Axis receiver - WS-SECURITY problem

Similar Messages

• SOAP Axis receiver: host parameter is null

  Hello,
  we are on a PI 7.11 (SP06) system & we are trying to setup a scenario SOAP - SOAP (Axis) where we initiate a third party webservice. To connect to this service we are obliged to go through our proxy, which we defined in our JVM parameters:
  http.nonProxyHosts: [*.ont.local|*.val.local|*.mon.local]
  http.proxyHost: [proxypac.mon.local]
  http.proxyPort: [8080]
  http.proxySet: true
  When we execute our scenario via soapUI we get following error:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException:
  XIAdapterFramework:GENERAL:com.sap.engine.interfaces.messaging.api.exception.MessagingException:
  java.lang.IllegalArgumentException: host parameter is null
  We already tried with http://proxypac.mon.local as parameter as well but still we get this error.
  Furthermore we are able to make a connection to the service via a SM59 connection.
  Axis details:
  Adapter Common Library Version: 1.7.1106.20110202095400.0000, NW711_06_REL
  Adapter Application Version: 1.7.1106.20110202095400.0000, NW711_06_REL
  Axis Version: Apache Axis version: 1.4 Built on Apr 22, 2006 (06:55:48 PDT)
  Many thanks in advance for your help,
  Frédéric.

  Hello Mark,
  we get this last error when connecting with SOAP receiver instead of Axis receiver.
  We are sending different headers (wsa & wsse) in our soapUI request:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:klip="http://ws.agiv.be/klipws" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Header>
  <wsa:Action xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://ws.agiv.be/klipws/ListKLB</wsa:Action>
  <wsa:MessageID>urn:uuid:2a46571e-d5a7-4b33-a4a1-a174330cd36c</wsa:MessageID>
  <wsa:ReplyTo> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo>
  <wsa:To>http://wsklip.beta.agiv.be/**********.asmx</wsa:To>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:klip="http://ws.agiv.be/klipws" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsu:Created>2011-09-27T10:00:31Z</wsu:Created>
    <wsu:Expires>2011-09-30T18:01:31Z</wsu:Expires>
    </wsu:Timestamp>
  <wsse:UsernameToken>
    <wsse:Username>*********</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">***************************************wsse:Password>
    <wsse:Nonce>****************************************</wsse:Nonce>
    <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-09-12T14:01:31Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
     <soapenv:Body> <klip:ListKLB xmlns="http://ws.agiv.be/klipws"/>
     </soapenv:Body>
  </soapenv:Envelope>
  For the Axis receiver it looks like one of the handlers can't get the value of our host parameter.
  Any help or tips would be really appreciated!
  Regards,
  Frédéric.

• Missing soap action in the soap axis receiver adapter ?

  Hi Guys,
  I could not find the soap action field in the soap receiver adapter and i followed the OSS note
  Note 1054986 - SOAP (Axis) receiver adapter's SOAPAction field missing
  Please apply the following patch and use the handler parameter defaultSOAPAction for the XI30OutboundHandler handler in the request chain. This handler parameter can be configured as a module parameter for the HandlerBean module associated with this handler. It is noted that this module parameter takes precedence over the channel parameter for SOAPAction if this field is available.
  For SP12
  XI ADAPTER FRAMEWORK CORE 7.0
  Support Package 12, Patch Level 1 (SAPXIAFC12P_1.SCA)
  we are on SP15 so i think the option should be available ?
  Do i need to add this parameter in the Module Configuration ?
  Moduel Key : ?
  Parameter Name: handler.type ---> is this right
  Parameter Value ---> ?
  we need to validate the user id and pw on IIS for NTLM authentication. Any help regarding developong the handlers would be great
  any help would be appreciated.
  Thanks,
  Srini

  Srinivas,
  You are on the right path...........yes that is the right note for this issue.
  The problem is this is not a general fix that comes with all service packs as the axis adapter is not used a lot, that being said.if you dont see it with sp15..i would safely go apply this fix and see if it works..else you might have to open an oss note for the same...
  Hope that helps..
  Regards
  Ravi Raman
  P.S: On my home system..i did apply the fix and i was on a much higher sp level ..i saw some errors..in the logs but nothing a restart couldent fix..

• Row level security problem.

  Hy all, I'm new to Oracle and though i've google it a lot I didn't manage to find a solution to this problem:
  I'm using sql developer and Oracle 10g.
  I have this two tables :
  CREATE TABLE HR_employees
  (codHR NUMBER(3) CONSTRAINT pk_hr PRIMARY KEY,
  coddep NUMBER(4) not null,
  DB_user VARCHAR2(10),
  and
  CREATE TABLE Candid
  (codcan NUMBER(2) CONSTRAINT PK_candidat PRIMARY KEY,
  codHr NUMBER(3) NOT NULL,
  CONSTRAINT FK_CODHR FOREIGN KEY (codHR) REFERENCES HR_employees (codHR) );
  I tried to implement row level security on them by using two views:
  CREATE OR REPLACE VIEW employees_v AS
  SELECT * FROM hr_employees
  WHERE DB_user = user
  UNION
  SELECT * FROM hr_employees
  WHERE codhr=(SELECT codhr FROM hr_employees WHERE db_user=user );
  AND coddep IN (4000,5000);
  CREATE OR REPLACE VIEW candid_v AS
  SELECT cand.*
  FROM candid cand , hr_employees hr
  WHERE cand.codhr= hr.codhr
  AND hr.db_user=user
  UNION
  SELECT cand.* FROM candid cand, hr_employees hr
  WHERE hr.coddep=(SELECT H.coddep FROM hr_employees H
  WHERE H.db_user=user
  AND H.coddep IN (4000,5000) );
  What I want to do is to disconnect and connect with another user from SQL Developer and see different fields based on the user and the department, Sql developer doesn't seem to recognize the user connected to the database..everytime I receive a no row selected statement, only when I connect with SYS and put the actual username WHERE H.db_user='SYS' they seem to work. I have created the tables with SYS and granted Select on the views to the users, the users don't have privilegies on the actual tables.
  Sorry for the bad english,it's a foreign language to me ,
  I hope you can help me

  Hi,
  Damorgan is right: "Row level security has nothing to do with views" in the sense that the two are independent. You can have row-level security with or without views, and you can have views with or without row-level security. dbms_rls is a very useful and powerful way to implement row-level security, and you should check it out, but it's not necessarily the answer to all row-level security problems.
  I'm not sure I understand your problem beyond the need to restrict user A's access to two tables.
  If which rows user A is allowed to see depends on the results of queries from those same tables, including rows that user A is not allowed to see (that is, you need to do sub-queries with some other user's (let's call this user B's) privileges), then you can do those sub-queries in stored procedures.
  Stored procuderes can run with the privileges of the procedure owner, regardless of who is calling them. Using a function called user_codhr owned by user B, you could define a view like this:
  CREATE OR REPLACE VIEW employees_v AS
  SELECT * FROM hr_employees
  WHERE DB_user = user
  OR    (   codhr = user_codhr
        AND coddep IN (4000,5000)
        );If the results of the function will be the same throughout the session, you can call it once, at the beginning of your session, and save the results in a SYS_CONTEXT varaible or a global temporary table.
  If you need more help, post a more detailed example of the problem, such as "With this data in the table, B should see all rows but A should see only ...".

• I am trying to receive my security questions but iTunes keeps sending it to the wrong email, I have the email setup on Apple ID.

  I am trying to receive my security question but iTunes keeps sending it to the wrong email, I have the right email on the settings and Apple ID

  I did it before ios7 and it wasn't a problem but now it is:/

• Mail outgoing password security problem

  IMac, 10.9.5, Outgoing mail will not work, password security problem, with all mail accounts.

  password security problem,
  Can you provide more details on this?
  Troubleshooting sending and receiving email messages
  Troubleshooting sending email messages

• I am currently using Lightroom 5.6 and operating on a Mac with OSX Ver 10.9.5. I am receiving an error problem when doing the following -  I am exporting selected photos from a particular Catalogue saved on Drive 1 to a folder created on another Drive whe

  Hi, I am having a little trouble with exporting images to another drive and Catalogue and need some help if anyone can give me some advice
  I am currently using Lightroom 5.6 and operating on a Mac with OSX Ver 10.9.5.
  I am receiving an error problem when doing the following -
  I am exporting selected photos from a particular Catalogue saved on Drive 1 to a folder created on another Drive where a Lightroom Catalogue has been created. In this Catalogue I have arranged for the images once exported to be moved to a different folder - I used the Auto Import process under the File dialogue box.
  When processing the Export I receive an error message for each of the images being exported indicating the following -
  Heading Import Results
  Some import operations were not performed
  Could not move a file to requested location. (1)
  then a description of the image with file name
  Box Save As                                  Box  OK
  If I click the OK button to each image I can then go to the other Catalogue and all images are then transferred to the file as required.
  To click the OK button each time is time consuming, possibly I have missed an action or maybe you can advise an alternative method to save the time in actioning this process.
  Thanks if you can can help out.

  Thank You, but this is a gong show. Why is something that is so important to us all so very, very difficult to do?

• Opening and closing a frame from an applet security problem

  can I open a frame or a window from an applet and close the frame by using
  System.exit(0) for the frame or will it throw a security problem.

  I am using system.exit(0) to exit the JVM.
  dispose()
  Releases all of the native screen resources used by this Window, its subcomponents, and all of its owned children. That is, the resources for these Components will be destroyed, any memory they consume will be returned to the OS, and they will be marked as undisplayable.
  If this frame have to be close and open again don't use dispose.
  there is no check whether a frame is active? what you can do is set the the new frame to null (frame = null) and also when you dispose it, this will let you know if the frame is active or not.
  Noah

• I have a new iPhone 6 plus and all is OK. But the mail shows more than 400 'unread' messages whereas there are none in the mailbox or trash or anywhere else I have looked. I can send and receive with no problem. I'm sure I have no unread messages.

  I have a new iPhone 6 plus and all is OK. But the mail shows more than 400 'unread' messages whereas there are none in the mailbox or trash or anywhere else I have looked. I can send and receive with no problem. I'm sure I have no unread messages.

      jsavage9621,
  It pains me to hear about your experience with the Home Phone Connect.  This device usually works seamlessly and is a great alternative to a landline phone.  It sounds like we've done our fair share of work on your account here.  I'm going to go ahead and send you a Private Message so that we can access your account and review any open tickets for you.  I look forward to speaking with you.
  TrevorC_VZW
  Follow us on Twitter @VZWSupport

• How do I avoid the recipient of my Indesign PDF receiving a security warning when clicking on links?

  I create PDF's out of Indesign to send to new clients. They contain links to external websites. They do not contain any javascript or videos or hidden links. If the PDF is opened in Adobe Reader, when the recipient clicks on a hyperlink in my PDF they get a security warning asking if they trust the site. How can I avoid the recipient receiving this Security Warning as it would scare people into thinking I had sent them something malicious when I haven't?

  You cannot avoid it, that's part of the PDF security system to make the user aware that he is entering non-trusted area, as it is with every web page when it is opened the first time in Reader or Acrobat on this computer. ThatÄs an unchageable fact. You have to live with it.

• How do I avoid the recipient of my PDF receiving a security warning when clicking on hyperlinks?

  I create PDF's out of Indesign to send to new clients. They contain links to external websites. They do not contain any javascript or videos or hidden links. If the PDF is opened in Adobe Reader, when the recipient clicks on a hyperlink in my PDF they get a security warning asking if they trust the site. How can I avoid the recipient receiving this Security Warning as it would scare people into thinking I had sent them something malicious when I haven't?

  There's nothing you can do as the creator of the file. If you could, that whole source of security would be worthless.
  They would need to tweak their security settings in Edit>Preferences>Security(enhanced).

• I got this warning when i open a specific page on my website in IE : MuseJSAssert: Error calling selector function:Error: A security problem occurred.

  Hi,
  I found out when i'm in IE and go to the page 'Artists'
  and i click on a name, for example: 'Abel Equipe ELA/I Gomes'
  I get this warning :
  MuseJSAssert: Error calling selector function:Error: A security problem occurred.
  This is only in IE, not when i use Safari or Chrome
  this is the website link
  Any ideas how to solve this problem?

  There's an invalid hyperlink on the Abel Equipe ELA/I Gomes page on a bit of text that reads "with your input." You need to find this text within Muse, clear the hyperlink and enter a valid one.

• Need to solve serious security problem with Oracle Reports URL

  As mentioned repeatedly on this forum, Oracle Reports allows serious security breaches that allow users to see reports that they did not generate -- it's easy to guess a legal URL by changing the getjobid parameter.
  I've reviewed the JavaDocs to part of the rwrun.jar file and reviewed some of the example report plugins. This shows promise in helping to solve this security problem but critical pieces are missing.
  1) The javadocs are accurate for only 10g (9.0.4) but not correct for 10g (10.1.2+), which we are currently using. I need access to the updated version of this javadoc.
  2) Even with the updated version of the JavaDoc, I haven't found a class from which to inherit that would give me the opportunity to generate random jobid values, which then would effectively prevent users from guessing other jobid values, and thereby gaining access to other's reports (which in our cases, may contain sensitive information.
  3) We have found that we can send the parameter=value of EXPIRATION=1 which helps protect such information, but this requires that every program which invokes a report be modified to add this parameter. It would be far better for the report server to be configured to use a java class we write that inherits from some rwrun.jar class that would by default, add the EXPIRATION=1 parameter.

  Hi,
  Thanks for our replies. I will ask to an administrator about this security problem, now I know it depends of a security parameter.
  But I would know if it could be possible to hide the technical name of the query in the url. It could improve the security level of our reports in a first time in this way.
  Thanks a lot,
  JW.

• Javascript security problem in IE/Netscape

  I am facing with the javascript security problem in IE/Netscape. I have solved this problem partially, but there are more issues involved.
  Here's the scenario:
  There is an HTML page on client's hard disk (main.htm) containing two frames:
  frame 1 contains a page that lies that is deployed from my server, say
  src="http://127.0.0.1:8080/MyApplication.htm"
  frame 2 contains a page that lies on the client's server, say
  src="http://www.clientside.com/clientPage.htm"
  My page in frame 1 wants to access the URL of the page in frame 2 (through a button click, say ). This is done in MyApplication.htm through javascript as:
  window.parent.frame2.location.href;
  Now when the above line is executed, i get the following error:
  In IE(5.0): "permission denied"
  In Netscape(4.7): "access disallowed from scripts at http://127.0.0.1:8080/MyApplication.htm to documents at another domain."
  (which is understandable)
  I have partially solved the above problem in Netscape, by granting access permissions to MyApplication.htm (page on my server) to access the
  "http://www.clientside.com/clientPage.htm" page at client's domain.
  This is done as follows:
  1. First enable code base principals in client's Netscape by adding the following line in prefs.js file of Netscape
  "user_pref("signed.applets.codebase_principal_support", true);"
  2. Secondly i must add the following line in java script of "MyApplication.htm"
  "netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserAccess");"
  Now when the client clicks the button on my frame he'll get a netscape window asking him to grant permissions to MyApplication.htm.
  After granting permission, MyApplication.htm can retrieve the URL of clientPage.htm (even if he browses to another url)
  As you can see this problem is solved partially, but i want that the page "main.htm" (which is now on the client's hard disk),
  must be deployed at client's server (in which case not even the above technique works).........what should i do? any alternates or other solution?
  Secondly i want this to work with IE too, (which should according to their documentation, but does not and is therfore a big IE bug-as mentioned on the net)
  Any sort of help in this case would greatly appreciated.
  Thanks
  Faisal Moin Khan

  i believe you are posting in the wrong forum.
  This forum is foro XML web services.

• Axis receiver adapter error

  Hi,
  I am getting the following error when i check the MDT for the Axis Receiver Adapter.
  com.sap.aii.utilxi.misc.api.UnexpectedException: Internal Error: An unexpected error occurred (java.lang.NoSuchMethodException: com.sap.aii.mdt.server.integrationengine.IntegrationEngineDataImpl.getDuration())
  The Stack trace is as follows
  Stack trace for the above error message is:
  com.sap.aii.utilxi.misc.api.UnexpectedException: Internal Error: An unexpected error occurred (java.lang.NoSuchMethodException: com.sap.aii.mdt.server.integrationengine.IntegrationEngineDataImpl.getDuration())
       at com.sap.aii.mdt.api.data.Attribute.getDisplayFieldValue(Attribute.java:463)
       at JEE_jsp_monitor_monitor2_113430051_1317630683360_1323173672867._jspService(JEE_jsp_monitor_monitor2_113430051_1317630683360_1323173672867.java:573)
       at com.sap.engine.services.servlets_jsp.lib.jspruntime.JspBase.service(JspBase.java:102)
       at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
       at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:428)
       at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:147)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
       at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
       at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:457)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
       at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
       at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
       at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
       at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
       at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
       at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
       at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
       at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
       at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
       at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
       at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
       at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
       at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
       at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
       at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
  Caused by: java.lang.NoSuchMethodException: com.sap.aii.mdt.server.integrationengine.IntegrationEngineDataImpl.getDuration()
       at java.lang.Class.getMethod(Class.java:1605)
       at com.sap.aii.mdt.api.data.Attribute.getDisplayFieldValue(Attribute.java:429)
       ... 45 more

  Hi Srinivas,
  Post last line when you received this error.
  regards
  Ramesh