WS-Security Headers

I am having a problem making a webservice call through a partnerlink with the wsse security headers in the webservice call.
BPEL server is receiving a SOAP webservice call with ws-security headers. I want to call a partner link, external webservice, with the same ws-security headers that I received from the client. BPEL is just being the middleman in this situation, receiving a webservice call and then making a webservice call with the same ws-security headers. I am having no success, can someone please help me?

I am having a problem making a webservice call through a partnerlink with the wsse security headers in the webservice call.
BPEL server is receiving a SOAP webservice call with ws-security headers. I want to call a partner link, external webservice, with the same ws-security headers that I received from the client. BPEL is just being the middleman in this situation, receiving a webservice call and then making a webservice call with the same ws-security headers. I am having no success, can someone please help me?

Similar Messages

  • How to insert security headers thru BPEL Process

    I am new to BPEL process creation and stuff, but I need to complete a task in which I need
    1.Create a BPEL process which accepts Username and password and set it into the soap request header as follows;
    <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
    ty-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-24438666"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
    y-utility-1.0.xsd">
    <wsse:Username>Username </wsse:Username>
    <wsse:Password
    Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
    -profile-1.0#PasswordDigest">password </wsse:Password>
    <wsse:Nonce>syVMUbFNvaQAfQaDpVDolA==</wsse:Nonce>
    <wsu:Created>2009-03-25T22:55:51Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>
    Can you please let me know what all steps I need follow in order to introduce the soap:header with wsse :security header settings. I am using 10.1.2.
    I tried to do it by importing a schema wsse.xsd into my WSDL file. and in bpel.xml I set the properties as follows,
    <property name="wsdlLocation">AccruentService.wsdl</property>
    <property name="wsseUsername">username</property>
    <property name="wssePassword">password</property>
    <property name="wsseHeaders">credentials</property>
    but does not put in the required header.
    I dont know if I need to do anything else, Please help.

    Hi,
    Thanks for the quick reply.
    I tried doing he same as mentioned in the link that u provided, but I got struck at this;
    I did not understand why we are doing this;
    <bpelx:insertAfter>
    <bpelx:from variable="pswd" query="/wsse:Password"/>
    <bpelx:to variable="userNameToken" query="/wsse:UsernameToken/wsse:Username"/>
    </bpelx:insertAfter>
    <bpelx:append>
    <bpelx:from variable="userNameToken" query="/wsse:UsernameToken"/>
    <bpelx:to variable="securityContext" query="/wsse:Security"/>
    </bpelx:append>
    after doing this and deploying, my request when tested thru SOAPUI looks like this with not security headers
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:add="http://schemas.xmlsoap.org/ws/2003/03/addressing" xmlns:acc="http://www.accruent.com/">
    <soapenv:Header>
    <add:MessageID>?</add:MessageID>
    <add:ReplyTo>
    <add:Address>?</add:Address>
    <!--Optional:-->
    <add:ReferenceProperties>
    <!--You may enter ANY elements at this point-->
    </add:ReferenceProperties>
    <!--Optional:-->
    <add:PortType>?</add:PortType>
    <!--Optional:-->
    <add:ServiceName PortName="?">?</add:ServiceName>
    <!--You may enter ANY elements at this point-->
    </add:ReplyTo>
    </soapenv:Header>
    <soapenv:Body>
    ....I just removed so that it is short
    </soapenv:Body>
    </soapenv:Envelope>
    the service which I am invoking should

  • Business service with ws security (missing security headers)

    Hello,
    I have business service for which I applied ws - security (I want customer to sign response. Response should be validated by osb). I applied policy. Everything works as expected.
    My problem is that I would like to save message sent by customer (together with headers which contain signature). However headers related to security are not present in
    $header variable in response pipeline. When I disable ws-security then headers related to security are visible in reponse pipeline. So it seems that security headers are removed
    when ws-security in enabled. Can I somehow access all headers in response pipeline to be able to save them?

    I wasn't clear?
    This is a big dev problem for a major Sun client.
    No one knows or wants to answer?

  • Process security headers without removing them

    Does anyone know whether it is possible to have OSB process security headers without removing the headers from the message?
    I would like to be able to validate the signature and grab the principal from the certificate in order to determine whether the request should be allowed to continue on. However, the signature cannot be removed from the message because the business service requires requests to be signed (and the requests must be signed by the original requester, not an intermediary).
    See Process security headers without removing them also
    Helmar

    I don't know a way of doing this with OSB, I mean having the bus do it for you. It's either process all security headers or none. If the service bus is acting as a pass-through, not processing the headers, you could read them yourself inside the proxy pipeline. But you would have to implement the decryption yourself, this won't be done by the bus. You could do this with a java callout, but I imagine it won't be trivial task.
    I'd think this is pretty standard. The headers normally are intended for a service (maybe going through various intermediaries), hence the actor property of the headers, and that service should remove them after processing them. But I'm not familiar with Oracle's ESB to know if this is possible with it.

  • Processing WS-Security headers within a web service

    Hello,
    I have created a service with WS-Security (from a WSDL using jdeveloper) and deployed it on OC4J. Within the service implementation, I need to get some information from soap security header, that is, my service needs to process some security headers. However, in my service implementation, I only have access to information contained inside the SOAP message body (parameters methods).
    Could anybody be so kind as to tell me how can I process WS-Security headers inside a web service implementation, please?
    Thank you very much in advance.

    You can refer this article
    web services security in weblogic

  • Sending WSSE security headers to non-weblogic web service

    I have been trying to send wsse headers to a non-weblogic web service. I am looking for a way to do this using the control file I generated from the wsdl or the page flow where I implement the control, or the message handler file. I have username and password parameters but I cannot get this to function.
    Here is the signature I need:
    <?xml version="1.0" encoding="UTF-8" ?>
    - <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    - <env:Header>
    - <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    - <wsse:UsernameToken wsu:Id="Id-dFQDZm_34ewPYtaARIJ_4BfI" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>weblogic</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </env:Header>
    - <env:Body>
    <n1:hello xmlns:n1="http://workshop.bea.com/WebServiceB" />
    </env:Body>
    </env:Envelope>
    Of course the Body is different, but this is the security signature that I need to get into the header. After looking at all the examples, I only see the option of using a java proxy class to call the web service, which would be a little difficult to use as my whole page flow application so far is calling the web service from a generated control. There are also lots of coplex datatypes that are being sent to the web service so a jave proxy would be a little difficult. I have tried to take the code from the java proxy class example and put it in my handler class, but the handler seems to only use MessageContext, not WebServiceContext and will not let me add the username password tokens. When I have tried to case a WebServiceContext out of a MessageContext, it gives me a runtime error "Class Cast Exception" even though workshop lets me do it.
    This is extremely urgent. Please help me! I am using the sample handler class called MessageHandler.java and the sample WSSE java proxy class called WebServiceBClient.java that generated the above signature.

    More information:
    Here is the first part of my Java Control where I am calling the web service and the message handler:
    package controls;
    * @jc:location http-url="http://localhost:7001/Checking.jws"
    * @jc:wsdl file="#CheckingWsdl"
    * @jc:handler callback="MessageHandler" operation="MessageHandler"
    public interface CheckingService extends com.bea.control.ControlExtension, com.bea.control.ServiceControl
    public static class CustomerInfo
    implements java.io.Serializable
    public java.lang.String FirstName;
    public java.lang.String LastName;
    public java.lang.String MiddleName;
    public int SSN;
    public int CustomerNumber;
    public java.util.Calendar CreationDate;
    public java.util.Calendar LastModifiedDate;
    public static class FundingInfo
    implements java.io.Serializable
    public float Amount;
    public java.util.Calendar CurrentDate;
    public int AccountNumber;
    public static class anyType
    implements java.io.Serializable
    public com.bea.xml.XmlObject[] t;
    public static class AccountInfo
    implements java.io.Serializable
    public int AccountNumber;
    public float Balance;
    public int CustomerNumber;
    public java.util.Calendar LastModifiedDate;
    * @jc:protocol form-post="false" form-get="false"
    public AccountInfo CreateAccountChecking (CustomerInfo CustomerInfo, FundingInfo FundingInfo, anyType CommonHeader);
    static final long serialVersionUID = 1L;
    Here is the section of the MessageHandler class where I am attempting to add security token to the header:
    protected void addSecurityHeader (MessageContext mc)
    * Registers a handler for the SOAP message traffic.
    HandlerRegistry registry = mc.getHandlerRegistry();
    List list = new ArrayList();
    list.add(new HandlerInfo(WSSEClientHandler.class, null, null));
    registry.setHandlerChain(new QName("hello"), list);
    try
    WebServiceContext context = (WebServiceContext)WebServiceContext.currentContext().getLastMessageContext();
    //(WebServiceContext)mc;
    WebServiceSession session = context.getSession();
    * Set the username and password token for SOAP message sent from the client, through
    * the proxy, to the web service.
    UserInfo ui = new UserInfo("weblogic", "weblogic");
    session.setAttribute(WSSEClientHandler.REQUEST_USERINFO, ui);
    //mc.setProperty(WSSEClientHandler.REQUEST_USERINFO, ui);
    * Adds the username / password token to the SOAP header.
    SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
    Security security = factory.createSecurity(null);
    security.addToken(ui);
    session.setAttribute(WSSEClientHandler.REQUEST_SECURITY, security);
    //mc.setProperty(WSSEClientHandler.REQUEST_SECURITY, security);
    } catch (Exception ex) {System.out.println("EXCEPTION CAUGHT DOING SECURITY STUFF " + ex.getMessage());}
    I tried to use the MessageContext to do this but it came out null. I tried to cast the MessageContext to WebServiceContext and it gave me a Class Cast Exception. I tried to add the HandlerRegistry section to this but of course the assignment mc.getHandlerRegistry is improper and is not compiling so don't let that confuse you.

  • Avoid stripping of wsse security headers

    Hi,
    I have created  two SOA composites. The first soa composite is for inserting to a database whereas the second composite is just a wrapper service to invoke the first composite. The first composite is attached with policy oracle/wss11_username_token_with_message_protection_service_policy as a result of which the reference endpoint of the second composite is attached with oracle/wss11_username_token_with_message_protection_client_policy. The service endpoint of the wrapper service is attached with oracle/wss_username_token_service_policy. In the
    oracle/wss11_username_token_with_message_protection_client_policy the default key has been overriden with a key that has credentials of an user who does not have the authentic and authorization privilege. So while testing the service with user (with right privilege) the security header is getting stripped when the second service is getting invoked as a different policy has been attached. So is there any way to avoid stripping off the wsse headers from the first service so that it overrides the security header when the second service is being invoked?
    The soa version is 11.1.1.5.0
    Thanks,
    Sourav

    Hi all,
    any solution to this?

  • Why are security headers not visible when viewing "sent" mail for mail sent with S/MIME certificates?

    I am using an S/MIME certificate to sign my emails using Mail on Mountain Lion 10.8.2.  I have a trusted S/MIME certificate for each of my email accounts.  The certs and private keys are properly installed in the keychain.  I am able to successfully send signed (and optionality encrypted) email and the recipients are all all receiving the emails showing a trusted signed email without having to acknowledge or trust the signature.  So technically the certificates are working.  Obviously the encryption option is only offered when I also have the recipients certficate in my keychain.
    What I am noticing is that when I look in my sent items - (regardless of which email I used as the "sender") - I don't see any indication in the mail headers that the mail was sent with a signed certificate - even though I know the recipient is seeing that the mail is signed with a cert.  I have no way of telling whether I sent the mail as "signed" or "unsiged".  The default is to use the certificate for all outbound emails - unless I specifically uncheck the secure signing option before sending.  In mail that I recieve - sent from others with certs or sent from one of my email accounts to the other - I see the the certificate indication in the email header.
    On rare occasion - I do see the certificate when viewing sent mail - but only for  random sent mails - and so far I believe I have only seen the certificate show up in mail that is sent from my iCloud account.  I can send subsequent mail from iCloud - and still not see the certificate in the sent items.
    Why am I not seeing the Security Header showing the certificate when viewing mail that I have sent in my sent items folder?  Is there some setting that I am not seeing that controls this - or is this a bug in Mac Mail?  Also why does the security header show up for just a handful of sent emails - when hundreds of signed emails have been successfully sent.
    Any help would be appreciated.  The behavior is the same on my other Macs - at least the ones on which the certificates are also installed.
    Also - I don't have my certs installed on my iPhone yet - so I can't tell on the iPhone if the certs are showing up in the sent folder - but I can see the certs on mail that I send to myself from the Mac but receive on the iPhone.
    ~Scott

    I stopped using the S/MIME certs and stopped signing my emails.  Too many recipients were receiving them as "attachements" especially if the recipients email account was on an Exchange server.  My certs have since expired and I have not done anything to further analyze the situation.  My original post was over a year ago and I have long since been on Mavericks.
    To: iddontknowwhoiamsowhat ... I am not totally following your response.  You say you are seeing the exact same issue - yet you are also saying you can look at the sent mails from os x and ios - does this mean that you see the security badges on the sent emails in both os x and ios?  I assume you are on Mavericks?

  • Extracting webservice security headers

    I want to extract the wsseheader (username, password) that came into the bpel process and pass it to a partner link. any idea how to do it ?

    Hi,
    If you want to pass incoming WS-Security credentials to a process, which you are invoking, you don't need to extract wsse headers.
    You need to set the wsseHeaders partner link property to propagate. To set this property use the following steps:
    1. double click on the partner link for the service you need to invoke.
    2. Go to the Property tab, and click on create button.
    3. Select wsseHeaders from the drop down menu.
    4. Give propagate as property value.
    5. save and deploy, the WS-Security credentials will automatically propagated to the process you are invoking.
    If you still want to extract wsse header inside BPEL you need to do the following:
    1. Import "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" for WS-Security elements.
    2. Create a variable of type wsse:Security in your BPEL.
    3. double click on the receive activity of your BPEL process and go to Adapters tab.
    4. Choose the variable you have just created as header variable.
    5. In an assign activity create two copy operations to extract user name and password.
    5. To extract user name give the "/ns1:Security/ns1:UsernameToken/ns1:Username" in xpath expression.
    6. To extract password give the "/ns1:Security/ns1:UsernameToken/ns1:Password " in xpath xpression.
    I am assuming ns1 is the name space prefix for WS-security xml schema in you BPEL process.
    Read my following posts for more details on how to manipulate soap headers in BPEL and how to pass security credentials from BPEL:
    http://soa-howto.blogspot.com/2008/05/how-to-manipulate-soap-headers-in-bpel.html
    http://soa-howto.blogspot.com/2008/04/invoking-ws-security-compliant-web.html
    http://soa-howto.blogspot.com/2008/09/how-to-set-security-credentials.html
    http://soa-howto.blogspot.com/2008/09/how-to-pass-security-credentials-from.html
    Thanks,
    Dharmendra
    http://soa-howto.blogspot.com

  • Add WS Security Headers to a Web-Service Request in JDeveloper

    I'm using JDeveloper to create a composite that performs a query against CRMOnDemand.  In order to access CRMOnDemand in a stateless manner, I have to create a SOAP request with the following in the header:
    <wsse:UsernameToken>
              <wsse:Username>USERNAME</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password></wsse:UsernameToken>
    How do I add these to the SOAP header message within the JDEVEOPER ui?

    I've figured out...
    Map<String, Object> reqCtx =
    ((BindingProvider)iditInterface).getRequestContext();
    Map<String, List> reqHttpHeader =
    (Map<String, List>)reqCtx.get(MessageContext.HTTP_REQUEST_HEADERS);
    if (null == reqHttpHeader) {
    reqHttpHeader = new Hashtable<String, List>();
    List header1 = new ArrayList();
    header1.add("[header1-value]");
    reqHttpHeader.put("[header1name]", header1);
    List header2 = new ArrayList();
    header2.add("[header2-value]");
    reqHttpHeader.put("[header2name]", header2);
    reqCtx.put(MessageContext.HTTP_REQUEST_HEADERS, reqHttpHeader);
    I used the above code to add the HTTP headers, before I call the webservice interface.

  • Flex 3.0 and WSSecurity SOAP headers

    I have tried every permutation and combination to insert a
    WSSecurity header in teh soap request. The closest I have got is
    getting Flex 3.0 to insert a
    <SOAP-ENV:Header></SOAP-ENV:Header> in the header
    block.
    So I have two questions.
    One - does anyone have a working example with security
    headers and two - is it necessary for the headers to be declared in
    the WSDL ?
    Thanks

    The following things you may need to verify:
    Are there any Result and/or Error Handlers specified as the default handlers in your SWF file's source code (prior to compilation)
    Has the Result and/or Error Handlers specified in (the compiled) SWF code been made public and accessible through HTML Wrapper
    Has HTML Wrapper provided some default handling of the data been passed by the Result and/or Error Handlers while at runtime.
    Has QTP Script called the correct functions out of the HTML Wrapper.
    Also verify if you have done all the following configurations correctly:
    Deploying Flex files
    Before you can test the Flex application, you must deploy the application and its supporting files to a location that is accessible by QTP. These files include:
    Application SWF file
    HTML wrapper and wrapper files (the wrapper files can include SWF files, JavaScript
    files, and other files)
    RSL SWC files
    Module SWF files
    Helper files such as theme SWC files, style SWF files, and image, video, and sound files.
    You may deploy the Flex application and HTML wrapper file to any location on your HTTP server. You must be able to access this location from QTP.
    Is the HTML Wrapper "password protected" (if so you need to use QTP Authentication Mechanism to access it).
    What appears from the error you have received, the "Login Submit" function call went successful through QTP via the HTML Wrapper although the failure occured on the SWF level. Even in this case it would be better to reverify your code at all the levels (i.e. QTP, HTM Wrapper, SWF file source code & SWF file compiled version).
    Hope this resolves your issue...

  • Unable to pass security header

    Hi, We are facing issue while passing the OWSM policy from one proxy to other proxy.
    PS1 ->PS2
    PS1 doesnot have OWSM policy .
    PS2 has owsm policy.The policy used is username token service policy.
    When we are calling the PS2 from PS1 the security headers are not getting passed and hence failing with authentication.
    We tried inserting the WS security header in PS1 ie., we assigned the security header in header variable and tried passing it. But that also failed
    Could you please help us how to pass the security header from non secured proxy service.
    Thanks in advance, Anup

    Hi,
    We cannot make PS1 as pass through. The whole scenario is like this.
    We have two different OSB projects.
    Project 1-> PS1a, PS1b, PS1,PS2
    Project 2-> PS2a, PS2b, PS1,PS2
    PS1a calls PS1b which inturn calls Ps1/Ps2 based on some conditions.
    We have implemented OWSM in PS1a(Pass through) and PS1b(OWSM processed).
    We have to call PS2a from PS1(Project1)
    PS1a(Pass through)->PS1b(OWSM processed).->PS1----->PS2a(Pass through)
    When the flow comes to PS1, it will not have security headers. But PS2a expect security header from PS1.
    So are you suggesting us to make PS1 of project1 also to be a pass through.
    Any suggestions on this will be helpful

  • SJSAS 8.2 secure and unsecure methods in one web service with ws-security

    Hi
    I'm trying to deploy a web-service (using SJSAS 8.2) using JAXRPC using message security (at the application level).
    I have one simple question:
    I have an EJB that exposes 2 methods as web-services, I specified in the sun-ejb-jar.xml that one of those methods is secure (and said nothing about the other) however when i run my test client I get a "WSS0202: No wsse:Security element in the message" error for both calls (instead of only for the secure call).
    Is this normal? Isn't it possible to have a normal (with no security headers) call to one method and another (with security headers and secure envelope) to another in the same webservice (from the same EJB)?.

    I wasn't clear?
    This is a big dev problem for a major Sun client.
    No one knows or wants to answer?

  • Adding security to a web service then generating a proxy [SOLVED]

    Hi
    I generated a web service based on a very simple java program. I have deployed it to a local oc4j install and successfully called it from a proxy generated from jdev. I am using 10.1.3.3.0.
    I added security to the web service and regenerated the proxy. I wanted to see the difference in the SOAP messages sent to the web service. However the proxy does not seem to have changed to take account of the new security settings on the web service.
    The security options I set were:
    On main security dialog: Ticked the port and "Text Password"
    On Authentication: Ticked "Expect Username ti Authenticate"
    "Password Required"
    Password Type = "Plain Text"
    "Nonce Required in Token"
    "Creation Time Required in Token"
    I have 2 questions:
    1. How do I get the proxy to send SOAP messages that contain the security headers required to run the web service. Here is the main method from my proxy. I thought adding setUsername and setPassword would be the solution
        public static void main(String[] args) {
            try {
                gpn3.Getphonenum3SoapHttpPortClient myPort = new gpn3.Getphonenum3SoapHttpPortClient();
                System.out.println("calling " + myPort.getEndpoint());
                // Add your own code here
                myPort.setUsername("oc4jadmin");
                myPort.setPassword("welcome");           
                myPort.getNum("Lisa");
            } catch (Exception ex) {
                ex.printStackTrace();
    2. When the web service receives a user name and password what does it check them against? I assume the oc4jadmin user will be allowed access but how do I set up other users?
    many thanks
    paul schweiger
    Message was edited by:
    [email protected]

    I have figured this out now
    1. I needed to set the same security settings in my proxy as I did for my web service. I had assumed that the proxy would generate the necessary security settings from the web service.
    2. For some reason my web service application is using the system level jazn-data xml file
    oc4j_extended_101330/j2ee/home/config/system-jazn-data.xml
    This does include the oc4jadmin user and I am now able to use that account to call the web service. I also managed to add another user and use that account to call the web service successfully.
    Thanks for the help
    paul

  • Web services security

    I want a JAX-Ws web service deployed in weblogic that does userid/password authentication. It would be nice if Oracle could provide a good working example of this.
    I tried the following so far:
    1. I tried on the web service samples: under wlserver_10.3/samples/server/examples/src/examples/webservices/security_jws. I built and deployed the service successfully to WSL 10.3.0. I used the test Java client and it seems to work. Then I tried connecting to the web service using SOAP UI client. SOAP UI was able to call the web service operation without being prompted for id or password.
    2. I tried the steps under Security->Authentication->Basic Authentication section of this document:
    http://e-docs.bea.com/workshop/docs81/doc/en/core/. I setup a security-constraint (to protect the web service url context), login-config, security-role and then in weblogic.xml I mapped the role to the 'users' role in weblogic server. It does not work. SOAP UI was able to invoke the operation without being prompted.
    Another interesting thing I found was that on the client side if I use code like this:
    BindingProvider bindingProvider = (BindingProvider) port;
    Map<String, Object> reqContext = bindingProvider.getRequestContext();
    reqContext.put(BindingProvider.USERNAME_PROPERTY, "weblogic");
    reqContext.put(BindingProvider.PASSWORD_PROPERTY, "xxxxxx");
    and supply the wrong password, client connection fails. However if I take out both user name and password properties, the client connection works!!!
    Please provide good working example of some of these simple cases. May be on your new sample code website (www.samplecode.oracle.com). Thanks.

    One item 1 in my post above, I was wrong about SOAP UI when connecting to the example in wlserver_10.3/samples/server/examples/src/examples/webservices/security_jws folder. A client connection from SOAP UI is indeed refused by the server due to lack of security headers. So that's good.
    However, I changed the security_jws example ant build file and added the parameter type="JAXWS" to the jwsc task as well as clientgen task. I got the following error.
    BUILD FAILED
    C:\Oracle\Middleware\wlserver_10.3\samples\server\examples\src\examples\webservices\security_jws\build.xml:48: weblogic.
    wsee.tools.WsBuildException: JWS Validation failed: [The WebLogic Server 9.x-style policy is not supported in JAX-WS web
    services., The WebLogic Server 9.x-style policy is not supported in JAX-WS web services., The WebLogic Server 9.x-style
    policy is not supported in JAX-WS web services., The annotation weblogic.jws.WLHttpTransport is not allowed on examples
    .webservices.security_jws.SecureHelloWorldImpl because it is a JAX-WS type web service., The WebLogic Server 9.x-style p
    olicy is not supported in JAX-WS web services., The WebLogic Server 9.x-style policy is not supported in JAX-WS web serv
    ices., The WebLogic Server 9.x-style policy is not supported in JAX-WS web services., The annotation weblogic.jws.WLHttp
    Transport is not allowed on examples.webservices.security_jws.SecureHelloWorldImpl because it is a JAX-WS type web servi
    ce.]
    Total time: 2 seconds
    What is recommended way to do secure a jax-ws web service in Weblogic 10.3.0 or 10.3.1? Do these Weblogic versions support WSIT (https://wsit.dev.java.net/)? Please provide an example.

Maybe you are looking for

  • ? on Using which format of Audio Interface with a Imac i3

    Hi, I have been reading and reading about this topic. My (R.I.P.) eMac has been replaced by a very nice and fast Intel i3 Imac with FW800 and plenty of USB 2.0 and SP/Dif (even) Fortunately most all of any music gear that needed driver or firmware up

  • Trading partner - Validation

    Hi Gurus, I want to create validation with the help of which system will give error message if i enter trading partner 1000 and profit center 1000, while doing posting through FB50. Please help me in doing this. Thank You

  • UPGRADE CONFUSION! What are the facts?

    Hi All! I have the 'new' Intel 1.83Mhz mac mini but would like to upgrade my processor. Is this even possible? The techie over at my local mac store told me that the processor can't be upgraded due to the motherboard?! Is this true or farce? I have b

  • JQuery.js not working in UNIX environment

    Hi All, My development environment is Linux with Apache and we are using Coldfusion 9. We have developed some part of our code using jQuery. This is perfectly working in our DEV environment. We shipped the same code to the Production Environment. Whi

  • RECEIVABLES ISSUE

    Hi all We are facing a very unique problem in our unit. We are not able to run auto invoice master program or unable to create supplementary or credit memo invoice due to the following error.. ORA-01006: bind variable does not exist Error calling arc