Calling A Secured webservice using Username and password in the Soap header

Similar Messages

• How do pass the UserID and Password in the SOAP header for web services

  I am encountering issues trying to pass the userid and password in the SOAP header when consuming a 3rd party web service.  Rostewitz posted something similiar but I don't know how to type iv_xml.  Any help would be greatly appreciated.
  Thank you,
  jpina

  It helps to post a link to a thread when you refer to it.  If you are trying to implement that solution though, you can look at the parameter of the corresponding method being called.  The parameter has type 'SIMPLE' which means that it is compatible with all of the predefined elementary ABAP types.  In this case, you should use 'STRING'.

• Security issue: parameters username and password in the jbo:ApplicationModule

  Hello,
  in the <jbo:ApplicationModule> tag, you can give parameters for username and password, Then the .jsp connects to the DB via the username/password. Alternativly, You can provide this within the <Module>.properties file.
  Now the question: Isn't this a security hole? I mean, is it under all circumstances impossible, that the source-code can be delivered by the web-server or that the byte-code from the servlet (compiled from .jsp) can be "restringed"?
  Are there other ways to protect the credentials for accessing the ORACLE DB?
  Michael

  Hi John
  thank You very much. You wrote
  BC4J provides a number of mechanisms for specifying the DB username and password that do not require
  the password to be stored in a JSP page. By default, in 9.0.2, the DB password is stored in
  a BC4J configuration (persisted in a bc4j.xcfg file), which should be secured at the customer site. I've forgotten to mention our environment is SuSE7.2, DB 8.1.7.3, iAS 1.0.2.2, Portal 3.0.9.8.
  For simplicity we would like to use the first method via bc4j.xcfg, But our bc4j.xcfg looks as follows
  <quote>
  <BC4JConfig>
  <AppModuleConfigBag>
  <AppModuleConfig name="OPKv1ModuleLocal">
  <ApplicationName>de.condor.OPKv1.OPKv1Module</ApplicationName>
  <DeployPlatform>LOCAL</DeployPlatform>
  <JDBCName>WEBAPP_NETx</JDBCName>
  <jbo.project>de.condor.OPKv1.opkv1PRJ</jbo.project>
  </AppModuleConfig>
  </AppModuleConfigBag>
  </BC4JConfig>
  </quote>
  So the question is, where to leave schema/password?JDeveloper should have also generated a connection description in the same file named WEBAPP_NET. This
  named connection should contain the relevant elements. It is not recommended that you edit this file directly. The
  configuration editor and/or the connection editor should be used instead.
  Hope this helps.
  JR

• Avoid using Username and password in SOAP Envelope

  Hi Team
  I am working on calling the sercured web-service from PLSQL and able to call it successfully and get the response.
  In the SOAP envelope, I have header and body.
  Header contains the WS Security which includes username and password to authenticate the web-service and body contains the actual input pay load for service.
  Currently, header has username and password as 'hard-coded', is there a way to avoid the usage of username and password.
  We already tried to SIF for EBS methodology where in following steps are done:
  1) Create and event in EBS.
  2) Pass the event along with payload to SOA.
  3) SOA receives the event and triggers web-service and gets the response.
  4) Pass the response to EBS.
  This technique does avoid usage of username and password but takes 20 seconds to do the job. However, the appraoch above takes hardly 1 second.
  Please let me know in case any one has any idea on how to avoid credentials usage in SOAP envelope.
  Thanks
  Mirza Tanzeel

  How about doing away with that approach entirely?
  Password authentication requires one to keep a secret, secret. And that is the primary problem as how does one safely guard the secret, and manage the secret (by regularly changing)?
  Relying on secrets is a problem. I have never been a fan of password based security.
  Instead:
  a) use HTTPS to secure communication between sender and receiver
  b) use robust firewall rules to ensure that only sender is allowed to communicate with receiver
  c) implement sound network management and exception reporting (to detect and prevent violations on network infrastructure level)
  If you lack in the network infrastructure and administration areas, then:
  a) make the web service endpoint on server on localhost only (do not expose it to the outside world)
  b) establish a trusted ssh connection between sender and receiver using strongly encrypted RSA/DSA keys
  c) configure sender with a service that opens a reverse tunnel to target, exposing the web service as a local port on its localhost

• In some pages I keep receiving this message: "The proxy moz-proxy://172.20.5.250:8080 is requesting a username and password. The site says: "moz-proxy://172.20.5.250:8080"".

  In my company, I used FF for sometime now.
  I had some problem in the beginning, but using the proxy IP and Domain\Username + Password I was able to navigate.
  Ever since I tried FF4.x and FF5.x... I started to receive the following message:
  The proxy moz-proxy://172.20.5.250:8080 is requesting a username and password. The site says: "moz-proxy://172.20.5.250:8080"
  Even after inserting the Domain\Username and the Password I keep receiving the same error. In FF3.xx I was able to use the proxy.
  Don't know what to do any more there are several pages that have this problem.
  http://pplware.sapo.pt/
  http://www.facebook.com
  http://www.netbooklive.com/
  http://daxspeculator.blogspot.com/
  Some... don't have any problem:
  http://batracer.com
  http://www.youtube.com
  Even when I try to see the extensions I get this error. This is so weird!!!
  For now... I have switched to Chrome, every new version of FF that is released I try it to see if the problem is gone. But, with no luck until now! :(

  I did have this problem with proxy moz-proxy prompt for username and password. In my case it was for websites hosted not on the internet but on the local corporate intranet. I solved my problem by doing the following action:
  Tools -> Options -> Advanced -> Network -> Settings: add the local website to the "No Proxy For:" field.
  I hope this will help some of you out there that have manually configured their proxy settings. Also a tip if you need to turn on and off proxy settings I recommend using "Quick Proxy" add-on.

• How to pass username and password with the portal url

  i want to access portal from my web site. i have created username and password fields in my web page. when submited , my portal page should open. so how to pass username and password with the portal url.

  This is not straightforward; but it is doable.
  First tell us about your portal version; portal 10.1.4 has a slightly different method of doing it and the pre-10g portals were completely different animals.
  And if you are in AS Rel 2, then the most important document for you would probably be the following:
  [Creating Deployment Specific Pages| http://download-west.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/custom.htm#i1015535]
  You might want to use it in conjunction with some metalink notes about your portal version and such a login page.
  hope that helps!
  AMN

• TS1702 How do change the old Apple ID username and password to the updated username and password for the apps store?

  How do you change the old Apple ID username and password to the updated username and password in order to get updated apps from the app store?

  cbkitche wrote:
  How do you change the old Apple ID username and password to the updated username and password in order to get updated apps from the app store?
  Do you mean you kept the same account but you only updated your AppleID?
  Just log out and log back in with new ID.
  Note that the AppleID is embedded into the item at purchase and cannot be changed.
  However, when you change your AppleID, it will link the old account name to the new account name so you will not have any problems updating apps using the new AppleID.

• This is how I am supposed to contact to have my annual creative cloud membership refunded?  I cancelled immediately upon seeing the charge and followed the instructions given and wound up here.  Am I supposed to share my username and password with the for

  This is how I am supposed to contact to have my annual creative cloud membership refunded?  I cancelled immediately upon seeing the charge and followed the instructions given and wound up here.  Am I supposed to share my username and password with the forum?  Adobe, I am about to go social with my frustrations!

  No, this is a public forum, as in user-to-user, so you should not share any private information here.  You will need to contact Adobe Support by chat or phone, which is apparently getting harder and harder to do.  Use the link below and choose the Still Need Help? option at the bottom in the blue area - in the section that opens take your pick of chat or phone.
  Contact Customer Care

• Forgot username and password from the email iCloud chozhe not know forgot. purchase the product, all documents have. What to do?

  forgot username and password from the email iCloud chozhe not know forgot. purchase the product, all documents have. What to do?

  If you don't know your ID, you can try to find it as explained here: http://support.apple.com/kb/HT5625.  If you don’t know your password you can reset the password as explained here: http://support.apple.com/kb/PH2617.

• I am not able to send mails through Yahoo APP.It gives me an error msg :"the sender address has ben rejected by the server ".I tried adding username and password in the SMTP server settings,But those optiopns are greyed out.

  I am not able to send mails through Yahoo APP. It gives me an error msg :"the sender address has ben rejected by the server ".
  I tried adding username and password in the SMTP server settings,But those optiopns are greyed out.
  So, i am not able to enter anything in fields under SMTP server settings

  You probably have changing settings disabled in Restrictions.

• Need help resetting or changing my admin username and password without the installation disc

  I accidentally clicked on the check box that is located in system preferences in accounts that says "Allow user to administer this computer" and unchecked it. So the account that I set up the user name and password to is not the administer anymore and I don't know what account is. So now every time I want to make changes to anything and click on the lock button it will not accept my username and password. So how do I reset my username and password for the administer without the installation disc and without losing any files or folders????
  Message was edited by: ashkonnor8808

  Those changes require an installation DVD. However, see:
  Forgot Your Account Password
  For Snow Leopard and earlier with installer DVD
       Mac OS X 10.6- If you forget your administrator password
  For Snow Leopard and earlier without installer DVD
      How to reset your Mac OS X password without an installer disc | MacYourself

• How do i change proxy settings so it doesnt keep asking me "authentication req. The proxy web2.ucsd.edu is requesting a username and password. The site says: ucsd Squid Proxy-cache"?

  I changed my proxy setting to access a restricted school website. I don't know how to change it back to normal settings! Every time i'm browsing internet, Authentication Required windows pop up like 4-7 times a day! randomly! it says "the proxy web2.ucsd.edu:3128 is requesting a username and password. The site says: UCSD Squid proxy-cache". and makes me put in username and password every time. sooo annoying. how do i make the setting go back to default??

  1. Open firefox
  2. Go to "Tools" tab
  3. Go to "Options"
  4. Click on "Advanced"
  5. Open "Network" tab
  6. Click on "Settings"
  7. Select "No Proxy"
  8. Click "OK"

• I have updated my username and password, but the system keeps asking for my password for an old email for which I have no password.. How can I fix this?

  I have updated my username and password, but the system keeps asking for my password for an old email for which I have no password.. How can I fix this?

  Are you signed into this old ID ("email") in System Preferences>iCloud, System Preferences>Internet Accounts (Mail,Contacts,Calendars), or in Mail>Accounts, Calendar>Accounts or Contacts>Accounts?

• Using CreateObject for Webservice with username and password

  When using createObject() to call a web service how do I pass
  in the user name and password required by the service?
  If I do a cfdump on the webservice object I see it has
  setUserName() and setPassword() methods but they don't seem to be
  working.
  I also see there are properties named "USERNAME_PROPERTY" and
  "PASSWORD_PROPERTY" but I can't seem to modify them in code. I
  suppose they are protected.
  example:
  ws = createObject("webservice", "
  http://url.to/wsdl.xml",
  "serviceport");
  ws.setUserName("myawesomeusername");
  ws.setPassword("myawesomepassword");
  myReturn = ws.serviceMethodCall("bla");

  quote:
  Originally posted by:
  MACRStockHolder
  For anyone that encounters the same issue/question;
  apparently you can't apply a username/password to the object call
  like you can when using <cfinvoke> to make a web service
  call.
  FYI Adobe: this is VERY limiting, I have to use a web service
  that uses in/out parameters which to the best of my knowledge
  requires the use of createObject() but at the same time the web
  service requires a username and password which I can only do with
  <cfinvoke>. Looks like I will be writing a compiled custom
  tag just for a workaround.
  According to the docs you can provide a username and password
  by passing a struct containing these items to CreateObject
  http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functions_c-d_18.html#45 14398
  If you like cfinvoke use it. You can get return values by
  using the returnVariable argument. I would assume mutliple output
  parameters would be returned in a struct.
  http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_i_10.html#4001127

• OSB Authentication using username and password (plaintext or digest)

  Hi,
  I want to implement a simple osb authentication using username/password (plain text or digest) , so that client required to provide username password token in soap header (message Level security) to access our webservices. I have read some of articles which shows how to create custom ws policy, but received following error during deployment.
  weblogic.wsee.ws.init.WsDeploymentException: The WebLogic Server 9.x-style policy is not supported in JAX-WS web services
  Please note - I can not install OWSM as part of my requirement
  =======
  <?xml version="1.0"?>
  <!-- WS-SecurityPolicy -->
  <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:wssp="http://www.bea.com/wls90/security/policy"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">
  <!-- Identity Assertion -->
  <wssp:Identity>
  <wssp:SupportedTokens>
  <!-- Use UsernameToken for authentication -->
  <wssp:SecurityToken IncludeInMessage="true"
  TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
  <wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"/>
  </wssp:SecurityToken>
  </wssp:SupportedTokens>
  </wssp:Identity>
  </wsp:Policy>

  You can use the default Auth.xml WS policy in OSB and be able implement the authentication using username and plain text password.
  Just assign the Auth.xml on the Request Policies of the Proxy Service (under Policies).
  Then use any user credentials that has access to the domain for testing.
  If you want to restrict access for each operation then in the Security tab, under Message Access Control, specify a Role.
  Then in the OSB > Security Configuration, create the appropriate role with the specific role conditions like User is User1 or User is User2 etc ...
  Hope this helps.
  Thanks,
  Patrick