How to make my Portal Web Service SECURED?

Similar Messages

• Web Service security is not set up on this component

  Hi Friends,
  In RWB, when I click on component monitoring->Integration Engine, I got "Web Service security is not set up on this component"
  I want to send message using soap adapter by encrypting and signing it. for this purpose I need to configure the Web Service Security.
  Can someone please provide some documentation or link on how to set up this Web Service Security?
  thankx

  Hi,
  there is a chapter - Security Configuration at Message Level
  in XI config guide which specifies everything you need - this is what you need
  so I hope no further explanations are necessary
  Regards,
  Michal Krawczyk

• Java Web Services Security with 10.1.2.1

  I have developed a Java Web Service with J Developer 10.1.2.1 which was deployed onto Oracle 10.1.2.1 application server. Now I have to implement Security for this Web Service (similar to ws-security etc.,), how I can achieve Security with 10.1.2.1?
  J Developer 10.1.3.1 seems to have the feature to implement Web Service Security, but a Java Web Service developed using J Developer 10 .1.3.1 with security enabled cannot be deployed onto Oracle 10.1.2.1 application server.
  Please help as how I can implement Java Web Service Security with 10.1.2.1?
  Email: [email protected]
  Thanks for the help in advance.

  You can use Oracle Web Services Manager to virtualize the end point and still implement WS-Security.
  Thanks
  Ram

• How can we make a external web service call within tjspSelfRegistrationTile

  Hello Gurus,
  Can anybody tell me how can we include a JAVA code within the tjspSelfRegistrationTiles.jsp page? so that we can make a external web service call which includes the logic of validating the UDF values?
  The requirement is to validate the value of a field provided by the user on the OIM self registration page. If the user has provided invalid value for that particular field then the user should not be able to register himself - an error message should be displayed. I have to compare the value provided by the user with some already hard coded ones within the JAVA code. If the value of the field is one of the hard-coded ones then only the user should be able to register himself.
  Any Response/ideas/concepts truly appreciated.
  TIA,
  - oidm.

  Have you ever tried something like this?
  1) Create an error message definition where error code starts with Adapter. for example, ADAPTER.Invalid_TemporaryAccess_Dates.
  2) Create an entity adapter and assigns it to the Request object, pre-insert;
  3) Logic of your adapter
  Tests if the REQ_OBJ_ACTION is Create Entity
  Performs your validations
  Handles an error the validation is not ok
  Thanks,
  Renato.

• Concurrent access to portal web service

  We have developed a Portal Web Service, which has Web methods that return array of Objects. The Web methods uses ArrayList as DataStructure. When we try to access the Web Service concurrently, we get incorrect data (unpredictable) for the same Web method. The outcome  can be result of ArrayList not being Thread-Safe. Is there some other reason for the web method to behave in this manner? Is there some setting/property which can be set in the portalapp.xml, at the Application level or service level, to make Web application use different instances of ArrayList for seperate Web calls?
  Thanks in advance
  Regards,
  Kalpesh

  Hi,
  I think Portal Web Services use JAX-RPC API Which does not directly support ArrayList.Just do a check up on that.
  If that is indeed the case,then refer to
  http://java.sun.com/j2ee/1.4/docs/tutorial/doc/JAXRPC4.html
  How ever you can use enterprise beans for encapsulating data
  Please refer to the below links:
  http://publib.boulder.ibm.com/infocenter/wsdoc400/index.jsp?topic=/com.ibm.websphere.iseries.doc/info/ae/ae/cwbs_jaxrpc.html
  Regards,
  Harish
  (Please award points for helpful answers).

• ADOBE + Web Services Security

  Hello
  I am trying to follow the Adobe Document Service Configuration Guide.
  In "Setting Up Basic Authentication in a Java Environment"
  I am supposed to go to the Visual administratotr -> services -> web services Security - > Runtime  to see the config files. Unfortunately, this Runtime tab is empty!!!
  I would appreciate it if assistance could be provided as to how to set this RT environment.
  Thanks
  yuval

  Hi Yuval,
  Make sure that the service tcsecwssec~service is running.
  To do this. Logon to Visual Admin
  Server>Services>Deploy->Runtime Tab> Server>webservices_container->sap.com/tcsecwssec~app.
  Stop and Start the application.
  Then check if you are getting the desired entries in the Runtime Tab of web services security.
  If need be restart your server.
  Hope this helps.

• How to make an user into Service authenticated user like cmadmin_service

  Hi All,
  I am trying to fetch the list of documents, properties, log on/logoff functionality with an iUser  ex: epuser, through java code.
  The list of docs are presented in the Documents Folder with teh following sample code
               |
  RID rid = RID.getRID("/documents");
  String userName = "epuser";
  IUserFactory userFactory = UMFactory.getUserFactory();
  com.sap.security.api.IUser userNew;
  userNew = userFactory.getUser(userName);
  com.sapportals.portal.security.usermanagement.IUser user = WPUMFactory.getUserFactory().getEP5User(userNew);
  ctx.setUser(user);
  IResource res = null;
  res = ResourceFactory.getInstance().getResource(rid, ctx);
  wnen i am trying to fetch all the docs and the corresponding properties by passing " cmadmin_service " as an user name. i am getting the right results. But when i tried with "epuser " i am getting the output as Service Authentication value false.
  Then i added epuser in the System Principal--->System User. still i am not getting the right results.
  plz help me how to make this epuser as service authenticated user like cmadmin_service user

  Hi phani,
  I have no direct solution but you should check the service permissions of the resources you are trying to fetch. The exception sounds like there is the problem. Go to the Details of the CM-Resource and Select Settings-->Service Permissions.
  Does the epuser has the necessary permissions for your operations?
  Another thing is the way you are creating users:
  The WPUMFactory has a special factory-method for creating service users. Perhaps this is a better aproach:
  WPUMFactory.getServiceUserFactory().getServiceUser(user);
  Best regards,
  Stefan Brauneis

• How to expose a SOAP web service from HCP

  Hello All,
  Currently I am trying to create a SOAP web service within a HCP Java application to allow backend systems to consume data stored in HCP.
  This is the planned scenario:
  1. Create data in HCP - therefor I am using JPA and a oData Model.
  2. Backend uses web service to consume data from HCP - with this point I do have some problems.. I do want to create a SOAP web service in order to achieve this.
  Is there an easy way to create a SOAP web service in HCP? There are many tutorials in the internet of how to create a SOAP web service in 20 sec´s, but non of these helped me. I do was able to consume a SOAP web service in HCP coming from the ByD, but the other way around seems pretty complicated...
  Can I make use of the Eclipse functions to create a web service? (New --> Other... --> Web Services --> Web Service and than choose the Button up Java bean Web Service type)
  Have any of you some coding snippets that would probably help me out?
  I have unsuccessfully tried to use the @WebService, @SOAPBinding, @WebMethod notation in my java classes...
  Thank you,
  Swen

  Hello Nedelcho,
  Yes. All the required jar files are in the lib directory.
  Currently I am able to create a web service locally.
  But when I deploy that to the cloud server my JPA service is not working any more.
  Receiving the following error message:
  <?xml version='1.0' encoding='UTF-8'?><error xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><code/><message xml:lang="en">javax.naming.NamingException: Error while attempting to resolve reference [Root exception is javax.naming.NamingException: Cannot create resource  object instance due to exception in the object factory [Root exception is javax.naming.NamingException: Data source 'jdbc/DefaultDB' not available.]]</message></error>
  The web.xml contains the following:
  Any advice?
  Best regards,
  Swen

• Web Service Security Question

  I have created a web service in the NetWeaver portal using a Portal Service.  I have marked the service as requiring basic http authentication.  However, when I call the web service from the Enterprise Portal Web Services Checker in NWDS it just let's me supply the params of the web service and no authentication.  Any ideas?
  I also noticed that my web service does not appear under the Web Services Container or Web Services Security section in Visual Administrator.  Anybody have any idea why this is?
  Thanks in advance.
  Curtis

  Hi Curtis,
  My guess is that since you are logged into the Portal while calling this web service, it will use the current session cookie to authenticate automatically. I'm not sure on the second question, tried a restart?
  Regards,
  Raj

• How to call an external web service from OIM?

  Hi,
  I have a question on how to call an external web service from OIM within e.g. creating user process? How should it be done; through adapter and task in the process?
  Any recomendations?
  Thanks in advance!

  it is not clear to me if you are having problems with calling java code from OIM or if the problem is the web service API.
  Lets do some divide and conquer:
  Can you create a simple java class that just writes a couple of lines to the log? Please attach this code to the OIM task and make sure it runs.
  Once this works we can start looking at the web service call.
  Best regards
  /Martin

• How can I invoke the web service manually in websphere?

  Hi
  I've developed a webservice application using Rational Application Developer (RAD). I deployed it in a websphere 6.1 application server, using the administration console to import the war file that I had previously exported with RAD.
  My webservice application is listed in the "Enterprise Applications" section of websphere's administration console as started.
  My question is: how can I invoke the web service manually? Is there some kind of websphere generated webpage that I can use to call it manually?
  I tried http://<server:port>/<contextroot> and http://<server:port>/<contextroot>/<servicename> in a webbrowser, but it doesn't work. Is it possible to invoke the web service manually, or do I need to develop a client?
  Thanks in advance
  Pedro

  Hi Bo Wang,
      Go to the Portal -> System Administration -> System Configuration
                             -> Portal Content folder
                             -> Open Visual Composer folder
      There you can see the Webservice Systems you have created through VC.
  You can delete the unwanted system here.
  Regards,
  Shemim

• Is Web service security available?

  Dear Experts,
      In RWB, when i click on Integration Engine(in component monitoring) i get a yellow triangle next to it instead of green. Result of self test says that
  Is Web service security available?
  "Communication error Proxy calls are not permitted on sender or receiver side on the IS (client)".
  Can u guys tell me the reason behing this.
  Thanks & regards.

  Hi,
  Check if you have selected any security level for the WebService or may be it is across the firewall. Probably you need to install the related certificates and have to configure the SSL layer.
  refer
  You need to setup SSL layer for HTTPS endpoint.
  Possible HTTP security levels are (in ascending order):
  HTTP without SSL
  HTTP with SSL (= HTTPS), but without client authentication
  HTTP with SSL (= HTTPS) and with client authentication
  Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
  General guide
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
  Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Thanks
  Swarup

• Web Service Security not configured on this component.

  Hi Experts,
                         Before configuring the scenario, i went to RWB to check whether the comopnents are in active mode or not.
                                Integration Engine XID 
                                Business Process Engine XID 
                                Mapping Runtime XID 
                                Adapter Engine XID 
                                Integration Engines
                        All components are in Green mode  Except Integration Engine, The Integration is in yellow mode
                         and shows the following details.
                       Details for 'Is Web service security available?'
                         Web Service Security not configured on this component.
  Can you give the solution for this.

  Hi,
                    1, While sending idoc from sapR/3 to PI , in r/3 sm58 shows the foll error:
  "No service for system SAPQA,client 200 in integration directory"*
                             Even the Bussiness sytem pointing R/3.
  From your initial post, it appears that you are using XID system and from above error, I believe you are trying to send the IDoc from QA system. R3 dev will communicate to PI dev, so verify the partner profile and ports in your IDoc Header settings.
                       2, When i execute the tcode sm58 in PI   it shows the following error:
                                 "Syntax error in program SAPLSXI_AC_CACHE _REFERESH"
  I am kinda confused how come sm58 tcode can show an error for this program, as sm58 is for checking the transactional RFCs and  SAPLSXI_AC_CACHE_REFERESH is for XI Cache refresh for Alert Category. Might be some one else can explain this.
                       3, WHEN I EXECUTE THE tcode SXI_CACHE
                                           Under the *STATUS OF RUNTIME CACHE
                                                         Unable to refresh cache contents
                                                         Error during last attempt toreferesh cache
                                                           (red colour triangle leading above both)
  Check this SAP Note 764176, might help in your situation.
  Worth reading - http://help.sap.com/saphelp_nw04/helpdata/en/0d/28e1c20a9d374cbb71875c5f89093b/frameset.htm
                      4, Still there is no messages in Message monitoring.
  Obviously because of error # 1, you are unable to send IDocs, how come you expect messages to reach PI ... strange, isn't it
  Hope this helps.
  Regards,
  Neetesh

• SOAP Request with Web Service Security

  Hi masters of XI,
  the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
  I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  How can we send UserNameToken's elements inside SOAP web service envelope
  signing with X.509 certificate also? There are any way to do it in the
  receiver agreement or receiver SOAP adapter?
  thanks.

  Hi,
  thank you very much for your answers.
  I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
  This is my Request:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>     
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>
  And this is the request I need:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>
  <!-- THIS IS THE PART I NEED -->
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
          <wsse:Username>xxxxxxx</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
        </wsse:UsernameToken>
  <!--  -->
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>

• Web Service Security username token...

  Hi All,
  I am presently trying to build in security authentication into my web service using the username-token and the verify-username-token tokens.
  My WS_stub.xml on the proxy side looks like the following:-
  other tokens
  <security>
  <inbound/>
  <outbound>
  <username-token name="NAME" password="PASS" password-type="DIGEST" add-nonce="true" add-created="true"/>
  </outbound>
  </security>
  other tokens
  and my oracle-webservices.xml on hte web service side looks like the following:-
  other tokens
  <security>
  <inbound>
  <verify-username-token name="NAME" password="PASS" password-type="DIGEST"
  require-nonce="true"
  require-created="true"/>
  </inbound>
  <outbound/>
  </security>
  other tokens
  I have set the javacache.xml for the embedded OC4J location as follows:-
  </persistence>
  <max-objects>1000</max-objects>
  <max-size>48</max-size>
  <clean-interval>60</clean-interval>
  </cache-configuration>
  When I run the web service followed by the proxy I get the following error at the proxy side.
  javax.xml.rpc.soap.SOAPFaultException: Policy requires DIGEST passwords
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:60)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:47)
  Also it gives exceptions with repect to nonces such as "Policy requires nonce". Please could someone tell me how to setup an nonce in the xml files above and how to use nonce in web services?
  Regards,
  Lester.

  Hi All,
  Presently I am trying to set the security for my web service and am receiving the following error when doing so at the proxy side:-
  oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createSoapFaultException(InterceptorChainImpl.java:338)
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleException(InterceptorChainImpl.java:256)
       at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:128)
       at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
       at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:699)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
       at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:62)
       at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:49)
  Process exited with exit code 0.
  My WS_Stub.xml file under runtime of the proxy project looks as follows:-
  <?xml version="1.0" encoding="UTF-8"?>
  <oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
  <webservice-client>
  <service-qname namespaceURI="http://trailerinfo/" localpart="TrailerWS"/>
  <port-info>
  <wsdl-port namespaceURI="http://trailerinfo/" localpart="TrailerWSSoapHttpPort"/>
  <runtime enabled="security">
  <security>
  <key-store name="mytestkeystore" store-pass="mytestkeystore" path="C:\Temp\mytestkeystore.jks"/>
  <signature-key key-pass="sampwd" alias="sam"/>
  <encryption-key key-pass="davepwd" alias="dave"/>
  <inbound>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key alias="dave"/>
  <encryption-method>3DES</encryption-method>
  <keytransport-method>RSA-1_5</keytransport-method>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name='addtrailerinfo'>
  <runtime>
  <security>
  <inbound/>
  <outbound>
  <username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key alias="test"/>
  <encryption-method>3DES</encryption-method>
  <keytransport-method>RSA-1_5</keytransport-method>
  <tbe-elements>
  <tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  </operation>
  </operations>
  </port-info>
  </webservice-client>
  </oracle-webservice-clients>
  My oracle-webservices.xml file looks like the following:-
  <oracle-webservices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/oracle-webservices-10_0.xsd">
  <webservice-description name="TrailerWS">
  <port-component name="TrailerWSSoapHttpPort">
  <runtime enabled="security">
  <security>
  <key-store name="mytestkeystore" store-pass="mytestkeystore"
  path="META-INF/mytestkeystore.jks"/>
  <signature-key key-pass="sampwd" alias="sam"/>
  <encryption-key key-pass="davepwd" alias="dave"/>
  <inbound>
  <verify-username-token password-type="PLAINTEXT"
  require-nonce="false"
  require-created="true"/>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound>
  <signature>
  <signature-method>RSA-SHA1</signature-method>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <add-timestamp created="true" expiry="28800"/>
  </signature>
  <encrypt>
  <recipient-key key-pass="" alias="dave"/>
  <encryption-method>3DES</encryption-method>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbe-elements>
  </encrypt>
  </outbound>
  </security>
  </runtime>
  <operations>
  <operation name="addtrailerinfo"
  input="{http://trailerinfo/}addtrailerinfoElement">
  <runtime>
  <security>
  <inbound>
  <verify-username-token require-nonce="false"
  require-created="true"
  password-type="PLAINTEXT"/>
  <verify-signature>
  <signature-methods>
  <signature-method>DSA-SHA1</signature-method>
  <signature-method>RSA-MD5</signature-method>
  <signature-method>RSA-SHA1</signature-method>
  </signature-methods>
  <tbs-elements>
  <tbs-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbs-elements>
  <verify-timestamp created="true" expiry="28800"/>
  </verify-signature>
  <decrypt>
  <encryption-methods>
  <encryption-method>AES-128</encryption-method>
  <encryption-method>AES-256</encryption-method>
  <encryption-method>3DES</encryption-method>
  </encryption-methods>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"
  mode="CONTENT"/>
  </tbe-elements>
  </decrypt>
  </inbound>
  <outbound/>
  </security>
  </runtime>
  </operation>
  </operations>
  </port-component>
  </webservice-description>
  </oracle-webservices>
  I checked this exception out at hte following link
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html#keystore
  which lists hte instructions to secure a web service. The trouble shooting section lists this exception and says it might be due to a timestamp created flag being set to false. However I have made sure that both the client and service side xml files above have this set to true and are matching.
  However I am still not able to eliminate this error. Please could someone help me out? This is urgent.
  Regards,
  Lester.