webservice utilizes, so I selected “oracle/wss11_username_token_with_message_protection_client_policy”
    j. Next
    k. Finish
    5. As a test, add the following code after “// Add your code to call the desired methods.”
    GetServerVersionResponse myv = new GetServerVersionResponse();
    myv = contextWSPortType.getServerVersion(new GetServerVersion());
    System.out.println(myv.toString());
    6. Run the Project
    7. Received the following exception “Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: WSDoAllReceiver: Incoming message does not contain required Security header"
    Currently running JDeveloper 11g with Oracle WebLogic Server 11gR1
    Attempting to connect to Blackboard, Release 9.1.50119.0
    Thanks, Adam Ham

    Hi,
    Did you configure the Axis2 in Jdeveloper?
    Best Regards
    Sunny

  • Messaging services with ldap replication

    using JES2004_q2
    Every single component is working fine. Now I am trying to establish the replication with other LDAP for user data. To achieve this I deleted the current ou=People and ou=Groups under my default domain o=xyz.com. And created and initialized NewSubsuffix with the same data for ou=people and ou=Groups under the o=xyz.com on configuration>data.
    Replication is working fine with other ldap and as well the search. But messaging is not. On imsimta test come out �5.1.1 unknown or illegal alises� but I can see the user entry in search also I can see the entry msg-admin-test.xyz.com-20040824154024Z, which is required to host the domain and run the messaging services.
    Any idea why messaging is not working?

    As I indicated replication and search for user entry is working fine as we can see all attributes for entry.
    Acess logs at directory server is like that when I try to run ./imsimta test
    30/Aug/2004 12:25:00 -0500     86     113     115     RESULT err=0 tag=101 nentries=1 etime=11
    30/Aug/2004 12:25:00 -0500     86     108     110     RESULT err=0 tag=101 nentries=1 etime=14
    30/Aug/2004 12:25:00 -0500     86     114     116     SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-accesslog nsslapd-accesslog-list"
    30/Aug/2004 12:25:00 -0500     86     114     116     RESULT err=0 tag=101 nentries=1 etime=0
    30/Aug/2004 12:25:00 -0500     86     112     114     RESULT err=0 tag=101 nentries=1 etime=12
    30/Aug/2004 12:25:00 -0500     86     115     117     SRCH base="cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsslapd-maxdescriptors nsslapd-reservedescriptors"
    30/Aug/2004 12:25:00 -0500     86     115     117     RESULT err=0 tag=101 nentries=1 etime=0
    30/Aug/2004 12:25:05 -0500     88     -1     -1     fd=59 slot=59 LDAP connection from 10.0.17.254 to 10.0.17.254
    30/Aug/2004 12:25:05 -0500     88     0     1     BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=testwebmail.xyz.com, ou=fsl.org.jm, o=NetscapeRoot" method=128 version=2
    30/Aug/2004 12:25:05 -0500     88     0     1     RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=testwebmail.xyz.com,ou=fsl.org.jm,o=netscaperoot"
    30/Aug/2004 12:25:05 -0500     88     1     2     SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=testwebmail.xyz.com,ou=fsl.org.jm,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    30/Aug/2004 12:25:06 -0500     88     1     2     RESULT err=0 tag=101 nentries=31 etime=1
    30/Aug/2004 12:25:06 -0500     89     -1     -1     fd=63 slot=63 LDAP connection from 10.0.17.254 to 10.0.17.254
    30/Aug/2004 12:25:06 -0500     89     0     1     BIND dn="cn=msg-config, cn=Sun ONE Messaging Suite, cn=Server Group, cn=testwebmail.xyz.com, ou=fsl.org.jm, o=NetscapeRoot" method=128 version=2
    30/Aug/2004 12:25:06 -0500     89     0     1     RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=msg-config,cn=sun one messaging suite,cn=server group,cn=testwebmail.xyz.com,ou=fsl.org.jm,o=netscaperoot"
    30/Aug/2004 12:25:06 -0500     89     1     2     SRCH base="cn=configuration,cn=msg-config,cn=sun one messaging suite,cn=server group,cn=testwebmail.xyz.com,ou=fsl.org.jm,o=netscaperoot" scope=2 filter="(objectClass=*)" attrs=ALL
    30/Aug/2004 12:25:06 -0500     89     1     2     RESULT err=0 tag=101 nentries=31 etime=0
    30/Aug/2004 12:25:06 -0500     89     2     3     UNBIND
    30/Aug/2004 12:25:06 -0500     89     2     -1     closing - U1
    30/Aug/2004 12:25:07 -0500     89     -1     -1     closed.
    30/Aug/2004 12:25:12 -0500     88     -1     -1     closing - B1
    30/Aug/2004 12:25:12 -0500     88     -1     -1     closed.
    30/Aug/2004 12:25:23 -0500     90     -1     -1     fd=59 slot=59 LDAP connection from 10.0.17.254 to 10.0.17.254
    30/Aug/2004 12:25:23 -0500     90     0     1     BIND dn="uid=msg-admin-testwebmail.xyz.com-20040727154027Z, ou=People, o=fsl.org.jm,o=fsl.org.jm" method=128 version=3
    30/Aug/2004 12:25:23 -0500     90     0     1     RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=msg-admin-testwebmail.xyz.com-20040727154027z,ou=people,o=fsl.org.jm,o=fsl.org.jm"
    30/Aug/2004 12:25:23 -0500     90     1     2     SRCH base="o=fsl.org.jm" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=testwebmail.xyz.com)(sunPreferredDomain=testwebmail.xyz.com)))" attrs=ALL
    30/Aug/2004 12:25:23 -0500     90     1     2     RESULT err=0 tag=101 nentries=0 etime=0
    30/Aug/2004 12:25:23 -0500     90     2     3     SRCH base="o=fsl.org.jm" scope=2 filter="(&(objectClass=sunManagedOrganization)(|(associatedDomain=fsl.org.jm)(sunPreferredDomain=fsl.org.jm)))" attrs=ALL
    30/Aug/2004 12:25:23 -0500     90     2     3     RESULT err=0 tag=101 nentries=0 etime=0
    and when I try to loging via http. I can see these error on http loggong under messaging server
    [30/Aug/2004:12:31:50 -0500] testwebmail httpd[10960]: Account Notice: [10.x.x.x:2075] domain not found
    [30/Aug/2004:12:31:50 -0500] testwebmail httpd[10960]: Account Notice: badlogin: [10.x.x.x.:2075] plaintext testuser : user not found
    consumer ldap is not using messaging so we don't need to do the replication of PAB
    I know Configuration data is tricking. After deleting the ou=People and ou=Groups under o=xyz.com I can see these ou but once I created these as subsuffix under o=xyz.com I can see the entry for ou=People and Ou=Groups with all the intialized entries under Directory tab > o=xyz.com

  • Securing Web Services with Access Manager

    Hello All
    I have installed the java_app_platform_sdk-5_04-windows.exe that comes with Acces Manager 7.1.
    I want to secure a webservice, so I have created a webapplication (with netbeans 6) with a webservice inside. I have also create a web client application that calls the webservice. The providers are configured in the server and I have enabled the soap security .
    When I use anonymous authentication everything works fine, but if I used any other security method the following exception arises:
    [#|2008-04-29T09:41:07.343+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|AMServerAuthModule.validateRequest: Failed in Securing the Request.|#]
    [#|2008-04-29T09:41:07.375+0200|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|java.lang.reflect.InvocationTargetException
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
         at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
         at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
         at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
         at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
         at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
         at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
         at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
         at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
         at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
         at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
         at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
         at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
         at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
         at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
         at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
         at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
         at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
         at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
         at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
         at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
         at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
         at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
         at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
         at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
         at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
         at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
         at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
    Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
         at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
         ... 46 more
    |#]
    [#|2008-04-29T09:41:07.390+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|SEC2002: Container-auth: wss: Error validating request
    com.sun.enterprise.security.jauth.AuthException: Validating Request failed
         at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:188)
         at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
         at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
         at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
         at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
         at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
         at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
         at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
         at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
         at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
         at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
         at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
         at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
         at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
         at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
         at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
         at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
         at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
         at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
         at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
         at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
         at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
         at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
         at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
         at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
         at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
         at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
         at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
         at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
    Caused by: java.lang.reflect.InvocationTargetException
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
         ... 41 more
    Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
         at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
         ... 46 more
    |#]
    It�s says something about th security mechanism is not supported. But I don�t know why. �Any idea?
    Thank you

    Hello again,
    I am not using ssl. I am using the usernametoken or de saml-voucer mechanish and It happens in both. But with the anonymous mechanism doesnt happen.
    ...

  • Managing OSB services with source Control

    I have a number of services developed within an OSB and all the files .proxy , .biz , etc are stored in my source control system. This works perfectly fine when one team is working on one service.
    However now we are looking at branching the service to support multiple development efforts. Which means team A could be making changes to MyService.proxy and team B could be fixing bugs in the same proxy on a different branch.
    We want to periodically baseline the branches.
    I cannot see any documented approach to how we can merge these changes. Comparing the files as XML is ugly and extremely high risk. Having looked in this forum I have not much discussion on this in the past.
    I foresee multiple merge conflicts, overwritten changes and angst ahead.
    If anybody has dealt with this and has some clever approaches I would be grateful
    -Murph

    Hi Prabu,
    Thanks that is one approach to minimizing possible conflicts. The difficulty we have is that we are used to multiple teams working on multiple branches and managing merges using SCM tools and diff tools. Once you have a conflict in the OSB (specifically at a proxy level) then there is real problems.
    I am toying with the idea of locking mechanisms whcih I have not used in a while to avoid losing work with conflicts.
    Cheers
    Murph

  • OSB Service with Oracle AQ with payload type SYS.AQ$_JMS_TEXT_MESSAGE

    I am trying to write a web-service to Enqueue/Dequeue messages from an AQ with payload type SYS.AQ$_JMS_TEXT_MESSAGE defined in Oracle DB.
    In my understanding is that I need to create a JMSModule within weblogic with a ForeignServer defined within it to enqueue/dequeue message to/from the AQ.
    I have created Datasource, JMSServer, JMSModule, ForeignServer (created ConnectionFactory with localJNDIName="MyQueueCF" and RemoteJNDIName as "QueueConnectionFactory" and Destination with localJNDIName="MyQueueDest" and RemoteJNDIName="Queues/<queue_name_in_DB>")
    My business service has an endpoint "http://localhost:7001/MyQueueCF/MyQueueDest"
    When I am testing my service to populate message on to the Queue. I get the following error:
    The error was oracle.jms.AQjmsException: Error creating the db_connection
    My questions are:
    * Am I following the correct procedure to talk to AQ with JMS text message type payload?
    * If yes, how can I get around the issue I am stuck with?
    Please help!
    Thanks.
    Edited by: user4696353 on 27-Sep-2011 11:43
    Edited by: user4696353 on 27-Sep-2011 11:49
    Edited by: user4696353 on 27-Sep-2011 12:25

    Example:
    conn / as sysdba
    begin
    dbms_aqadm.create_queue_table
    ( queue_table=> 'SCOTT.AQJMS'
    , queue_payload_type=> 'SYS.AQ$_JMS_TEXT_MESSAGE'
    , compatible=> '9.1'
    end;
    This worked fine for me after a standard DB-installation.

  • Messaging services with ldap replication again

    Dear at_bajwa and fslaat ,
    My case is similar the following forum:
    http://swforum.sun.com/jive/thread.jspa?forumID=15&threadID=47877
    I folllowing but still cant successful,
    could you mind give me more detail step on MMR !!!
    Thanks
    epee

    To the original poster,
    First, determine how much downtime is acceptable and then determine what your DR plan should be.
    Trying to make a "hot" standby mailserver is a not an easy task. What I would do is just do a complete backup of the current system and load a standalone machine. Then, from that time forward, all you really need to restore are the DS data directory and the mailstore itself. When ever you do a system change, ie patches, then do another level 0 dump and restore to the backup box. If the primary box crashes, restore your latest mailstore and DS data tapes to the backup box, plug it into the network and you're up and running.
    For a fairly small mailstore, you could probably run rsync (remote filesystem sync utility) to a third machine, so you always have a fairly recent copy of the mailstore.
    Once you have that procedure in place, you now know your DR recovery time. If that is unacceptable, then the next step is probably using Sun Cluster 3.x. But now, you're talking big $$$ for a dual-hosted disk array and supported servers and network hardware.
    The time to recover and your tolerable data loss will determine how much you spend. The smaller those numbers, the more it will cost.
    One of my lessons learned, run 'mboxutil -l ' on a regular basis (at least nightly) and save it to a file. That list of folders has saved me a lot of grief over the past months. I have users who constantly misplace /rename/delete folders. It's a lot quicker than messing around with backup tapes to find out which folders did or didn't exist.
    HTH,
    Roger S.

  • Delete Session in Services (Security Optimization Services)

    Hi,
    I've been trying to delete a session from the SAP Engagement and Services Delivery > Services. Service in question is the Security Optimization Services with the status completed. The session underneath it has the status Session is closed. After selecting the first service and pressing delete  I get the message Session not deleted. If I select the session underneath it the delete button is greyed out.
    Is there any way to delete this sessions?
    Also while trying to create a new session no new line(session) is created. The service does run and the Security Optimization Services rapport gets created only there is no new line on the session list.
    Solution Manager 7.1 sp08
    Thank you.
    Greetz,
    R.

    Hello,
    Firstly you need to figure out how these services were created in the first place.
    To delete sessions you can use the report RDSMOPREDUCEDATA.
    Important:
    For step 3 in the deletion report select: "ALL SESSION TYPES"
    For step 6: make sure that the checkbox is NOT select, so that you can
    get an overview of the sessions before the deletion is processed.
    Incase the Services were created but the corresponding sessions were not created corectly you would not be able to delete the services. The safest way in this case would be to open an Message with SAP for the cleanup.
    If you are an expert in Solution Manager then you can clean up by deleting the entries directly in the tabl DSMOPSERSESSION. However this is NOT an recommended way of doing it.
    If the report does not help then open an message with SAP. Safe and Sure way of getting rid of the sessions.
    Regards
    Amit

  • OSB service on OEG

    Hi All,
    I am trying to integrate/register an OSB service to an OEG.
    I am going through the oracle documentation,
    http://www.oracle.com/technetwork/articles/soa/oeg-owsm-1562313.html
    Under this section -Registering a Web Service on Oracle Enterprise Gateway
    I am unable to see the 'Web Services Respository' under 'Policies' in the left hand panel. All I can see is the below two options i) Policy Library ii) Samples Policies.
    How to get this 'Web Services Repository' option. Is Oracle Service registry product required to be installed to get this otpion.
    Please suggest, I am unable to register a OSB service with OEG. Am I missing something.
    Thanks

    Thanks.
    For requirement to "send log message by calling logger web service(*)" what you should do is to create a "Logging policy" which does the following:
    - Store the current message content using the "Conversion" > "Store message"
    - Create your Web service call #################################### how could I create web service call (may I know which filter ? How to config my SOAP request message for this call? Should I use "Set Message" filter" ?) ###############################
    - Route to the logging web service using the "Routing" > "Connect to URL" filter
    - At this point the current message is the response from the web service so you need to restore the original message by called the filter "Conversion" > "Restore Message"
    You then delegate to the "Logging Policy" after you decrypt and after you route to OSB

  • Secure Web Services

    How can secure web services with SUN Access Manager or Jcaps? exist others forms?

    Error message says it all. Some security information is expected in the header of the request. Check out the web service documentation to get the details.

Maybe you are looking for

  • MBP 2012 - frozen screen with lines & beeps

    Hello all, A couple of days ago, my 2012 MBP froze and I simply restarted it with no problem. I double-checked with Onyx that said my volume needed repairs; I ran Command + Recovery's DIsk Utility but when I booted back up, Onyx still said that my vo

  • Create LifeRay portlet in JDeveloper 11g

    Hi... I want to create LifeRay JSF portlets using JDeveloper 11g is there any plugin or any tutorial which guides in this process? Thanks Feras

  • DBUA editing tnsnames.ora file

    SR 7030507.994 http://qmon.oraclecorp.com/qmon3/quickpicks.pl?t=t&q=7030507.994 Hi all, Customer has set local_listener = '(ADDRESS = (PROTO =TCP)(HOST=themis)(PORT=1532))' . Then he used DBUA to upgrade from 10.2.0.3 to 10.2.0.4. Post upgrade, he no

  • PS: Need a Switch to Include OUs in Get-Mailbox String

    Hello-- I'm using this string in Exchange 2010 (Powershell) to export our mailbox details. The command string works great and is exactly what I need, except, I want to include the OU that the mailbox is in in the outputted file. Here is the string I'

  • Can someone please tell me how I can crop a picture to put as wallpaper on my iPhone 4?

    I have the iPhone 4 and when I want to put a picture as my wallpaper it makes it really big, how can you fix that? Can someone please help?