Attach WS Security (Username Token) to web service

Similar Messages

• Pass Username token in Web Service Client

  I am totally new to Java....I work primarily with .Net. I am trying to send a Username token to a web service. I looked at the examples...can't get them to run.
  My question is, without using config files, can I specify username token in the class. You can do this in .Net.
  I am working with .NetBeans IDE 5.0.

  I looked at this example....didn't get to far because I couldn't setup the samples.
  http://java.sun.com/webservices/docs/1.6/tutorial/doc/XWS-SecuritySamples5.html#wp569635
  Here is the guide I followed to setup the samples.
  http://java.sun.com/webservices/docs/1.6/tutorial/doc/XWS-SecuritySamples2.html
  I didn't do the part about the keystore. I got stuck on the "Setting Build Properties", and I don't know how to run the samples.
  Are you saying there is no way of creating a java application, creating the web service client with JWSDP 2.0 and then modifying either the generated code or my main.class to set the username and token properties?
  Thanks, Mike L.

• Web Service Security Username Token Issue

  Hi,
  I am trying to implement WS-Security (Username Token) on web services deployed on Weblogic Server 8.1 (sp4). The deployment works fine but whenever I try to invoke the service using auto generated client stub (created using clientgen) or weblogic server console (service test page) , I get the following error:
  <Nov 8, 2006 12:01:46 PM GMT+05:30> <Info> <WebService> <BEA-220024> <Handler weblogic.webservice.core.handler.WSSEClientHandler threw an exception from its handleRequest method. The exception was:
  java.lang.AssertionError: Bad password type: wsse:PasswordText.>
  Failed to create web service client:java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace)
  Detail:
  <detail>
  <bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">java.lang.AssertionError: Bad password type: wsse:PasswordText
  at weblogic.xml.security.wsse.v200207.UsernameTokenImpl.<init>(UsernameTokenImpl.java:64)
  at weblogic.xml.security.wsse.v200207.SecurityElementFactoryImpl.createToken(SecurityElementFactoryImpl.java:59)
  at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:300)
  at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100)
  at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
  at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
  at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
  at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
  at com.cts.sipservices.implementation.client.MrmPartyServiceImplementationPort_Stub.getParty(MrmPartyServiceImplementationPort_Stub.java:46)
  at com.cts.sipservicesclient.client.SecureClient.<init>(SecureClient.java:76)
  at com.cts.sipservicesclient.client.SecureClient.main(SecureClient.java:38)
  </bea_fault:stacktrace>
  </detail>; nested exception is:
  javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace)
  This is the ‘security’ tag of my ‘web-services.xml’:
  <security>
  <spec:SecuritySpec xmlns:spec="http://www.openuri.org/2002/11/wsse/spec"
  Namespace="http://schemas.xmlsoap.org/ws/2002/07/secext"
  Id="default-spec">
  <spec:UsernameTokenSpec xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
  PasswordType="wsse:PasswordText">
  </spec:UsernameTokenSpec>
  </spec:SecuritySpec>
  </security>
  Thanks

  Apply these debug flags, to get some more debug information from WSSE server side processing following debug flags are helpful:
  -Dweblogic.webservice.security.debug=true
  -Dweblogic.webservice.security.verbose=true

• Web Service Security username token...

  Hi All,
  I am presently trying to build in security authentication into my web service using the username-token and the verify-username-token tokens.
  My WS_stub.xml on the proxy side looks like the following:-
  other tokens
  <security>
  <inbound/>
  <outbound>
  <username-token name="NAME" password="PASS" password-type="DIGEST" add-nonce="true" add-created="true"/>
  </outbound>
  </security>
  other tokens
  and my oracle-webservices.xml on hte web service side looks like the following:-
  other tokens
  <security>
  <inbound>
  <verify-username-token name="NAME" password="PASS" password-type="DIGEST"
  require-nonce="true"
  require-created="true"/>
  </inbound>
  <outbound/>
  </security>
  other tokens
  I have set the javacache.xml for the embedded OC4J location as follows:-
  </persistence>
  <max-objects>1000</max-objects>
  <max-size>48</max-size>
  <clean-interval>60</clean-interval>
  </cache-configuration>
  When I run the web service followed by the proxy I get the following error at the proxy side.
  javax.xml.rpc.soap.SOAPFaultException: Policy requires DIGEST passwords
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:60)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:47)
  Also it gives exceptions with repect to nonces such as "Policy requires nonce". Please could someone tell me how to setup an nonce in the xml files above and how to use nonce in web services?
  Regards,
  Lester.

  Hi All,
  Presently I am trying to set the security for my web service and am receiving the following error when doing so at the proxy side:-
  oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createSoapFaultException(InterceptorChainImpl.java:338)
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleException(InterceptorChainImpl.java:256)
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:128)
       at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
       at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:699)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:62)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:49)
  Process exited with exit code 0.
  My WS_Stub.xml file under runtime of the proxy project looks as follows:-
  <?xml version="1.0" encoding="UTF-8"?>
  <oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
  <webservice-client>
  <service-qname namespaceURI="http://trailerinfo/" localpart="TrailerWS"/>
  <port-info>
  <wsdl-port namespaceURI="http://trailerinfo/" localpart="TrailerWSSoapHttpPort"/>
  <runtime enabled="security">
  <security>
  <key-store name="mytestkeystore" store-pass="mytestkeystore" path="C:\Temp\mytestkeystore.jks"/>
  <signature-key key-pass="sampwd" alias="sam"/>
  <encryption-key key-pass="davepwd" alias="dave"/>
  <inbound>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key alias="dave"/>
  <encryption-method>3DES</encryption-method>
  <keytransport-method>RSA-1_5</keytransport-method>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name='addtrailerinfo'>
  <runtime>
  <security>
  <inbound/>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key alias="test"/>
  <encryption-method>3DES</encryption-method>
  <keytransport-method>RSA-1_5</keytransport-method>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  </operation>
  </operations>
  </port-info>
  </webservice-client>
  </oracle-webservice-clients>
  My oracle-webservices.xml file looks like the following:-
  <oracle-webservices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/oracle-webservices-10_0.xsd">
  <webservice-description name="TrailerWS">
  <port-component name="TrailerWSSoapHttpPort">
  <runtime enabled="security">
  <security>
  <key-store name="mytestkeystore" store-pass="mytestkeystore"
  path="META-INF/mytestkeystore.jks"/>
  <signature-key key-pass="sampwd" alias="sam"/>
  <encryption-key key-pass="davepwd" alias="dave"/>
  <inbound>
  <verify-username-token password-type="PLAINTEXT"
  require-nonce="false"
  require-created="true"/>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key key-pass="" alias="dave"/>
  <encryption-method>3DES</encryption-method>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name="addtrailerinfo"
  input="{http://trailerinfo/}addtrailerinfoElement">
  <runtime>
  <security>
  <inbound>
  <verify-username-token require-nonce="false"
  require-created="true"
  password-type="PLAINTEXT"/>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"
  mode="CONTENT"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound/>
  </security>
  </runtime>
  </operation>
  </operations>
  </port-component>
  </webservice-description>
  </oracle-webservices>
  I checked this exception out at hte following link
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html#keystore
  which lists hte instructions to secure a web service. The trouble shooting section lists this exception and says it might be due to a timestamp created flag being set to false. However I have made sure that both the client and service side xml files above have this set to true and are matching.
  However I am still not able to eliminate this error. Please could someone help me out? This is urgent.
  Regards,
  Lester.

• Security-role for java web services developed using j-developer 10.1.2.1

  I have developed a java web service using j-developer 10.1.2.1, I have deployed this web service to oracle 10g (10.1.2.1) application server successfully. Now I want to add security-role to my web service deployment descriptor so that only a group of users that belong to a group can access my web service.
  How can I do this? Can any one please let me know.
  Thanks,
  SC.

  Hi.
  I suspect you have a proxy server between your localhost and the
  drive-app1.drivesoftwaresolutions.com
  Probably in Jdev that proxy is setup nicely in Tools->Preferences->Web Browser and Proxy
  But maybe your OC4J container running BPEL on localhost does not have that proxy setup.
  You need to add startup parameters to the JVM. In 10.1.3 you can do this via the "AS Control" administration pages (there is a link on the SOA suite welcome page). Go to JVM, click on the container and switch to the "Administration" tab.
  The properties are proxySet, proxyHost, proxyPort and nonProxyHosts
  When deploying from JDev, the compilation in JDev works fine (uses the proxy). But when the JAR is transferred to the server, it is compiled again. This fails because the proxy is not used on the server side and it cannot read the wsdl.

• Processing WS-Security headers within a web service

  Hello,
  I have created a service with WS-Security (from a WSDL using jdeveloper) and deployed it on OC4J. Within the service implementation, I need to get some information from soap security header, that is, my service needs to process some security headers. However, in my service implementation, I only have access to information contained inside the SOAP message body (parameters methods).
  Could anybody be so kind as to tell me how can I process WS-Security headers inside a web service implementation, please?
  Thank you very much in advance.

  You can refer this article
  web services security in weblogic

• Security for SOA and Web Services

  Dipak Chopra's 09 Dec 04 "Security for SOA and Web Services" piece has been a terrific starter for me as I start to delve into this topic. Does SAP/the SDN plan to publish an SAP-specific roadmap to show the adherence to and adoption of these standards in NetWeaver? (Or maybe there is such a published roadmap that I am unaware of?)

  Hi Randy
  SAP follows and participates in Security and other Web services standards very closely as we recognize the opportunity they present our customers for developing solutions and integrating systems faster at lower cost.
  However many of the standards are still in development and so are not quite yet ready for "prime time". This means that we can't really publish a "road map" as it would be continually changing. However, if you want an idea on which standards SAP thinks are important, please take a look at this presentation [1] which was delivered at the last Tech Ed.
  David
  [1] https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/the impact of industry standards on sap netweaver.pdf

• Consuming Web Service using WS-Security: USERNAME Token

  Hi ABAP Experts,
  we like to consume a self defined web service between to SAP systems (ECC6 701/006). Without any security settings the connection is successfully.  But we like to setup a message security like USERNAME Token.
  The wss profiles are already created by using TX: WSSPROFILE. Therefore we used the templates "SET_USERNAME" and "CHECK_USERNAME". The service user "DELAY_L<sid>" has been generated as well. The problem is in SOAMANAGER we can't find the related configuration (For Provider and Consumer) to set the parameters "PROFILE In" and "Profile Out" like it was in the obsolete TX "LPCONFIG".
  Can anybody help me to find out how to configure USERNAME Token using SOAMANAGER.
  Thank you very much in advance.
  Kind regards
  Axel

  Hi,
  The following articles would be helpful:
  .net call WS-Security enabled web service (created in java)
  http://stackoverflow.com/questions/2138129/net-call-ws-security-enabled-web-service-created-in-java
  WS-Security Protocol with .NET – A Overview
  http://www.c-sharpcorner.com/UploadFile/mahesha/WSSecurityProtocol11232005052243AM/WSSecurityProtocol.aspx
  An introduction to Web Service Security using WSE - Part I
  http://www.codeproject.com/Articles/7062/An-introduction-to-Web-Service-Security-using-WSE
  As this question is not relate to SharePoint, I suggest you post it to a suitable Forum, you will get more help and confirmed answers from there.
  Best Regards
  Dennis Guo
  TechNet Community Support

• Custom Token For web services security

  How can I implement a token based security for web services? I will return a
  custom token which contains a session-id among others after a JAAS
  authnetication. I want to pass this token for every web service invokation.
  I want the serverside EJB methods to be authorized based the roles in token.
  Any ideas or pointers on the possible solutions?
  Thanks,
  Vish

  How can I implement a token based security for web services? I will return a
  custom token which contains a session-id among others after a JAAS
  authnetication. I want to pass this token for every web service invokation.
  I want the serverside EJB methods to be authorized based the roles in token.
  Any ideas or pointers on the possible solutions?
  Thanks,
  Vish

• Add username token to SOAP Service in ESB

  I know how to add the username token to a partnerlink in a bpel process but how can I configure the same soap headers in a SOAP Service in ESB?
  Another question about the configuration of a bpel process when invoking a secure web service: I need to add 3 parameters to the partnerlink to be able to send the username/password credentials to the service but this isn't very flexible.
  How can you configure to use file authentication or ldap authentication when invoking the secure web service?

  Hi.
  I found some info related to passing username token in ESB.
  You go to ESB home page:
  http://www.oracle.com/technology/products/integration/esb/index.html
  and download esb samples:
  http://www.oracle.com/technology/products/integration/esb/files/esbsamples.zip
  There you'll find a SOAP Headers project (under OTN Samples) which has an example of how to pass WS-Security usename credentials.
  Here is a sample, in a XSLT:
  <xsl:variable name="setUsername"
  select="ehdr:setOutboundHeader('/wsse1:Security/wsse1:UsernameToken/wsse1:Username','oc4jadmin','wsse1=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd;')"/>
  <xsl:variable name="setPassword"
  select="ehdr:setOutboundHeader('/wsse1:Security/wsse1:UsernameToken/wsse1:Password','welcome1','wsse1=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd;')"/>
  <xsl:template match="/">
  <ns1:ReceiveCustElement>
  <ns1:customer>
  <xsl:value-of select="/inp1:InputElement/InputString"/>
  </ns1:customer>
  </ns1:ReceiveCustElement>
  </xsl:template>
  </xsl:stylesheet>
  Denis

• How to transfer username when calling web service from PI?

  Hi
  I have a scenario where a front end application is calling a web service exposed by PI 7.11 and PI is forwarding the call to the backend web service. That is, a SOAP sender adapter and a soap receiver adapter.
  Now, I would like to transfer the username, which the PI exposed web service is called with, to the backend web service.
  I previously did this by using a UDF where I picked up the username like this and mapped the username to a field in the request message when calling the backend web service:
  DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
  DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/SOAP", "SRemoteUser");
  String WSuser = conf.get(key);
  return WSuser;
  However, I would like to avoid this method and in stead e.g. use either a query string like http://xxxxx:6571/ISBWS/soap/ISBCore?username=mikael or maybe transfer the username in the http header in some way.
  So my question is: what are my options and how do I set it up?
  BR MIkael

  Apparenty sending user name details in query string  is not best practice in webservice. Thats why WSDL does not cover user credentials inside. Webservice deals with message level security , transport level security, encryption , certificate authentication , username token etc
  If you want to use http query string in the soap receiver target url try as below and see how that helps... somthing as below..
  example:  http://host:port/jsppage?userid=test  or use  xslt mapping or java mapping create soap header as you want and specify username over there.

• How to forward security credentials from one web service to another

  Here is what I am trying to do... I have a standalone client that invokes a message-level secured web service (WEBSERVICE A) on a Weblogic 9.1 server (SERVER A) with a username and a password, and this web service (WEBSERVICE A) uses the same username and password from the client, and invokes another message-level secured web service (WEBSERVICE B) deployed on a different WebLogic 9.1 server (SERVER B).
  Does WebLogic 9.X automatically asserts the same client credentials when the WEBSERVICE A invokes WEBSERVICE B on a different server? If it doesn't, what is the best way to do that? Thanks.

  You can save the site (spweb) as a template, and then use the template to create a new site in another web application. 
  When you save the site, it's saved to the solutions gallery. You can download the saved site from the solutions gallery, and then use it to create the new site collection. 
  If the site is a publishing site, you'll need to de-activate the publishing features first.
  You can save the site as a template via the sites settings page, or via SharePoint designer.
  Have a look here: http://office.microsoft.com/en-us/sharepoint-designer-help/save-a-sharepoint-site-as-a-template-HA101782501.aspx
  Regards, Matthew
  MCPD | MCITP
  My Blog
  View
  Matthew Yarlett's profile
  See my webpart on the TechNet Gallery that allows administrative users to upload, crop and format user profile photos. Check it out here:
  Upload and Crop User Profile Photos

• WS-Security Username Token issue with soap receiver

  Hi All,
  I have Proxy to SOAP scenario. Receiver web service is expecting below message in the soap header for authentication purpose.
  <soapenv:Header>
        <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>username</wsse:Username>
  <wsse:Password Type="PasswordText">Password< wsse:Password>
  </wsse:UsernameToken>
        </wsse:Security>
     </soapenv:Header>
  User will trigger the message from ECC using some transaction. I need to pass this triggering person’s username and password to soap header dynamically. There are more than 2000 users in the system.
  How can I retrieve this username and password and bind it to <wsse:Security> node?
  Is it possible to achieve?
  Please note: User’s details will not come in the message payload. I cannot user look up here.
  Regards,
  Muni

  Asked web service team to use one service account for authentication. Used this blog How to Configure AXIS Framework for Authentication Using the "wsse" Security Standard in SAP PI to configure axis framework. Now we are able to send message to web service.
  Regards,
  Muni.

• Securing DSP calls via Web Services Mediator API

  I have been implementing a client of DSP 3.0 services using the static Web Services Mediator API. I am successfully calling these through the AL Service Bus, where I have deployed the WSDL generated from the DSP. We are calling this from a rich client (i.e. the client is not running in any container). My company has chosen to use SAML-based security on all web services deployed in the service bus.
  I know how to use general-purpose web service clients to pass SAML tokens to the web service. My question is, how do I do this when using the Web Services Mediator API. I have noticed the XMLHelper class and the RequestConfig class, but I have not seen much in the way of examples of using them.
  Related question:
  Is it possible to insert additional content into the SOAPHeader, or configure attributes on the Port?
  Thanks,
  Jeff
  Edited by jhoffmanme at 02/13/2008 8:06 AM

  I'm checking into the SAML question.
  Regarding the soap header - whatever is in the contract defined in the WSDL.

• Java.security.PrivilegedActionException while invoking web service on OC4J

  Hi,
  I have a developed web service in Jdeveloper which is hosted on OC4J app server. I am able to invoke it properly and get results using the web service end point in browser window.
  Now I created a java proxy for this WS in Jdeveloper and tried invoking it inside another web service. I get the following error while the 1st WS is invoked:
  2010-03-09 17:15:04.607 WARNING Unable to connect to URL: <internal web service URL> due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
  10/03/09 17:15:04 java.rmi.RemoteException: ; nested exception is:
       HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
  10/03/09 17:15:04      at autoauthorise.runtime.VehicleTypeSpecsWSSoapHttp_Stub.getVehicleTypeSpecs(VehicleTypeSpecsWSSoapHttp_Stub.java:91)
  10/03/09 17:15:04      at com.bt.vehtype.ws.VehicleTypeSpecsWSSoapHttpPortClient.getVehicleTypeSpecs(VehicleTypeSpecsWSSoapHttpPortClient.java:40)
  10/03/09 17:15:04      at com.bt.fleet.willow.ws.AutoAuthorise.autoAuthorise(AutoAuthorise.java:20)
  10/03/09 17:15:04      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  10/03/09 17:15:04      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  10/03/09 17:15:04      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  10/03/09 17:15:04      at java.lang.reflect.Method.invoke(Method.java:585)
  10/03/09 17:15:04      at oracle.j2ee.ws.server.ImplInvocationHandler.invoke(ImplInvocationHandler.java:126)
  10/03/09 17:15:04      at $Proxy0.autoAuthorise(Unknown Source)
  10/03/09 17:15:04      at com.bt.fleet.willow.ws.runtime.AutoAthoriseWSSoapHttp_Tie.invoke_autoAuthorise(AutoAthoriseWSSoapHttp_Tie.java:62)
  10/03/09 17:15:04      at com.bt.fleet.willow.ws.runtime.AutoAthoriseWSSoapHttp_Tie.processingHook(AutoAthoriseWSSoapHttp_Tie.java:161)
  10/03/09 17:15:04      at oracle.j2ee.ws.server.StreamingHandler.handle(StreamingHandler.java:287)
  10/03/09 17:15:04      at oracle.j2ee.ws.server.JAXRPCProcessor.doEndpointProcessing(JAXRPCProcessor.java:356)
  10/03/09 17:15:04      at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:283)
  10/03/09 17:15:04      at oracle.j2ee.ws.server.JAXRPCProcessor.doRequestProcessing(JAXRPCProcessor.java:272)
  10/03/09 17:15:04      at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:94)
  10/03/09 17:15:04      at oracle.j2ee.ws.server.JAXRPCProcessor.doService(JAXRPCProcessor.java:128)
  10/03/09 17:15:04      at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:170)
  10/03/09 17:15:04      at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
  Please help, I cant see any problem.
  Edited by: Ankit_Screen on Mar 11, 2010 6:27 AM

  can't anybody help me?