Custom Policy Step and the WS-Security header attibute "mustUnderstand"

Similar Messages

• Custom Policy steps in OWSM

  I am currenly implementing an integration systems between our systems and a third party system. There is a requirement for all messages sent across the interface to be acknowldeged by the other system. The transactions are synchronous so we have hand off approach where the receiving system must acknowledge message receipt by sending a synchronous response message back. This acknowledgement message will contain a boolean flag that either says true or false depending on whether they are receiving or rejecting the message. Messages could be rejected because they have an invalid digital certificate or failed message integrity. Is it possible to create custom policy step in the OWSM that allows me to send these acknoledgement messages. the message structure will contain only 3 elements:
  successfulDelivery (boolean)
  RejectedCode (Rejection ErrorCode)
  RejectedReason (Rejected Error Reason)
  Can any one help? I am still new to the OWSM.

  Here's an example on how to add a custom SOAP header to the request message inside a custom step.
  public IResult execute(IMessageContext messageContext) throws Fault {
  MessageContext msgCtxt = (MessageContext) messageContext;
  SOAPEnvelope senv = msgCtxt.getRequest().getAxisMessage().getSOAPEnvelope();
  ((org.apache.axis.message.SOAPEnvelope)senv).setDirty(true);
  Name header = factory.createName("CustomHeader", "http://foo.com/custom/header");
  SOAPHeaderElement headerElement = senv.getHeader().addHeaderElement(header);
  headerElement.addTextNode("My custom header data");
  OWSM uses AXIS implementation internally to represent the SOAP message.
  Cheers,
  Vikas Jain

• OWSM Custom Policy Step: use of the setProcessingStage() method?

  Hello,
  When creating a Custom Policy Step for use in an OWSM pipeline the API provides the option to set the processing stage. Possible values are STAGE_PREREQUEST, STAGE_REQUEST, STAGE_RESPONSE and so on.
  Can anyone tell me the use of setting the processing stage. Would it allow me to literally take the message request to a different stagewhat, e.g. what should happen when in the Request Stage I set it to STAGE_RESPONSE?
  I have tried this and cannot see any effect.
  Thanks, Sjoerd

  Hi Vikas,
  Thanks for the reply.
  I suspect that the "fiddling with the Outgoing Transport Protocol that is between OWSM Gateway and actual service" as mentioned in my original post is probably the same as "creating a custom transport messenger between gateway and service" as mentioned by you.
  Any pointers to get me going, e.g. what interfaces te implement, classes to extend, how to register and manage with OWSM?
  Thanks and best regards,
  Sjoerd

• HT5312 i am having problems editing the security questions i do not remember i specifically followed the steps and the "send to rescue email" option does not appear even though my rescue email is verified please help me

  i am having problems editing the security questions i do not remember i specifically followed the steps and the "send to rescue email" option does not appear even though my rescue email is verified please help me
  <Email Edited by Host>

  As these are public forums, you're not talking to iTunes Support,  I've asked the hosts to remove your email address from your post - it's not a good idea to post it unless you like spam email.
  The reset link will only show if you have a rescue email address on your account - a rescue email address is not the same as an alternate/secondary email address, they are different addresses/settings on an account.
  If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you won't get the reset option - you will need to contact iTunes Support / Apple to get the questions reset.
  Contacting Apple about account security : http://support.apple.com/kb/HT5699
  When they've been reset you can then use the steps half-way down the page that you posted from to add a rescue email address for potential future use

• Custom Policy Step calling EJB

  Hi there,
  I'm a newby to OC4J and need some help in regards to some library issues. I've created an EJB using spring and deployed it to the oc4j container. Then I created an owsm custom policy step which retrieves the EJB bean using spring and retrieves the custom security header, which I then add to the current SOAP header. I wasn't quite sure how to create the custom policy step jar as it contains my spring jar as well as my ejb jar, so I used maven to create the jar with all my dependent jars as well. Everything works great, as in, it retrieves the EJB calls the method on the EJB which will retrieve a value from LDAP and then uses that value to query our data store and then return the object, but when it returns the object it throws the following exception:
  java.lang.LinkageError: Class com/cochlear/erpsecurity/domain/ErpSoapHeader violates loader constraints
  Which is due to the fact that I have the ErpSoapHeader in my custom policy step jar as well as my ejb jar. When I don't include the ejb jar in my custom policy step jar however then it give a class not found exception when trying to load the ejb with spring. Then I tried something dodgy and added the ejb jar to my server.xml in oracle.wsm.gateway shared library, but this caused the linkage error as well.
  Any help on how I can resolve this library issue will be great appreciated.
  Thanks so much,
  Ida

  Here's an example on how to add a custom SOAP header to the request message inside a custom step.
  public IResult execute(IMessageContext messageContext) throws Fault {
  MessageContext msgCtxt = (MessageContext) messageContext;
  SOAPEnvelope senv = msgCtxt.getRequest().getAxisMessage().getSOAPEnvelope();
  ((org.apache.axis.message.SOAPEnvelope)senv).setDirty(true);
  Name header = factory.createName("CustomHeader", "http://foo.com/custom/header");
  SOAPHeaderElement headerElement = senv.getHeader().addHeaderElement(header);
  headerElement.addTextNode("My custom header data");
  OWSM uses AXIS implementation internally to represent the SOAP message.
  Cheers,
  Vikas Jain

• SECU1075: An error was discovered processing the wsse:Security header

  I have designed a console application as a web service client which is able to talk with webservice; however instead of using
  a console application, I've written a DLL that is called from a Winform app and  I am getting following error message.
  Error message System.Web.Services.Protocols.SoapException: SECU1075: An error was discovered processing the <wsse:Security>
  header
     at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response,
  Stream responseStream, Boolean asyncCall)   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
     at ErcotNodalDll.NodalClient.NodalService.MarketTransactions(RequestMessage RequestMessage) in C:\Pb10_Devl\KeyStone\Dark
  Angel\Visual Studio\ErcotNodalDll\ErcotNodalDll\Web References\NodalClient\Reference.cs:line 98
     at ErcotNodalDll.Program.submitPayload(String certificate, HeaderType header, RequestType request, PayloadType payload)
  in C:\Pb10_Devl\KeyStone\Dark Angel\Visual Studio\ErcotNodalDll\ErcotNodalDll\Class1.cs:line 243
     at ErcotNodalDll.Program.createBidSetData(String[] parms) in C:\Pb10_Devl\KeyStone\Dark Angel\Visual Studio\ErcotNodalDll\ErcotNodalDlA
  first chance exception of type 'System.Web.Services.Protocols.SoapException' occurred in System.Web.Services.dll
  I'm told the problem is that the DLL can not find the policycache.config file thus doesn't know how to handle security for the
  html.
  Anybody know what I need to do to call the webservice
  from DLL instead of console application?

  You use WSE3 and not WCF (which is this forum main focus). One idea is to consider WCF.
  Also:
  - the client proxy should have a SetPolicy() method which you can use to set the policy
  - use Fiddler to check which message the client sends and which one it gets back. Then compare these to a workign client message.
  http://webservices20.blogspot.com/
  WCF Security, Interoperability And Performance Blog

• Extend OWSM with Custom Policy Step: MessageContext.setResponseMessage()?

  Hi,
  I intend to create a custom policy step for OWSM.
  In the execute method of my step (that extends AbstractStep) I want to set the Response Message using the setResponseMessage() method. According to the Extensibility Guide, this method should be passed a com.cfluent.ccore.message.SOAPMessage object as parameter.
  Basically, the code looks something like this:
  public IResult execute(IMessageContext messageContext) throws Fault {
  MessageContext msgCtxt = (MessageContext)messageContext;
  Result result = new Result();
  msgCtxt.setResponseMessage(msgCtxt.getRequestMessage());
  result.setStatus(IResult.SUCCEEDED);
  return result;
  At compile time however, JDeveloper throws the following error:
  SOAPMessage not found in class nl.amis.soa.CustomStep
  and points to the line
  msgCtxt.setResponseMessage(msgCtxt.getRequestMessage());
  Should I use AXIS SOAP objects (knowing OWSM is based on AXIS or uses it)? Or a MessageFactory? Or ... ?
  Any tips and preferably a code sample is much appreciated!
  Thanks, Sjoerd

  Hi Sjoerd ,
  Looks like documentation error. Are you importing the om.cfluent.ccore.message.SOAPMessage class? Try compiling without the import. I was able to compile your code with no issues. All I have is coresv-4.0.jar added to my jDev project.
  FYI MessageContext.get/setRequestMessage() really takes javax.xml.soap.SOAPMessage as parameter.
  Here is the code I can compile:
  package com.junk.wsm;
  import com.cfluent.pipelineengine.container.MessageContext;
  import com.cfluent.policysteps.sdk.AbstractStep;
  import com.cfluent.policysteps.sdk.IMessageContext;
  import com.cfluent.policysteps.sdk.IResult;
  import com.cfluent.policysteps.sdk.Result;
  public class junkStep extends AbstractStep {
  public junkStep() {
  public IResult execute(IMessageContext messageContext) {
  MessageContext msgCtxt = (MessageContext)messageContext;
  Result result = new Result();
  msgCtxt.setResponseMessage(msgCtxt.getRequestMessage());
  result.setStatus(IResult.SUCCEEDED);
  return result;
  Regards,
  Rajesh

• I cannot connect to the iTunes Store.  I receive Error Code -1202.  This problem began yesterday.  I have been successfully connecting to the store for months on this PC.  I am running Windows 7 and the Windows Security Center.  Thanks for any help

  TS1368 I cannot connect to the iTunes Store.  I receive Error Code -1202.  This problem began yesterday.  I have been successfully connecting to the store for months on this PC.  I am running Windows 7 and the Windows Security Center.  Thanks for any help.

  Hello alankilner,
  And welcome to Apple Discussions!
  Using Proxy: Yes
  Try temporarily disabling this setting by following the steps outlined in this Apple support document.
  http://support.apple.com/kb/TS1490
  B-rock

• OWSM - Logging in Custom Policy Step

  I'm trying to implement a custom policy step for Oracle Web Service Management.
  For debugging purposes, I need to write a diagnostic log file (like gateway.log, policymanager.log, ccore.log...) with the behavior of my step. I have to use log4j library...
  Could you help me with OWSM log configuration?
  Thanks!

  I have been reading more about this issue but I have doubts yet...
  Now, I know that I must use the package "com.cfluent.ccore.util.logging" in my code. For example:
  ILogger logger = LogManager.getLogger(...);
  logger.log(Level.INFO, "..");
  In which owsm log file does this information appear?
  Thanks!

• I want to see in the tv what i am seeing in my ipad, but i followed all the steps and the code doesnt appears in the tv

  I have a apple tv and i wnat to use the airplay. I followed all the steps and the code does not appear in the tv

  Hello maicamtz,
  The following article provides some useful troubleshooting steps that can hlep get AirPlay working.
  iOS: Troubleshooting AirPlay and AirPlay Mirroring
  http://support.apple.com/kb/TS4215
  Cheers,
  Allen

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill

• Unmounted HDD and the latest Security update

  Yesterday I installed the latest security/Java update and it crashed my system, just like it has done to quite a few other people: http://discussions.apple.com/thread.jspa?messageID=9053491#9053491
  In trying to reinstall OS X, I ran across what I guess is the second installation disc error, where after the first disc is installed and the system reboots, it never finishes booting nor does it ask for the second disc.
  I thought my problem might be a HDD error, so I ran the installation disc and did the Disk Utility. I asked it to repair the disc if needed. It could not complete the repair because of an "Invalid sibling link." And this is where things went really bad.
  Foolishly, I searched the internet for "invalid siblining link" and found this site: http://www.macosxhints.com/article.php?story=20070204093925888
  Which suggests that to fix this error you need to unmount your HDD and run fsck_hfs -r in the Terminal.
  Why would I be so stupid as to follow this advice and unmount my HDD with little-to-no understanding of what unmounting does or of Terminal commands? Why would I not bother to read the comments following that post which decry the dangers of unmounting? The only excuse I can think of was that I was delirious after nearly 8 hours of trying to salvage my iMac from the Java/Security update. Needless to say, I successfully unmounted my HDD but did not successfully run the fsck test. Leaving me without a HDD and unable to install OS X.
  At this point, I'm planning on taking to the Genius Bar in Austin over the weekend, hoping that they can salvage my new machine (less than a year old!) from the mess I/Apple made. Any one have any suggestions on remounting a HDD or any advice in general?

  A wiser head may step in on this as regards to the mounting issue, but I am not currently under the impression that that is what is wrong. I think that command only applies when you are running the computer and once you turn off the computer and turn it on again the drive should appear in Disk Utility. In fact, if the drive were wiped clean your Disk Utility should see it. Yes, if you unmount it to run fsk, you then need to mount it to get it to show under that session, but if you turned off the computer or restarted it then all would be reset.
  So, if you turn off your computer, boot from your install Disk and start up Disk Utility, does the drive show up at all? If so you're off the a start. If not then it is suggesting serious problems (terminal?) with the drive.

• A Complaint to the Customer Relationship Unit and the Think Service Centre

  Dear Sir/Madam,
  I'm a customer of the X60 notebook product. Yesterday (Jan 20) and today (Jan 21) I've been visiting twice the Think Service Centre in Quarry Bay in the hope of repairing a defective part on the casing.
  The result has been that I was told that "the engineers" has talked with Ms Maggie xxxxx of the Customer Relationship Unit and they finally turned down my request, giving me the reason that the damage is due to ''improper use'' of the product. I was unsatisfied about the incomplete explanation and further chase Ms Maggie xxxxx, on a phone conversation, to answer why they are so sure i've been ''improperly using'' my laptop, but I was answered that I "might have exerted too much force to open the cover". I asked her to confirm whether she meant that "opening the laptop cover" is an "improper use" but she refused to answer me.
  Thus, seeing that she refused all my requests for an explanation, I asked to talk to her supervisor to solve my issue, but she refused once again, insisting that it is the company's "internal policy" not to allow any customers to talk to the supervisors! I thus have no idea but can only assume she being the only person (or maybe together with the Think Service Centre, the support section, because Ms xxxxx claimed that such decision has been made by both parties in the telephone conversation) would take the whole responsibility for the Lenovo Corporation's opinion that my laptop is damaged due to "improper use" (but still without any explanation given at all).
  I'm yet to see any proper answer from the Lenovo Corporation to the following:
  1. Can you give me a proper explanation why the defect happening on my laptop cannot benefit from the warranty service?
  2. Can I assume the decision that Maggie xxxxx's making is the same opinion that Lenovo is making as well?
  3. Is it really the company's "internal policy" not to allow any customers to talk to the supervisors? If so, I doubt whether the company is trying her best to protect the rights of the customers should they need help while some staffs just cannot help.
  Thanks.
  Best Regards,
  Kenny Yu.
  (serial #: LV xxxxx)
  Moderator Note; Full name of Lenovo employee edited in order that the post conforms to forum rules.
  Moderator Note; s/n edited for members own protection 
  Message Edited by andyP on 01-21-2009 09:35 PM

  Just wanted to let you guys know that I still haven't received my MP3 player... Creative has had the MP3 player for 73 days now and they still haven't sent it back. Since last time I wrote here I got an e-mail from Creative saying they got the MP3 player on the 5th of the November and that somehow the status wasn't updated. Well, it's been 73 days now, care to send it away? I sent them and e-mail yesterday where I wrote that they could just send me the cash for it or a new MP3 player.
  If I don't receive my MP3 player in a near future I will contact "Allm?nna Reklamations N?mnden" (a Swedish "Consumerist"-like government sponsored organization that deals with people vs company legal cases).
  Again, I strongly advise everyone to not buy any more Creative products. Once they break you won't get the help you need.

• Livecycle Policy Server and Livecycle Document Security

  Do I need Document Security to use Policy Server??

  Hello,
  I've been hunting around but can't find it. Is there a concise refernce for how to use Adobe Acrobat8 Security features with the Adobe Document Center? Is it so new that there's no book (Quick Start, etc.) on it?
  I send PDFs to people. But I only want them to be able to print the PDF, not copy any of its content. I also want the PDF to "self destruct" after a 3 month period. I was going to use Pinion Software's AutoShred product, but then I stumbled upon Adobe8 and the Document Center, which seemed like a perfect fit. So I immediately upgraded to Adobe8 and signed up for the trial at the Document Center.
  I have created security policies. But when I look at the policy, there is nothing allowing the detailed modifications permitted in Acrobat8 - Secure / Show Security Properties / SecurityTab / and the list for Document Restrictions Summary.
  For some reason, when I set up a security policy - most restrictive to only permit printing and file non-access after 3 months - the "page extraction: allowed" always shows up when I examine Show Security Properties / Security Tab / Document Restrictions Summary, even though for everything else it is "Not allowed" which is what I want.
  I thought maybe its a bug, because when I close the file and then reopen it, the page extraction is grayed out. But I don't know if people I send the file to will be able to extract the pages, thus getting around my objective of not allowing them to copy/paste any of my proprietary content onto some other file format.
  Any help on this?
  Thanks,
  Robert

• SOAP handlers and the WebLogic Security Provider Framework

  I am new to WebLogic... I am trying to understand the Weblogic security framework in terms of how a SOAP message would be processed. Do SOAP handlers get called before the configured security providers? after being processed by the Authentication provider? after being processed by the Authorization provider? or at some other point?

  Thanks. But I have some questions about the seed:
  - where is it stored?
  - how is it encrypted?
  - is the seed regenerated periodically? or under certain circumstances?
  Regards,
  Janice Pang
  "Tom Hegadorn" <[email protected]> wrote:
  >
  >
  Hi Janice,
  If you choose to use the PrincipalValidatorImpl class in the
  weblogic.security.provider package, the sign() implementation
  will be the internal weblogic implementation. This implementation
  generates a random seed and computes a digest based on the
  random seed. I hope that helps you.
  Regards,
  Tom Hegadorn
  Sr. Developer Relations Engineer
  BEA Support
  "Janice Pang" <[email protected]> wrote:
  From the online documentations, it is said that this weblogic.security.provider.PrincipalValidatorImpl
  "signs" the authenticated principals to make sure they are not altered
  while they
  are transported on the network.
  The document also mentioned, as a suggested way to develop a customprincipal
  validation provider, to use this class and extend the capabilities of
  user and
  group classes. What kind of private information from the server isused
  for the
  signature and where is that information stored?