Document Security in web service.
Hi all,
I am trying to implement document security in the web service. here for that i have create a Ejb and exposed it as web service. now that i have enabled the Document security for the SOAP message. i want to know that which certificate (Keys) are used for the encryption and decryption of the message.
I saw in help.sap.com that i have to use view WebServiceSecurity in which their is a key XMLEncryption.
Now i have following issues with it.
<b>I found no key in the view with name XMLEncryption</b>
Should i create one or not.
Now i created one key with that name.
Now when i am using that key from .Net client to access the web service i get following responce form the web service.
<b>0002E3562FFE004A00000012000003200003FB109FE6903A : Found 0 operation definitions using keys: Key name:'first-body-element-ns' key value:'urn:CostCenterSecureSignatureVi'; Key name:'SoapRequestWrapper' key value:'getDetail'</b>
How do i correct above problem?.
sorry for the post in wrong area.....
Similar Messages
-
Unable to call WSS (WS-Security) enabled Web Service using UTL_DBWS
We are attempting to call a WSS (WS-Security) enabled Web Service from PL/SQL using the UTL_DBWS package (see [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/u_dbws.htm#CHDIDGJH] ). We are doing this in similar fashion to [http://www.oracle-base.com/articles/10g/utl_dbws10g.php] with calls to utl_dbws.create_service, utl_dbws.create_call and utl_dbws.invoke.
Using this method we can successfully call an unsecured Web Service, but calls to WSS-enabled Web Services fail. We are currently using Oracle Database 10.2.0.3.
The failure we are getting is:
ORA-29532: Java call terminated by uncaught Java exception: javax.xml.rpc.soap.SOAPFaultException:
com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
policy ( AuthenticationTokenPolicy(S) ): No Security Header found;nested
exception is com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
policy ( AuthenticationTokenPlicy(S) ): No Security Header found
Apparently UTL_DBWS does not support calling WSS enabled services, although this doesn't appear to be an officially recognised position. Does anyone know if Oracle are planning to support this soon (if ever)? Looking at Re: Calling WS from PL/SQL using WS-security suggests that support has been considered before, but not yet realised.
Thanks,
TomHaving raised a Service Request with Oracle support on this, I got the following response from Oracle Development (On unpublished bug [8542959|https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=BUG&p_id=8542959]):
Development has confirmed that WS-Security is not supported through UTL_DBWS. They have also acknowledged that this is not documented and they will change the official Oracle documentation will reflect this fact. From what is being stated, it would appear that there is no plan to support the use of WS-Security through UTL_DBWS in any release in the near future.
So, in short, without developing your own home-grown SOAP request, there is no way to call a WSS enabled web service from within PL/SQL.
-Tom -
Exception while accessing web service secure through web services Manager
Hi All,
I deployed sime Hello World web service on JWSDP1.6 and secure it through web service manager(gateway) using Certificate based security.But when I try to access this web service using JWSDP client,I got the following Error while monitoring the soap messages through TCP-Monitor:
/////////////////////////////////Request///////////////////////////////////////////////////////////////
POST /gateway/services/SID0003009 HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Length: 5631
SOAPAction: ""
User-Agent: Java/1.5.0_05
Host: ivy.cs.ucl.ac.uk:8082
Connection: keep-alive
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://hello.org/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">eN9famBBWzHNUIwWRhMPktcM+VQ=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MHjtgA4wOtvI1B+SuRVEmD07yE+jl6axd4XbJ0nvQ3EzSuVVoST9vHzURh+B47yj41187s8T+yjt
Bmpk9OB278Jghonkacv6r+q+LVlxRrQDudNGir7plzFeM6bUadMxf+FLgn5O0a44vU/tvy6V9+zi
yqFdhTvS21No/aW62No=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#XWSSGID-1155126003241-1198323932"/></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-11551260018331598979688">MIIC3TCCAkagAwIBAgIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzEMMAoGA1UECBMD
U0NBMQwwCgYDVQQKEwNTVU4xHjAcBgNVBAMTFWNlcnRpZmljYXRlLWF1dGhvcml0eTAeFw0wNjAz
MTkxMzQ5MDJaFw0xNjAzMTYxMzQ5MDJaMEcxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAK
BgNVBAoTA1NVTjEcMBoGA1UEAxMTeHdzLXNlY3VyaXR5LWNsaWVudDCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAzNDPKUz1MhUH1LsrLqXKxciOKSWeTrdoe/SVwe/4uy5eobAWSsSTposaOYFy
uxf3cGCCIs7u0jMAXLQ9jzobDbt9XQ4tXPoBzKKzS+yU6hDk2TcOCkioeT9A9db5LF8yevhwXKB4
AJ1Eh//Dp/djoonXCCxsxupQZp3ueRJrR98CAwEAAaOB1jCB0zAJBgNVHRMEAjAAMCwGCWCGSAGG
+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUECH05VC3/WGW
H4AGD6tnH0h+kFUweQYDVR0jBHIwcIAUdry1wGRZ2fyJSKisVSxpMEmIiaahTaRLMEkxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAKBgNVBAoTA1NVTjEeMBwGA1UEAxMVY2VydGlmaWNhdGUt
YXV0aG9yaXR5ggkA4HaEvd6hq8YwDQYJKoZIhvcNAQEEBQADgYEA0RhOk67pCrO6MgZZGqrmAMW6
76fZowBxTKlFq88nrf8v1MUxV8H9wgbTDrwR0HtxY3TGpDFw2tNAww2pyDX/pQ2Wt46ichluGxjf
aEV53loKTOM7syAmlicWqViGzBfgzriIl918TzFaX9BD/Y55bKZQk057maBCSkUuFfF453s=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse enc env ns0 xsd xsi"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#XWSSGID-1155126002593447652186"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>UJ1kuwI+WuF/RkrQpZrj1GvraLI=</ds:DigestValue></ds:Reference><ds:Reference URI="#XWSSGID-1155126002602761294100"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>sKG/z5OIGgqJ2nw7JtpXyJzr8pY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SBc65VTG1xpEkRUTz70H0fVGIgoBJ0QnNad0k07RMSfw4vG1WHJdt19R05pO2AvU5aoYuBSaguJe
ZGEjmWzw8mnSWKBi+zeDMeJiwgqwW6HHHX9P7JDslxuTIqoJIVUbSjUTSVz6ww8siIK65quXdkMT
ZzLfp7Cd0gBuA3EEZpg=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-11551260025411896275738">
<wsse:Reference URI="#XWSSGID-11551260018331598979688" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002602761294100"><wsu:Created>2006-08-09T12:20:02Z</wsu:Created><wsu:Expires>2006-08-09T12:20:07Z</wsu:Expires></wsu:Timestamp></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002593447652186"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1155126003241-1198323932" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><xenc:CipherData><xenc:CipherValue>XNqEzHNp47ILtOagAUNCXYkxOCWv4CjHqmZ7j6VKN/NO96ce4BsNSL6lKzqa9dPxHB1sTVGZQ8KA
COQ6DGwyWCP8ip+CU2hor3uUAml7nzHTx1LUw3Db+0p31VAT3EqKJA3aFy38GQrBTr9ojMOUA6tm
Cj71yucN3UCKRUl3RpE8qU68y7AwNxPsyAZeSa2AVm2cmWvSDZlxgMsx+JCEZaf3+D0o1zMp0Fxb
MSISPt/JrEolt1H5UM1AoFGU4QkckWrQNLPyEF9oxEgZ8oCE5U8v/YJwZIAHFrx67XfaLwQLjzXw
VPigsH9gLkfbP2BU8Vp31GsPwBZtUeNz9S35+CZPD7EiqoAB1QuAxZkJV7n00VChYH+scT64tNja
c81bcD8tf4sAr7toCMNDAU6+74+Qy0EyPqgwLtotDxErn4kF8e72cONMMQBQ91tQs+iI+D6C1I6+
f9UiSfgtm/MTuKQK1CRqarEtI9N6lpqVH8k7ulUwH/jFstihxmhMJ3aZY+qQgSwSs3pwSSim+e18
eR7dOEq4vG8ivKuGvTDO4sSV2RP/nL/3eXr0y7eM0kMFKwTUA4JqL4Y/l8Bo/rie/ZXkkbF6hwEu
dX1QmB0gf5k=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>
////////////////////////////////Response///////////////////////////////////////////////////////////////
HTTP/1.1 100 Continue
Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
Date: Wed, 09 Aug 2006 12:28:47 GMT
HTTP/1.1 500 Internal Server Error
Date: Wed, 09 Aug 2006 12:28:47 GMT
Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
Connection: Keep-Alive
Keep-Alive: timeout=15, max=100
Content-Type: text/xml
Transfer-Encoding: chunked
157
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
0
So basically, what I am doing here as follows:
HelloClient(using JWSPD1.6)->gateway(web service manager for securing the web service using message level security through certificate )->helloservice(deployed using JWSDP1.6)
I would appreciate if someone could tell me the cause of this errror.Thanks.
Kashiftime to look into the gateway logs as stated by the fault ..
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
looks like the cipher step might have failed -
I am new to web services so please pardon me if what I am asking is really dumb.....
I have created a simple PL/SQL web service using JDeveloper that I have published to an installation of 9iAS. My client is calling this URL directly passing the parameters in the URL and getting the SOAP message back. Everything works great.
Now I need to secure this somehow. This is an internal application, so I am not terribly concerned with security, but we do need something that will prevent somebody who stumbles across this URL to start using it.
I have read a lot of documentation on securing web services, but it all seems to be around creating clients, but I don't want a client, I just want to be able to call the URL directly from external systems programmatically.
One option is obviously to pass username / pw in as parameters and then validate this in PL/SQL, but this is obviously not very secure.
Another things I was thinking was to use the owa_util.get_cgi_env('REMOTE_ADDR') inside by PL?SQL function to get the IP Address of the client calling and then validate this to make sure this client is allowed to access the web service. This function returns ORA-06502. Does anybody know anything about how to get the IP address of the client calling? I know there are ways to limit access to certain IP addresses on the web server level, but this server is used for other things so I don’t want to do that.
Is there anything else I can do to secure a web service like this?
Any help is appreciated.More reading and code sample (see end of this post) of what is coming and what is possible today:
http://www.oracle.com/oramag/oracle/02-jul/index.html?o42special_web.html
http://otn.oracle.com/oramag/webcolumns/2003/techarticles/smith_wss.html
This article from Vipin Samar gives the state of WS-Security pretty accurately:
http://otn.oracle.com/tech/webservices/standards/Samar_Security.htm
Accompanying paper:
http://otn.oracle.com/tech/webservices/pdf/33206.pdf
And, this code sample/tutorial illustrates SSL with Web services:
http://otn.oracle.com/sample_code/tutorials/wspki/toc.htm
Mike. -
Security of Web Services, Agents and Sequantial Calling of Web Services
I want to ask about the secure invocation of web services and the role of agents.
Suppose that I have greet() web service:
public String greet() {
String S1=sayHello(); // A web service, actually its proxy
String S2=sayGoodMorning(); // A web service, actually its proxy
return S1+" "+S2;
It calls two other webservices and they return "HELLO" and "Good Morning". Also assume that I need to secure all my web services but I need these calls to work!
I put an agent in front of those two web services and require them to check a SAML token. I also attach an agent to greet() to authenticate the inbound and sign and add SAML token for outbound.
But I think these two calls fail because the SAML is not created on each call. (Is it?)
How can I make those two calls, secure each web service and at the same time keep the security code out of business code, in other words keep my web service security agnostic?
Thank you in advance.
Best Regards
FarbodAny Comments on this?
-
Use of security in web service
Hi,
I have tried to use security from the example jaas-sample of jwsdp 1.5 .
I just want to secure my web service with a username/password.
When I called my service from the client...I see the xml flow :
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>Ron</wsse:Username>
<wsse:Password>****</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3k18Sv+DMhcO3aoq6YWLB4xa</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2005-03-01T15:26:05Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body>
<ns0:getInformations/>
</env:Body>
</env:Envelope>
it seems to be correct but I have an exception :
Thread : main at 01 mars 2005 16:10:06,593 ERROR Error occured during retrieving informations
java.rmi.ServerException: JAXRPCSERVLET28 : Informations sur le port manquant
at com.sun.xml.rpc.client.StreamingSender._raiseFault(StreamingSender.java:497)
at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:294)
It works when I not use the security option (in wscompile) ...
Have you any idea for a solution?Hi,
I tried the xws-security samples and everything worked fine.
After editing the "java.security" according to the manual with:
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
After that change and a restart of the application server I get the same error message.
I copied the jar file "bcprov-jdk14-127.jar" from bouncycastle to the jre/lib/ext folder.
I will check further.
br
Dieter -
Secured Sybase Web Service with outside certificate authority
Hello,
I would like to use Secured Sybase Web Service with outside certificate authority, like Symantec. Could you let me know how I can create CSR for sending to Symantec? What other steps do I need to do?
Thanks,
Sudarat.Hello Jason,
Thanks for your reply. The certificate authority require the CSR file before issue a signed certificate. If this is a signed certificate for IIS web server, I can create CSR from IIS. But I cannot use a signed certificate created from CSR of IIS with Sybase Web Service. The below steps are what I have tried.
1. I use CreateCert.exe with /r parameter to create CSR and private key.
2. I sent CSR to a certificate authority and they send back a signed certificate.
3. I have to combine a signed certificate from #2 with private key created from #1. Then use that file to specify with -xs{https …when starting the service.
Are the above steps what I have to do? If so, do I need to redistribute createcert.exe to my customers who want to use my application and how? Why I cannot use the signed certificate created from CSR of IIS?
Thanks,
Sudarat. -
Send a map of documents via Invoke Web Service
Hi,
I have one process with map of documents and 2nd process on other server, where input variable is map od documents too. How can I send this map between these processes via "Invoke Web Service" component? Simple datatypes I can.
PetrTake a look at Quick Start: Assembling a PDF document using the web service API
It shows how to create an input map for multiple documents.
But it sounds like you're asking how to create a WSDL that allows you to use an input map as an argument in a Web Service invocation. If so, take a look at the Assembler services WSDL. For 8.2, access
http://myServer:myPort/soap/services/AssemblerService?wsdl -
Refreshing a document with Restful Web Services
Hello,
I want to refresh a document with Restful Web Services. The document is based on a BEx query with a date variable, which is set as a prompt.
In order to refresh I send a PUT request like:
PUT <webiURL>/documents/{documentId}/parameters
and add the parameter, which is the prompt variable, to the body:
{"parameters":{"parameter":[{"id":0,"answer":{"@type":"Date","values":{"value":"2014-07-01T00:00:00.000+00:00"}}}]}}
Then I get a result like:
{"success":{"message":"The resource of type 'Document' with identifier '1234' has been successfully updated.","id":1234}}
Now I assume that the document is refreshed. However if I now read the properties with:
GET <webiURL>/documents/{documentId}/properties
the lastrefreshtime is not changed.
Has anybody an idea what happens during a refresh and what is updated?
Kind regards,
MichaelHi,
I have analyzed that the refresh seems to be only valid for the current session. This means, if I logon, refresh the document and determine the properties, I get the new refresh time.
However, if I logoff, I still get the old refresh time. So the refresh is lost or only valid for a session.
Is this the default behaviour?
Regards,
Michael -
How to create secure EJB web service in Oc4J using JDeveloper?
We are going to develop a EJB web service running in OC4J using JDeveloper 10.1.3.3.
By using the JDeveloper feature, we can simply create the web service by using the "Web Service Endpoint Interface" in the session bean.
However, unlike the web service created from Java class, I can't find any option to change the security setting of this web service. We tried adding annotation like @DenyAll for testing, but there has no effect and related method can still be called without WS-Security header.
Now, we can only change the security setting via the web console after deployment (select the web service, then enable security in administration page, and then edit security configuration to change the inbound policies for authentication). It works in our local machine, but it may not work in the production environment as we cannot touch the em console.
May I know if there has any way to include the security setting inside the project?
Thanks in advance.If I am not wrong, you might be probably talking about this :
http://docs.oracle.com/cd/B40099_02/books/EAI2/EAI2_WebServices33.html#wp179056
In order to implement the SOAP header, you would have to :
(1) Define SOAP header in the wsdl of the service.
(2) Add a new soap binding in the wsdl, which contains soap header and soap body.
I think, this should get you going.. -
Problem in invoking a secure weblogic web service from javaws client
Hi all,
the situation is this: there is a secure web service (Wssp1.2-2007-Wss1.1-X509-Basic256.xml policy) which is accessed by a stand-alone remote web service client (swing-enabled) which is initiated via java web start. You'll probably wondering why this is a special case. Let me elaborate...
The first step was to develop the service and the client. This wasn't much of a trouble, since the documentation was very good apart from creating a ClientBSTCredentialProvider object at the client side. The documentation should explicitly state that the sixth argument, that of the server certificate, is required! In any case, the first step was a success and the invocation was encrypted and signed at the message level.
The second step was to create a stand-alone remote client, without any local weblogic installation. That was a bit of a problem, since wlfullclient.jar or wseeclient.jar or weblogic.jar were not enough. I should note that the client was created via netbeans 7.0 and not with the help of weblogic clientgen. So, I had to make a verbose run from netbeans, in order to enumerate the jars which are accessed and gather them into the same directory. That was OK too. The standalone client works just fine.
The third step is to simply (not so simply...) make a java web start version of the client. Since the previous step was a success (having all necessary jars in the same directory) this one should not be a problem. Well... that turned out to be a huge issue. What I get back as the error message (shown in the java web start console) is this:
java.lang.InternalError: error initializing kernel caused by: java.lang.AssertionError: Duplicate initialization of WorkManager
at weblogic.work.WorkManagerFactory.set(WorkManagerFactory.java:107)
at weblogic.work.ExecuteQueueFactory.initialize(ExecuteQueueFactory.java:23)
at weblogic.kernel.Kernel.initialize(Kernel.java:103)
at weblogic.kernel.Kernel.ensureInitialized(Kernel.java:64)
at weblogic.rjvm.wls.WLSRJVMEnvironment.ensureInitialized(WLSRJVMEnvironment.java:50)
at weblogic.protocol.ProtocolManager$DefaultAdminProtocolMaker.<clinit>(ProtocolManager.java:53)
at weblogic.protocol.ProtocolManager.getDefaultAdminProtocol(ProtocolManager.java:218)
at weblogic.protocol.ProtocolHandlerAdmin.<clinit>(ProtocolHandlerAdmin.java:23)
at weblogic.rjvm.wls.WLSRJVMEnvironment.registerRJVMProtocols(WLSRJVMEnvironment.java:120)
at weblogic.rjvm.RJVMManager.ensureInitialized(RJVMManager.java:87)
at weblogic.rjvm.RJVMManager.<clinit>(RJVMManager.java:46)
at weblogic.rjvm.LocalRJVM.<init>(LocalRJVM.java:97)
at weblogic.rjvm.LocalRJVM.<init>(LocalRJVM.java:28)
at weblogic.rjvm.LocalRJVM$LocalRJVMMaker.<clinit>(LocalRJVM.java:31)
at weblogic.rjvm.LocalRJVM.getLocalRJVM(LocalRJVM.java:72)
at weblogic.xml.crypto.utils.DOMUtils.generateId(DOMUtils.java:403)
at weblogic.xml.crypto.utils.DOMUtils.generateId(DOMUtils.java:395)
at weblogic.xml.crypto.utils.DOMUtils.assignId(DOMUtils.java:374)
at weblogic.xml.crypto.wss.SecurityBuilderImpl.assignUri(SecurityBuilderImpl.java:148)
at weblogic.wsee.security.policy.SigningReferencesFactory.getSigningReferences(SigningReferencesFactory.java:100)
at weblogic.wsee.security.wss.policy.wssp.SigningPolicyBlueprintImpl.addSignatureNodeListToReference(SigningPolicyBlueprintImpl.java:446)
at weblogic.wsee.security.wss.policy.wssp.SigningPolicyBlueprintImpl.addSignatureNodeListToReference(SigningPolicyBlueprintImpl.java:335)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.resolveSignatureList(SecurityMessageArchitect.java:574)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.resolveSignatureList(SecurityMessageArchitect.java:428)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.constructMessage(SecurityMessageArchitect.java:304)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.buildWssMessage(SecurityMessageArchitect.java:138)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.buildWssMessage(SecurityMessageArchitect.java:121)
at weblogic.wsee.security.wss.SecurityPolicyArchitect.processOutbound(SecurityPolicyArchitect.java:225)
at weblogic.wsee.security.wss.SecurityPolicyArchitect.processMessagePolicy(SecurityPolicyArchitect.java:123)
at weblogic.wsee.security.wss.SecurityPolicyConductor.processRequestOutbound(SecurityPolicyConductor.java:119)
at weblogic.wsee.security.wss.SecurityPolicyConductor.processRequestOutbound(SecurityPolicyConductor.java:91)
at weblogic.wsee.security.wssp.handlers.WssClientHandler.processOutbound(WssClientHandler.java:117)
at weblogic.wsee.security.wssp.handlers.WssClientHandler.processRequest(WssClientHandler.java:69)
at weblogic.wsee.security.wssp.handlers.WssHandler.handleRequest(WssHandler.java:112)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:222)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
at com.sun.xml.ws.client.Stub.process(Stub.java:272)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
at $Proxy29.fetchCSD(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
at $Proxy30.fetchCSD(Unknown Source)
at exchangecsdclient.CSDExchangeClientImpl.fetchCSD(CSDExchangeClientImpl.java:151)
at pdfutil.PDFUtilApp.initialize(PDFUtilApp.java:55)
at org.jdesktop.application.Application$1.run(Application.java:170)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:597)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
at weblogic.kernel.Kernel.ensureInitialized(Kernel.java:66)
at weblogic.rjvm.wls.WLSRJVMEnvironment.ensureInitialized(WLSRJVMEnvironment.java:50)
at weblogic.protocol.ProtocolManager$DefaultAdminProtocolMaker.<clinit>(ProtocolManager.java:53)
at weblogic.protocol.ProtocolManager.getDefaultAdminProtocol(ProtocolManager.java:218)
at weblogic.protocol.ProtocolHandlerAdmin.<clinit>(ProtocolHandlerAdmin.java:23)
at weblogic.rjvm.wls.WLSRJVMEnvironment.registerRJVMProtocols(WLSRJVMEnvironment.java:120)
at weblogic.rjvm.RJVMManager.ensureInitialized(RJVMManager.java:87)
at weblogic.rjvm.RJVMManager.<clinit>(RJVMManager.java:46)
at weblogic.rjvm.LocalRJVM.<init>(LocalRJVM.java:97)
at weblogic.rjvm.LocalRJVM.<init>(LocalRJVM.java:28)
at weblogic.rjvm.LocalRJVM$LocalRJVMMaker.<clinit>(LocalRJVM.java:31)
at weblogic.rjvm.LocalRJVM.getLocalRJVM(LocalRJVM.java:72)
at weblogic.xml.crypto.utils.DOMUtils.generateId(DOMUtils.java:403)
at weblogic.xml.crypto.utils.DOMUtils.generateId(DOMUtils.java:395)
at weblogic.xml.crypto.utils.DOMUtils.assignId(DOMUtils.java:374)
at weblogic.xml.crypto.wss.SecurityBuilderImpl.assignUri(SecurityBuilderImpl.java:148)
at weblogic.wsee.security.policy.SigningReferencesFactory.getSigningReferences(SigningReferencesFactory.java:100)
at weblogic.wsee.security.wss.policy.wssp.SigningPolicyBlueprintImpl.addSignatureNodeListToReference(SigningPolicyBlueprintImpl.java:446)
at weblogic.wsee.security.wss.policy.wssp.SigningPolicyBlueprintImpl.addSignatureNodeListToReference(SigningPolicyBlueprintImpl.java:335)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.resolveSignatureList(SecurityMessageArchitect.java:574)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.resolveSignatureList(SecurityMessageArchitect.java:428)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.constructMessage(SecurityMessageArchitect.java:304)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.buildWssMessage(SecurityMessageArchitect.java:138)
at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.buildWssMessage(SecurityMessageArchitect.java:121)
at weblogic.wsee.security.wss.SecurityPolicyArchitect.processOutbound(SecurityPolicyArchitect.java:225)
at weblogic.wsee.security.wss.SecurityPolicyArchitect.processMessagePolicy(SecurityPolicyArchitect.java:123)
at weblogic.wsee.security.wss.SecurityPolicyConductor.processRequestOutbound(SecurityPolicyConductor.java:119)
at weblogic.wsee.security.wss.SecurityPolicyConductor.processRequestOutbound(SecurityPolicyConductor.java:91)
at weblogic.wsee.security.wssp.handlers.WssClientHandler.processOutbound(WssClientHandler.java:117)
at weblogic.wsee.security.wssp.handlers.WssClientHandler.processRequest(WssClientHandler.java:69)
at weblogic.wsee.security.wssp.handlers.WssHandler.handleRequest(WssHandler.java:112)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:222)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
at com.sun.xml.ws.client.Stub.process(Stub.java:272)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
at $Proxy29.fetchCSD(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
at $Proxy30.fetchCSD(Unknown Source)
at exchangecsdclient.CSDExchangeClientImpl.fetchCSD(CSDExchangeClientImpl.java:151)
at pdfutil.PDFUtilApp.initialize(PDFUtilApp.java:55)
at org.jdesktop.application.Application$1.run(Application.java:170)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:597)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
The two invocations (one using java and the other using javaws) should obviously have not differences at all since all resources (jars) are the same.
I have tried all client jar combinations (with wlfullclient.jar, wseeclient.jar, weblogic.jar) and the result is the same. One additional piece of information is that when removing all security parameters (message level encryption and signing) from the web service the java web start client works just fine!!!
This is not an issue of additional jars that somehow mess with weblogic jars, since the same error occurs even in the basic hello world web service.
I wonder if someone has faced the same problem. I would really really appreciate any help. Thank you in advance and keep up the good work.
Cheers,
Paul.
Edited by: PaulP on Jan 11, 2012 5:31 AMHi Kal,
since we're currently evaluating the software and haven't acquired a license, we cannot contact support.
I only need to know if this is a solved bug or not. Does it have to do with the classloading process (I cannot think of anything else)?
Thank you again very very much!
Cheers,
Paul. -
Error while executing Secure SOAP web service from Web Service Navigator
Hi All,
I have created a web service for a stateless session bean choosing option "Secure SOAP".
When I am testing it through web service navigator, it is showing following error:-
Security: Authentication expected but missing
And in response text it is showing following :-
HTTP/1.1 500 Internal Server Error
Connection: close
Server: SAP J2EE Engine/7.00
Content-Type: text/xml; charset=UTF-8
Date: Wed, 17 Dec 2008 05:42:10 GMT
Set-Cookie: <value is hidden>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
<SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Security: Authentication expected but missing</faultstring><detail><ns1:com.sap.engine.interfaces.webservices.runtime.ProtocolException xmlns:ns1='http://sap-j2ee-engine/error'>Security: Authentication expected but missing</ns1:com.sap.engine.interfaces.webservices.runtime.ProtocolException></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
Can anybody help me with above thing?
And my second question : I have created web service with "Basic Auth SOAP" option. and while executing at web service navigator, its asking for username & password.
What role / right should be granted to this user so as to make him able to execute this web service? This user must be a UME user, correct?
Pls help me in resolving this.
Thanks and regards,
Amey MogareHi Fazal,
I have read the thread, but my questions are still unanswered.
1. I know how to set username and password while using "Basic Auth SOAP" protocol. But my question in this case is what are the accesses user requires to be able to execute web service.
2. And about Secure SOAP, why is above mentioned error is appearing?
Thanks and regards,
Amey Mogare -
How to call a secure external Web Service using Oracle BPEL and OWSM
Hi,
i have to invoke an external secure Web Service using SOA Suite 10.1.3.1, but i don´t know how to do this. Do i use OWSM gateway or Agent? how to configure the gateway or agent to pass the required security to the external secure web service.
thanks in advance
DongAre you getting any errors? What type of XAI Class are you using?
One thing I've noticed is that if you are making changes to the XAI Sender you will have to restart the environment before the changes can take effect.
Also, if you are using RTHTTPSNDR as XAI Class you may have to include the HTTP Method - Post in the context.
Hope this helps.
Regards,
Philip -
WS-Security, WSE, Web Services, Authentication and Flex 2
Hey All,
I've been working hard on getting Flex to communicate with a
Microsoft .NET 2.0 Web Services project enabled with WSE 3.0
WS-Security. I can't seem to get the headers into the SOAP request
that I need.
For example, I can get a SOAP header into the message like
so:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="
http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="
http://www.w3.org/2001/XMLSchema"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
<ns0:Security xmlns:ns0="
http://tempuri.org/">
<ns0:password>pass</ns0:password>
<ns0:username>DOMAIN\Administrator</ns0:username>
</ns0:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<HelloWorld xmlns="
http://tempuri.org/" />
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
.. but, this isn't what my WSE, WS-Security enabled service
expects. Which is:
<soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="
http://www.w3.org/2001/XMLSchema"
xmlns:wsa="
http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>
http://tempuri.org/HelloWorld</wsa:Action>
<wsa:MessageID>urn:uuid:5be8b55a-df7b-4547-8def-76282fcd8b47</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>
http://localhost/CampaignMojoAPI.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-aab299a8-81e3-4d8a-bfa4-555f38978584">
<wsu:Created>2007-06-06T20:26:37Z</wsu:Created>
<wsu:Expires>2007-06-06T20:31:37Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-b43668b1-51a3-4ba1-a90a-69eca3b98b66">
<wsse:Username>DOMAIN\Administrator</wsse:Username>
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Passwor dText">pass</wsse:Password>
<wsse:Nonce>IK4ZemfS1pj3kpdYO5+FBg==</wsse:Nonce>
<wsu:Created>2007-06-06T20:26:37Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<HelloWorld xmlns="
http://tempuri.org/" />
</soap:Body>
</soap:Envelope>
I've tried "addSimpleHeader" and "addHeader", but both seem
to inject nested xml elements. Can anyone help me shape this WS
call into the format I need it in? Would it be possible to call
this WS manually via a direct HTTP post from Flex 2?
Thanks!,
SeanYeah,
Hey guys - thanks for the responses. I looked into this and
it seems no one uses WS-Security from the browser. That's why even
Google's APIs use alternative key logins, etc. I read from one user
that in the next version of Microsoft's AJAX platform that they
might support it, but that's about it. For now, it looks like
there's not even an AJAX/Javascript way to do this. If we could do
it via Javascript, then we could use the FABridge. I don't think
Flex supports it. I've tried to manipulate the headers into place
via Flex classes and I don't think enough control is there to get
the output in the form that's needed.
I think it's possible to write it in Javascript. But right
now my time budget just doesn't allow for it. I already spent two
whole days re-writing how Flex makes Web Service calls so they're
synchronous with timeouts instead of this massive amount of
asynchronous code they want you to write, so no more
re-writing/extending of components for me for a while.
But if anyone wants to work together to support it via
AJAX/Javascript, I would invest money into developing it.
I would like a public WS-Security AJAX/Javascript framework
for making these calls via WS-Security so I can offer customers a
standard way of accessing/authenticating against our public API
set. It would also make it possible for Flex to access standard web
services with WS-Security enabled.
Let me know what you guys think, or if anyone else has any
good suggestions/software.
Thanks much,
S. -
Using WS-Security with Web Service Controls in WLI 8.1 SP3
We have a process that calls a web service hosted on a .NET environment. The technique we have used is to generate a service control from the web service WSDL and call that control from a process. The web service is protected using a WS-Security usernameToken policy. The problem is that the .NET environment requires the wsse:Nonce and wsu:Created elements to be provided along with the token and I cannot see how I can specify this using a wsse policy file in WebLogic workshop. Does anyone have any advice for the best way to add this information to the security element in the SOAP header from within a WLI process? I've seen some example code for a java web service client, but that would not really fit with the control-based approach normally adopted in a WLI environment.
You won't be able to do this using the WSSE file.
An easy way to get around this is to use an XML Bean built from the WS-Security XML Schema. You'll have to read the WS-Security spec to determine how to create the nonce, but you'll be able to convert this XML Bean into the Element[] that the setOutputHeaders() method, which is on the service control you call the .NET Web Service with.
Regards,
Mike Wooten
Maybe you are looking for
-
Reboot script doesn't work with BOOTCD
Hi, We do Image our Workstations with the BOOTCD which works fine. At the End, there's a reboot command. All worked out, we had to do some changes in the Scripts after upgrading to ZEN7, but now the Reboot doesn't work anymore, the Workstation just w
-
Displaying Medium Text in Variable screen (WAD)
Hello Experts, When I run one of my reports in BEx, the input help for an infoobject shows key, Short Description and Medium Description. But the same report when I run in WEB it does not show the Medium Description but only the key and Short Descrip
-
Getting hostname/IP of the BEA server
Hello, I need to know the IP of the BEA server the request is currently working on. I have a cluster with 2 servers inside, each running in its HW. The HW has IP and the BEA has different IP. We need to send a request (using URLConnection) to another
-
Proxy-2-JMS Scenario: more than 10 additional JMS properties possible
Hi @all, we're implementing a Proxy-2-JMS-Scenario. The JMS reciever side needs unfortunalety more than 10 additional JMS properties. In XI/PI the maximum number of additional JMS properties is 10. Do somebody know a good workaround in PI how to deal
-
How to view .flv files?
How view flv files in nokia 5233? Moderator's Note: We have moved your post and changed the title into a subject-related title. This is to keep the forum organized and let other forum users easily see and respond to this post.