Flash security issue; Error #2170, crossdomain.xml
Hi,
we are using Xcelsius 2008, SP3, together with BO XI 3.1 SP2 (Edge; Linux) and SAP BW.
We have build a dashboard using Query as a Web Service as datasource (pointing to a SAP BW query).
When we export the Xcelsius file to the BO repository and run the file from InfoView (or CMC), we get a #2170 error.
The resolution seems to create a crossdomain.xml file so that Flash Player doesn't block the execution of the file any more.
Do I have to place this crossdomain.xml file on Tomcat (BO) or SAP BW (transaction SICF)? Are there other solutions for this problem?
Thanks!
1. Look for crossdomain.xml in the following folder <BOBJ installation directory>/Tomcat/webapps/ROOT, if it is not there create one.
2. The content of crossdomain.xml should look like follow:
<?xml version=”1.0″?>
<!DOCTYPE cross-domain-policy SYSTEM “http://www.adobe.com/xml/dtds/cross-domain-policy.dtd”>
<cross-domain-policy>
<allow-access-from domain=”*” secure=”false” to-ports=”*”/>
<allow-http-request-headers-from domain=”*” headers=”*”/>
</cross-domain-policy>
3. Then restart the Tomcat server
Reference quoted
Similar Messages
-
Problems with Flash Security issues and Captivate projects
Hello,
We're putting together a flash based eLearning course that has been created primarily in Adobe Captivate with flash plugins. The course consists of several modules, all which are embedded into HTML files that are linked to each other.
Our client wants the project on a CD, which is starting to create some problems. Everytime the project goes to open another HTML/flash page, the security issue comes up that mentions that the flash player is trying to communicate to the internet.
Now usually the way to get around this is to go into the security settings and add the CD as an accepted URL - however we can't do this for several reasons. The main one is that we are encasing it within Firefox Portable (included within the CD and as such, read only) and the computers it is being used on may not be connected to the internet.
Any idea how we can get around this? Are the flash player settings stored somewhere locally on your computer, and can we configure them there? (perhaps through an ini or something) to place on the CD with the plugin for Firefox Portable? Is there a simpler way to address this that we're just not seeing?
Thanks,Hi there
I agree with Michael.
Server2Go is also what I'd have offered. The mention of Firefox portable sound intiguing, but I'm really skeptical that it will do what is needed in this case.
In case it will help, here are some steps for Server2Go.
Download the Server2Go software from http://www.server2go-web.de/download/download.html
Choose the Micro package
This should result in receiving a zip file named distribute_apache1.3_micro.zip
Unzip the contents of the zip file to the root of your hard drive ( C:\ )
This should create a folder named distribute_apache1.3_micro
Open this folder and delete the following files and folders inside:
Files:
splash.bmp
logo.ico
readme.txt
Folders:
dlls
dbdir
cgi-bin
Open the htdocs folder and delete all files and folders inside.
Copy all of your Captivate output files to the htdocs folder
Rename the HTML page Captivate created to index.htm
Copy the contents of the distribute_apache1.3_micro folder to the CD-ROM and test!
Hopefully this helps... Rick
Click here for Adobe Certified Captivate and RoboHelp HTML Training
Click here for the SorcerStone Blog
Click here for RoboHelp and Captivate eBooks -
Problems with Captivate Redirects, possibly Flash Security and XML
Hello fellow Captivarians,
First a little backstory, earlier in the year we developed a course that heavily used external image files, which were gathered and organised through an XML file, then placed into Captivate 4 through a widget. This was all developed in Actionscript 3 and was designed to be accessed locally, on the user's computer from a CD Drive.
We had a whole deal of issues with Captivate and Flash security issues, finding that we could not get the importing to work correctly in Internet Explorer as it outright refused to import the XML file (Presumably because of security issues). However, Firefox would work fine. Eventually we got it working via a bandaid solution by prepackaging the course with a firefox portable install.
Now many months later, we have discovered our previous solution still works, but it now outright denies any redirects from HTML page to HTML page, regardless if the content is on the CD or if it's on the harddrive. Buttons that link to external sources will not work, (even if it's just a local page in the same directory).Flash player simply refuses to redirect between HTML pages. We tried some older projects that were developed in AS2 - and this wasn't an issue.
The odd thing is however, on my computer it still works fine. However, on everyone elses in our office, it will not redirect at all. We are all running the same version of Flash Player, and the same version of Firefox...
Any ideas? Could it have been a recent update with the Flash Player that prevents this sort of interaction?
Cheers.Hi there
Have you tried configuring the Flash Security Settings? That's my guess.
Click here for a tutorial on how to configure
If this will be on CD-ROM or DVD, you may need to consider adding a light version of a Web Server to the media and launching via that.
Helpful and Handy Links
Captivate Wish Form/Bug Reporting Form
Adobe Certified Captivate Training
SorcerStone Blog
Captivate eBooks -
Crossdomain.xml Not Working
Ok, so first off, my environment. I'm working on a flash
application that resides on the web server (192.168.1.74) and the
data its pulling is from a device (192.168.1.77).
On .77 I have a crossdomain.xml. I have attached the
crossdomain.xml file.
The problem I'm having is that while watching the data
communication in a network sniffer, after the GET for
/crossdomain.xml happens, about 75% of the time, nothing gets
returned. When the XML file DOES get returned, there's a HTTP OK
message... and then that's it. None of the communication between
the app and the server happens.
Now, when I run this application in the Flash developer
program thing, it works fine (I'm on .64) so I know the flash code
works. So its either a Browser issue or my crossdomain.xml file is
wrong in some way.Try adding security="false" inside the next line:
<allow-access-from domain="*"/>
so it would look something like
<allow-access-from domain="*" security="false" />
It fixed the problem for me. -
How can I serve crossdomain.xml file on a specific port?
Let me introduce my problem step by step:
I was using a socket connection on the address www.mydomain.com:1925 to provide a chat service for my users. When I moved to cloudflare, I could not connect to port 1925 directly because of the fact that my requests were reaching my origin server over cloudflare and the port was changing.
How did I solve it? I created a subdomain chat.mydomain.com whose DNS settings point to my origin server not cloudflare. I bypassed cloudflare by this way and I connected my chat service by using chat.mydomain.com:1925 on the browser. So far so good.
Here is the problem. I am also using Flash and AS3. It is the core of my game on the site. Chat is working on html and my game in flash is in some part of my website. In flash, I was sending scores of players using again a socket connection on www.mydomain.com:1925 by a different namespace.(Since swf's host and url's host matched, I didn't have any problem I think).Since I have changed the domain to chat.mydomain.com:1925, Flash started to request a crossdomain.xml on chat.mydomain.com:1925. There is a crossdomain.xml file on chat.mydomain.com however I cannot serve it from chat.mydomain.com:1925. Here is my code:
Security.loadPolicyFile("https://chat.mydomain.com/crossdomain.xml");
var urlLoader:URLLoader = new URLLoader ();
var url:String = "https://chat.mydomain.com:1925/socket.io/1/";
var request:URLRequest = new URLRequest(url);
request.method = URLRequestMethod.POST;
urlLoader.dataFormat = URLLoaderDataFormat.TEXT;
urlLoader.addEventListener(Event.COMPLETE, completeHandler);
urlLoader.addEventListener(IOErrorEvent.IO_ERROR,ioErrorHandler);
urlLoader.load(request);
Since flash cannot find crossdomain.xml by getting 404, the requests in my code do not work. How can I solve this problem? How can I use the origin chat.mysite.com:1925?You're going to have to host it in a way that lets you serve HTTP/S content (at least the crossdomain.xml) on port 80 or 443 respectively.
The Flash Player Security Whitepaper has an excellent breakdown of the requirements for crossdomain policy stuff:
White paper: Adobe Flash Player 10 security | Adobe Developer Connection -
Change Flash Security Settings With No Internet Access?
Hello
I have firefox at home with no internet access, is it posible
to alter my flash installation so it enables access to other
content. it brings up a settings window but that just goes to a
dead url.
I have a a collage disk but it will not run untill I alter
the settings of flash to allow acess to other site, other location?
Please help?phil ashby wrote:
> Glad it worked!
>
> Urami, I did some fairly extensive tests with this idea
and it seemed to work
> each time - although all our corporate machines have the
same build. Even if
> the directory didn't exist, if you created it and placed
the SOL inside, it
> words. In the end I never actually used it as I
distributed the app as an exe
> which doesn't have such draconian security requirements,
also it obviously
> overwrites the users original version, if present.
I agree with you, I tried different SOL editor and it work
when i tried.
I believe what I used was more than SOL explorer/reader
rather then editor
even tho it has this option is seem the file stop working and
hence the
problem I was claiming about the files not work properly.
Perhaps it was changing something and flash did not like
these changes.
Anyhow, I did try another tool and did manage to work.
Thanks
> Personally, I think it's a bit of a hole in the whole
Flash security issue.
Won't comment on that one :) Something just seem way
unnecessary and silly...
Best Regards
Urami
!!!!!!! Merry Christmas !!!!!!!
Happy New Year
<urami>
If you want to mail me - DO NOT LAUGH AT MY ADDRESS
</urami> -
Flash Security Settings and Random Questions not Displaying
Hey folks,
I created a Captivate 4 project with 3 slides and a question pool of about 70 questions in which I am randomly pulling in. I am using IE7 and Flash 10. Publishing in Flash 10. If I publish or view in Preview in a web browser the project launches, plays the first 3 slides, and then goes blank when the first question should appear. Note: previewing the project AND publishing the project as an .exe does launch and display all the questions correctly. It ends up being a flash security issue. I went to the adobe site and via the Adobe Flash Player Security Manager" I entered in the main .SWF captivate-generated file as a trusted file and then re-ran the published captivate project and it ran correctly. Question is ... what do I need to do to set up flash or my project so I don't have to do this for every new project that I deploy? I don't want to have the users have to go in and add whatever I deploy as a trusted file. It's also a little confusing as to why the first three slides played and it stopped at the questions ... seems like if it's not a trusted file, that it wouldn't run at all.
Thanks for any help!
ChrisHello again
I think I'd be investigating a temporary web server to host on until things are ready. Here's where it will help.
By providing files to the end users, if you are copying files over you end up having to explain how to save the files. You then have to walk them through setting the Flash Security so they can properly view. It all just becomes a pain in the kazoo.
If you can find some server space, you simply upload the content and provide a link for the users to view the content.
Other than that, if you are insistent that copying is the way to fly, I might suggest you establish a known location where you want everyone to copy their files. Perhaps C:\TestFolder. Then provide some instruction on how to configure the folder with the relaxed Flash Security. From there forward, anything they copy to the folder should need no security adjustment.
Cheers... Rick
Helpful and Handy Links
Captivate Wish Form/Bug Reporting Form
Adobe Certified Captivate Training
SorcerStone Blog
Captivate eBooks -
#2170 error calling a webservice from Xcelsius having crossdomain.xml
Hello together,
we are facing a #2170 error indicating we don't have a proper policy file in place when executing a published Xcelsius flash in SAP BI application portal.
We created a WebService that is running an SAP BI System 7.01. The WebService is function module based and was generated following the wizzard. Afterwards we created a Xcelsius app that consumes data from this WebService (via data connection). The resulting flash from Xcelsius was pulished to SAP BI System (portal).
Since there are many entries in the SDN and the internet in general we finally also created an crossdomain.xml file on the BI system which can be accessed and is visible by using "https://<server>/crossdomain.xml".
Now the confusion begins: We exported the flash from Xcelsius to local desktop and executed the corresponding HTML-file. It's working and I can receive/see WebService data (after adjusting flash-security-settings). If we upload both exported files (html and swf) to the BI system (as MIME objects) and execute the html again we are also receiving WebServervice data. So far so good. But if we execute the link from the SAP BI Portal (Xcelsius menu > SAP > Start) we still get the error #2170 indicating we don't have a proper domain policy file in place. But for my understanding we do have. So currently I would assume the error message is somehow misleading.
During all the activities I found out that this error is also raised if the user has insufficient authorization. My user has SAP_ALL authorization for testing purpose.
In general I would say we are not that wrong with our Xcelsius/WebService if we are not coming from BI portal. So my questions are:
1.) Are there any authorization on portal side that might not fit and lead to this error? If insufficient authorizations produces such an error ...
2.) Did we miss any other stuff during our try/fail-operations?
Many thanks in advance for your hints.
SteffenHi Rajat,
This is how the default trace looks
FATAL: Application Servlet failed to notify devices.
Caught java.rmi.RemoteException: Service call exception; nested exception is:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1289)
at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1298)
at com.om.ApplicationServlet$NotifyDevices.run(ApplicationServlet.java:86)
Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:980)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1430)
at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1282)
... 2 more
java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:779)
at com.omApplicationServlet$NotifyDevices.run(ApplicationServlet.java:92)
Rgds
Shashank -
Hi guys.
Typically webservices are invoked across domains. Flash has defined certain policies which prevent crossdomain access. The only way to bypass this security feature is to put a crossdomain.xml file within the server root of the webservice provider i.e. in our case at http://abc.com. A sample example of crossdomain.xml is as below:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
If the crossdomain.xml is not added the developer will get “Security Error accessing URL” type of messages.
The above mentioned information should be enough for you to get your flex based WebService client up and running.
We are using axis2 to build webservices. We deployed the webservices under axis2 container under repository/srvices folder . But in Flex when we try to call the webservices we were getting the exception saying security error in accessing url. The solution is we need to put the crossdomain.xml o that it is loaded at runtime and allow us to access. In tomcat if we put the file under ROOT directory we could accss the file and we were able to access the webservices deployed under Tomcat. But I googled for Axis2 container and couldnt find any solution.
Please post the reply if anyone knows the solution to it.
Thanks
RajaHi. So, I did take a quick look at the Axis2 standalone server and didn't see any way to server up a file such as crossdomain.xml. It seems like it might be a useful enhancement to have the ability to serve up files even if this functionality was very simple/limited and nothing like a full blown http server.
I'd log an enhancement request against axis2 if this is something you'd like to have.
http://issues.apache.org/jira/browse/AXIS2
-Alex -
Security error accessing url with crossdomain.xml in InDesign FlexUI
I'm evaluating Flex as a UI component in an InDesign script. Part of what it needs to do involves retrieving some data from a web server to be displayed in a datagrid. I've written a server running on localhost that will provide this data. Everything works fine when I run the component from Flash Builder or from the HTML wrapper page that is generated during the release build, but once I copy the .swf to the InDesign scripts folder and load it as part of a ScriptUI component, I get a fault response ("security error accessing url") when connecting to the server. I'm running this bit of code in from my Flex client:
var h:HTTPService = new HTTPService();
h.url = "http://localhost:8080/elements";
h.method = "GET";
h.addEventListener("result", getElementsResult);
h.addEventListener("fault", getElementsFault);
h.send();
From what I've read, I may need a crossdomain.xml file at the root of my host, so I've added that to the server and can see that it is being accessed whenever the flex component attempts to connect to the service.
My crossdomain.xml file is:
<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
which seems to be correct, from what I understand. I've also tried quite a few other variations (setting explicit site-control policies, etc.). I'm quite new to Flex/Flash and I'm basically stuck at this point. Where might I be going wrong?I think sleeping on this one helped... I found that if I serve the .swf from my web server then everything works out fine. Loading it from the local filesystem seems to have been the problem.
-
I how can I solved the Flash Security Error? I can't view a chart that requires Flash.
Has anyone been able to resolve this issue? There is also a similar older post (http://forums.adobe.com/message/32592#32592) that has not been answered.
I have a Flex app on my website that downloads a file from the same place. Both are under the root directory. This works fine in IE7, IE9, Firefox, Chrome, and Opera. In IE8 I get the error (error text is "Error #2048"). This is on 32- and 64-bit XP machines.
I even tried putting a crossdomain xml file (which should not be needed) to no avail.
Any help would be appreciated. -
XML.sendAndLoad - (Security-related) Error Opening URL
Hi All,
I know this is a common problem (I've searched), but I'm
hoping you can help me out.
1. What my Application Does
My Flash app uses XML.sendAndLoad() to communicate with a
Java Servlet on the same domain, in the same webapp.
2. What happens when I run it on my (developer) machine
It works.
I connect to a url "
http://localhost:8080/webapp1/servlet/FlashServlet"
perfectly and pass around XML between Flash and Java
3. What Happens on the Real Machine
The Real Machines equivalent URL is
http://int-tzn:8101/webapp1/servlet/FlashServlet
The XML.sendAndLoad() cannot connect, with a "Error Opening
URL" error.
4. What I've Tried
4.1. Using a
crossdomain.xml on Real Machine
(not sure if I've got in correct place, but i
can see it at
http://int-tzn:8101/crossdomain.xml
4.2. Tried a StandAlone (Projector) WITH Network Access
4.3. Tried using
LocalContentUpdater to confirm and set
network access
4.4. Have set in my ActionScript :
System.security.allowDomain("*");
Please help.
This needs to go into a large Production Environment in 2
days and there are large amounts of money behind it.
Thanks in advance.
- Laven PillayOK the deal is:
When using TLF, a user visiting your webpage will download the TLF's SWZ file, if the user already has that file it will be downloaded from the adobe site, if the adobe site is down then it will search the .swz from where the website is hosted on.
Have a read here:
http://help.adobe.com/en_US/flash/cs/using/WSb03e830bd6f770ee-4b0db644124bbdb363d-8000.htm l#WSb03e830bd6f770ee72b69dc71257a25aa72-8000 -
Crossdomain.xml issue - Accessing SAP from adobe FLEX
Hi All,
We are in the process of trying to integrate 4 SAP bapis exposed as Web services from adobe flex.
When we do so we are getting a "security error accessing URL"
The URL of our flex application is:
http://10.10.0.48:8081/water0305/iden.html
The WSDL of the web service is:
http://10.10.0.66:8001/sap/bc/srt/rfc/sap/ZKK_BAPI_EQMT_DETAIL?sap-client=800&wsdl=1.1
We looked at various forums and we found that adding a crossdomain.xml file to the root directory
(at the destination server) will resolve the issue.
I did implement all those steps on the R/3 side to add a crossdomain.xml to an ABAP WAS.
crossdomain.xml on WAS
however i still get those errors(security error accessing URL).
Below is the code i use to access the SAP web service
<mx:WebService
id="EqmtDetailWS" showBusyCursor="true" fault="Alert.show(event.fault.faultString)" >
<mx:operation name="EqmtDetail" resultFormat="e4x" result="getEquip_result(event);" fault="getFault(event);">
<mx:request>
<Equipment></Equipment>
</mx:request>
</mx:operation>
</mx:WebService>
We are displaying the SAP info on a map service provided by esri so we included the load operation here.
<-Loading the wsdl->
private
function onExtentChange(event:ExtentEvent):void {
EqmtDetailWS.wsdl=
"http://10.10.0.66:8001/sap/bc/srt/rfc/sap/ZKK_BAPI_EQMT_DETAIL?sap-client=800&wsdl=1.1&sap-user=******&sap-password=****&sap-language=EN&~transaction=iw51";
EqmtDetailWS.loadWSDL();
<Displaying the info from SAP>
private function getEquip_result(event:ResultEvent):void {
equip_desc = event.result.Equitext.Equidescr;
txtAreaEquipDetail.htmlText = txtAreaEquipDetail.htmlText + "Equi. Desc. : " + event.result.Equitext.Equidescr + "\n";
var material:String=event.result.Equimaster.Material;
SAPIDAliasEquipDesc =event.result.Equitext.Equidescr;
material=material.substring(14,18);
txtAreaEquipDetail.htmlText = txtAreaEquipDetail.htmlText + "Material : " + material + "\n";
txtAreaEquipDetail.htmlText = txtAreaEquipDetail.htmlText + "Serial No : " + event.result.Equimaster.Serialno + "\n";
var costcntr:String=event.result.Equilocation.Costcenter;
costcntr=costcntr.substring(7,10);
txtAreaEquipDetail.htmlText = txtAreaEquipDetail.htmlText + "Cost Center : " + costcntr + "\n";
CustomerID = event.result.Equisales.Customer;
This is how we load the policy file.
Security.loadPolicyFile(
http://10.10.0.66:8001/sap/bc/bsp/sap/zroot/crossdomain.xml);
This works fine when we run it from the IDE but throws up an error when we deploy it on the server
So are we missing something ?
Is there anything else to be done to overcome the security issue ?
Thanks in advance.
Regards,
Karthik.Hi Rich,
I followed the steps in your video when our system was R/3 4.7 (WAS 6.20) and the test worked fine, i.e. accessing the crossdomain by typing http://server:port/crossdomain.xml.
I followed the same steps with our new version (we're undergoing an upgrade) but I kept getting the error message:
"BSP Exception: the BSP URL /crossdomain.xml Does Not Contain Any Application Entries". Then I saw Ivan post suggesting implementing OSS Note 1260386. I applied the Note but I got the same error message.
Then I ran function ICFBUFFER_INIT to make sure the buffer is cleared, cleared the cache in the browser and still got the same error message.
Our system is ERP 6.0, NetWeaver 7.0, level 17 (BASIS Component is SAPKB70017).
Please help. Thank you.
Achille. -
Crossdomain.xml with Flash player 9.0.115.0
Hi gurus,
I have just spent the best part of a day wading through the
new security features of Flash Player 9.0.115.0. I use flash.socket
library, so I have discovered that error message I've been getting
will get worse, ie., next version of the Flash Player may not even
connect. So I got the good oil from
here.
I have written a crossdomain.xml file that looks like this
(it's in the www root):
<?xml version="1.0"?>
<cross-domain-policy>
<site-control
permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="192.168.5.201"
to-ports="7700"/>
</cross-domain-policy>
Problem is that the flash player adds the follwing line to
the \Logs\policyFiles.txt it generates:
Warning: Domain 192.168.5.201 does not specify a meta-policy.
Applying default meta-policy 'all'. This configuration is
deprecated. See
http://www.adobe.com/go/strict_policy_files
to fix this problem.
From my reading I have specified a meta-policy with the line:
<site-control
permitted-cross-domain-policies="master-only"/>
So my question is why can't it find the meta-policy?kcell,
thanks for the reply. Actually you are a bit ahead of me. I
have a single web-server and I'm not actually trying to cross
domains! However, the security advice says (page 4 of the link I
gave in my original post)
"A URL policy file authorizes data loading from its own HTTP,
HTTPS, or FTP server, whereas a socket policy file authorizes
socket connections to its own host."
So because I'm using a socket connection I still need a
crossdomain.xml. For this sockect connection I am going to open up
port 843 (as Adobe recommends) on my web-server for this policy to
be loaded when calling flash.socket.connect(...).
However, that isn't actually my problem. What I've also done,
I think, is added a line to my crossdomain.xml file that will
define a meta-policy, to prevent clients from other domains
accessing my server (also recommended by Adobe). The line is:
<site-control
permitted-cross-domain-policies="master-only"/>, but I don't
think my SWF is reading the file because I get that error message:
Warning: Domain 192.168.5.201 does not specify a meta-policy.
Applying default meta-policy 'all'. This configuration is
deprecated. See
http://www.adobe.com/go/strict_policy_files
to fix this problem.
Sory about the excessive waffle! -
I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
Process exited with exit code 0.
Message was edited by: Oliver Steinmeier
Removed attachmentHi Jani,
Thanks for your reply.
I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command.
keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
Invoking
SecurityPolicyFeature[] securityFeature =
new SecurityPolicyFeature[] { new
SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
financialUtilService_Service = new FinancialUtilService_Service();
FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
// Get the request context to set the outgoing addressing properties
WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
WSEndpointReference replyTo =
new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
String uuid = "uuid:" + UUID.randomUUID();
wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY, "Welcome1");
wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
SEVERE: WSM-00057 The certificate, client, is not retrieved.
SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
SEVERE: WSM-00005 Error in sending the request.
SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:259)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
... 30 more
Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
... 32 more
SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
File upload failed
javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:259)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
... 19 more
Maybe you are looking for
-
BAPI_REQUISITION_CREATE: Err-No account assignment exists for service line
Hi Frnds, I am using bapi BAPI_REQUISITION_CREATE to create PR with mutiple Service line. I am getting an error message SE518 - No account assignment exists for service line 0000000000. Can anyone of you help me out to solve this issue? Thanks in adv
-
How do I get my songs from my Iphone back to my laptop after re-installing Itunes?
I had to reload my ITunes on my laptop and now I want to get songs from my phone back to my ITunes account.
-
Calc: How can I get absolute cell references in tables to work?
Hi, I'm new to Star Office, and have run into a problem in my first spreadsheet. I have a data table in my spreadsheet. Some cells in the table need to make calculations based on other cells in the table. When I sort the table, however, the cell refe
-
ESS portal: Hide additional info field in release working time screen
Hi, I need to know how can i hide 'additional info' field in the release working time screen? I know i would use personalization but don't know the way to do that.
-
Shared LDAP Address Book (again)
I've been reading some threads, including in the archives relating to sharing addresses - in particular http://discussions.apple.com/thread.jspa?messageID=661874 There's a walkthrough of setting this up by Aleksandor Nagy, followed by a post by Rober