How to implement 2-way SSL in OSB web services

Hi ,
I need to implement secured SSL communication in my OSB web services . For this I have used the self signed certificates in weblogic console and configured them .
I also enabled the https parameter in my proxy service but now when I am trying to open the proxy wsdl in browser it says unauthorised access.
Even in SOAP UI when I am trying to access it says "Error loading wsdl" .
Please help.

Hi,
Do you have created a Service Key provider and attached the same to proxy service.
Oracle Service Bus verifies that you have associated a service key provider with the proxy service and that the service key provider contains a key-pair binding that can be used as a digital signature.
Service Key Providers
Regards,
Abhinav

Similar Messages

OSB: Implementing 2 way ssl for a particular proxy

Hi All,
We have a requirement to implement 2 way ssl support for one of our OSB proxy and 1 way ssl support for all other proxies in our project.
we have enabled HTTS on OSB and configured 2-way ssl on weblogic server. It is working fine.
But the 2 way ssl configuration on weblogic server impacts all other proxy services deployed on that node. Because of weblogic configuration "Two Way Client Cert Behavior: Client Certs Requested and Enforced", the server expects all request to present the client certificate..
But our requirement is, Only 1 proxy service should enforce 2-way ssl, all other proxies should only support 1 -way ssl(server authentication).
Is there any way to implement our requirement?.
we want to configure weblogic with "Two Way Client Cert Behavior: Client Certs Requested but not and Enforced OR Client Certs NOT Requested" and then in the proxy service we want to enforce client certificate..
Is it possible to implement? If so can anyone help to explain the steps?
Thanks in advance
Edited by: user13109986 on Oct 24, 2012 9:30 AM

It is a domain wide setting. Can you not create a new domain? I do not think that you can handle it from web.xml. I have never seen such thing in web.xml.

I am having trouble Trouble implementing one-way SSL on WebLogic 9.2...

I am having trouble Trouble implementing one-way SSL on WebLogic 9.2. I am using Demo Identity and Demo Trust certificates with a SSL Listen Port Enabled on 7002, and a Two Way Client Cert Behavior of Client Certs Not Requested. I assume that by using Client Certs Not Requested that there is no need to install certificates on user's computers.
When weblogic is restarted, I get the following log telling me it works...
<Sep 11, 2012 9:35:16 AM PDT> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file E:\bea\WEBLOG~1\server\lib\DemoIdentity.jks.>
<Sep 11, 2012 9:35:17 AM PDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file E:\bea\WEBLOG~1\server\lib\DemoTrust.jks.>
<Sep 11, 2012 9:35:17 AM PDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file e:\bea\jdk150_12\jre\lib\security\cacerts.>
<Sep 11, 2012 9:35:17 AM PDT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.9.20.172:7000 for protocols iiop, t3, ldap, http.>
<Sep 11, 2012 9:35:17 AM PDT> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 10.9.20.172:7002 for protocols iiops, t3s, ldaps, https.>
However, when I open the console in https://server:7002/console, I get the following error in log file...
<Sep 11, 2012 9:43:45 AM PDT> <Warning> <Security> <BEA-090481> <NO_CERTIFICATE alert was received from x.y.z.com - 10.37.10.54. Verify the SSL configuration has a proper SSL certificate chain and private key specified.>
<Sep 11, 2012 9:43:45 AM PDT> <Warning> <Security> <BEA-090508> <Certificate chain received from x.y.z.com - 10.37.10.54 was incomplete.>
I do not understand why I am getting this error when I assume there is no need to install certificates on user's computers. Can't someone please explain what is going on? Thanks in advance.

<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
<name>nctcis</name>
<domain-version>9.2.3.0</domain-version>
<security-configuration>
<name>nctcis</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:name>DefaultAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:name>DefaultIdentityAsserter</sec:name>
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<anonymous-admin-lookup-enabled>true</anonymous-admin-lookup-enabled>
<credential-encrypted>{3DES}PyUkjWRp8JGpk75BYSbvQ6OWYgA9SZq2nj2IuENa2vxrMy835GMRZ+GGKhJiWapjt0mMC2ohcxxlIMNUZJUH2gCjbB5kQUmA</credential-encrypted>
<node-manager-username>system</node-manager-username>
<node-manager-password-encrypted>{3DES}KmaZDZGQC6spYVY12CbJGA==</node-manager-password-encrypted>
</security-configuration>
<jta>
<timeout-seconds>1800</timeout-seconds>
<abandon-timeout-seconds>3600</abandon-timeout-seconds>
<max-transactions>100000</max-transactions>
<max-resource-unavailable-millis>100000</max-resource-unavailable-millis>
</jta>
<log>
<name>nctcis</name>
<file-name>e:/netcracker/logs/wl-domain.log</file-name>
<file-min-size>5120</file-min-size>
</log>
<server>
<name>nctcisAdmin</name>
<ssl>
<enabled>true</enabled>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>false</hostname-verification-ignored>
<client-certificate-enforced>true</client-certificate-enforced>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<server-private-key-alias>tcisdevbpagov_cert</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>{3DES}T21dXO5l79SRI+xSmGOE+A==</server-private-key-pass-phrase-encrypted>
<use-server-certs>false</use-server-certs>
</ssl>
<log>
<name>nctcisAdmin</name>
<file-name>e:/netcracker/logs/weblogic.log</file-name>
<file-min-size>5120</file-min-size>
</log>
<listen-port>7000</listen-port>
<web-server>
<name>nctcisAdmin</name>
<web-server-log>
<name>nctcisAdmin</name>
<file-name>e:/netcracker/logs/access.log</file-name>
<file-min-size>5120</file-min-size>
</web-server-log>
</web-server>
<listen-address>tcis.dev.bpa.gov</listen-address>
<key-stores>DemoIdentityAndDemoTrust</key-stores>
<custom-identity-key-store-file-name>E:\bea\jdk150_12\bin\tcisdevbpagov_identity.jks</custom-identity-key-store-file-name>
<custom-identity-key-store-type>JKS</custom-identity-key-store-type>
<custom-identity-key-store-pass-phrase-encrypted>{3DES}T21dXO5l79SRI+xSmGOE+A==</custom-identity-key-store-pass-phrase-encrypted>
<custom-trust-key-store-file-name>E:\bea\jdk150_12\bin\tcisdevbpagov_trust.jks</custom-trust-key-store-file-name>
<custom-trust-key-store-type>JKS</custom-trust-key-store-type>
<custom-trust-key-store-pass-phrase-encrypted>{3DES}I++r0/FEMRGFrqF47pYZJA==</custom-trust-key-store-pass-phrase-encrypted>
</server>
<embedded-ldap>
<name>nctcis</name>
<credential-encrypted>{3DES}i51JYfmoGyFTxPjiCjjtXWwza1t13k56Ls7fmdqtKB0=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.2.3.0</configuration-version>
<app-deployment>
<name>NetCracker</name>
<target>nctcisAdmin</target>
<module-type>ear</module-type>
<source-path>applications\NetCracker</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</app-deployment>
<app-deployment>
<name>pictures</name>
<target>nctcisAdmin</target>
<module-type>war</module-type>
<source-path>e:\pictures</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</app-deployment>
<jms-server>
<name>NCJMSServer</name>
<target>nctcisAdmin</target>
<temporary-template-resource>NCJMSModule</temporary-template-resource>
<temporary-template-name>NetCrackerTemplate</temporary-template-name>
<message-buffer-size>100000</message-buffer-size>
</jms-server>
<self-tuning>
<max-threads-constraint>
<name>MaxThreadsConstraint</name>
<target>nctcisAdmin</target>
<count>40</count>
</max-threads-constraint>
<work-manager>
<name>default</name>
<target>nctcisAdmin</target>
<max-threads-constraint>MaxThreadsConstraint</max-threads-constraint>
<work-manager-shutdown-trigger>
<stuck-thread-count>1000</stuck-thread-count>
</work-manager-shutdown-trigger>
</work-manager>
</self-tuning>
<jms-system-resource>
<name>NCJMSModule</name>
<target>nctcisAdmin</target>
<sub-deployment>
<name>BEA_JMS_MODULE_SUBDEPLOYMENT_NCJMSServer</name>
<target>NCJMSServer</target>
</sub-deployment>
<descriptor-file-name>jms/ncjmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<admin-server-name>nctcisAdmin</admin-server-name>
<jdbc-system-resource>
<name>NetCrackerDataSource</name>
<target>nctcisAdmin</target>
<descriptor-file-name>jdbc/NetCrackerDataSource-5713-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>NetCrackerDataSourceNonTX</name>
<target>nctcisAdmin</target>
<descriptor-file-name>jdbc/NetCrackerDataSourceNonTX-6926-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain>
Edited by: user6904153 on Sep 12, 2012 6:57 AM

Implementing 2-way ssl

Hi i have configured the keystore as "Custom Identity and Custom Trust", given the key store names for both given the Identity alisa name under the 'SSL' tab, in 'Advanced' i am enforcing for client certificate. But when i start to access the application, i see the following error
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <Alert received from peer, notifying peer we received it: com.certicom.tls.record.alert.Alert@16a86fc>
####<04-Mar-2010 12:18:00 o'clock GMT> <Warning> <Security> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-090481> <NO_CERTIFICATE alert was received from ASST218297.uk.pri.o2.com - 172.17.247.10. Verify the SSL configuration has a proper SSL certificate chain and private key specified.>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <NO_CERTIFICATE received by peer, checking with TrustManager>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <validationCallback: validateErr = 0>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <Required peer certificates not supplied by peer>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecurityCertPath> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <CertPathTrustManagerUtils.certificateCallback: certPathValStype = 0>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecurityCertPath> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <CertPathTrustManagerUtils.certificateCallback: validateErr = 4>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecurityCertPath> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <CertPathTrustManagerUtils.certificateCallback: returning false because of built-in SSL validation errors>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <weblogic user specified trustmanager validation status 4>
####<04-Mar-2010 12:18:00 o'clock GMT> <Warning> <Security> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-090508> <Certificate chain received from ASST218297.uk.pri.o2.com - 172.17.247.10 was incomplete.>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <Validation error = 4>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <Certificate chain is incomplete>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <User defined JSSE trustmanagers not allowed to override>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <SSLTrustValidator returns: 68>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <Trust failure (68): CERT_CHAIN_INCOMPLETE>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <NO_CERTIFICATE received by peer, not trusted, sending HANDSHAKE_FAILURE to peer>
####<04-Mar-2010 12:18:00 o'clock GMT> <Debug> <SecuritySSL> <ASST218297> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267705080783> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
java.lang.Exception: New alert stack
     at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
     at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
     at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
     at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
     at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
any replies please....

Hi,
thanks, actually while searching in the net, i found a blog where there were a few steps for implementing 2-way SSL in weblogic.
http://huyplus.blogspot.com/2010/02/2-way-ssl-with-weblogic-server-103.html?showComment=1267793234806_AIe9_BGsO6q6ENB4YZWtQyX53CzpN8TWcSn08RqNv6z8W3V7NRI3Qlcf4NuEM35O1niTSsYXd4rxjfUT63J2XFXOHjY8W56_sC-E3MGydylLHxDivVEjR0pQnSPv_Tx7CXOqT64AGNhhs06MEM9CBhpOtHcUHwvQMPtPeDAAJcwP1I9TzEIGNzNEQlWn9INrvLzP9_RAYESO3Wcxbl6b9eRgZt_jktfllVbxcvztIV3zoeQ8XlqgpN4S7Z82yCbUS1E7lFl46FZK#c8740869862805814451
fortunately, this is working, i mean the server is working as expected, but in the console, it says that the certificate chain is incomplete....
Anyways thanks for the links and suggestions...
if possible could you please provide me some reference for resolving this issue.
Thanks again
Sharma

How to implement 3 way handshake in TCP protocol

I am a newbie to socket programming. Can any one suggest me how to implement 3 way handshake?

Java comes with java.net including Socket and ServerSocket. On the Java level you use this higher-level API (or even URLConnection or HttpURLConnection) and do not have to worry about the TCP handshake. You have no access to that low level either.

How to Implement Sort, Filter funtinality in Normal web dynpro ABAP Table

Hello,
How to Implement Sort, Filter funtinality in Normal web dynpro ABAP Table ?
Thanks

hi,
Check out this link for sorting in Table.
Sorting option in WebDynPro ABAP UI Table
steps to follow :
->Have the data in internal table (itab).
->Now use sort command for the particular column which ever you want to sort.
e.g sort itab descending by <Column>.
->Now you can bind the internal table with the Context Node which is binded to Table.
I hope it helps.
Thanx.

How to keep multiple function modules under one Web service

Hi Experts,
I have Three RFC function modules and i need to create one web service for these three RFC function modules. I know How to crearte a web service for one function module.
please suggest me How to keep multiple function modules under one Web service.
Thanks in advance
Lakshminarayana

Hi Lakshmi,
The best way to do it is to assign all the three RFC Enabled FM's to one function group. Later on the top menu in Utilities you get an option to Create a Webservice from a Function Group.
You can create one single Webservice using all the the 3 FM's.
I hope this helps.
Thanks,
Manu

SSL certificates and Web Services Usage inside Oracle Database Questions!

We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
Service1 is already working, and we can call the service from PL/SQL without troubles.
However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
     - SSL Certificates:
1- Can installed certificates in the Database put in risk the stability of the database?
          2- Can installed certificates in the Database generate performance issues?
          3- Can installed certificates reloading the Databases?
          2- Can installed certificates in the Database generate security issues?
     - Web services:
1- Can web services calling from the Database put in risk the stability of the database?
2- Can web services calling from the Database generate performance issues?
3- Can web services calling from the Database generate security issues in the DMZ?
Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
Those are the links describing the procedure mentioned above.
1 -http://www.kotti.es/2009/11/oracle-wallet/
DB: Oracle 9i.
Average number of lines in file: 300
Periodicity: Twice at day.

Thiago:
You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
Regards,
Jason

HTTP connection from OSB web service to external system via a Proxy Server

Dear experts,
May I know has anyone tried to use HTTP protocol to send a request from OSB web service to external system via a proxy server? Heard that we need to establish some sort of tunnel (socket) to talk to Proxy Server. Can you please any have sample code or configuration steps to share?
Thank you very much!!

http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/consolehelp/global_resources.html#wp1137294
Adding Proxy Servers
Use the Summary of Proxy Servers page to add and configure Proxy Server resources and make them available in Oracle Service Bus as a system resource. You must be in an active session to configure or reconfigure Proxy Server resources.
1. If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Using the Change Center.
2. Select System Administration > Proxy Servers.
3. Click Add.
4. In the Name field, enter a name for the Proxy Server resource. This is a required field.
5. In the Description field, enter a short description for the Proxy Server resource.
6. In the Host-Port Parameters section, enter the following information:
1. In the Server Host field, enter the host name or IP address of the Proxy Server. This is a required field.
The Server Host name for the Oracle Service Bus proxy server must be identical to the server host name of the actual proxy server.
2. In the Clear Text Port field, enter the Proxy Server clear-text port number.
3. In the SSL Port field, enter the Proxy Server SSL port number. You must enter either a clear text or SSL port number.
4. Click Add.
You can configure multiple Proxy Servers for each Proxy Server resource. This enables Oracle Service Bus to perform load balancing and offer fault tolerance features for the Proxy Server resource.
7. If the Proxy Server performs proxy authentication, enter a user name in the User Name field, and the associated password in the Password and Confirm Password fields.
These fields are optional, and required only if the Proxy Server is secured.
8. Click Save to create and save the Proxy Server resource in the current session.
9. To end the session and deploy the configuration to the run time, click Activate under Change Center.

How to use a cascading LOV as a Web Services Consumer?

How to use a cascading LOV as a Web Services Consumer?
We are trying to populate a prompt programmatically.
Our program is a Web Services Consumer.
As an example we use Island Resorts Marketing
The cascading LOV for City is
Country -> Region -> City
The City object is key-aware to the customer table
The query is
Customer | Revenue
(where) City = [prompt]
In order to make the key-awareness work, we must select the value (rowIndex) from the LOV
When we run our program below, the LOV for City is not populated, as expected since we must first select the Country, then the Region.
The code snippet below shows that the LOV for Country is populated. We have no idea how to go from there.
Any hint will be immensely appreciated.
Let us know if anything is unclear in the code.
Source
RetrieveMustFillInfo retrieveMustFillInfo = RetrieveMustFillInfo.Factory.newInstance();
        RetrievePromptsInfo retrievePromptInfo = RetrievePromptsInfo.Factory.newInstance();
        retrievePromptInfo.setPromptLOVRetrievalMode(PromptLOVRetrievalMode.ALL);
        retrievePromptInfo.setRefreshReturnedLOVs(true);
        retrievePromptInfo.setReturnLOVOnMustFillPrompts(true);
        retrieveMustFillInfo.setRetrievePromptsInfo(retrievePromptInfo);
        // *-- need the "Refresh" action to get the .promptToBeFilled
        Action[] boActions = new Action[1];
        boActions[0] = Refresh.Factory.newInstance();
        try {
            documentInformation = reportEngine.getDocumentInformation(Integer.toString(infoObject.getID()), retrieveMustFillInfo, boActions, null, null);
            m_Token = documentInformation.getDocumentReference();
        } catch (Exception ex) {
            System.out.println(GetWSError(ex));
            return;
        if (documentInformation.getMustFillPrompts()) {
            PromptInfo[] promptInfoS = documentInformation.getPromptInfoArray();
            for (PromptInfo promptInfo : promptInfoS) {
                System.out.println(String.format("Prompt '%1$s', hasLOV=%2$s", promptInfo.getName(), (promptInfo.getHasLOV() ? "Yes" : "No")));
                if (promptInfo.getHasLOV()) {
                    LOV boLOV = promptInfo.getLOV();
                    for (Value boLOVValue : boLOV.getValuesArray()) {
                        System.out.println(String.format(" LOV item '%1$s' RowIndex=%2$s", boLOVValue.getColumnsArray(0), (boLOV.getRowIndexed() ? boLOVValue.getRowIndex() : "")));
                System.out.println("--End LOV");
                PromptInfo[] promptInfoS2 = promptInfo.getPromptToBeFilledArray();
                if (promptInfoS2.length > 0) {
                    PromptInfo promptInfo2 = promptInfoS2[0];
                    System.out.println(String.format(" linked to %1$s", promptInfo2.getName()));
                    if (promptInfo2.getHasLOV()) {
                        LOV boLOV2 = promptInfo2.getLOV();
                        for (Value boLOVValue : boLOV2.getValuesArray()) {
                            System.out.println(String.format(" LOV item '%1$s' RowIndex=%2$s", boLOVValue.getColumnsArray(0), (boLOV2.getRowIndexed() ? boLOVValue.getRowIndex() : "")));
                        System.out.println("--End LOV");
Result
Prompt 'Enter value(s) for City:', hasLOV=Yes
--End LOV
linked to Enter value for Country of origin
LOV item 'Australia' RowIndex=6
LOV item 'France' RowIndex=2
LOV item 'Germany' RowIndex=4
LOV item 'Holland' RowIndex=7
LOV item 'Japan' RowIndex=5
LOV item 'UK' RowIndex=3
LOV item 'US' RowIndex=1
--End LOV

Hi,
Refer SAP Note 1278947. You would require a Service Market Place logon to access this article.
Let me know if this helps.
Regards,
Shreyans Surana

How to save my photo library in a web service.

Hello:
In first place sorry for my poor english...
I would like to know how to secure my photo library in a web service. I have 100gb free with my internet provider and i would like to use it. The problem is that i don´t know wich is the folder that i have to duplicate in the web and where to find it.
I´ve been looking in the apple help services but i only find help for mobile me or time machine.
Thanks in advance...

If you want to back up your Library to the Web then you need to back up the iPhoto Library in your Pictures Folder.
However, many people complain that it can take days for the upload - and in the event of a problem - download to restore.
Regards
TD

How to disable query-string evaluation in OSB proxy service?

OSB 10.3 proxy service evaluates the query String ?WSDL (are there more such parameters?). Usually the assigned WSDL will be returned this way.
I want to use OSB as simple HTTP-proxy. There is no WSDL assigned. The proxy service should simply pass all parameters to the request pipeline. This works fine for parameters in general but not for WSDL. This produces the exception below.
Does anyone have an idea how to disable this query string evaluation within OSB proxy service?
Thanks
Daniel
<25.11.2009 15:43 Uhr MEZ> <Error> <WliSbTransports> <BEA-381304> <Exception in HttpTransportServlet.service: java.io.IOException: This service is not associated to a wsdl
java.io.IOException: This service is not associated to a wsdl
at com.bea.wli.sb.transports.http.ResourceRequestProcessor.securedInvoke(ResourceRequestProcessor.java:108)
at com.bea.wli.sb.transports.http.ResourceRequestProcessor.process(ResourceRequestProcessor.java:61)
at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper.handleMetadataRequest(HttpTransportServlet.java:314)
at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper.service(HttpTransportServlet.java:215)
at com.bea.wli.sb.transports.http.HttpTransportServlet.service(HttpTransportServlet.java:133)
at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3498)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

Daniel,
http://hostServer/contextpath?WSDL is common way of retrieving WSDL for service whcih supports one. The case you are suggesting is if the service does not have any wsdl associated, then it is good practice that caller be notified appropriately which is being done by OSB. OSB is indicating that the service for which we have used ?wsdl has no wsdl associated.
I guess there is no way we can disable this feature for un-typed OSB services (services which doesn't have wsdl associated). Any reason why would we don't want exception when '?wsdl' is used?
Manoj

How to control transactions (WS-AT) between two web services in OSB?

Could someone tell me if the OSB can have 2 diferents web services controlled by an unique transaction?
For instance: in the OSB there are two wsdl, each one with its own Business Service and ProxyService respectively. In my vb.net aplication I started a transaction, called the first web service succefully and from the second web service I got an exception. I expected the first web service undo its work because the vb.net aplication excute a rollback command. Is this possible? How can I do? Any sample or tip will be helpfull.
If I was developing without OSB, I would rely on WS-AT as shown in http://www.codeproject.com/Articles/38793/6-Steps-to-Enable-Transactions-in-WCF for two web services dot net, or for one web service dot net and other java, http://www.ibm.com/developerworks/websphere/library/techarticles/0707_lo/0707_lo.html.
My question is basically: Is still possible to keep a single transaction between multiple web services when they are mediated by OSB? If so, is there a example showing how?

Hi,
When you create the proxy server, you have to check "Transaction required" box on Message Handling page...
http://docs.oracle.com/cd/E17904_01/doc.1111/e15867/proxy_services.htm#i1316487
Cheers,
Vlad

How to configure CA for access to a Web Service from an app deployed in WL

Hi everyone.
I have an app deployed in a WLS (10.3). This app acts like a web service client and works correctly (spring + cxf). The web service is provided by an external company and now they want to switch to https. They are using a self signed certificate. My company's support staff told me that they already configured the domain's trusted key store but the app fails to invoke the WS with the following error:
2010/12/03 13:06:12.314 [ERROR] [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] [ar.com.link.gp.services.impl.WebserviceConfirmacionServiceImpl - 55] - Error - informarPagos
javax.xml.ws.WebServiceException: Could not send Message.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
at $Proxy549.confirmaPago(Unknown Source)
at ar.com.link.gp.services.impl.WebServiceClientServiceImpl.confirmaPago(WebServiceClientServiceImpl.java:103)
at ar.com.link.gp.services.impl.WebServiceClientServiceSinConceptoDecorator.confirmaPago(WebServiceClientServiceSinConceptoDecorator.java:33)
at ar.com.link.gp.services.impl.WebserviceConfirmacionServiceImpl.informarPagos(WebserviceConfirmacionServiceImpl.java:50)
at ar.com.link.gp.services.impl.ConfirmacionServiceImpl.procesarConfirmaciones(ConfirmacionServiceImpl.java:132)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at ar.com.link.logging.interceptor.LoggingInterceptor.invoke(LoggingInterceptor.java:74)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy514.procesarConfirmaciones(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.util.MethodInvoker.invoke(MethodInvoker.java:276)
at org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean$MethodInvokingJob.executeInternal(MethodInvokingJobDetailFactoryBean.java:260)
at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1239)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1251)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:43)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:238)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1951)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1903)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1969)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:637)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:483)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:309)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:261)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 25 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getSession(SSLSocketImpl.java:1830)
at weblogic.net.http.HttpsClient.getSSLSession(HttpsClient.java:537)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:257)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:237)
... 41 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 51 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 57 more
I'm the app's developer and I don't have experience in this subjects. Is the wl misconfigured? Should I do something from the app to reference the keystore?
Thanks un advance.
Sorry for my english.

Hi user10939158, thank you for your response. Maybe I was not precise in my previous post. I know how certificates work and that I should not be using self signed ones. Due to a reason (non technical) we MUST use a self signed certificates. Considering this as a prerequisite let me clarify my situation:
- We added the certificate to the custom trust store connfigured in WL
- We configure the managed server to be more "verbose" about SSL stuff
- When the managed server start it outputs the following lines in the log:
<Dec 13, 2010 5:31:21 PM ARST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file /wldomains/desa_domain/TrustCTWebservices.jks.>
<Dec 13, 2010 5:31:21 PM ARST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 1 trusted CAs from /wldomains/desa_domain/TrustCTWebservices.jks>
<Dec 13, 2010 5:31:21 PM ARST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=jserver, OU=SWG, O=IBM, C=US; Issuer: CN=jserver, OU=SWG, O=IBM, C=US>
- In this lines we can see the certificate that interests us (jserver)
- When the app do a WS reqeust we see in the log:
<Dec 13, 2010 5:32:43 PM ARST> <Notice> <Stdout> <BEA-000000> <trustStore is: /opt/bea/jrockit_160_05/jre/lib/security/cacerts> (THE VM's DEFAULT KEYSTORE!!!!!!)
- If we add the cert to /opt/bea/jrockit_160_05/jre/lib/security/cacerts everything works ok but I have doubts that this is right.
Why the default keystore is used?
Thank you very much
Regards

How to see http response from an axis web service call (Eclipse)

Hello,
I would like to see the raw http response which is returned from web service calls. I have a dynamic web project in Eclipse which uses a local instance of Tomcat 6. I'm using all of the default setting for a top-down web service generated from a WSDL file. I've generated the client using the built-in "generate client" using default settings.
I've tried using the Eclipse plugin TCP/IP monitor and apache's TCPMON, but I am only able to see the http request, not the http response returned from the web server I am querying.
I've seen some sparse documentation outlining how to use logging handlers and a client-config.wsdd file, but I haven't been able to get that working.
So to recap, I'm looking for a way to view raw http responses using a web service client and server generated from a WSDL file in eclipse. I don't mind creating a new project using different code-generating libraries if someone has an easy way to do this using a different configuration.
Thanks very much,
Craig

908794 wrote:
Hello,
I would like to see the raw http response which is returned from web service calls.Why the HTTP response? Isn't the soap message body enough? If it is, you probably want to check out SoapUI.
A simple google query for "apache axis2 http response" also return this article:
http://blogs.cocoondev.org/dims/archives/004668.html
And finally, you did go through the Axis2 website right? It has a wiki with a rather staggering amount of articles in there.
http://wiki.apache.org/ws/FrontPage/Axis2/

How to implement 2-way SSL in OSB web services

Similar Messages

Maybe you are looking for