How to secure webservice in weblogic server?

Hi,
How many ways to secure a webservice in weblogic server? and what is the purpose of SSL ?

How to run JSP and EJB program using weblogic server

Similar Messages

  • How to use security roles in Weblogic server?

    Hello Gurus,
    I am new to Weblogic server and I am trying to investigate how to make
    use of security roles in weblogic server (5.1.0). Can anyone point me
    to some documentation. Specifically, I am looking for instance level,
    and method level security and how to use it.
    Thanks for taking your time to read this e-mail.
    Thank You all in advance,
    Hari.

    You should read the security information in the Servlet 2.2 specification
    that WL 5.1 implements:
    http://java.sun.com/products/servlet/download.html
    Chapter 11 deals with declarative and programmatic security, and includes a
    section on roles:
    11.4 Roles
    A role is an abstract logical grouping of users that is defined by the
    Application Developer or
    Assembler. When the application is deployed, these roles are mapped by a
    Deployer to security
    identities, such as principals or groups, in the runtime environment.
    A servlet container enforces declarative or programmatic security for the
    principal associated with
    an incoming request based on the security attributes of that calling
    principal. For example,
    1. When a deployer has mapped a security role to a user group in the
    operational environment. The
    user group to which the calling principal belongs is retrieved from its
    security attributes. If the
    principal's user group matches the user group in the operational environment
    that the security
    role has been mapped to, the principal is in the security role.
    2. When a deployer has mapped a security role to a principal name in a
    security policy domain, the
    principal name of the calling principal is retrieved from its security
    attributes. If the principal is
    the same as the principal to which the security role was mapped, the calling
    principal is in the
    security role.
    Cameron Purdy
    http://www.tangosol.com
    "Hari" <[email protected]> wrote in message
    news:[email protected]..
    Hello Gurus,
    I am new to Weblogic server and I am trying to investigate how to make
    use of security roles in weblogic server (5.1.0). Can anyone point me
    to some documentation. Specifically, I am looking for instance level,
    and method level security and how to use it.
    Thanks for taking your time to read this e-mail.
    Thank You all in advance,
    Hari.

  • How to find out Integrated weblogic server version

    hi experts,
    am using jdev11.1.1.5.0
    i h'd big doubt ;)
    how to find out Integrated weblogic server version
    i think am using weblogic10.1.3. but am not sure?
    so how can i found out.
    this my log. but i dont see any info about version.
    *** Using port 7101 ***
    "C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\bin\startWebLogic.cmd"
    [waiting for the server to complete its initialization...]
    JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=512m
    WLS Start Mode=Development
    CLASSPATH=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\Oracle\MIDDLE~1\patch_wls1035\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_jdev1111\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\JDK160~1\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\features\weblogic.server.modules_10.3.5.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\xqrl.jar
    PATH=C:\Oracle\MIDDLE~1\patch_wls1035\profiles\default\native;C:\Oracle\MIDDLE~1\patch_jdev1111\profiles\default\native;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\Oracle\MIDDLE~1\JDK160~1\jre\bin;C:\Oracle\MIDDLE~1\JDK160~1\bin;C:\DevSuiteHome_1\jdk\jre\bin\classic;C:\DevSuiteHome_1\jdk\jre\bin;C:\DevSuiteHome_1\jdk\jre\bin\client;C:\DevSuiteHome_1\jlib;C:\DevSuiteHome_1\bin;C:\DevSuiteHome_1\jre\1.4.2\bin\client;C:\DevSuiteHome_1\jre\1.4.2\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32\oci920_8
    *  To start WebLogic Server, use a username and   *
    *  password assigned to an admin-level user.  For *
    *  server administration, use the WebLogic Server *
    *  console at http:\\hostname:port\console        *
    starting weblogic with Java version:
    java version "1.6.0_24"
    Java(TM) SE Runtime Environment (build 1.6.0_24-b50)
    Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode)
    Starting WLS with line:
    C:\Oracle\MIDDLE~1\JDK160~1\bin\java -client   -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=512m -Dweblogic.Name=DefaultServer -Djava.security.policy=C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -Djavax.net.ssl.trustStore=C:\Oracle\Middleware\wlserver_10.3\server\lib\DemoTrust.jks -Duser.timezone="+05:30" -Dweblogic.nodemanager.ServiceEnabled=true  -Xverify:none  -da -Dplatform.home=C:\Oracle\MIDDLE~1\WLSERV~1.3 -Dwls.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server  -Djps.app.credential.overwrite.allowed=true -Dcommon.components.home=C:\Oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=C:\DOCUME~1\ADMINI~1\APPLIC~1\JDEVEL~1\SYSTEM~1.13\DEFAUL~1 -Djrockit.optfile=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=C:\DOCUME~1\ADMINI~1\APPLIC~1\JDEVEL~1\SYSTEM~1.13\DEFAUL~1\config\FMWCON~1\servers\DefaultServer -Doracle.domain.config.dir=C:\DOCUME~1\ADMINI~1\APPLIC~1\JDEVEL~1\SYSTEM~1.13\DEFAUL~1\config\FMWCON~1  -Digf.arisidbeans.carmlloc=C:\DOCUME~1\ADMINI~1\APPLIC~1\JDEVEL~1\SYSTEM~1.13\DEFAUL~1\config\FMWCON~1\carml  -Digf.arisidstack.home=C:\DOCUME~1\ADMINI~1\APPLIC~1\JDEVEL~1\SYSTEM~1.13\DEFAUL~1\config\FMWCON~1\arisidprovider -Doracle.security.jps.config=C:\DOCUME~1\ADMINI~1\APPLIC~1\JDEVEL~1\SYSTEM~1.13\DEFAUL~1\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=C:\DOCUME~1\ADMINI~1\APPLIC~1\JDEVEL~1\SYSTEM~1.13\DEFAUL~1\servers\DefaultServer\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol  -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=C:\DOCUME~1\ADMINI~1\APPLIC~1\JDEVEL~1\SYSTEM~1.13\DEFAUL~1\oracle\store\gmds   -Dweblogic.management.discover=true  -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\patch_wls1035\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_jdev1111\profiles\default\sysext_manifest_classpath  weblogic.Server
    <Feb 17, 2012 5:50:39 AM GMT> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
    <Feb 17, 2012 5:50:39 AM GMT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
    <Feb 17, 2012 5:50:39 AM GMT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 19.1-b02 from Sun Microsystems Inc.>
    <Feb 17, 2012 5:50:40 AM GMT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.5.0  Fri Apr 1 20:20:06 PDT 2011 1398638 >
    <Feb 17, 2012 5:50:42 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
    <Feb 17, 2012 5:50:42 AM GMT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
    <Feb 17, 2012 5:50:42 AM GMT> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
    <Feb 17, 2012 5:50:42 AM GMT> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log00220. Log messages will continue to be logged in C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log.>
    <Feb 17, 2012 5:50:42 AM GMT> <Notice> <Log Management> <BEA-170019> <The server log file C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log is opened. All server side log events will be written to this file.>
    <Feb 17, 2012 5:50:48 AM GMT> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
    <Feb 17, 2012 5:50:50 AM GMT> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
    <Feb 17, 2012 5:50:50 AM GMT> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\access.log00102. Log messages will continue to be logged in C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\access.log.>
    <Feb 17, 2012 5:50:56 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
    <Feb 17, 2012 5:50:56 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
    <MessageLocalizationHelper> <getLocalizedMessage> The resource for bundle "oracle.jrf.i18n.MBeanMessageBundle" with key "oracle.jrf.JRFServiceMBean.checkIfJRFAppliedOnMutipleTargets" cannot be found.
    <Feb 17, 2012 5:51:02 AM GMT> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application GeneralLedger is not versioned.>
    <Feb 17, 2012 5:51:07 AM GMT> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application Rapppdf is not versioned.>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00208. Log messages will continue to be logged in C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
    <Feb 17, 2012 5:51:27 AM GMT> <Warning> <Server> <BEA-002611> <Hostname "rmsys0061", maps to multiple IP addresses: 192.168.0.161, 192.168.2.161>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <Server> <BEA-002613> <Channel "Default[2]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 192.168.2.161:7101 for protocols iiop, t3, ldap, snmp, http.>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 192.168.0.161:7101 for protocols iiop, t3, ldap, snmp, http.>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
    <Feb 17, 2012 5:51:27 AM GMT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
    IntegratedWebLogicServer startup time: 51640 ms.
    IntegratedWebLogicServer started.
    [Running application frmtesting on Server Instance IntegratedWebLogicServer...]
    [11:21:30 AM] ----  Deployment started.  ----
    [11:21:30 AM] Target platform is  (Weblogic 10.3).
    [11:21:31 AM] Retrieving existing application information
    [11:21:31 AM] Running dependency analysis...
    [11:21:31 AM] Deploying 2 profiles...
    [11:21:32 AM] Wrote Web Application Module to C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\o.j2ee\drs\frmtesting\ViewControllerWebApp.war
    [11:21:32 AM] Wrote Enterprise Application Module to C:\Documents and Settings\Administrator\Application Data\JDeveloper\system11.1.1.5.37.60.13\o.j2ee\drs\frmtesting
    [11:21:32 AM] Deploying Application...
    <Feb 17, 2012 5:51:33 AM GMT> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application frmtesting is not versioned.>
    [11:21:40 AM] Application Deployed Successfully.
    [11:21:40 AM] The following URL context root(s) were defined and can be used as a starting point to test your application:
    [11:21:40 AM] http://192.168.0.161:7101/frmtesting-ViewController-context-root
    [11:21:40 AM] Elapsed time for deployment:  11 seconds
    [11:21:40 AM] ----  Deployment finished.  ----
    Run startup time: 10812 ms.
    [Application frmtesting deployed to Server Instance IntegratedWebLogicServer]
    Target URL -- http://127.0.0.1:7101/frmtesting-ViewController-context-root/faces/untitled6.jspxhttp://127.0.0.1:7101/console/login/LoginForm.jsp. it stated as weblogicserver 11g admin console
    At the botton(copy right section) 10.3.5.0

    Hi,
    There is one more method,i know
    Set the JAVA_HOME and PATH
    then execute the
    $WL_HOME\wlserver_10.3\server\bin>setWLSEnv.cmd
    Go to directory which contains weblogic.jar ($WL_HOME\server\lib) and run below command
    $WL_HOME\wlserver_10.3\server\lib>java -cp weblogic.jar weblogic.version
    WebLogic Server 10.3.4.0 Fri Dec 17 20:47:33 PST 2010 1384255
    Hope this will be helpful,
    Regards
    Fabian

  • How to secure connection in sql server 2008? my main problem is which certificate should i add in mmc

    i'm recently working on hardening of sql server 2008. now i face with a problem. my problem is  how to secure connection in sql server 2008?  my main problem is which certificate should i add in mmc? what are these certificates about?and guide
    me in choosing the appropriate certificate.
    and how should i know that the connection in sql server is secured?
    plz guide me from the beginning cause i'm rookie in this subject.
    thanks in advance.

    Hi sqlfan,
    Question 1: my problem is how to secure connection in sql server 2008?
    Microsoft SQL Server can use Secure Sockets Layer (SSL) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application. For more information about Encrypting Connections to SQL Server, please refer to the following
    article:
    http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
    Question 2: my main problem is which certificate should i add in mmc? what are these certificates about?and guide me in choosing the appropriate certificate.
    To install a certificate in the Windows certificate store of the server computer, you will need to purchase/provision a certificate from a certificate authority first. So please go to a certificate authority to choose the appropriate certificate.
    For SQL Server to load a SSL certificate, the certificate must meet the following conditions:
    The certificate must be in either the local computer certificate store or the current user certificate store.
    The current system time must be after the Valid from property of the certificate and before the Valid to property of the certificate.
    The certificate must be meant for server authentication. This requires the Enhanced Key Usage property of the certificate to specify Server Authentication (1.3.6.1.5.5.7.3.1).
    The certificate must be created by using the KeySpec option of AT_KEYEXCHANGE. Usually, the certificate's key usage property (KEY_USAGE) will also include key encipherment (CERT_KEY_ENCIPHERMENT_KEY_USAGE).
    The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. If SQL Server is running on a failover cluster, the common name must match the host
    name or FQDN of the virtual server and the certificates must be provisioned on all nodes in the failover cluster.
    Question 3: how should i know that the connection in sql server is secured?
    If the certificate is configured to be used, and the value of the ForceEncryption option is set to Yes, all data transmitted across a network between SQL Server and the client application will be encrypted using the certificate. For more detail about this,
    please refer to Configuring SSL for SQL Server in the following article:
    http://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
    If you have any question, please feel free to let me know.
    Regards,
    Donghui Li

  • How to identify the installed Weblogic Server and JDK are 32bit or 64bit?

    Hi everyone,
    I have a question ~
    Both Weblogic Server and JAVA JDK are installed on the server already, but I only know the Weblogic Server is 10.3.4.0 and JAVA JDK version is 1.6.0_25.
    I know the 64bit Weblogic Server installation file is a wlsXXXX_generic.jar package and 64bit JAVA JDK needed also.
    But, since the Weblogic installed already, there are no such installation files on the Linux Server now.
    I have tried the "java -version" for java version and check the Weblogic version from Weblogic console.
    How to identify the installed Weblogic Server and JDK are 32bit or 64bit with Linux command? Or is there any way to check it?

    What you can try to do is use WLST (or an MBean browser, such as JConsole or JRockit Mission Control) and connect to the adminserver.
    For example when using WLST:
    # set the environment by using setWLSEnv.sh (located in the ${WL_HOME}/server/bin directory).
    # start WLST by using: java weblogic.WLST
    # connect to the adminserver
    connect('adminusername','adminpassword');
    # change to the serverruntime environment
    serverRuntime();
    # show the attributes
    ls();
    # Here an attribute is shown called WebLogicVersion that shows the version of WebLogic
    -r--   WeblogicVersion                              WebLogic Server 10.3.5.0  Fri Apr 1 20:20:06 PDT 2011 1398638
    # Note that this does not show if is 32 bits or 64 bits to retrieve this information you have obtain the JVM version
    # change the directory
    cd('JVMRuntime/AdminServer');
    # show the attributes
    ls();
    -r--   Version                                      R28.0.1-21-133393-1.6.0_20-20100512-2126-linux-x86_64
    # when you have something like x86 at the you are running a 32 bit version, if you have something like x86_64 you are running a 64 bits versionAs mentioned above you can also retrieve this information by using a MBean browser.

  • Error in  holder-of-key  : calling a secure webservice from weblogic instan

    Hi,
    I am getting following error . Can somebody decrypt this for me ?
    ava.rmi.RemoteException: SOAPFaultException - FaultCode [{http://schemas.xmlsoap.org/soap/envelope/}Server] FaultString [Failed to add Signature.] FaultActor [null]No Detail; nested exception is:
         weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Failed to add Signature.
         at services.SSOTestHelloWorld_Stub.hello(Unknown Source)
         at deloitte.iit.webservices.CallWebService.callService(CallWebService.java:31)
         at jsp_servlet.__clienttest._jspService(__clienttest.java:82)
         at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:408)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:318)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3498)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Failed to add Signature.
         at weblogic.wsee.codec.soap11.SoapCodec.decodeFault(SoapCodec.java:355)
         at weblogic.wsee.ws.dispatch.client.CodecHandler.decodeFault(CodecHandler.java:115)
         at weblogic.wsee.ws.dispatch.client.CodecHandler.decode(CodecHandler.java:100)
         at weblogic.wsee.ws.dispatch.client.CodecHandler.handleFault(CodecHandler.java:88)
         at weblogic.wsee.handler.HandlerIterator.handleFault(HandlerIterator.java:309)
         at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.java:269)
         at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(ClientDispatcher.java:213)
         at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:150)
         at weblogic.wsee.ws.WsStub.invoke(WsStub.java:87)
         at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:337)
         ... 18 more
    Caused by: weblogic.xml.crypto.wss.WSSecurityException: Failed to add Signature.
         at weblogic.wsee.security.wss.SecurityPolicyDriver.processIntegrity(SecurityPolicyDriver.java:240)
         at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:74)
         at weblogic.wsee.security.WssClientHandler.processOutbound(WssClientHandler.java:71)
         at weblogic.wsee.security.WssClientHandler.processRequest(WssClientHandler.java:55)
         at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)
         at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:141)
         at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:107)
         at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:132)
         ... 20 more

    Hi Stephen,
    Using a registry, for example UDDI [1], would be one solution. WLS has
    a complete UDDI implementation builtin [2] for this purpose.
    You are correct, you need to pass the service address location found in
    the <service> section of the WSDL.
    Hope this helps,
    Bruce
    [1]
    http://www.uddi.org/
    [2]
    http://e-docs.bea.com/wls/docs81/webserv/uddi.html
    Stephen Kurlow wrote:
    >
    I am not sure what I need to do to be able to call a remote webservice (runs on
    another weblogic server instance running on another machine in the same network)
    from within a webservice. I have 2 wsdl files and I have created webservice controls
    from them. I have successfully written code in the first webservice to instantiate
    the parms to the 2nd webservice and invoked the 2nd webservice when both webservices
    are deployed to the same weblogic server instance. So i can see the params being
    marshalled and unmarshalled in the test browser.
    Now how do I install the 2nd webservice on another weblogic server instance and
    instruct the 1st web service to call the 2nd webservice residing on another weblogic
    server instance? I presume some kind of lookup (url?) is needed and is it via
    what is contained in the wsdl file?
    Thanks in advance,
    Stephen Kurlow

  • Security issue between weblogic server

    Hello,
    Here is security issue that we are facing.
    Here is setup
    Environment 1
    Admin server say "env1admin"
    Managed Weblogic Server say "env1managed"
    We deployed an EJB called HelloEJB in env1managed server and this has an api
    sayHello(). HelloClient is a client to HelloEJB.
    S/w Weblogic 6.1 sp3
    Environment 2
    Admin server say "env2admin"
    Managed Weblogic Server say "env2managed"
    We deployed an EJB called ServiceEJB in env2managed server and this has an api
    serviceRequest(). We use weblogic role based security and restrict access to this
    api by user HelloEJB.
    s/w Weblogic 6.1 sp3
    Here is how the system works:
    We start the env2admin, env2managed (ServiceEJB is which is a Stateless session
    EJB deployed in env2Managed)
    We start the env1admin and env1managed (HelloEJB(which is a Stateless session
    EJB is deployed in env1Managed)
    Test case:
    1)HelloClient invokes HelloEJB api sayHello().
    2)Now at this point in ejbCreate() at HelloEJB() end we get a reference to ServiceEJB
    using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
    api in ServiceEJB. Then gets back a response and then returns response to HelloClient.
    Now if we repeat the above testcase.
    After step1 in step2 HelloEJB though has all the permissions to invoke api on
    ServiceEJB gets an SecurityException.
    Question is why doe this happen. Only way HelloEJB can make api calls to serviceEJB
    is by making a lookup() every single time. Which is very expensive. I looked at
    documents what they say is leave the context open and never close it. Though I
    am doing that I am getting this exception.
    Any thoughts ?
    Thanks in advance,
    Vijay

    Here are the details of exception stack trace:
    java.rmi.AccessException: Security violation: insufficient permission to access
    method; nested exception is:
    java.lang.SecurityException: Security violation: insufficient permission
    to access method
    java.lang.SecurityException: Security violation: insufficient permission to access
    method
    at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:92)
    at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:63)
    at service.ServiceBean_nr0s19_EOImpl.sendServiceRequest(ServiceBean_nr0s19_EOImpl.java:25)
    at service.ServiceBean_nr0s19_EOImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:298)
    at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:93)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:267)
    at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    End server side stack trace
    ; nested exception is:
    Vijay
    "Vijay" <[email protected]> wrote:
    >
    Hello,
    Here is security issue that we are facing.
    Here is setup
    Environment 1
    Admin server say "env1admin"
    Managed Weblogic Server say "env1managed"
    We deployed an EJB called HelloEJB in env1managed server and this has
    an api
    sayHello(). HelloClient is a client to HelloEJB.
    S/w Weblogic 6.1 sp3
    Environment 2
    Admin server say "env2admin"
    Managed Weblogic Server say "env2managed"
    We deployed an EJB called ServiceEJB in env2managed server and this has
    an api
    serviceRequest(). We use weblogic role based security and restrict access
    to this
    api by user HelloEJB.
    s/w Weblogic 6.1 sp3
    Here is how the system works:
    We start the env2admin, env2managed (ServiceEJB is which is a Stateless
    session
    EJB deployed in env2Managed)
    We start the env1admin and env1managed (HelloEJB(which is a Stateless
    session
    EJB is deployed in env1Managed)
    Test case:
    1)HelloClient invokes HelloEJB api sayHello().
    2)Now at this point in ejbCreate() at HelloEJB() end we get a reference
    to ServiceEJB
    using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
    api in ServiceEJB. Then gets back a response and then returns response
    to HelloClient.
    Now if we repeat the above testcase.
    After step1 in step2 HelloEJB though has all the permissions to invoke
    api on
    ServiceEJB gets an SecurityException.
    Question is why doe this happen. Only way HelloEJB can make api calls
    to serviceEJB
    is by making a lookup() every single time. Which is very expensive. I
    looked at
    documents what they say is leave the context open and never close it.
    Though I
    am doing that I am getting this exception.
    Any thoughts ?
    Thanks in advance,
    Vijay

  • How to run Servlet in weblogic server ?

    Hi ,
    I am new to J2ee Tech.
    how to run a simple servlet program in weblogic server?
    mainly i want know how to give the address in ID.
    Now i am using htt:\\localhost :7001\Sample\HelloServlet
    but it is not working
    Please give me the steps
    Thanks
    Merlin Rosina

    Hi ,
    I am new to J2ee Tech.
    how to run a simple servlet program in weblogic server?
    mainly i want know how to give the address in ID.
    Now i am using htt:
    localhost :7001\Sample\HelloServlet
    but it is not working
    Please give me the steps

  • How to run jsp in weblogic server

    hi,
    how to run jsp application in weblogic server,plz send the procedure how to deploy..
    Thanks

    How to run JSP and EJB program using weblogic server

  • How to install license for Weblogic Server 6.1

    Hi,
    I downloaded WebLogic Server 6.1, it works fine.
    but I want to change the JDBC to Oracle (the default is Cloudscape). I follow the
    instructions in page "Installing WebLogic jDriver for Oracle". it looks fine until
    "java utils.dbping ORACLE james 1234 DBServer"
    it says: Missing license file for: Weblogic Server 6.1.
    I found the licese.bea is in c:\bea, I use "updatelicense.cmd" to do it several times,
    it still doesn't work.
    I am using Win2k and Oracle 8.1.7
    Thanks.
    James

    Hi.
    http://edocs.bea.com/wls/docs61/jcom.html
    or do you have a more specific issue?
    Regards,
    Michael
    Raymond Cheng wrote:
    Anybody know how to prepare JCOM environment for developer to intetrate their windows client.
    Thanks a lot.
    Raymond Cheng.--
    Michael Young
    Developer Relations Engineer
    BEA Support

  • How to disable authentication for weblogic server

    Hi expert,
    I have a web application deployed on weblogic server 12c. And I have a client which connects to the web application.  The client will authenticate with server with digest authentication (challenge\response). We use the default authentication in weblogic server and the authentication is done by weblogic server. And it works fine.
    However, I want to run a performance testing to replay all client requests including the requests for authentication. Since it's challenge/response authentication mechanism, the original requests can not pass authentication and weblogic server replies 401. I want to know is there any way to disable weblogic authentication so that the authentication passes when I replay my original request?
    Thanks very much!
    Regards,
    Yan

    You can disable the security of the application in the web.xml. Here there is a security-constraint configured that tells WebLogic what to do, for example,
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>All</web-resource-name>
    <url-pattern>/faces/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>MANAGER</role-name>
    <role-name>EMPLOYEE</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    If you put the security-constraint in comments, you can access the application, without authentication (note that the application itself probably uses the authentication in order to set certain things, so I do not if this is going to work).

  • How to install a managed weblogic server ?

    Hello,
    I am new to weblogic server installation.
    I have spent a few days reading the installation document.
    I have installed a default server successfully, and I want to install a new
    machine
    running as a managed server.
    The BEA installation guide didn't explain clearly how a new managed is to be
    installed.
    Do I need to use the same procedure: download the installer from bea
    website, then
    create a bea home directory on the new machine, and create a new product
    directory
    on the new machine ?
    What about the license on the new managed server ? Do I need a separate
    license.bea
    installed on the new managed server ? Since I need a new managed server, it
    should
    have its own BEA home directory, its own product directory, and it own
    license.
    Am I right on this ?
    Thank you for any information that can help me.
    Regards,
    Frank Hsu

    Frank,
    You will need to install the software on each machine, unless you are using NFS
    mounts. Each machine will need its own license, and the entries can be in the
    same license.bea file that is shared across all machines.
    Thanks,
    Simon
    Cheng Chung Hsu wrote:
    Hello,
    I am new to weblogic server installation.
    I have spent a few days reading the installation document.
    I have installed a default server successfully, and I want to install a new
    machine
    running as a managed server.
    The BEA installation guide didn't explain clearly how a new managed is to be
    installed.
    Do I need to use the same procedure: download the installer from bea
    website, then
    create a bea home directory on the new machine, and create a new product
    directory
    on the new machine ?
    What about the license on the new managed server ? Do I need a separate
    license.bea
    installed on the new managed server ? Since I need a new managed server, it
    should
    have its own BEA home directory, its own product directory, and it own
    license.
    Am I right on this ?
    Thank you for any information that can help me.
    Regards,
    Frank Hsu

  • How do I get the WebLogic server to use the XMLRegistry?

    I'm using WebLogic 7.0.2, and I want to use the Apache TransformerFactory and DocumentBuilderFactory
    instead of the default weblogic.* classes. I've found the documentation, where
    I define an XML Registry as follows (snippet from my config.xml)...
    <Server ListenAddress="####" ListenPort="####" Name="myserver"
    NativeIOEnabled="true" ServerVersion="7.0.2.0"
    StdoutEnabled="true" StdoutSeverityLevel="8"
    StuckThreadMaxTime="14400"
    XMLEntityCache="XMLCacheMBean_myserver" XMLRegistry="CT XML Registry">
    <COM Name="myserver"/>
    <ExecuteQueue Name="default" ThreadCount="15"/>
    <IIOP Name="myserver"/>
    <JTAMigratableTarget Cluster="" Name="myserver" UserPreferredServer="myserver"/>
    <JTARecoveryService Name="myserver"/>
    <KernelDebug Name="myserver"/>
    <Log FileName="myserver/myserver.log" Name="myserver"/>
    <SSL Enabled="true" HostnameVerificationIgnored="true"
    ListenPort="###" Name="myserver"
    ServerCertificateFileName="democert.pem"
    ServerPrivateKeyAlias="demokey" ServerPrivateKeyPassPhrase="{3DES}gAuVwsR68oAlLdIfO1PAtw=="/>
    <ServerDebug Name="myserver"/>
    <ServerStart Name="myserver"/>
    <WebServer DefaultWebApp="DefaultWebApp"
    LogFileName="myserver/access.log" LoggingEnabled="true" Name="myserver"/>
    </Server>
    <XMLEntityCache Name="XMLCacheMBean_myserver"/>
    <XMLRegistry
    DocumentBuilderFactory="org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"
    Name="CT XML Registry"
    SAXParserFactory="org.apache.xerces.jaxp.SAXParserFactoryImpl"
    TransformerFactory="org.apache.xalan.processor.TransformerFactoryImpl"
    WhenToCache="cache-on-reference"/>
    I've played aorund with xercesImpl being in and out of classpaths, etc. But no
    matter what I do, calls to TransformerFactory.newInstance creates an instance
    of weblogic.xml.jaxp.RegistrySAXTransformerFactory and DocumentBuilderFactory.newInstance()
    creates an instance of weblogic.xml.jaxp.RegistryDocumentBuilderFactory.
    I don't want to use these classes, and supposedly I can control which classes
    I will use, but it's not working for me. Has anyone been able to get this working?
    Is there anything else that I'm missing?
    Thanks,
    Ed

    I was unable to use the XMLRegistry touse the Xerces2 libraries with WebLogic 7.
    I did find in WebLogic 7 doco that the latest release of Xerces that it would
    internally support was 1.4.4 (http://e-docs.bea.com/wls/docs70/xml/xml_admin.html#1066271).
    If I wanted to use this version of Xerces, I would need to use WebLogic 8. This
    is not an option for me at this stage.
    So, I used this approach. When starting the WebLogic server, you can assign ClassPath
    entries to an environment variable called PRE_CLASSPATH. This will prepend the
    class path used by the App Container's JVM with the values in the variable. I
    added the xercesImpl and xalan jars to this entry.
    Because the WebLogic class loaders will always defer to the parent class loader,
    it will check this class path first. So now I can directly instantiate the apach
    implementation classes (typecasting them back to their API interface definitions)
    and use them within the container.
    "Ed Hillmann" <[email protected]> wrote:
    >
    I'm using WebLogic 7.0.2, and I want to use the Apache TransformerFactory
    and DocumentBuilderFactory
    instead of the default weblogic.* classes. I've found the documentation,
    where
    I define an XML Registry as follows (snippet from my config.xml)...
    <Server ListenAddress="####" ListenPort="####" Name="myserver"
    NativeIOEnabled="true" ServerVersion="7.0.2.0"
    StdoutEnabled="true" StdoutSeverityLevel="8"
    StuckThreadMaxTime="14400"
    XMLEntityCache="XMLCacheMBean_myserver" XMLRegistry="CT XML Registry">
    <COM Name="myserver"/>
    <ExecuteQueue Name="default" ThreadCount="15"/>
    <IIOP Name="myserver"/>
    <JTAMigratableTarget Cluster="" Name="myserver" UserPreferredServer="myserver"/>
    <JTARecoveryService Name="myserver"/>
    <KernelDebug Name="myserver"/>
    <Log FileName="myserver/myserver.log" Name="myserver"/>
    <SSL Enabled="true" HostnameVerificationIgnored="true"
    ListenPort="###" Name="myserver"
    ServerCertificateFileName="democert.pem"
    ServerPrivateKeyAlias="demokey" ServerPrivateKeyPassPhrase="{3DES}gAuVwsR68oAlLdIfO1PAtw=="/>
    <ServerDebug Name="myserver"/>
    <ServerStart Name="myserver"/>
    <WebServer DefaultWebApp="DefaultWebApp"
    LogFileName="myserver/access.log" LoggingEnabled="true" Name="myserver"/>
    </Server>
    <XMLEntityCache Name="XMLCacheMBean_myserver"/>
    <XMLRegistry
    DocumentBuilderFactory="org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"
    Name="CT XML Registry"
    SAXParserFactory="org.apache.xerces.jaxp.SAXParserFactoryImpl"
    TransformerFactory="org.apache.xalan.processor.TransformerFactoryImpl"
    WhenToCache="cache-on-reference"/>
    I've played aorund with xercesImpl being in and out of classpaths, etc.
    But no
    matter what I do, calls to TransformerFactory.newInstance creates an
    instance
    of weblogic.xml.jaxp.RegistrySAXTransformerFactory and DocumentBuilderFactory.newInstance()
    creates an instance of weblogic.xml.jaxp.RegistryDocumentBuilderFactory.
    I don't want to use these classes, and supposedly I can control which
    classes
    I will use, but it's not working for me. Has anyone been able to get
    this working?
    Is there anything else that I'm missing?
    Thanks,
    Ed

  • How to performance tuninig  in weblogic server and AM module.

    Hi,
    I am using Jdev11.1.1.2.0 and weblogic server 10.3.0.My Application is working fine but i want to better performance in my application.
    Single user accessing its fast but more than 4-5 user accesing my application its very slow .I have increase the memory in setDomainEnv.cmd.
    My operaitng system is windows server2003 and RAM is 5GB .
    So where i should to increased the performance tuning in weblogic server or In AM Module any configuration is needed .
    Please help me.
    Thanks
    Anup

    hi Anup, May be helpful for you.
    ADF BC Tuning
    http://andrejusb.blogspot.com/2011/11/stress-testing-oracle-adf-bc_16.html
    http://andrejusb.blogspot.com/2011/10/adf-bc-tuning-with-do-connection.html
    http://www.avromroyfaderman.com/2008/11/adf-bc-tuning-iii-view-objects-part-1/
    http://andrejusb.blogspot.com/2010/02/optimizing-oracle-adf-application-pool.html
    VO tunning
    www.gebs.ro/blog/oracle/adf-view-object-performance-tuning-analysis
    http://www.sagecomputing.com.au/presentations_sage_computing_services.html // pls Download power point title JDeveloper ADF and the oracle database - Friends not Foes
    Weblogic
    http://developmentips.blogspot.com/2009/04/avoid-java-out-of-memory-with-weblogic.html
    Regards
    KT

  • How can using 'jMaki' in weblogic server 10?

    i tried 'jmaki' in wls10.
    but fail
    jmaki added follow
    WEB-INF/lib/ajax-wrapper-comp-1.8.0.jar
    org.json-0.0.2.jar
    jsfcompounds-core-0.0.6.jar
    when i deployed, rising the exception...
    <2008. 10. 30 오전 2시 14분 59초 GMT> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1225332882375' for task '25'. Error is: 'java.lang.NoClassDefFoundError: com/sun/jmaki/AjaxWrapperTag : javax/faces/webapp/UIComponentBodyTag'
    java.lang.NoClassDefFoundError: com/sun/jmaki/AjaxWrapperTag : javax/faces/webapp/UIComponentBodyTag
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
    at weblogic.utils.classloaders.GenericClassLoader.defineClass(GenericClassLoader.java:338)
    at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:291)
    Truncated. see log file for complete stacktrace
    java.lang.NoClassDefFoundError: com/sun/jmaki/AjaxWrapperTag : javax/faces/webapp/UIComponentBodyTag
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
    at weblogic.utils.classloaders.GenericClassLoader.defineClass(GenericClassLoader.java:338)
    at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:291)
    Truncated. see log file for complete stacktrace
    how can fix this problem?

    which cache are you talking about? Coherence cache?
    Or maybe you are talking about code cache, as explained here http://wlatricksntips.blogspot.com/2010/07/clearing-cache-for-weblogic-instance.html ?

Maybe you are looking for

  • How to show Open Sales Orders only in a report?

    Hi, I am working on a Business Objects report to show open sales orders. Here i pull data from a RapidMart universe for which data comes from SAP. I just wanted to know which object or field in SAP can/will differentiate whether a particular sales or

  • Urgent: need weekly, monthly report function in 6i for 10g

    Hi, we are trying to move some reports built in 6i to 10g. Need some help urgently. The y-axis is values, x-axis is date, if there is a value between 2 dates, , a line will connect them. If there is no value, it will skip it and try next date. I have

  • P2 Files in FINAL CUT 5.1.4 won't work.  What should I do?

    Hello, I have a hard drive that has P2 files on them and Im using Final Cut 5.1.4. When I try to open the project file it gives me an error message that reads: "File's format is too new for this version of the application" and when I try to open the

  • How can I combine profiles for different document types ?

    Hello, we work with SAP basis 6.40 and we have several different documents set up in DMS. We want to allow users to see only selected app. files depending on the document type. Let me set an example: DOKAR = ZDT only .pdf (profile name DMS_ZDT) DOKAR

  • Zip a tree like file structure in memory

    Hi all guys... How can I create a tree like file structure in memory (without using the disk at all) and than zip it send it out as an http servlet response? I think its easier if I break it down to 2 separated problems: file structure in memory and