Authentication in ALSB while proxying FTP, MQ
We are using ALSB for first time to proxy external messages we receive from our business partners over different protocols e.g.FTP, MQ, SOAP over HTTP. Thus we would have Proxy services configured receiving messages, one for each transport protocol, all of which place the raw message on JMS queue after the messages are authenticated and checked for data integrity.
ALSB/WLS provides good support for authenticating SOAP over HTTP via WS-Security. However, when we receive messages over FTP or MQ, we are not very sure how do we authenticate the message sender? We can assume that the messages would contain some credentails like username/password or X509 certificate using which we will have to manually authenticate the sender.
Any guidance on what API to use and if we would have to write any custom Identity Assertion, Authentication Provider etc for the same.
As per my understanding, we would have to make a Javacallout from our proxy, which could make a call to weblogic.security.Authentication.login(simpleCallbackHandler) which would authenticate the user with username/password or call weblogic.security.Authantication.assertIdentity(X509Certificate) if message contains a certificate.
Does this seem like a reasonable plan or am I missing something here?security
For FTP security you should use the new SFTP transport available in ALSB 2.6 RP1 that leverages SSH as communication protocol.
For MQ transport SSL is provided out of the box.
Gregory Haardt
ALSB Prg. Manager
[email protected]
Similar Messages
-
Ce510 proxy ftp on port 8080 is not doing cache
why ce510 configured as a proxy ftp on port 8080 is not doing cache for transfered files?
Is that a limitation?There is not a limitation that prevents this from working. Can you post a copy of your configuration and the transaction logs?
~Zach -
hi All,
I have configured my proxy for custom authorization. Added policy in the access control of security.
Functionaly vise i am getting the result as desired.
But if an unauthorised user id tries to publish the message to my proxy error is generated at console level, I am not able to extract the error to an JMS error queue.
Is there any work around for this?For FTP security you should use the new SFTP transport available in ALSB 2.6 RP1 that leverages SSH as communication protocol.
For MQ transport SSL is provided out of the box.
Gregory Haardt
ALSB Prg. Manager
[email protected] -
How to use an authenticated user for a proxy call
Dear all,
I am currently working on a JEE application where the user needs to authenticate (for this I have configured the web.xml).
Now inside this application I need to do a proxy call to a PI webservice.
I would like to use the user credentials of the already logged in user in order to call the proxy.
What I don't want to do is to use a service user for the proxy call.
The code I am trying to call looks something like this:
private IntegratedConfigurationIn getPort() throws Exception{
IntegratedConfigurationIn port = null;
try {
IntegratedConfigurationInService service = null;
service = new IntegratedConfigurationInService();
port = (IntegratedConfigurationIn) service.getIntegratedConfigurationIn_Port();
BindingProvider bp = (BindingProvider)port;
bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, user);
bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
if (url.length() != 0)
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
catch (Exception ex){
ex.printStackTrace();
return port;
The examples I found to retrieve the userdata pointed to codes similar to this one:
public HttpServletRequest getHttpRequest() throws Exception {
// Get runtime context
Properties props = new Properties();
props.put("domain", "true");
Context initialContext = new InitialContext(props);
ApplicationWebServiceContext wsContext = (ApplicationWebServiceContext) initialContext
.lookup(" /wsContext/ApplicationWebServiceContext");
HttpServletRequest req = wsContext.getHttpServletRequest();
return req;
com.sap.security.api.IUser sapUser = com.sap.security.api.UMFactory.getAuthenticator().getLoggedInUser(getHttpRequest(), null);
IUser ep5User = com.sapportals.wcm.util.usermanagement.WPUMFactory.getUserFactory().getEP5User(sapUser);
Now I don't know how to bring it togehter and how to use an authenticated user for the BindingProvider.
I would appreciate any hints or ideas.Peter,
from the first screenshot, what I understood is that, you are calling an inbound PI web service that is intended to create an integrated configuration object (this is used for whole lot of other reason completely) but not actually calling a development web service.
For this, you would have to generate your client classes from the WSDL provided by the PI developer for that particular service. Once you get those client classes generated, you could used the method provided in the other screenshot to extract the user and password and call the intended web service.
Vijay Konam -
Adding authentication in header while consuming external webservice
Hi,
I am using oracle soa suite 11g, while consuming an external webservice i have to add authentication in header before sending request.
I want my header in request to look like this:
<soapenv:Header>
<urn:Authentication>
<urn:username>user1</urn:username>
<urn:password>pass1</urn:password>
</urn:Authentication>
</soapenv:Header>
if anyone has any idea then please share.
Regardsplease look at this and see whether that helps you..
Re: Creating a partnerlink from a secure webservice -
StringIndexOutofBounds Exception while doing FTP operation
Hello, I got this exception at run time when I am doing my FTP operations
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.lang.String.charAt(String.java:455)
at FTPConnection.getFullServerReply(FTPConnection.java:312)
at FTPConnection.getServerReply(FTPConnection.java:296)
at FTPConnection.executeCommand(FTPConnection.java:329)
at FTPConnection.login(FTPConnection.java:107)
at JEditor$FTPUpload.checkTF(JEditor.java:2755)
at JEditor$FTPUpload.actionPerformed(JEditor.java:2783)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:17
67)
at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(Abstra
ctButton.java:1820)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel
.java:419)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:257
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonL
istener.java:258)
at java.awt.Component.processMouseEvent(Component.java:5021)
at java.awt.Component.processEvent(Component.java:4818)
at java.awt.Container.processEvent(Container.java:1380)
at java.awt.Component.dispatchEventImpl(Component.java:3526)
at java.awt.Container.dispatchEventImpl(Container.java:1437)
at java.awt.Component.dispatchEvent(Component.java:3367)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3214
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:2929)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:2859)
at java.awt.Container.dispatchEventImpl(Container.java:1423)
at java.awt.Window.dispatchEventImpl(Window.java:1566)
at java.awt.Component.dispatchEvent(Component.java:3367)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:445)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchTh
read.java:190)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThre
ad.java:144)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:130)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:98)
The file that I used for my FTP is
* File: FTPConnection.java
* Author: Bret Taylor <[email protected]>
* $Id$
* Parts of this code were adopted from a variety of other FTP classes the
* author has encountered that he was not completely satisfied with. If you
* think more thanks are due to any particular author than is given, please
* let him know. With that caveat, this class can be freely distributed and
* modified as long as Bret Taylor is given credit in the source code comments.
import java.io.*;
import java.net.*;
import java.util.*;
* <p>A wrapper for the network and command protocols needed for the most common
* FTP commands. Standard usage looks something like this:</p>
* <pre> FTPConnection connection = new FTPConnection();
* try {
* if (connection.connect(host)) {
* if (connection.login(username, password)) {
* connection.downloadFile(serverFileName);
* connection.uploadFile(localFileName);
* connection.disconnect();
* } catch (UnknownHostException e) {
* // handle unknown host
* } catch (IOException e) {
* // handle I/O exception
* }</pre>
* <p>Most FTP commands are wrapped by easy-to-use methods, but in case clients
* need more flexibility, you can execute commands directly using the methods
* executeCommand and
* executeDataCommand,
* the latter of which is used for commands that require an open data port.</p>
* @author Bret Taylor
* @version 1.0
public class FTPConnection extends Object {
* If this flag is on, we print out debugging information to stdout during
* execution. Useful for debugging the FTP class and seeing the server's
* responses directly.
private static boolean PRINT_DEBUG_INFO = false;
* Connects to the given FTP host on port 21, the default FTP port.
public boolean connect(String host)
throws UnknownHostException, IOException
return connect(host, 21);
* Connects to the given FTP host on the given port.
public boolean connect(String host, int port)
throws UnknownHostException, IOException
connectionSocket = new Socket(host, port);
outputStream = new PrintStream(connectionSocket.getOutputStream());
inputStream = new BufferedReader(new InputStreamReader(connectionSocket.getInputStream()));
if (!isPositiveCompleteResponse(getServerReply())){
disconnect();
return false;
return true;
* Disconnects from the host to which we are currently connected.
public void disconnect()
if (outputStream != null) {
try {
outputStream.close();
inputStream.close();
connectionSocket.close();
} catch (IOException e) {}
outputStream = null;
inputStream = null;
connectionSocket = null;
* Wrapper for the commands <code>user [username]</code> and <code>pass
* [password]</code>.
public boolean login(String username, String password)
throws IOException
int response = executeCommand("user " + username);
if (!isPositiveIntermediateResponse(response)) return false;
response = executeCommand("pass " + password);
return isPositiveCompleteResponse(response);
* Wrapper for the command <code>cwd [directory]</code>.
public boolean changeDirectory(String directory)
throws IOException
int response = executeCommand("cwd " + directory);
return isPositiveCompleteResponse(response);
* Wrapper for the commands <code>rnfr [oldName]</code> and <code>rnto
* [newName]</code>.
public boolean renameFile(String oldName, String newName)
throws IOException
int response = executeCommand("rnfr " + oldName);
if (!isPositiveIntermediateResponse(response)) return false;
response = executeCommand("rnto " + newName);
return isPositiveCompleteResponse(response);
* Wrapper for the command <code>mkd [directory]</code>.
public boolean makeDirectory(String directory)
throws IOException
int response = executeCommand("mkd " + directory);
return isPositiveCompleteResponse(response);
* Wrapper for the command <code>rmd [directory]</code>.
public boolean removeDirectory(String directory)
throws IOException
int response = executeCommand("rmd " + directory);
return isPositiveCompleteResponse(response);
* Wrapper for the command <code>cdup</code>.
public boolean parentDirectory()
throws IOException
int response = executeCommand("cdup");
return isPositiveCompleteResponse(response);
* Wrapper for the command <code>dele [fileName]</code>.
public boolean deleteFile(String fileName)
throws IOException
int response = executeCommand("dele " + fileName);
return isPositiveCompleteResponse(response);
* Wrapper for the command <code>pwd</code>.
public String getCurrentDirectory()
throws IOException
String response = getExecutionResponse("pwd");
StringTokenizer strtok = new StringTokenizer(response);
// Get rid of the first token, which is the return code
if (strtok.countTokens() < 2) return null;
strtok.nextToken();
String directoryName = strtok.nextToken();
// Most servers surround the directory name with quotation marks
int strlen = directoryName.length();
if (strlen == 0) return null;
if (directoryName.charAt(0) == '\"') {
directoryName = directoryName.substring(1);
strlen--;
if (directoryName.charAt(strlen - 1) == '\"')
return directoryName.substring(0, strlen - 1);
return directoryName;
* Wrapper for the command <code>syst</code>.
public String getSystemType()
throws IOException
return excludeCode(getExecutionResponse("syst"));
* Wrapper for the command <code>mdtm [fileName]</code>. If the file does
* not exist, we return -1;
public long getModificationTime(String fileName)
throws IOException
String response = excludeCode(getExecutionResponse("mdtm " + fileName));
try {
return Long.parseLong(response);
} catch (Exception e) {
return -1L;
* Wrapper for the command <code>size [fileName]</code>. If the file does
* not exist, we return -1;
public long getFileSize(String fileName)
throws IOException
String response = excludeCode(getExecutionResponse("size " + fileName));
try {
return Long.parseLong(response);
} catch (Exception e) {
return -1L;
* Wrapper for the command <code>retr [fileName]</code>.
public boolean downloadFile(String fileName)
throws IOException
return readDataToFile("retr " + fileName, fileName);
* Wrapper for the command <code>retr [serverPath]</code>. The local file
* path to which we will write is given by <code>localPath</code>.
public boolean downloadFile(String serverPath, String localPath)
throws IOException
return readDataToFile("retr " + serverPath, localPath);
* Wrapper for the command <code>stor [fileName]</code>.
public boolean uploadFile(String fileName)
throws IOException
return writeDataFromFile("stor " + fileName, fileName);
* Wrapper for the command <code>stor [localPath]</code>. The server file
* path to which we will write is given by <code>serverPath</code>.
public boolean uploadFile(String serverPath, String localPath)
throws IOException
return writeDataFromFile("stor " + serverPath, localPath);
* Set the restart point for the next download or upload operation. This
* lets clients resume interrupted uploads or downloads.
public void setRestartPoint(int point)
restartPoint = point;
debugPrint("Restart noted");
* Gets server reply code from the control port after an ftp command has
* been executed. It knows the last line of the response because it begins
* with a 3 digit number and a space, (a dash instead of a space would be a
* continuation).
private int getServerReply()
throws IOException
return Integer.parseInt(getFullServerReply().substring(0, 3));
* Gets server reply string from the control port after an ftp command has
* been executed. This consists only of the last line of the response,
* and only the part after the response code.
private String getFullServerReply()
throws IOException
String reply;
do {
reply = inputStream.readLine();
debugPrint(reply);
} while(!(Character.isDigit(reply.charAt(0)) &&
Character.isDigit(reply.charAt(1)) &&
Character.isDigit(reply.charAt(2)) &&
reply.charAt(3) == ' '));
return reply;
* Executes the given FTP command on our current connection, returning the
* three digit response code from the server. This method only works for
* commands that do not require an additional data port.
public int executeCommand(String command)
throws IOException
outputStream.println(command);
return getServerReply();
* Executes the given FTP command on our current connection, returning the
* last line of the server's response. Useful for commands that return
* one line of information.
public String getExecutionResponse(String command)
throws IOException
outputStream.println(command);
return getFullServerReply();
* Executes the given ftpd command on the server and writes the results
* returned on the data port to the file with the given name, returning true
* if the server indicates that the operation was successful.
public boolean readDataToFile(String command, String fileName)
throws IOException
// Open the local file
RandomAccessFile outfile = new RandomAccessFile(fileName, "rw");
// Do restart if desired
if (restartPoint != 0) {
debugPrint("Seeking to " + restartPoint);
outfile.seek(restartPoint);
// Convert the RandomAccessFile to an OutputStream
FileOutputStream fileStream = new FileOutputStream(outfile.getFD());
boolean success = executeDataCommand(command, fileStream);
outfile.close();
return success;
* Executes the given ftpd command on the server and writes the contents
* of the given file to the server on an opened data port, returning true
* if the server indicates that the operation was successful.
public boolean writeDataFromFile(String command, String fileName)
throws IOException
// Open the local file
RandomAccessFile infile = new RandomAccessFile(fileName, "r");
// Do restart if desired
if (restartPoint != 0) {
debugPrint("Seeking to " + restartPoint);
infile.seek(restartPoint);
// Convert the RandomAccessFile to an InputStream
FileInputStream fileStream = new FileInputStream(infile.getFD());
boolean success = executeDataCommand(command, fileStream);
infile.close();
return success;
* Executes the given ftpd command on the server and writes the results
* returned on the data port to the given OutputStream, returning true
* if the server indicates that the operation was successful.
public boolean executeDataCommand(String command, OutputStream out)
throws IOException
// Open a data socket on this computer
ServerSocket serverSocket = new ServerSocket(0);
if (!setupDataPort(command, serverSocket)) return false;
Socket clientSocket = serverSocket.accept();
// Transfer the data
InputStream in = clientSocket.getInputStream();
transferData(in, out);
// Clean up the data structures
in.close();
clientSocket.close();
serverSocket.close();
return isPositiveCompleteResponse(getServerReply());
* Executes the given ftpd command on the server and writes the contents
* of the given InputStream to the server on an opened data port, returning
* true if the server indicates that the operation was successful.
public boolean executeDataCommand(String command, InputStream in)
throws IOException
// Open a data socket on this computer
ServerSocket serverSocket = new ServerSocket(0);
if (!setupDataPort(command, serverSocket)) return false;
Socket clientSocket = serverSocket.accept();
// Transfer the data
OutputStream out = clientSocket.getOutputStream();
transferData(in, out);
// Clean up the data structures
out.close();
clientSocket.close();
serverSocket.close();
return isPositiveCompleteResponse(getServerReply());
* Transfers the data from the given input stream to the given output
* stream until we reach the end of the stream.
private void transferData(InputStream in, OutputStream out)
throws IOException
byte b[] = new byte[1024]; // 1K blocks I guess
int amount;
// Read the data into the file
while ((amount = in.read(b)) > 0) {
out.write(b, 0, amount);
* Executes the given ftpd command on the server and writes the results
* returned on the data port to the given FilterOutputStream, returning true
* if the server indicates that the operation was successful.
private boolean setupDataPort(String command, ServerSocket serverSocket)
throws IOException
// Send our local data port to the server
if (!openPort(serverSocket)) return false;
// Set binary type transfer
outputStream.println("type i");
if (!isPositiveCompleteResponse(getServerReply())) {
debugPrint("Could not set transfer type");
return false;
// If we have a restart point, send that information
if (restartPoint != 0) {
outputStream.println("rest " + restartPoint);
restartPoint = 0;
// TODO: Interpret server response here
getServerReply();
// Send the command
outputStream.println(command);
return isPositivePreliminaryResponse(getServerReply());
* Get IP address and port number from serverSocket and send them via the
* <code>port</code> command to the ftp server, returning true if we get a
* valid response from the server, returning true if the server indicates
* that the operation was successful.
private boolean openPort(ServerSocket serverSocket)
throws IOException
int localport = serverSocket.getLocalPort();
// get local ip address
InetAddress inetaddress = serverSocket.getInetAddress();
InetAddress localip;
try {
localip = inetaddress.getLocalHost();
} catch(UnknownHostException e) {
debugPrint("Can't get local host");
return false;
// get ip address in high byte order
byte[] addrbytes = localip.getAddress();
// tell server what port we are listening on
short addrshorts[] = new short[4];
// problem: bytes greater than 127 are printed as negative numbers
for(int i = 0; i <= 3; i++) {
addrshorts[i] = addrbytes;
if (addrshorts[i] < 0)
addrshorts[i] += 256;
outputStream.println("port " + addrshorts[0] + "," + addrshorts[1] +
"," + addrshorts[2] + "," + addrshorts[3] + "," +
((localport & 0xff00) >> 8) + "," +
(localport & 0x00ff));
return isPositiveCompleteResponse(getServerReply());
* True if the given response code is in the 100-199 range.
private boolean isPositivePreliminaryResponse(int response)
return (response >= 100 && response < 200);
* True if the given response code is in the 300-399 range.
private boolean isPositiveIntermediateResponse(int response)
return (response >= 300 && response < 400);
* True if the given response code is in the 200-299 range.
private boolean isPositiveCompleteResponse(int response)
return (response >= 200 && response < 300);
* True if the given response code is in the 400-499 range.
private boolean isTransientNegativeResponse(int response)
return (response >= 400 && response < 500);
* True if the given response code is in the 500-599 range.
private boolean isPermanentNegativeResponse(int response)
return (response >= 500 && response < 600);
* Eliminates the response code at the beginning of the response string.
private String excludeCode(String response)
if (response.length() < 5) return response;
return response.substring(4);
* Prints debugging information to stdout if the private flag
* <code>PRINT_DEBUG_INFO</code> is turned on.
private void debugPrint(String message) {
if (PRINT_DEBUG_INFO) System.err.println(message);
* The socket through which we are connected to the FTP server.
private Socket connectionSocket = null;
* The socket output stream.
private PrintStream outputStream = null;
* The socket input stream.
private BufferedReader inputStream = null;
* The offset at which we resume a file transfer.
private long restartPoint = 0L;
Please help me where am I wrong?
ThanksI would guess the error happens at this line:
} while(!(Character.isDigit(reply.charAt(0)) && ...
because apparently reply.length() is 0 at the point of failure, so charAt(0) is beyond the end of the string. You need to check the length first. -
SOAP Header based user/password authentication in OSB 11g Proxy Service
Hi,
I have implemented SOAP Header based authentication in my OSB 11g Proxy Service.
In the Security settings of my AnySOAP(Soap 1.1) HTTP Proxy service, I have amde the following changes:
1.
In Transport Access Control link, i selected the User predicate, and provided an user already existing on weblogic server with following roles(AppTesters, Monitors, Operators).
The AuthorizationProvider was XACMLAuthorizer
2.
Under Custom Authentication, I selected the Custom User Name and Password option, and provided the below mentiioned xpaths
User Name XPath: ./*/*:Username/text()
User Password XPath: ./*/*:Password/text()
3.
In Message Access Control link, i selected the User predicate with the same user as mentioned in Transport Access Control link.
Now, when I am testing this service from OSB Test Console, I am providing the following input.
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:N1="http://abcd.com/common/bodcomponents/transactional/model/1.0/">
<soap:Header>
<AuthHeader>
<N1:Username>userXYZ</N1:Username>
<N1:Password>passXYZ</N1:Password>
</AuthHeader>
</soap:Header>
<soap:Body>
<!-- body payload -->
</soap:Body>
</soap:Envelope>
The response is "The invocation resulted in an error: ."
The OSB server logs show the below error:
####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-387082> <Proxy service access denied (proxy: ABCD/Services/Common_HTTP_Proxy, subject: Subject: 0
)>
####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Kernel> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-382004> <Failed to process request message for service ProxyService ABCD/Services/Common_HTTP_Proxy: com.bea.wli.sb.security.AccessNotAllowedException
com.bea.wli.sb.security.AccessNotAllowedException
at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:136)
at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:117)
at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:586)
at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:329)
at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMessageSender.java:76)
at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:134)
at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:132)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:137)
at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:454)
at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:167)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(TestService_sqr59p_EOImpl.java:353)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Please suggest where I am going wrong in this. I have cross checked the user/pass credentials with what I am giving in the input, and it is perfectly fine.I have added the Username and Password as follows, since the namespace declaration was required due to the namespace prefix 'N1' in the XPath
declare namespace N1="http://abcd.com/common/bodcomponents/transactional/model/1.0/";./AuthHeader/N1:Username/text()
declare namespace N1="http://abcdp.com/common/bodcomponents/transactional/model/1.0/";./AuthHeader/N1:Password/text()
I have removed the Message Access Control conditions, have only kept Transport Access Control conditions.
If i keep the condition in Transport Access Control as "Allow access to everyone", and test with proper credentials in the Username/Password tags in SOAP Header, then it works fine. However, if I try to give an incorrect password in the SOAP Header, it denies the access. So that means the XPaths given for Username/Password are working fine. The OSB logs show the below message
+####<Feb 10, 2011 12:59:21 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000ef2> <1297322961536> <BEA-386008> <Message level username/password authentication failed: [Security:090304]Authentication Failed: User weblogic javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied>+
However if i add the condition with predicate as "User" and user name argument as "weblogic", and try to pass the same in the SOAP Header as well with the correct password, it denies the access with below message in the logs.
+####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-387082> <Proxy service access denied (proxy: ABCD/Services/Common_HTTP_Proxy, subject: Subject: 0+
+)>+
+####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Kernel> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-382004> <Failed to process request message for service ProxyService ABCD/Services/Common_HTTP_Proxy: com.bea.wli.sb.security.AccessNotAllowedException+
com.bea.wli.sb.security.AccessNotAllowedException
at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:136)
at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:117)
at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:586)
at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:329)
at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMessageSender.java:76)
at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:134)
at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:132)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:137)
at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:454)
at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:167)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(TestService_sqr59p_EOImpl.java:353)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) -
Sending MIME information while doing FTP in OSB
Hi All,
I'm trying to FTP a file to webmethods through an OSB process.
If FTP is done from a command prompt or FileZilla to the location using MIME type like below, it works
"ABC;application:x-wmflatfile" where "ABC" is the file name and "application:x-wmflatfile" is the MIME type.
Now, inside the OSB, I have specified a file name in a transport header, and added the MIME type along with it as ABC;application:x-wmflatfile.
Also, I have specified two additional transport headers
1. HTTP Content-Type to 'application:x-wmflatfile'
2. HTTP-Accept to 'application:x-wmflatfile'
But the file is not going to the webmethods end and giving an error
Error occured for the service endpoint: com.bea.wli.sb.transports.TransportException: File could not be renamed from: ABC;application:x-wmflatfile.a to ABC;application:x-wmflatfile.
Is there anything else I need to do to get this one working.
Regards,
SatrajitI would guess the error happens at this line:
} while(!(Character.isDigit(reply.charAt(0)) && ...
because apparently reply.length() is 0 at the point of failure, so charAt(0) is beyond the end of the string. You need to check the length first. -
EIC Authentication-Error occurred while data was read from your ERP system
Hi everybody,
hope someone can help me with this issue in a EP 7.0 Portal (SP 08):
In ESS --> Personal Information --> EIC Authentication when I click on the service, I get the following message in roadmap step 1 (overview), :
"An error occurred while data was read from your ERP system. Contact your system administrator."
I appreciate your help! Thanks and best regards,
JasminHi,
Found similar threads.It ma help u.
/message/3652173#3652173 [original link is broken]
/message/3652594#3652594 [original link is broken]
Regards,
Manoj. -
Proxying FTP though SUN One web proxy
Hi,
I have to find a reliable FTP proxy suitable for use with command line FTP clients. Tried several so far but none meet the criteria (fast, reliable, supported) for a production-ready system.
Is there a method to configure the SUN One proxy such that an FTP client using connection format such as user@host:port can be made to work?
The existing products that I've tried so far work such that the end user does
ftp proxyhost
username = user@remotetarget:port
password
get/put/etc/etc
I need to be able to replicate that functionality.
TIA
JoeI'm really looking for a "how-to" here. Lets say I have a client box upon which I use ncftp client. This has to talk through an internal firewall to a DMZ wherein resides the proxy. This will then talk through the external firewall to the target site (probably having traversed at least one more firewall.
What does it take to get FTP services proxied through the SUN One? If we assume that somehow whatever client software I'm actually using will provide something equivalent to ftp://user@target:port when talking to the proxy what specific tuning do I need for SUN One?
So far, what I've gleaned from the docs hasn't worked for anything other than a web browser. -
Sharepoint authentication via NTLM from proxy OSB service
Hello all ,
I want to reopen again this point of NTLM authentication for OSB to IIS/Microsoft .
So we follow all the recomandation until now regarding Authenticator and open URL .
The problem is that - webservice client generated from SharePoint wsdl - runs ok from java enviroment (Jdeveloper , Eclipse ) with Authenticator class set .
But when we move on OSB - and made a proxy service that made the java call out to one of client method the response is 401 - not authorized .
Any new hints ?
What can be wrong ?
Many thanks in advance ,
StefanAny way how can I see the error messages also in the log of OSBYou may use sysout's in Java code to print information on Standard out. You may also utilize server logging service-
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13739/logging_services.htm#CJAGBADA
enable some http monitor to see what happened behind - and where credentials are lost .You may use any network packet analyzer.
Regards,
Anuj -
Authentication for methods in proxy
hello everybody,
i created a Abap proxy using Integration Directory Programming Interface WSDL (API) for modify in massive way my comunication channell on XI 3.0.
I created my report following this blog:
/people/alessandro.frontini/blog/2008/10/20/using-the-communication-channel-web-service-with-abap-a-sample-report
All work fine but everytime in my report is called a method, they ask me authentication.
It's possible disable authentication? or set it on code?
Thanks in advance
AlexGe,
You misinterpreted my answer a bit.
1. Create own subclass of RuntimeException so you may distinguish your exceptions and standard ones like NullPointerException, ArrayIndexOutOfBoundsException:
public class GeRuntimeException extends RuntimeException {
public GeRuntimeException(final String message) { super(message); }
public GeRuntimeException(final Throwable cause) { super(cause); }
public GeRuntimeException(final String message, final Throwable cause) { super(message, cause); }
2. Next create concrete sublcasses of your superclass:
public class GeSecurityException extends GeRuntimeException {
public class GeDatabaseException extends GeRuntimeException {
public GeDatabaseException(final java.sql.Exception cause) { super(cause); }
3. Typical code pattern that throws your exception:
final PreparedStatement pstmt = ...;
try {
pstmt.setInt(1, 0);
pstmt.setString(2, "String param");
pstmt.executeUpdate();
} catch (final SQLException ex) {
throw new GeDatabaseException(ex);
4. Typical code pattern that handle exception:
try {
wdThis.wdGetOtherController().makeDatabaseCall();
} catch (final GeDatabaseException ex) {
wdComponentAPI.getMessageManager().reportException(
new WDNonFatalException( ex.getCause() ), false
return;
} catch (final GeRuntimeException ex) {
wdComponentAPI.getMessageManager().reportError("Unexpected failure");
return;
/* Some other code if no exception */
Notice that code above does not catch generic RuntimeException, only your sublcasses.
Valery Silaev
SaM Solutions
http://www.sam-solutions.net -
Security: web services on WLS 8.5, ALSB and proxy on 9.1
Hi everyone, here's my current situation. I've got some web services running on WLS 8.5, and I've imported them as Business Services into ALSB. The web services themselves are not secured, but I modified the WSDLs so that I could create proxy services which enforce the security.
The security enforcement works when I test it through ALSB test console. However, now I'm trying to create a client web service to invoke the proxy. The client is being made using Workshop running on 8.5 server.
I can get the client to successfully invoke the proxy with no policies attached. Then I made a proxy with BEA's Auth.xml required for inbound messages. The keystores are identical on both the proxy server and the client server.
<input>
<wsp:Policy>
<wsp:PolicyReference URI="policy:Auth.xml"/>
</wsp:Policy>
<soap:body use="literal"/>
</input>
I imported the WSDL into workshop and created a java control from it. I attached a WSSE policy file to the control:
<wsSecurityOut>
<encryption>
<encryptionKey>
<alias>flcoi1</alias>
</encryptionKey>
</encryption>
</wsSecurityOut>
Added this control into a blank web service. The only error being returned from the server is:
com.bea.control.ServiceControlException: SERVICE FAULT:
Code:java.lang.NullPointerException
String:null
Detail:
END SERVICE FAULT
with no further explanations. Does someone know what would cause this exception? Or if it's even possible to do what I'm trying (between WLS 8 and 9)?Hi!
In my tries to get security to work between WL 8.x to ALSB I realized that WL 8.x don't have support for WS-Security (and therfore WS-Policy) that ALSB uses, but maybe there are some workarounds...
/Patrik -
Now that TMG is end of life, I am setting up a new Web Application Proxy server to handle all of our reverse proxy duties. This has been fine except that it doesn't seem to be able to publish FTP. So I ask the Microsoft community, how am I supposed to
reverse proxy an FTP server that's using FTPs? IIS ARR is not the solution. Thanks.Hi,
Sorry to say that I only found that TMG/ISA or the IIS with ARR can be used as a reverse proxy for applications. Maybe some third-party reverse proxy server can
achieve that.
Best regards,
Susie -
External Web Authentication - HTTP Redirect or Proxy?
I've been reading all of the information I can find about the use of authentication of guest users using an external web server, rather than the native portal provided by a WLC. I've looked at the configuration examples and configuiration guides.
My question is this: when the WLC redirects the client to the external web server, is it a true http redirect (i.e. a http redirect sent to the client) or does the WLC act as a proxy (via its virtual address - usually 1.1.1.1), altering the http headers as it does when re-directing requests to its internal web portal ?
This is important as I need to understand if it is the client that has to be able to connect to the external web server, or whether it is the WLC that has to be able to connect to the external web server.
The WLC for the solution I am working on is in a highly secure DMZ area, so it is imprtant to know which devices need to talk to which.So, to be clear, it is the WLC that needs connectivity to the external server or the client device?
Both devices need to communicate to the external web server. The WLC will need to communicate with the external server since it will be expecting a return of information from that server to process the l3 authentication. The client will need to reach it as the WLC is going to redirect it to that site (reason for pre-auth acl).
Does the client communicate directly with the external web server, or will it direct its http requests to 1.1.1.1, which will then be proxied by the WLC to the external web server?
Again this is both; So the client will lookup/resolve a site and initiate some HTTP traffic, so it starts a TCP SYN for to the real web server it is trying to reach, the WLC will see this request; hijack the IP of the destination server and reply back to the client(pretending to be the "internet" server) The WLC redirects the client to it's virtual IP; whether using internal or external web auth. So the client will arrive at the virtual IP of the WLC; which will then redirect the client to the external web server in your case. When this happens the WLC has also inserted some information in to the redirect URL on the clients behalf so which the external server will use to send the information it collects (assuming you're using one of our standard external bundles). The external server will process the client HTTP GET, so as far as "viewing and using" the external web server; the client will make that request directly to the external web server. The external server, upon submittion of the form on the page, will send the information collected from the client back to the WLC server (which it learned it's IP from the redirect URL). The authentication of the client will take place at the WLC.
So in this scenario you need a love triangle between the Client, WLC, and external server. All will be talking to one another at some point. Your client needs connectivity to the external server; and your WLC needs connectivity to the external server.
David W.
Maybe you are looking for
-
What is the most up-to-date Version of 5.0 for Windows XP Destop?
I currently have Firefox 6.0 beta on my Windows XP Desktop. I want to change back to Firefox 5.0 version. How can I be sure to download the correct up-to-date version of 5? The 6.0 beta is too much for my limited expertise and I don't want to deal wi
-
I am on itunes on my iphone, i bought a ringtone but i cant figure out how to set it as my default.
I bought a ringtone using my itues store on my iphone, and bought a rigntone. How can I set it as my default. I cannot find the option to get it set up
-
IPods not being recognised following Update to 8.1
Hi - I've recently updated my (new) Notebook laptop to Windows 8.1. Since then, when I connect either my iPod or iPod Nano to the computer, neither device is recognised. Although each will briefly light up and a sound is made to suggest connection,
-
I am running a DP import and I'm getting the above error. The description of the error is: Error: ORA-31696 (ORA-31696) Text: unable to export/import %s using client specified %s method Cause: Table attributes prevent client specified met
-
Reverse the service entry sheet
Hello, I would like to reverse the service entry sheet, as the amount I first entered is wrong. I get the below screen and error message: "A parked invoice already exists for this entry sheet" Could you tell what I should do to change the amount of t