Extracting webservice security headers

Similar Messages

• WS-Security Headers

  I am having a problem making a webservice call through a partnerlink with the wsse security headers in the webservice call.
  BPEL server is receiving a SOAP webservice call with ws-security headers. I want to call a partner link, external webservice, with the same ws-security headers that I received from the client. BPEL is just being the middleman in this situation, receiving a webservice call and then making a webservice call with the same ws-security headers. I am having no success, can someone please help me?

  I am having a problem making a webservice call through a partnerlink with the wsse security headers in the webservice call.
  BPEL server is receiving a SOAP webservice call with ws-security headers. I want to call a partner link, external webservice, with the same ws-security headers that I received from the client. BPEL is just being the middleman in this situation, receiving a webservice call and then making a webservice call with the same ws-security headers. I am having no success, can someone please help me?

• How to insert security headers thru BPEL Process

  I am new to BPEL process creation and stuff, but I need to complete a task in which I need
  1.Create a BPEL process which accepts Username and password and set it into the soap request header as follows;
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
  ty-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-24438666"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
  y-utility-1.0.xsd">
  <wsse:Username>Username </wsse:Username>
  <wsse:Password
  Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
  -profile-1.0#PasswordDigest">password </wsse:Password>
  <wsse:Nonce>syVMUbFNvaQAfQaDpVDolA==</wsse:Nonce>
  <wsu:Created>2009-03-25T22:55:51Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  Can you please let me know what all steps I need follow in order to introduce the soap:header with wsse :security header settings. I am using 10.1.2.
  I tried to do it by importing a schema wsse.xsd into my WSDL file. and in bpel.xml I set the properties as follows,
  <property name="wsdlLocation">AccruentService.wsdl</property>
  <property name="wsseUsername">username</property>
  <property name="wssePassword">password</property>
  <property name="wsseHeaders">credentials</property>
  but does not put in the required header.
  I dont know if I need to do anything else, Please help.

  Hi,
  Thanks for the quick reply.
  I tried doing he same as mentioned in the link that u provided, but I got struck at this;
  I did not understand why we are doing this;
  <bpelx:insertAfter>
  <bpelx:from variable="pswd" query="/wsse:Password"/>
  <bpelx:to variable="userNameToken" query="/wsse:UsernameToken/wsse:Username"/>
  </bpelx:insertAfter>
  <bpelx:append>
  <bpelx:from variable="userNameToken" query="/wsse:UsernameToken"/>
  <bpelx:to variable="securityContext" query="/wsse:Security"/>
  </bpelx:append>
  after doing this and deploying, my request when tested thru SOAPUI looks like this with not security headers
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:add="http://schemas.xmlsoap.org/ws/2003/03/addressing" xmlns:acc="http://www.accruent.com/">
  <soapenv:Header>
  <add:MessageID>?</add:MessageID>
  <add:ReplyTo>
  <add:Address>?</add:Address>
  <!--Optional:-->
  <add:ReferenceProperties>
  <!--You may enter ANY elements at this point-->
  </add:ReferenceProperties>
  <!--Optional:-->
  <add:PortType>?</add:PortType>
  <!--Optional:-->
  <add:ServiceName PortName="?">?</add:ServiceName>
  <!--You may enter ANY elements at this point-->
  </add:ReplyTo>
  </soapenv:Header>
  <soapenv:Body>
  ....I just removed so that it is short
  </soapenv:Body>
  </soapenv:Envelope>
  the service which I am invoking should

• Business service with ws security (missing security headers)

  Hello,
  I have business service for which I applied ws - security (I want customer to sign response. Response should be validated by osb). I applied policy. Everything works as expected.
  My problem is that I would like to save message sent by customer (together with headers which contain signature). However headers related to security are not present in
  $header variable in response pipeline. When I disable ws-security then headers related to security are visible in reponse pipeline. So it seems that security headers are removed
  when ws-security in enabled. Can I somehow access all headers in response pipeline to be able to save them?

  I wasn't clear?
  This is a big dev problem for a major Sun client.
  No one knows or wants to answer?

• Process security headers without removing them

  Does anyone know whether it is possible to have OSB process security headers without removing the headers from the message?
  I would like to be able to validate the signature and grab the principal from the certificate in order to determine whether the request should be allowed to continue on. However, the signature cannot be removed from the message because the business service requires requests to be signed (and the requests must be signed by the original requester, not an intermediary).
  See Process security headers without removing them also
  Helmar

  I don't know a way of doing this with OSB, I mean having the bus do it for you. It's either process all security headers or none. If the service bus is acting as a pass-through, not processing the headers, you could read them yourself inside the proxy pipeline. But you would have to implement the decryption yourself, this won't be done by the bus. You could do this with a java callout, but I imagine it won't be trivial task.
  I'd think this is pretty standard. The headers normally are intended for a service (maybe going through various intermediaries), hence the actor property of the headers, and that service should remove them after processing them. But I'm not familiar with Oracle's ESB to know if this is possible with it.

• Processing WS-Security headers within a web service

  Hello,
  I have created a service with WS-Security (from a WSDL using jdeveloper) and deployed it on OC4J. Within the service implementation, I need to get some information from soap security header, that is, my service needs to process some security headers. However, in my service implementation, I only have access to information contained inside the SOAP message body (parameters methods).
  Could anybody be so kind as to tell me how can I process WS-Security headers inside a web service implementation, please?
  Thank you very much in advance.

  You can refer this article
  web services security in weblogic

• BPEL to invoke a webservice secured by BASIC auth

  Hi
  I have been trying to write a simple BPEL process to invoke a remote webservice secured by basic authentication. I was able to build the BPEL process and then the composite application that I deployed successfully to glassfish, all within NetBeans IDE. As per the wiki notes: http://wiki.open-esb.java.net/Wiki.jsp?page=HTTPBasicAuthentication, I also added the Policy element to the wsdl for the service that I am trying to invoke as follows:
  <wsdl:service name="PMSDatabase">
          <wsdl:port name="PMSDatabaseSOAP11port_http" binding="ns2:PMSDatabaseSOAP11Binding">
              <soap:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
          </wsdl:port>
          <wsdl:port name="PMSDatabaseSOAP12port_http" binding="ns2:PMSDatabaseSOAP12Binding">
              <soap12:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
          </wsdl:port>
          <wsdl:port name="PMSDatabaseHttpport" binding="ns2:PMSDatabaseHttpBinding">
              <http:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
              <wsp:PolicyReference URI="#HttpBasicAuthBindingBindingPolicy"/>
          </wsdl:port>
      </wsdl:service>
      <wsp:Policy wsu:Id="HttpBasicAuthBindingBindingRealmPolicy">
          <mysp:MustSupportBasicAuthentication on="true">
              <mysp:BasicAuthenticationDetail>
                 <mysp:WssTokenCompare/>
              </mysp:BasicAuthenticationDetail>
          </mysp:MustSupportBasicAuthentication>
          <mysp:UsernameToken mysp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
             <wsp:Policy>
                  <sp:WssUsernameToken10>mcs_user</sp:WssUsernameToken10>
                  <sp:WssPassword>${pass_token}</sp:WssPassword>
             </wsp:Policy>
        </mysp:UsernameToken>
      </wsp:Policy>When i try to run a testcase, the BPEL process fails during the invoke activity and I get the following error in the output:
  <detailText>BPCOR-6135:A fault was not handled in the process scope; Fault Name is {http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling}systemFault; Fault Data is &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;&lt;jbi:message xmlns:sxeh=&quot;http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling&quot; type=&quot;sxeh:faultMessage&quot; version=&quot;1.0&quot; xmlns:jbi=&quot;http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper&quot;&gt;&lt;jbi:part&gt;HTTPBC-E00753: HTTP POST request failed, portType {http://service.messagecentre.dha.gov.au}PMSDatabaseHttpport
      URL: http://namadgi:9999/MessageCentre/services/PMSDatabase/deletePMSVoidPeriod
      QUERY:
      PATH_INFO:
      Exception detail: request requires HTTP authentication: User mcs_user not found in directory.&lt;/jbi:part&gt;&lt;/jbi:message&gt;. Sending errors for the pending requests in the process scope before terminating the process instance
     Caused by: BPCOR-6131:An Error status was received while doing an invoke (partnerLink=PartnerLink1, portType={http://service.messagecentre.dha.gov.au}PMSDatabasePortType, operation=deletePMSVoidPeriod)
  BPCOR-6129:Line Number is 48
  BPCOR-6130:Activity Name is Invoke1
     Caused by: HTTPBC-E00753: HTTP POST request failed, portType {http://service.messagecentre.dha.gov.au}PMSDatabaseHttpport
      URL: http://namadgi:9999/MessageCentre/services/PMSDatabase/deletePMSVoidPeriod
      QUERY:
      PATH_INFO:
      Exception detail: request requires HTTP authentication: User mcs_user not found in directory.
     Caused by: request requires HTTP authentication: User mcs_user not found in directory.</detailText>Where else do i need to configure the BASIC auth details to get this to work?

  Please post your request to [email protected] for quick response.
  Error states "mcs_user" is invalid user. Please make sure that the user is valid.

• Webservice - security error

  Hi All,
  We are receiving the security error provided below while invokingthe LegalReportingUnitService -http://Host:Port/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL using HTTP Analyzer (Jdeveloper) or SOAP UI.
  Also we find that the web service is having OWSM Policies - Directly Attached Policy - oracle/wss11_saml_or_username_token_with_message_protection_service_policy
  Please let us know what information has to be provided apart from username/password credentials to this webservice.
  a. Error message while invoking the web service using ext port & SSL url :
  https://xxxx-fin-ext.example.com:xxxxx/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL
  Error Message: 401 Unauthorized.
  Log details:
  Response Header-----------------=_Part_9_498083750.1342417354448
  Content-Type: application/xop+xml;charset=UTF-8;type="text/xml"
  Content-Transfer-Encoding: 8bit
  Content-ID: <a1759cc915eb4db6ab48a1b97d3f1386>
  <?xml version="1.0" encoding="UTF-8" ?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/types/" xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"><env:Header><ns1:Security><ns1:UsernameToken><ns1:Username>Fusion</ns1:Username><ns1:Password>welcome</ns1:Password></ns1:UsernameToken></ns1:Security></env:Header><env:Body><ns2:createLegalReportingUnit><ns2:legalReportingUnit xmlns:ns2="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/types/"><ns3:PartyId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000002842377</ns3:PartyId><ns3:LegalEntityId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000002842369</ns3:LegalEntityId><ns3:GeographyId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000000225396</ns3:GeographyId><ns3:Name xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">Test123</ns3:Name><ns3:MainEstablishmentFlag xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">Y</ns3:MainEstablishmentFlag><ns3:MainEffectiveFrom xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2011-07-03+05:30</ns3:MainEffectiveFrom><ns3:MainEffectiveTo xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:MainEffectiveTo><ns3:EffectiveFrom xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:EffectiveFrom><ns3:EffectiveTo xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:EffectiveTo><ns3:ObjectVersionNumber xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">1</ns3:ObjectVersionNumber><ns3:ActivityCode xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/><ns3:SubActivityCode xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/><ns3:TypeOfCompany xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/></ns2:legalReportingUnit></ns2:createLegalReportingUnit></env:Body></env:Envelope>
  ------=_Part_9_498083750.1342417354448—
  b. Error message while invoking this web service using int port –
  http://xxx-fin-int.example.com:xxxx/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL
  Error Message: 500 Internal Server error.
  Log details:
  Response Header: ------=_Part_8_481967515.1342415673437
  Content-Type: application/xop+xml;charset=UTF-8;type="text/xml"
  Content-Transfer-Encoding: 8bit
  Content-ID: <f4ef59739fc64cacb9829403d3a171d5>
  <?xml version="1.0" encoding="UTF-8" ?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:ns0="http://schemas.oracle.com/owsm/policy-enforcement-2007-06"><faultcode>ns0:GenericFault</faultcode><faultstring>GenericFault : generic error</faultstring><faultactor></faultactor></env:Fault></env:Body></env:Envelope>
  ------=_Part_8_481967515.1342415673437—
  Regards,
  Ramesh

  Hi, I am using Weblogic Oracle 12c and standalone server no clusters. I have a webservice configured which is working from the Weblogic, using DemoTrust.jks I just downloaded the SOAP-UI and having issues with this, I set up the aut Tab to use Global HTTP Settings for the authorization type and added a keystore which is pointing to the DemoTrust.jks.
  When I run a test, I receive this error
  Tue Jul 31 09:40:38 PDT 2012:DEBUG:<< "<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurity</faultcode><faultstring>Error on verifying message against security policy Error code:1000</faultstring></env:Fault></env:Body></env:Envelope>"
  You wouldn't know what this is about, from what I am reading it seems I need to pass a policy to the server from the client but unsure what to configure.
  If you have any insight I would appreciate it.

• Sending WSSE security headers to non-weblogic web service

  I have been trying to send wsse headers to a non-weblogic web service. I am looking for a way to do this using the control file I generated from the wsdl or the page flow where I implement the control, or the message handler file. I have username and password parameters but I cannot get this to function.
  Here is the signature I need:
  <?xml version="1.0" encoding="UTF-8" ?>
  - <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  - <env:Header>
  - <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  - <wsse:UsernameToken wsu:Id="Id-dFQDZm_34ewPYtaARIJ_4BfI" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>weblogic</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </env:Header>
  - <env:Body>
  <n1:hello xmlns:n1="http://workshop.bea.com/WebServiceB" />
  </env:Body>
  </env:Envelope>
  Of course the Body is different, but this is the security signature that I need to get into the header. After looking at all the examples, I only see the option of using a java proxy class to call the web service, which would be a little difficult to use as my whole page flow application so far is calling the web service from a generated control. There are also lots of coplex datatypes that are being sent to the web service so a jave proxy would be a little difficult. I have tried to take the code from the java proxy class example and put it in my handler class, but the handler seems to only use MessageContext, not WebServiceContext and will not let me add the username password tokens. When I have tried to case a WebServiceContext out of a MessageContext, it gives me a runtime error "Class Cast Exception" even though workshop lets me do it.
  This is extremely urgent. Please help me! I am using the sample handler class called MessageHandler.java and the sample WSSE java proxy class called WebServiceBClient.java that generated the above signature.

  More information:
  Here is the first part of my Java Control where I am calling the web service and the message handler:
  package controls;
  * @jc:location http-url="http://localhost:7001/Checking.jws"
  * @jc:wsdl file="#CheckingWsdl"
  * @jc:handler callback="MessageHandler" operation="MessageHandler"
  public interface CheckingService extends com.bea.control.ControlExtension, com.bea.control.ServiceControl
  public static class CustomerInfo
  implements java.io.Serializable
  public java.lang.String FirstName;
  public java.lang.String LastName;
  public java.lang.String MiddleName;
  public int SSN;
  public int CustomerNumber;
  public java.util.Calendar CreationDate;
  public java.util.Calendar LastModifiedDate;
  public static class FundingInfo
  implements java.io.Serializable
  public float Amount;
  public java.util.Calendar CurrentDate;
  public int AccountNumber;
  public static class anyType
  implements java.io.Serializable
  public com.bea.xml.XmlObject[] t;
  public static class AccountInfo
  implements java.io.Serializable
  public int AccountNumber;
  public float Balance;
  public int CustomerNumber;
  public java.util.Calendar LastModifiedDate;
  * @jc:protocol form-post="false" form-get="false"
  public AccountInfo CreateAccountChecking (CustomerInfo CustomerInfo, FundingInfo FundingInfo, anyType CommonHeader);
  static final long serialVersionUID = 1L;
  Here is the section of the MessageHandler class where I am attempting to add security token to the header:
  protected void addSecurityHeader (MessageContext mc)
  * Registers a handler for the SOAP message traffic.
  HandlerRegistry registry = mc.getHandlerRegistry();
  List list = new ArrayList();
  list.add(new HandlerInfo(WSSEClientHandler.class, null, null));
  registry.setHandlerChain(new QName("hello"), list);
  try
  WebServiceContext context = (WebServiceContext)WebServiceContext.currentContext().getLastMessageContext();
  //(WebServiceContext)mc;
  WebServiceSession session = context.getSession();
  * Set the username and password token for SOAP message sent from the client, through
  * the proxy, to the web service.
  UserInfo ui = new UserInfo("weblogic", "weblogic");
  session.setAttribute(WSSEClientHandler.REQUEST_USERINFO, ui);
  //mc.setProperty(WSSEClientHandler.REQUEST_USERINFO, ui);
  * Adds the username / password token to the SOAP header.
  SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
  Security security = factory.createSecurity(null);
  security.addToken(ui);
  session.setAttribute(WSSEClientHandler.REQUEST_SECURITY, security);
  //mc.setProperty(WSSEClientHandler.REQUEST_SECURITY, security);
  } catch (Exception ex) {System.out.println("EXCEPTION CAUGHT DOING SECURITY STUFF " + ex.getMessage());}
  I tried to use the MessageContext to do this but it came out null. I tried to cast the MessageContext to WebServiceContext and it gave me a Class Cast Exception. I tried to add the HandlerRegistry section to this but of course the assignment mc.getHandlerRegistry is improper and is not compiling so don't let that confuse you.

• Webservices Security in SOAP Receiver Adapter

  Hi All,
  I am configuring web services security settings in my File To Webservice scenario.
  The scneario is:
  File -
  asynch--XISynch-Webservice(X.509)
  The webservice is using X.509 certificates for security.
  I have configured SOAP receiver channel with webservices secuirty settings and same with Receiver agreement.
  But when I run this scenario in the SOAP Receiver channel monitoring I get below error.
  Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: ApplyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: apply( Message, CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: ProcessException in Method: run(). Key: 0700; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: ProcessException in Method: run(). Key: 0700. To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityContext in Method: apply( Message, CPALookupObject ). ApplyThread-Exception Message: ProcessException in Method: run(). Key: 0700; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: ProcessException in Method: run(). Key: 0700.
  Does anybody have idea about this error?
  Please help me to resolve this.
  Thanks,
  Shweta.

  Hi,
  I am doubtful if after add ing all the security realted settings you could be able to test it via RWB monitoring.
  Its better to test this kind of scenario with either real time application where all security certificates and settings will on right place.
  Thanks
  Swarup

• BPEL to invoke Webservice secured with HTTP Basic authentication

  Hi All,
  Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
  1) Created Target Synchronous process ex : B
  2) Created Source Syncronous Process ex : A
  Iam trying to call B(Target) from A(source).
  3) Open Composite.xml of A(Source)
  4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
  5) Under Security tab attach oracle/wss_username_token_client_policy
  6) Login to em/console
  7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
  8) Enter username and password under HTTP Basic Authentication.
  9)Test from em.console(when we are testing under security tab I have checked None radio button)
  So this is the Error message which is throwing.
  ==================================
  The selected operation process could not be invoked.
  An exception occured while invoking the webservice operation. Please see logs for more details.
  oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
  java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
  =======================================
  Please let me know if Iam missing any steps.
  Thanks
  SSV

  Followed this post.......
  This is avery good question
  in 11g i have taken out the steps from my document which i created for one our customer
  go to composite
  Right click on the external reference service and select “Configure WS policies” :done
  Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
  6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
  7. Include the “oracle.webservices.auth.username--> :done
  value-->password :done
  8. Include the “oracle.webservices.auth.password”-->name :done
  value-->password :done
  Thanks
  SSV

• Add WS Security Headers to a Web-Service Request in JDeveloper

  I'm using JDeveloper to create a composite that performs a query against CRMOnDemand.  In order to access CRMOnDemand in a stateless manner, I have to create a SOAP request with the following in the header:
  <wsse:UsernameToken>
            <wsse:Username>USERNAME</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password></wsse:UsernameToken>
  How do I add these to the SOAP header message within the JDEVEOPER ui?

  I've figured out...
  Map<String, Object> reqCtx =
  ((BindingProvider)iditInterface).getRequestContext();
  Map<String, List> reqHttpHeader =
  (Map<String, List>)reqCtx.get(MessageContext.HTTP_REQUEST_HEADERS);
  if (null == reqHttpHeader) {
  reqHttpHeader = new Hashtable<String, List>();
  List header1 = new ArrayList();
  header1.add("[header1-value]");
  reqHttpHeader.put("[header1name]", header1);
  List header2 = new ArrayList();
  header2.add("[header2-value]");
  reqHttpHeader.put("[header2name]", header2);
  reqCtx.put(MessageContext.HTTP_REQUEST_HEADERS, reqHttpHeader);
  I used the above code to add the HTTP headers, before I call the webservice interface.

• Avoid stripping of wsse security headers

  Hi,
  I have created  two SOA composites. The first soa composite is for inserting to a database whereas the second composite is just a wrapper service to invoke the first composite. The first composite is attached with policy oracle/wss11_username_token_with_message_protection_service_policy as a result of which the reference endpoint of the second composite is attached with oracle/wss11_username_token_with_message_protection_client_policy. The service endpoint of the wrapper service is attached with oracle/wss_username_token_service_policy. In the
  oracle/wss11_username_token_with_message_protection_client_policy the default key has been overriden with a key that has credentials of an user who does not have the authentic and authorization privilege. So while testing the service with user (with right privilege) the security header is getting stripped when the second service is getting invoked as a different policy has been attached. So is there any way to avoid stripping off the wsse headers from the first service so that it overrides the security header when the second service is being invoked?
  The soa version is 11.1.1.5.0
  Thanks,
  Sourav

  Hi all,
  any solution to this?

• Transport Authentication (webservice security)

  HI,
  I want to provide security for my webservices.so
  I have choosed Transport Authentication. and i succeded but even i set the usename and passwords in the visualadministrator>webservicesecurityservice>select webservice clientproxy-->Transportsecurity and set the authentication to Basic and enter the user name and password.
  my webservice is valid only for username:admin and password:admin.(i have entered different username and pwd at above step)
  even i set the username and password in visualstudio i cannot use that username and password while running the webservice, whenever i give the username:admin and password:admin it is valid .
  how to set the new username and password.can anybody help me about this transport authentication
  Thanks and Regards
  Srinivas

  HI,
  I want to provide security for my webservices.so
  I have choosed Transport Authentication. and i succeded but even i set the usename and passwords in the visualadministrator>webservicesecurityservice>select webservice clientproxy-->Transportsecurity and set the authentication to Basic and enter the user name and password.
  my webservice is valid only for username:admin and password:admin.(i have entered different username and pwd at above step)
  even i set the username and password in visualstudio i cannot use that username and password while running the webservice, whenever i give the username:admin and password:admin it is valid .
  how to set the new username and password.can anybody help me about this transport authentication
  Thanks and Regards
  Srinivas

• Webservice + secured jms (Web Service over the JMS trans).

  Apologize since this post is in the webservice forum as well but since it is related to jms as well i put it here as well.
  I have a web service that is using JMS (@WLJmsTransport Web Service over the JMS transport)
  and everything seems to be ok BUt i do not know how to use this if the JMS is secured .
  By Adding security on JMS queue what other things i need to do in order for the webservice to access the queue ?
  (where i specify the credentials ?)
  @WebService(serviceName = "ASyncService", targetNamespace = "http://axyz.org/notification/v1", endpointInterface = "
  axyz.notification.ASyncPort")
  @WLJmsTransport(contextPath = "notify", serviceUri = "async_event", portName = "ASyncServicePort", queue = "events", connectionFactory = "cnfct_receiver")
  Thank you !

  The annotation you gave is for accessing the webservice but in this case it seems the webservice has to access a secured jms
  However having your response lead me to @RunAs which solved my problem.
  Very hard to find this information.
  Thank you very much for your answer !
  Nice blog as well !
  Edited by: user630775 on Jan 28, 2010 2:02 AM