Transport Authentication (webservice security)

HI,
I want to provide security for my webservices.so
I have choosed Transport Authentication. and i succeded but even i set the usename and passwords in the visualadministrator>webservicesecurityservice>select webservice clientproxy-->Transportsecurity and set the authentication to Basic and enter the user name and password.
my webservice is valid only for username:admin and password:admin.(i have entered different username and pwd at above step)
even i set the username and password in visualstudio i cannot use that username and password while running the webservice, whenever i give the username:admin and password:admin it is valid .
how to set the new username and password.can anybody help me about this transport authentication
Thanks and Regards
Srinivas

HI,
I want to provide security for my webservices.so
I have choosed Transport Authentication. and i succeded but even i set the usename and passwords in the visualadministrator>webservicesecurityservice>select webservice clientproxy-->Transportsecurity and set the authentication to Basic and enter the user name and password.
my webservice is valid only for username:admin and password:admin.(i have entered different username and pwd at above step)
even i set the username and password in visualstudio i cannot use that username and password while running the webservice, whenever i give the username:admin and password:admin it is valid .
how to set the new username and password.can anybody help me about this transport authentication
Thanks and Regards
Srinivas

Similar Messages

  • Web Service authentication by security role

    I define an web service with authentication by security role.
    I access web service via web dynpro model in EP7.
    It appear below error:
    <b>Exception on execution of web service with WSDL URL 'http://XXX:50000/XXX/Config1?wsdl ' with operation 'XXXXXXXX' in interface 'XXXVi_Document'</b>
    how should i do to solve this problem ?

    Hi WU,
                Use this code with ur webservice & check the error in log file.May be we will get some more info abt this.
    This code will be in execute method
    Request_XXX reqData = new Request_XXXdbModel);
    reqData.wdSetInvocationLogEnabled(true);
    in the catch block give this
    logger.traceThrowableT(
         Severity.ERROR,
         wdComponentAPI.getApplication().getDeployableObjectPart().getName(),
         ex);
         //if (logger.beDebug()) {
         logger.fatalT(requestModel.wdGetRequestLog());
         logger.fatalT(requestModel.wdGetResponseLog());
         logger.fatalT(requestModel.associatedModelClassInfo().getModelInfo().toString());
         logger.fatalT(requestModel.toString());
    request model is ue model & ex is the exception in catch block.
    execute the application after this change & check the server log.In case u r not able to find out the problem,send the stach trace.
    regards
    Sumit

  • Simple Authentication and Security Layer

    Hi All,
    What is Simple Authentication and Security Layer (SASL)?? and what it's function in Oracle Beehive??
    Thanks,
    Dha_Suh

    wikipedia :
    Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. Authentication mechanisms can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 is an example of mechanisms which can provide a data security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.
    SASL was originally specified in RFC 2222, authored by John Gardiner Myers while at Carnegie Mellon University. That document was obsoleted by RFC 4422, edited by Alexey Melnikov and Kurt Zeilenga.
    SASL is an IETF Standard Track protocol, presently a Proposed Standard.

  • BPEL to invoke a webservice secured by BASIC auth

    Hi
    I have been trying to write a simple BPEL process to invoke a remote webservice secured by basic authentication. I was able to build the BPEL process and then the composite application that I deployed successfully to glassfish, all within NetBeans IDE. As per the wiki notes: http://wiki.open-esb.java.net/Wiki.jsp?page=HTTPBasicAuthentication, I also added the Policy element to the wsdl for the service that I am trying to invoke as follows:
    <wsdl:service name="PMSDatabase">
            <wsdl:port name="PMSDatabaseSOAP11port_http" binding="ns2:PMSDatabaseSOAP11Binding">
                <soap:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
            </wsdl:port>
            <wsdl:port name="PMSDatabaseSOAP12port_http" binding="ns2:PMSDatabaseSOAP12Binding">
                <soap12:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
            </wsdl:port>
            <wsdl:port name="PMSDatabaseHttpport" binding="ns2:PMSDatabaseHttpBinding">
                <http:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
                <wsp:PolicyReference URI="#HttpBasicAuthBindingBindingPolicy"/>
            </wsdl:port>
        </wsdl:service>
        <wsp:Policy wsu:Id="HttpBasicAuthBindingBindingRealmPolicy">
            <mysp:MustSupportBasicAuthentication on="true">
                <mysp:BasicAuthenticationDetail>
                   <mysp:WssTokenCompare/>
                </mysp:BasicAuthenticationDetail>
            </mysp:MustSupportBasicAuthentication>
            <mysp:UsernameToken mysp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
               <wsp:Policy>
                    <sp:WssUsernameToken10>mcs_user</sp:WssUsernameToken10>
                    <sp:WssPassword>${pass_token}</sp:WssPassword>
               </wsp:Policy>
          </mysp:UsernameToken>
        </wsp:Policy>When i try to run a testcase, the BPEL process fails during the invoke activity and I get the following error in the output:
    <detailText>BPCOR-6135:A fault was not handled in the process scope; Fault Name is {http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling}systemFault; Fault Data is &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;&lt;jbi:message xmlns:sxeh=&quot;http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling&quot; type=&quot;sxeh:faultMessage&quot; version=&quot;1.0&quot; xmlns:jbi=&quot;http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper&quot;&gt;&lt;jbi:part&gt;HTTPBC-E00753: HTTP POST request failed, portType {http://service.messagecentre.dha.gov.au}PMSDatabaseHttpport
        URL: http://namadgi:9999/MessageCentre/services/PMSDatabase/deletePMSVoidPeriod
        QUERY:
        PATH_INFO:
        Exception detail: request requires HTTP authentication: User mcs_user not found in directory.&lt;/jbi:part&gt;&lt;/jbi:message&gt;. Sending errors for the pending requests in the process scope before terminating the process instance
       Caused by: BPCOR-6131:An Error status was received while doing an invoke (partnerLink=PartnerLink1, portType={http://service.messagecentre.dha.gov.au}PMSDatabasePortType, operation=deletePMSVoidPeriod)
    BPCOR-6129:Line Number is 48
    BPCOR-6130:Activity Name is Invoke1
       Caused by: HTTPBC-E00753: HTTP POST request failed, portType {http://service.messagecentre.dha.gov.au}PMSDatabaseHttpport
        URL: http://namadgi:9999/MessageCentre/services/PMSDatabase/deletePMSVoidPeriod
        QUERY:
        PATH_INFO:
        Exception detail: request requires HTTP authentication: User mcs_user not found in directory.
       Caused by: request requires HTTP authentication: User mcs_user not found in directory.</detailText>Where else do i need to configure the BASIC auth details to get this to work?

    Please post your request to [email protected] for quick response.
    Error states "mcs_user" is invalid user. Please make sure that the user is valid.

  • Authentication or Security Checks for ABAP programs

    Dear experts,
         Please tell me where do we give the authentication or security checks to our ABAP programs and how do we do that. ( Do not allow all to execute our developed programs).
    Regards,
    Maanasa

    If you know the authorization group u can use the following ways.
    1. In the Attributes u can specify the authorization gourp name
    2. AT SELECTION-SCREEN
    AUTHORITY-CHECK OBJECT 'Z_TABU_DIS'
                ID 'ACTVT' FIELD '03'
               ID 'CUSTTYPE' FIELD v_class
                ID 'TABLENAME' FIELD p_dbtble.
      CASE SY-SUBRC.
       WHEN 0.
        WHEN OTHERS.
    Error message
         message I419(MO).
         STOP.
      ENDCASE.

  • Oracle Identity Server Authenticator as Security Provider for Weblogic 10.3

    Hi,
    I am getting the following exception on weblogic server 10.1.3 console when accessing users and groups in security realm. This can be reproduced using the following steps.
    1. I have installed Oracle Identity Management 10.1.4 (Oracle SSO). I have installed Oracle SSO using the default port options. I tested accessing the Internet directory using orcladmin user and it is working with out any problems.
    2. Installed Oracle weblogic Server 10.1.3 and then installed ADF runtime. I verified the installation by accessing the admin server console and did not find any issues.
    3. Opened the Admin Console and then accessed the Security Realms and then selected myrealm. Then selected Providers and added Oracle Internet directory Authentication provider.
    4. configured the provider specific parameters like the host name and port number (389).
    Now when I select user and groups tab I am getting the following exception on weblogic adminserver command prompt console.
    Am I missing any steps in configuring Oracle Internet directory authenitcaiton provider for weblogic 10.3.1
    <Oct 13, 2009 8:33:21 PM EDT> <Error> <Console> <BEA-240003> <Console encountere
    d the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
    at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3224)
    at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2248)
    at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
    at weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticatorMBeanImpl.listUsers(OracleInternetDirectoryAuthenticatorMBeanImpl.java:221)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
    at java.security.AccessController.doPrivileged(Native Method)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
    at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
    at java.security.AccessController.doPrivileged(Native Method)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
    at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:314)
    at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
    at java.security.AccessController.doPrivileged(Native Method)
    at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
    at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
    at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
    at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
    at javax.management.remote.rmi.RMIConnectionImpl_1031_WLStub.invoke(Unknown Source)
    at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978)
    at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
    at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
    at $Proxy106.listUsers(Unknown Source)
    at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
    at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
    at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:83)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
    at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
    at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:262)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
    at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
    at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
    at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
    at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
    at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
    at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
    at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
    at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
    at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
    at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
    at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
    at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
    at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
    at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
    at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
    at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
    at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
    at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: java.lang.reflect.InvocationTargetException
    at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3890)
    at weblogic.security.utils.Pool.newInstance(Pool.java:37)
         at weblogic.security.utils.Pool.getInstance(Pool.java:33)
    at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3219)
    ... 119 more
    Caused by: netscape.ldap.LDAPException: error result (49)
    at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
    at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
    at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
    at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
    at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
    at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3860)
    ... 122 more
    Thanks and Regards,
    S R Prasad

    The problem has been resolved after providing OID admin user creadential with cn=orcladmin instead of orcladmin. The Security:090294 is related to OID credentials.
    Regards,
    S R Prasad

  • Webservices security and authentication..?

    Hi Guys,
    Thanks for the previous help. Can anyone suggest a solution/mechanism to
    enforce security and authentication for published webservices?
    I have situation where an external system (of Business Partner) would
    like to request-services of webservices deployed via SOAP XML messaging.
    How could i authenticate the system requesting the service is our
    business partner system?
    Any suggestions welcome,
    thanks\
    RA

    You have two choices:
    1. Use HTTP simple ( password based ) authentication. This is
    usually called transportation level authentication.
    2. Use SOAP signature and time stamp (X509 Certificate based) authentication.
    This is called content level authentication.
    In both case, you need modify the SOAP client to put in authentication information
    and add interceptor in server side to do actually authentication before SOAP router
    actually dispatch the calls to the service.
    Heyun Zheng
    Ramesh Ankam <[email protected]> wrote:
    Hi Guys,
    Thanks for the previous help. Can anyone suggest a solution/mechanism
    to
    enforce security and authentication for published webservices?
    I have situation where an external system (of Business Partner) would
    like to request-services of webservices deployed via SOAP XML messaging.
    How could i authenticate the system requesting the service is our
    business partner system?
    Any suggestions welcome,
    thanks\
    RA

  • BPEL to invoke Webservice secured with HTTP Basic authentication

    Hi All,
    Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
    1) Created Target Synchronous process ex : B
    2) Created Source Syncronous Process ex : A
    Iam trying to call B(Target) from A(source).
    3) Open Composite.xml of A(Source)
    4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
    5) Under Security tab attach oracle/wss_username_token_client_policy
    6) Login to em/console
    7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
    8) Enter username and password under HTTP Basic Authentication.
    9)Test from em.console(when we are testing under security tab I have checked None radio button)
    So this is the Error message which is throwing.
    ==================================
    The selected operation process could not be invoked.
    An exception occured while invoking the webservice operation. Please see logs for more details.
    oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
    java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
    =======================================
    Please let me know if Iam missing any steps.
    Thanks
    SSV

    Followed this post.......
    This is avery good question
    in 11g i have taken out the steps from my document which i created for one our customer
    go to composite
    Right click on the external reference service and select “Configure WS policies” :done
    Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
    6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
    7. Include the “oracle.webservices.auth.username--> :done
    value-->password :done
    8. Include the “oracle.webservices.auth.password”-->name :done
    value-->password :done
    Thanks
    SSV

  • Webservice + secured jms (Web Service over the JMS trans).

    Apologize since this post is in the webservice forum as well but since it is related to jms as well i put it here as well.
    I have a web service that is using JMS (@WLJmsTransport Web Service over the JMS transport)
    and everything seems to be ok BUt i do not know how to use this if the JMS is secured .
    By Adding security on JMS queue what other things i need to do in order for the webservice to access the queue ?
    (where i specify the credentials ?)
    @WebService(serviceName = "ASyncService", targetNamespace = "http://axyz.org/notification/v1", endpointInterface = "
    axyz.notification.ASyncPort")
    @WLJmsTransport(contextPath = "notify", serviceUri = "async_event", portName = "ASyncServicePort", queue = "events", connectionFactory = "cnfct_receiver")
    Thank you !

    The annotation you gave is for accessing the webservice but in this case it seems the webservice has to access a secured jms
    However having your response lead me to @RunAs which solved my problem.
    Very hard to find this information.
    Thank you very much for your answer !
    Nice blog as well !
    Edited by: user630775 on Jan 28, 2010 2:02 AM

  • REST Webservices security

    I am trying to set up the REST Webservices module, but I seem to be running into issues with security and authentication. I can get sessions from the client side properly, but I cannot call any methods on components.
    */atg/rest/security/restSecurityConfiguration.xml*
    <programlisting>
      <rest-security>
        <default-acl value="EVERYONE:read,write,execute"/>
          <resource component="/path/to/component/TestComponent" secure="false" requiresSessionConfirmation="false">
            <method name="getTestComponentName" secure="false">
              <acl value="EVERYONE:read,write,execute" />
            </method>
          </resource>
      </rest-security>
    </programlisting>
    TestComponent.java
    public class TestComponent {
      public String getTestComponentName() {
        return this.getClass().getCanonicalName();
    }I have turned on the DEBUG level logging in ACC for the RestSecurityProcessor and this is what I see in my logs when I try to access my TestComponent (which is just testing to see if I have access to methods):
    INFO  [RestSecurityProcessor] DEBUG Received POST request for
    INFO  [RestSecurityProcessor] DEBUG Resource container is valid component. Returning true.
    INFO  [RestSecurityProcessor] DEBUG handlePostRequest: Handling component /path/to/component/TestComponent
    INFO  [RestSecurityProcessor] DEBUG getParentSecurityConfiguration: Looking for wild card ComponentSecurityConfiguration for component /path/to/component/TestComponent
    INFO  [RestSecurityProcessor] DEBUG getParentSecurityConfiguration: Looking for default ComponentSecurityConfiguration
    INFO  [RestSecurityProcessor] DEBUG handlePostRequest: Can't find ComponentSecurityConfiguration for component /path/to/component/TestComponent
    ERROR [RestSecurityServlet] Error code: 401
    Access to the requested resource is not allowed: /path/to/component/TestComponent
    atg.rest.RestException: Access to the requested resource is not allowed: /path/to/component/TestComponent
         at atg.rest.processor.RestSecurityProcessor.handlePostRequest(RestSecurityProcessor.java:315)
         at atg.rest.processor.RestSecurityProcessor.doRESTPost(RestSecurityProcessor.java:208)
         at atg.rest.servlet.RestPipelineServlet.serviceRESTRequest(RestPipelineServlet.java:406)
    *snip*Edited by: Gommy on Apr 8, 2013 6:19 AM - Fix typo in package path

    After finding a default restSecurityConfiguration.xml inside of REST/config.jar:/atg/rest/security/, I located a .dtd ( http://www.atg.com/dtds/rest/restSecurity_1.0.dtd ) to figure out what exactly ATG was expecting for a configuration.
    1. Turns out the <programlisting> tag isn't expected (error in the documentation for our version of ATG, apparently), <rest-security> is the top-level element for this configuration file. This was causing the file to not be parsed at all.
    2. requiresSessionConfirmation does not exist on the resource element.
    The TestComponent and its properties were correct. Just the restSecurityConfiguration.xml was incorrect due to very poor documentation, no full example to see what a correct file should look like, and lack of obvious schemas (i.e., no schemas or links to schemas are provided in any documentation) to validate against.

  • Webservice Security API available?

    Hi all,
    I have to call a set of Webservices which use WS Security (XML Signatures). I know that this is supported via deployable Proxies along with serverside configuration profiles (handled by Visual Administrator). This way i can configure static profiles for my Webservice Proxies. So far, so good.
    But i have to use diferent X.509 Certificates for my Webservice Documents depending on different customers the application works for.
    Is there an API to get and manipulate the wss config at runtime for a single proxy? E.g. change the signature file or change the associated profile to another profile?
    Can anybody help me?
    Regards
    Michael

    do shell script "sudo mdutil -i on /" with administrator privileges
    Never, ever, ever use 'sudo' within 'do shell script'.
    At one level, sudo expects to prompt the user for authentication. You can't do that within 'do shell script'.
    If you need elevated privileges that's what '... with administrator privileges' is for.
    All of your commands should work if you remove the 'sudo'.

  • Webservice security

    Hi All
       I want to provide the security for my webservice which is in WAS.In this process
    i am using username/password authentication  to authenticat the user to access the webservice.
        But the issue is that the authentication is admin/admin  by default.I want to change the default authentication for the webservice.I am trying to do in the Visual
    administrator to give the new authentication parameters.But it is not working.
    can any body help me regarding this issue
    Thanks and Regards
    Satyam

    Here are some resources:
    Oracle9iAS Documentation Library
    http://download-west.oracle.com/docs/cd/A97688_09/index.htm
    In particular, you might try:
    Services Guide
    http://download.oracle.com/docs/cd/A97688_09/generic.903/a97690/toc.htm
    JAAS Provider API Reference
    http://download.oracle.com/docs/cd/A97688_09/generic.903/q20221/index.html
    Also OTN's Web Services Center
    http://otn.oracle.com/tech/webservices/
    Tutorial: Security for Web Services
    http://otn.oracle.com/sample_code/tutorials/wspki/toc.htm
    And, although they cover 9.0.2, these docs might help:
    Oracle9i Application Server Security Guide
    http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/core.902/a90146/toc.htm

  • Webservice - security error

    Hi All,
    We are receiving the security error provided below while invokingthe LegalReportingUnitService -http://Host:Port/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL using HTTP Analyzer (Jdeveloper) or SOAP UI.
    Also we find that the web service is having OWSM Policies - Directly Attached Policy - oracle/wss11_saml_or_username_token_with_message_protection_service_policy
    Please let us know what information has to be provided apart from username/password credentials to this webservice.
    a. Error message while invoking the web service using ext port & SSL url :
    https://xxxx-fin-ext.example.com:xxxxx/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL
    Error Message: 401 Unauthorized.
    Log details:
    Response Header-----------------=_Part_9_498083750.1342417354448
    Content-Type: application/xop+xml;charset=UTF-8;type="text/xml"
    Content-Transfer-Encoding: 8bit
    Content-ID: <a1759cc915eb4db6ab48a1b97d3f1386>
    <?xml version="1.0" encoding="UTF-8" ?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/types/" xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"><env:Header><ns1:Security><ns1:UsernameToken><ns1:Username>Fusion</ns1:Username><ns1:Password>welcome</ns1:Password></ns1:UsernameToken></ns1:Security></env:Header><env:Body><ns2:createLegalReportingUnit><ns2:legalReportingUnit xmlns:ns2="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/types/"><ns3:PartyId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000002842377</ns3:PartyId><ns3:LegalEntityId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000002842369</ns3:LegalEntityId><ns3:GeographyId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000000225396</ns3:GeographyId><ns3:Name xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">Test123</ns3:Name><ns3:MainEstablishmentFlag xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">Y</ns3:MainEstablishmentFlag><ns3:MainEffectiveFrom xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2011-07-03+05:30</ns3:MainEffectiveFrom><ns3:MainEffectiveTo xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:MainEffectiveTo><ns3:EffectiveFrom xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:EffectiveFrom><ns3:EffectiveTo xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:EffectiveTo><ns3:ObjectVersionNumber xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">1</ns3:ObjectVersionNumber><ns3:ActivityCode xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/><ns3:SubActivityCode xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/><ns3:TypeOfCompany xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/></ns2:legalReportingUnit></ns2:createLegalReportingUnit></env:Body></env:Envelope>
    ------=_Part_9_498083750.1342417354448—
    b. Error message while invoking this web service using int port –
    http://xxx-fin-int.example.com:xxxx/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL
    Error Message: 500 Internal Server error.
    Log details:
    Response Header: ------=_Part_8_481967515.1342415673437
    Content-Type: application/xop+xml;charset=UTF-8;type="text/xml"
    Content-Transfer-Encoding: 8bit
    Content-ID: <f4ef59739fc64cacb9829403d3a171d5>
    <?xml version="1.0" encoding="UTF-8" ?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:ns0="http://schemas.oracle.com/owsm/policy-enforcement-2007-06"><faultcode>ns0:GenericFault</faultcode><faultstring>GenericFault : generic error</faultstring><faultactor></faultactor></env:Fault></env:Body></env:Envelope>
    ------=_Part_8_481967515.1342415673437—
    Regards,
    Ramesh

    Hi, I am using Weblogic Oracle 12c and standalone server no clusters. I have a webservice configured which is working from the Weblogic, using DemoTrust.jks I just downloaded the SOAP-UI and having issues with this, I set up the aut Tab to use Global HTTP Settings for the authorization type and added a keystore which is pointing to the DemoTrust.jks.
    When I run a test, I receive this error
    Tue Jul 31 09:40:38 PDT 2012:DEBUG:<< "<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurity</faultcode><faultstring>Error on verifying message against security policy Error code:1000</faultstring></env:Fault></env:Body></env:Envelope>"
    You wouldn't know what this is about, from what I am reading it seems I need to pass a policy to the server from the client but unsure what to configure.
    If you have any insight I would appreciate it.

  • Webservices Security in SOAP Receiver Adapter

    Hi All,
    I am configuring web services security settings in my File To Webservice scenario.
    The scneario is:
    File -
    asynch--XISynch-Webservice(X.509)
    The webservice is using X.509 certificates for security.
    I have configured SOAP receiver channel with webservices secuirty settings and same with Receiver agreement.
    But when I run this scenario in the SOAP Receiver channel monitoring I get below error.
    Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: ApplyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: apply( Message, CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: ProcessException in Method: run(). Key: 0700; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: ProcessException in Method: run(). Key: 0700. To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: ProcessException in Method: run(). Key: 0700; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: ProcessException in Method: run(). Key: 0700.
    Does anybody have idea about this error?
    Please help me to resolve this.
    Thanks,
    Shweta.

    Hi,
    I am doubtful if after add ing all the security realted settings you could be able to test it via RWB monitoring.
    Its better to test this kind of scenario with either real time application where all security certificates and settings will on right place.
    Thanks
    Swarup

  • SOAP Webservice Security Issue

    Hello,
    I was able to implement a SOAP Client at my local machine successfully.
    When i upload the SOAP client to server and run, i got the following error message.
    Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message.
    at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
    at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
    at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
    at $Proxy29.getGLClassRates(Unknown Source)
    at proxy.TestProxy.main(TestProxy.java:32)
    I checked authentication credentials but there is no problem with that.
    Its HTTPS service and when i create client at local machine it asked me to accept certificate.
    I have cerated SOAP client using JAVA6, Apache Tomcat6.0.16 and METRO 1.4 library. Server has Apache Tomcat/6.0.26.
    Please help me.
    Thanks.

    I was trying to find out the cause of this error and i find out that if i use METRO library it runs successfully but when i use JAX-WS 2.1 i got the same error on local machine also.
    I have also uploaded METRO library to server under WEB-INF/lib folder.
    Any Idea? how to solve this error?
    Thanks

Maybe you are looking for

  • Importing a project from Sony Vegas

    I'm trying to import a project that was initially edited in Sony Vegas to do audio and color correction in Final Cut. Apart from rendering the project out to an HDV tape, and re-importing it into Final Cut through Log and Capture, what is the best me

  • Calendar app showing wrong date for iCal feed.

    Has anyone else noticed that when an iCal feed publishes an event that is after 0000Z, but still on the previous date in local time, it's added to the calendar on the wrong day? Example:  Your phone is being used in Chicago (CST).  An ical feed you s

  • Numeric or Value Error (Very Urgent)

    Greetings, I have a PL/SQl block where I hava a select into statement. The database column is a char(1) and the PL/SQL variable is a varchar2(2). Will this throw the Numeric or Value Error ??? .. Please post Ur suggesions Thanx Badhri ...

  • Can't repair disk after upgrade to 10.7.4

    After upgrade to 10.7.4 my MacBook Pro booting properly. But If I try check of disk by disk utility, then this finished by error message (disk need repair). When I boot to repair partion and use disk utility, everything looks OK. But when I booting b

  • How to determine the generation

    I have my serial number from older iPod Touch but I cannot seem to find out what generation it is.  I want to see if it's possilbe to get IOS5 but all it says when I try to update is that 2.2.1 is the latest version.