BPEL Security

Hi,
In our environment, certain BPEL processes have been security enabled, by using the 'role' property in the bpel.xml and the relevant entries have been made into jazn-data.xml, message-handlers.xml and also when the right credentials are passed, the processes are instantiated correctly.
Problem we are facing is that, we are calling certain stub-processes and also some sub-BPEL processes from the main Process, asychoronously, and we have not enabled security for those processes, as they are called not from outside the BPEL, but from within BPEL processes.
These sub-BPELs also get instantiated correctly, however, when calling back the main Process, it is giving the security error as given below. Is there any configuration which can be set, so that security is not applied when calling sub-BPELs callbacks or what can be the solution for such situations.
Thanks for your help.
Thanks and Regards,
Vijay.
<remoteFault>
<part name="summary" >
<summary>when invoking locally the endpoint 'http://kmackie-pc2.peoplesoft.com:9700/orabpel/default/ROTelcoNewOrder/1.0/DynamicBillingSystem/BillingSystem_Requester', ; nested exception is: ORABPEL-02175 Error while invoking inbound message handler. An error has occurred while attempting to invoke the inbound message handler class "class com.collaxa.cube.security.Authenticator" for the message "". The exception reported was: Could not apply security [username = null] </summary>
</part>
<part name="detail" >
<detail>ORABPEL-02175 Error while invoking inbound message handler. An error has occurred while attempting to invoke the inbound message handler class "class com.collaxa.cube.security.Authenticator" for the message "". The exception reported was: Could not apply security [username = null] </detail>
</part>
</remoteFault>
-----------------------------------------------------------------------------------------------------------

Hi Clemens,
Is there a way to turn off the security authentication for the callback messages. We have secured the BPEL processes and we want the authentication to be done at the instantiation level ; but not at the receipt of call back messages. Is there any configuration setting that we could leverage of?
Regards,
Ravi

Similar Messages

  • BPEL security, need help?

    Folks,
    We need help understanding how the following, that is done in JAVA can be done thru' BPEL
    ((Stub))._setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY, mywsdlURL);
    ((Stub))._setProperty(Stub.USERNAME_PROPERTY, myLDAPUSERNAME);
    ((Stub))._setProperty(Stub.PASSWORD_PROPERTY,myLDAPPASSWORD)
    It is a webservice that we are expected to invoke through BPEL. Invoking through JAVA works fine, however we do not know which properties should be used on BPEL to get it to work. We are either getting unable to access end point OR forbidden message. We tried setting these properties on partner link and on composite.
    Thank you.

    see these threads for the username/password
    http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
    Consume search.wsdl from BPEL 11g
    BPEL to invoke Webservice secured with HTTP Basic authentication
    the url will be added when you create the partnerlink to your webservice
    if you want to use some sort of dynamic partnerlink construction ..you could use :
    http://www.oracle.com/technology/architect/soa-suite-series/dynamic_endpoints.html
    http://blogs.oracle.com/dasoa/2010/09/11g_dynamic_partnerlink_example.html
    with this you can set the endpoint to your own values.
    or use something like ant for deployment en replace the endpoint settings at deployment time.

  • Best Practice for Securing Web Services in the BPEL Workflow

    What is the best practice for securing web services which are part of a larger service (a business process) and are defined through BPEL?
    They are all deployed on the same oracle application server.
    Defining agent for each?
    Gateway for all?
    BPEL security extension?
    The top level service that is defined as business process is secure itself through OWSM and username and passwords, but what is the best practice for security establishment for each low level services?
    Regards
    Farbod

    It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
    The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
    Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
    If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
    Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
    You can enforce rules at your network layer to allow access to the App server only from Gateway.
    When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
    The next BPEL developer in your project may not be aware of Security extensions
    Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
    Thanks
    Ram

  • Propagation of Credentials from ADF Pages to BPEL

    It is easy and straightforward to call web services from ADF pages. But I am a bit confused about the security issues around use of BPEL and OWSM with ADF.
    Suppose that I have authenticated against an LDAP to access an ADF page and the page make calls to a BPEL process through a button. As far as I know I should implement security in the web services through OWSM and in this case I can attach an agent to the web service to authenticate against LDAP. (or verify a SAML token)
    Problem: I can't pass credentials to the process from the page. the web service does not receive any SAML token, user name or pass word to authenticate.
    Also please read this for another view of the same problem:
    Security of Web Services, Agents and Sequantial Calling of Web Services
    How can I pass the SAML tokens(propagate identity) along the business process. If I insert SAML token as part of the agent's response steps, the response is not actually passed to the next service but the BPEL. Will the next service receive the SAML token?
    I really appreciate any comments and hints.
    Best Regards,
    Farbod

    Can message handler framework in BPEL Security extension help for this? Does enabling domain and process level security do the trick?
    Regards
    Farbod

  • Not able to see useSecurity property in the Managed BPEL Domain page

    Hi,
    I have installed Oracle BPEL PM 10.1.2.0.2 (Developer version) but i am not able to see the useSecurity property in the page. Are there any settings required before i can see the same.
    Thanks,
    -Ulrich.

    I have posted an entry on my blog describing this
    http://clemensblog.blogspot.com/2006/02/bpel-security-changes-between-1012.html
    hth clemens

  • BPEL's ability to interface with tools

    Please describe BPEL's ability to interface with the following tools
    Microsoft Outlook
    Microsoft Exchange
    Microsoft Project
    Active Directory (security integration)
    SOX Express
    IBM Websphere Datastage
    IBM Websphere Metastage

    Aruna,
    could you elaborate a little bit on the usecase pls, you mix here client tools, such as outlook, with servers (such as exchange)
    so, for now, here is a shot on 2 products ..
    1) Exchange - we can use it as email server
    2) Active Directory (security integration) - we can have the Human workflow, and the bpel security integrating with it
    besides, check out iWayAdapters that we can leverage directly to connect natively to systems, but in your case I am still not sure, how the integration w(s)ould look like
    thx clemens

  • Worklistapp - LDAP configuration

    Hello,
    I would like to change the worklist app configuration in soa suite. As default, the users and rols are defined in a config file. What I want to do is configure the worklist application so it verifies the user and roles against an LDAP system and not against a config file.
    I have seen that I can change the bpel security configuration and choose LDAP instead of a config file.
    http://simge-eai-dev/em/console/ias/oc4j/sec/secFileGen?app=orabpel in the EM, and then choose "change security provider"
    I tried that but then, I couldn't get into the bpel console (it was searching oc4jadmin/welcome1 in LDAP) but I could enter in the worklist application with a user that I didn't create in LDAP, it existed just in the config file.
    So, the question is: where do I have to change the worklist app configuration?
    If anyone knows, I would really appreciate.
    Thanks in advance,
    Zaloa

    Hi Marcel,
    What do you mean when you say that I have to log in to the worklist app using LDAP console? I thought I could keep using the worklist app console to log in and behind, this console would check the user and pass against LDAP.... can you verify this?
    I did change the is_config.xml file. Now it looks like this:
    <?xml version = '1.0' encoding = 'UTF-8'?>
    <ISConfiguration xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
    <configurations>
    <configuration realmName="umesimge-int.es">
    <provider providerType="LDAP" name="Active Directory" service="Identity">
    <connection url="ldap://192.168.9.182:389" binddn="CN=eai,OU=apps,DC=umesimge-int,DC=es" password="u7jZ/JCP2VUqnYt1uPZFjw==" encrypted="true">
    <pool initsize="2" maxsize="25" prefsize="10" timeout="60"/>
    </connection>
    <userControls>
    <property name="nameattribute" value="cn"/>
    <property name="objectclass" value="user"/>
    <search searchbase="CN=users,DC=umesimge-int,DC=es" scope="subtree" maxSizeLimit="1000" maxTimeLimit="120"/>
    </userControls>
    <roleControls>
    <property name="nameattribute" value="cn"/>
    <property name="objectclass" value="group"/>
    <property name="membershipsearchscope" value="onelevel"/>
    <property name="memberattribute" value="member"/>
    <search searchbase="CN=users,DC=umesimge-int,DC=es" scope="onelevel" maxSizeLimit="1000" maxTimeLimit="120"/>
    </roleControls>
    </provider>
    </configuration>
    </configurations>
    </ISConfiguration>
    And the LDAP error that I'm getting (when I try to log in from the worklist app) is:
    <2008-06-17 14:43:59,765> <ERROR> <oracle.bpel.services.workflow> <::> Fallo de autenticación del servicio de identidad.
    Fallo de autenticación del servicio de identidad.
    Compruebe la pila de errores y corrija la causa del error. Póngase en contacto con los Servicios de Soporte Oracle si no se puede corregir el error.
    ORABPEL-10528
    Fallo de autenticación del servicio de identidad.
    Fallo de autenticación del servicio de identidad.
    Compruebe la pila de errores y corrija la causa del error. Póngase en contacto con los Servicios de Soporte Oracle si no se puede corregir el error.
         at oracle.tip.pc.services.identity.common.LDAPUtil.getJNDIContext(LDAPUtil.java:168)
         at oracle.tip.pc.services.identity.common.AbstractLDAPProvider.getContext(AbstractLDAPProvider.java:587)
         at oracle.tip.pc.services.identity.common.AbstractLDAPProvider.lookupUserDN(AbstractLDAPProvider.java:389)
         at oracle.tip.pc.services.identity.ldap.LDAPProvider.authenticateUser(LDAPProvider.java:791)
         at oracle.tip.pc.services.identity.ldap.LDAPAuthenticationService.authenticateUser(LDAPAuthenticationService.java:86)
         at oracle.tip.pc.services.identity.ldap.LDAPIdentityService.authenticateUser(LDAPIdentityService.java:395)
         at oracle.bpel.services.workflow.verification.impl.VerificationService.authenticateUser(VerificationService.java:318)
         at oracle.bpel.services.workflow.query.impl.TaskQueryService.authenticate(TaskQueryService.java:138)
         at worklistapp.servlets.Login.handleRequest(Login.java:101)
         at worklistapp.servlets.BaseServlet.doPost(BaseServlet.java:162)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
         at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
         at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
         at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
         at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
         at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
         at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
         at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
         at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:302)
         at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
         at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
         at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
         at java.lang.Thread.run(Thread.java:595)
    Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]
         at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
         at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
         at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
         at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
         at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
         at javax.naming.InitialContext.init(InitialContext.java:223)
         at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
         at oracle.tip.pc.services.identity.common.LDAPUtil.getJNDIContext(LDAPUtil.java:159)
         ... 25 more
    It seems like my configuration is wrong. Any hints?
    Thanks in advance,
    Zaloa
    null

  • Error while invoking a WS-Security secured web service from Oracle BPEL..

    Hi ,
    We are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
    For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
    but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
    &ldquo;Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message&rdquo;
    Any pointers in this regard will be highly appreciated.
    Thanks,
    Saurabh

    Hi James,
    Thanks for the quick reply.
    We've tried to call that web service from an HTML designed in Visual Studios with the same username and password and its working fine.
    But on the BPEL console, we are getting the error as mentioned.
    Also if you can tell me how to set the user name and password in the header of the parter link.I could not find how to do it.
    Thanks,
    Saurabh

  • How to get security context in BPEL to get Logged in UserId

    Hi All,
    We have a requirement of getting security context in BPEL flow and from that we want to extract currentUserId. The requirement is to know who has initiated the composite flow. We are not passing userId in the event payload. In ADF we get the same through following expression:
    ADFContext.getCurrent().getSecurityContext().getUserName()
    Is there any similar api which we can access to get currentUserId?
    Thanks,
    Naga

    Hi,
    If your BPEL has oracle/wss_username_token_service_policy you can retrieve the username from the SOAP headers...
    Have a look at this...
    http://yuanmengblog.blogspot.com.au/2012/09/extracting-and-passing-wss-name-token.html
    Cheers,
    Vlad

  • Error while calling secured OSB proxy from BPEL

    Hi,
    I have a OSB Proxy service to which I have applied OWSM Policy:
    oracle/wss_username_token_service_policy
    In the Setting:
    Process WS-Security Header is set to Yes
    While calling this Proxy from BPEL I tried to append binding properties, I tried the following options:
    option1:
    wsseHeaders=credentials
    wssePassword=welcome1
    wsseUsername=weblogic
    option2:
    oracle.webservices.auth.password=welcome1
    oracle.webservices.auth.username=weblogic
    But neither of them work and I get the following error:
    <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
    <con:errorCode>BEA-386200</con:errorCode>
    <con:reason>General web service security error</con:reason>
    <con:location>
    <con:path>request-pipeline</con:path>
    </con:location>
    </con:fault>
    <Sep 21, 2010 9:49:30 AM PDT> <Error> <OSB Security> <BEA-387022> <An error ocur
    red during web service security inbound request processing [error-code: Security
    HeaderUnmarshallingError, message-id: 3659922647318344420--645cdd1d.12b2fe0c158.
    -7e45, proxy: OSBTest/Proxy Services/PrivatePersonnelDB_PS, operation: null]
    --- Error message:
    oracle.wsm.security.SecurityException: WSM-00069 : The security header is missin
    g.
    at oracle.wsm.security.policy.scenario.processor.UsernameTokenProcessor.
    verify(UsernameTokenProcessor.java:218)
    at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenario
    Executor.receiveRequest(WssUsernameTokenScenarioExecutor.java:123)
    at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor
    .execute(SecurityScenarioExecutor.java:530)
    at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(Assert
    ionExecutor.java:41)
    at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeS
    impleAssertion(WSPolicyRuntimeExecutor.java:608)
    Truncated. see log file for complete stacktrace
    I have even tried to enable HTTP basic Authentication for the service, but did not work.
    Any help is highly appreciated.
    Thanks.

    Hi,
    I have applied oracle/wss_username_token_service_policy for my proxy service and trying to test that from OSB Test Console. I am getting below error,
    "[OSB Security - OWSM:387253]Failed to initialize Owsm Credential Manager. Please validate the Keystore Configuration"
    When i have launched Test Console for this proxy, i have observed in Security part, oracle/wss_username_token_client_policy is appearing. I am not sure why oracle/wss_username_token_client_policy is appearing there when i applied oracle/wss_username_token_service_policy to my proxy service.
    Also do i have to need to configure any Keystore for oracle/wss_username_token_service_policy, If so please tell me the process.
    If no key store is required where will the credentials be stored.
    Thanks
    Rajesh

  • How to invoke secure web service from BPEL in SOA 11g

    In SOA 11g I have a simple bpel process in which I am invoking a secured webservice as partnerlink. The webservice which is used in bpel process is deployed in weblogic and the SSL port is enabled on weblogic server. The wsdl url starts with "https:\\hostname:port\servicename?wsdl"
    But I am getting compilation errors when i compiled the BPEL code
    Error(16,65): Load of wsdl "AddressBookManager.wsdl" failed
    Error(19,30): Load of wsdl "https://hostname:port/DV900/AddressBookManager?wsdl" failed
    Error(35,102): Cannot find Port Type "{http://oracle.e1.bssv.JP010000/}Oracle_E1_SBF_SEI_PkgBldFile_AddressBookManager" for "AddressBookManager" in WSDL Manager
    Can anyone please help me out in resolving this.
    Thanks,
    Shameem banu.

    Solution is you need to import the keystore into Jdeveloper jdk first.
    keytool -import -alias <name> -file <name>.pem -keystore <name>.jks -storepass <passwd>
    All details in <> are your specific keystore,pwd details.
    Then go to Jdeveloper/jdev/bin
    add the following to
    jdev.conf file
    AddVMOption -Djavax.net.ssl.trustStore=path_to_keystore\keystorename.jks
    AddVMOption -Djavax.net.ssl.trustStorePassword=password
    Then you can create partner link for https based wsdl
    Good Luck

  • How to pass login credentials dynamically to secured partnerlink in a BPEL

    Hi,
    I am trying to invoke a secured web service from a BPEL.And requirement is to dynamically pass the username and password . I have done the following steps to pass the login credentials to the partner link.
    Infact I have followed one of the oracle forums.BUT ITS NOT WORKING.
    ====================================================================================================
    1. Imported the xml schema "oasis-200401-wss-wssecurity-secext-1.0.xsd"
    2. Created a variable "SecurityContext"
    <variable name="SecurityContext" element="ns2:Security"/>
    3.Created a copy rule.
    <copy>
    <from>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>myusername</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">mypassword</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </from>
    <to variable="SecurityHeader"/>
    </copy>
    4. Added the following xml to the invoke operation.
    <invoke name="Invoke_1" partnerLink="UnitHealthService"
    portType="ns1:UnitHealth" operation="queryUnitHealthInfo"
    inputVariable="Invoke_1_queryUnitHealthInfo_InputVariable"
    outputVariable="Invoke_1_queryUnitHealthInfo_OutputVariable"
    bpelx:inputHeaderVariable="SecurityContext"/>
    5. Deployed the BPEL sucessfully.
    6. Output message given by BPEL console is
    <Faulthttp://schemas.xmlsoap.org/soap/envelope/>
    <faultcode>env:Server</faultcode>
    <faultstring>com.oracle.bpel.client.delivery.ReceiveTimeOutException: Waiting for response has timed out. The conversation id is a28500bf6f4d1dc9:- 488f4503:1215f79430f:-7d71. Please check the process instance for detail.</faultstring>
    </Fault>
    7. In the VISUAL flow diagram , message generated by the Invoke activity is as below:
    <summary>exception on JaxRpc invoke: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 Unauthorized</summary>
    So FINALLY ITS NOT CONNECTING.
    ====================================================================================================
    When I created the properties and hardcoded the username and password like below, its worked.
    <property name="basicHeaders">credentials</property>
    <property name="basicUsername">myusername</property>
    <property name="basicPassword">mypassword</property>
    Can anyone suggest HOW CAN I DYNAMICALLY PASS USERNAME AND PASSWORD to the secured web service via partner link??
    Thanks,
    Kumar

    I have tried it but itwas not working..
    I am not able to set exactly the copy rules given in that blog as that blog has wsse:password king of assignments where as when I try to assign , I have the asignment like /ns2:password .
    Am I mising something here?
    I have imported only oasis-200401-wss-wssecurity-secext-1.0.xsd.
    Thanks,
    Kumar
    Edited by: GenuineOracle on Jun 2, 2009 5:38 PM

  • Invoke secured WS from BPEL

    Hello,
    My problem is:
    I have deployed a composite application where the interface is Web Service with Policy wss_username_token_service_policy. I want to invoke that web service from another composite application through BPEL. In other words invoke secured web service from BPEL.
    I've created Partner Link and added:
    <property name="wsseHeaders">propagate</property>
    <property name="wsseUsername">weblogic1</property>
    <property name="wssePassword">welcome1</property>
    I've read many topics about my problem, even I've done http://soa-howto.blogspot.com/2008/04/invoking-ws-security-compliant-web.html
    but it doesn't work.
    What should I do?
    Here is some code:
    composite.xml
    <reference name="validateIdentifier"
    ui:wsdlLocation="http://maciek:8001/soa-infra/services/default/validateIdentifier/validateIdentifierWebService.wsdl">
    <interface.wsdl interface="http://oracle.com/sca/soapservice/validateIdentifier/validateIdentifier/validateIdentifierWebService#wsdl.interface(execute_ptt)"/>
    <binding.ws port="http://oracle.com/sca/soapservice/validateIdentifier/validateIdentifier/validateIdentifierWebService#wsdl.endpoint(validateIdentifierWebService/execute_pt)"
    location="http://maciek:8001/soa-infra/services/default/validateIdentifier/validateIdentifierWebService?WSDL">
    <property name="oracle.webservices.auth.username" type="xs:string"
    many="false" override="may">weblogic1</property>
    <property name="oracle.webservices.auth.password" type="xs:string"
    many="false" override="may">welcome1</property>
    </binding.ws>
    </reference>
    And here is error from Weblogic EM:
    The selected operation execute could not be invoked.
    An exception occured while invoking the webservice operation. Please see logs for more details.
    oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: Waiting for response has timed out. The conversation id is null. Please check the process instance for detail.
    Collapse Hide Additional Trace Information     Hide Additional Trace Information
    java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: Waiting for response has timed out. The conversation id is null. Please check the process instance for detail. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:575) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.GeneratedMethodAccessor1688.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:90) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:309) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:94) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:90) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:309) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:94) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:698) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:285) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:97) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:542) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:326) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: Waiting for response has timed out. The conversation id is null. Please check the process instance for detail. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:985) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:716) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:569) ... 67 more Caused by: javax.xml.ws.soap.SOAPFaultException: Waiting for response has timed out. The conversation id is null. Please check the process instance for detail. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:882) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:715) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 70 more
    Best regards,
    MK
    Edited by: Kumako22 on 2010-03-02 12:44

    The service invoked directly through Weblogic 11 EM with WSS username token works correctly. But when it is invoked in BPEL from another Composite - the input for secured service is an output from the first service doesn't work.
    I think something wrong is with properities. I've also added BS username and password.
    Any clues?
    Could you write a SOAP Header for SOAPui?

  • Invoking Secured Services from BPEL - Build scripts

    We are using SOA Suite 10.1.3.4 and JDeveloper 10.1.3.4 for BPEL process development. We are invoking secure web services from BPEL. In order to do this, we have imported the server certificates in the keystore of Oracle SOA Suite. These certificates are also imported into JDev keystore. In DEV environment, I have deployed the BPEL process from JDeveloper and the tested the https web service invocation. It works fine.
    When taking this to PROD environment, we need to provide deployment scripts to the release team. Should the scripts contain any properties specific to SSL configuration? I want the deployment to happen the same way JDeveloper deploys BPEL process by makign use of SSL Certs in its keystore. What is the way to achieve this?
    Thanks

    Hi
    You can deploy BPEL to BPEL process manager using ANT or Jdeveloper . I prefer ANT to deploy to prod.
    Coming to security impmentation, you can use OWSM (Oracle Websevices manager) to assign security key before invoking secured webservice.
    In OWSM follow the brief steps below.
    1. create gateway
    2. create service which points to secured webservice
    3. create pipeline templates with assigning security key , before that import key store to your server
    4. assign above pipeline template to service
    5. now get the URL of service created.
    In Jdev:
    6.In BPEL process create partner link with above Service URL in step5 ( instead of directly pointing to secured webservice from BPEL, go thru OWSM)
    7. use ANT or JDeveloper to deploy BPEL process to Prod.
    Before deploying to PROD you need to above steps 1 to 5 on PROD OWSM
    for more details on OWSM please see following link:
    http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b31008/toc.htm
    Thanks
    Seshagiri.Rayala
    http://soabpel.wordpress.com/

  • BPEL Call synchronous ESB java.security.PrivilegedActionException

    There is three project :
    BPEL A : synchronous process , reply fault
    ESB1 : Exxcetion type : synchronous, use BPEL A as SOAP service
    BPEL B : synchronous process ,call ESB1
    When invoke ESB1 in em , it works good.
    But when execute BPEL B in BPELConsole , the following fault occured :
    <remoteFault xmlns="http://schemas.oracle.com/bpel/extension">
    - <part name="summary">
    <summary>
    exception on JaxRpc invoke: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
    </summary>
    </part>
    </remoteFault>
    What's wrong with this ?
    Anyone help me ?

    There is three project :
    BPEL A : synchronous process , reply fault
    ESB1 : Exxcetion type : synchronous, use BPEL A as SOAP service
    BPEL B : synchronous process ,call ESB1
    When invoke ESB1 in em , it works good.
    But when execute BPEL B in BPELConsole , the following fault occured :
    <remoteFault xmlns="http://schemas.oracle.com/bpel/extension">
    - <part name="summary">
    <summary>
    exception on JaxRpc invoke: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Connection refused: connect
    </summary>
    </part>
    </remoteFault>
    What's wrong with this ?
    Anyone help me ?

Maybe you are looking for

  • I cannot transfer files from my MacBook to my external hard drive anymore.

    I cannot transfer files from my MacBook to my external hard drive anymore. The device responds with error-36 about documents being unreadable and unwritable. Previously the device worked fine. External Hard Drive I have an imation Apollo II 2.5" Port

  • Import a policy file in java 1.5

    Hi: The quesiton I am about to ask might not really relate to java programming...but I have no idea where else I can get help. I am an university student and my school use a online java submission system. In order to hand in my java programs, I need

  • Po value and grn value

    i have developed a program by abaper in which po value is compared to grn value. i have use the following logic. following logic working fine for all normal po. GRN Valueu2014For GRN value, from MSEG table total sum of field DMBTR(local currency)BNBT

  • "Edit Original" opens PS, but not the image

    When I try to edit an image using the "edit original" or 'edit with..' command in ID, Photoshop open up with a blank screen (no error message & no photo). Or in the case of a vector file, Illustrator opens up with the message "file not found". In the

  • Delete and Write Access for PA infotypes

    Hi Gurus, Our clients require managing Write and Delete access separately for PA infotypes. Example, an employee can have Write access (able to save values in infotypes) but s/he will not be able to Delete this infotype record one it has been Saved.