Ignoring Http basic authentication header in wls 7.0.sp2 web service servlet (weblogic.webservice.server.servlet.WebServiceServlet)

Similar Messages

• Attachment in WLS 7 sp2 Web Service

  Hi, I'm trying to send to a Web Service in WLS7 sp2 SOAP message with attachments. My problem: when I don't add any attachment to SOAP message all go OK, but when I add an attachment with the "href" attribute in an element of the message (I need do it because I use the MM7 protocol of 3GPP), WLS7 don´t accept my message and tell me: "The ID referenced by ..... is unknow". The Content-ID of attachment is equal to value of the href attribute.
  Please, I need help with this!! If anyone knows any URL or sample code that can help me, please, reply to this post.
  Thanks and sorry, my english is not very well.

  Currently there is no option to turn off security check.
  I think you can use a servlet filter mapped to the URL
  of your service, instead of a proxy servlet?
  Regards,
  -manoj
  http://manojc.com
  "Toni Nykanen" <[email protected]> wrote in message
  news:3ef1577b$[email protected]..
  >
  Hi!
  We need to implement authentication using our own methods, and theauthentication
  information is provided to the web service implementation in a basicauthentication
  header. The problem is, that the servlet
  weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
  in
  wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
  Is there any way to circumvent this, because we want to implementauthentication
  on our own?
  I already know two workarounds:
  The best would of course be to implement a custom security realm for ourown
  authentication system. This is not an option, implementing an own security
  realm is overkill for this specific web service.
  The other way would be to route the requests by way of a custom servlet,which
  would
  remove the basic authentication header, and put the authentication info incustom
  headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
  authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
  >
  But still, I'd like to know if there is any way to tell bea's servlet toignore
  the basic
  authentication header?
  Oh yeah, by the way, this is URGENT, as always. (really!! ;)
  Toni Nykanen

• Securing Web Applications by HTTP Basic Authentication

  We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General  TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
  regards,
  J.Iswaryal
  K.Brinda

  Hi J.Iswaryal,
  I guess two things based on your post.
  1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
  2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
  <b>For, point one,</b>
  After creating web service goto webservice perspective in NWDS. there, choose your web service project.
  Now, open Web service configuration file recided in your project.
  Here, go under config1-> security and double click on it.
  It will display security options for this web service.
  Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
  Now, save this, rebuild this and deploy on server.
  <b>For point 2,</b>
  Make model for your web service.
  before calling your web service, set your username and password in code as shown below.
  wdContext.current<web service model node>element().modelobject()._setusername(<username>);
  wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
  Rehards,
  Bhavik

• How to access SOAP web service with authentication, HTTP basic Authentication

  Dear All
  i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
  http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
  http://forums.adobe.com/message/4262868
  private function authAndSend(service:HTTPService):void
          var encoder:Base64Encoder = new Base64Encoder();
          encoder.insertNewLines = false; // see below for why you need to do this
          encoder.encode("someusername:somepassword");
          service.headers = {Authorization:"Basic " +encoder.toString()};                                               
          service.send();
  Also i noticed in debug mode, always that WARNNING raised up
  Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml.  The 'secure' attribute is only permitted in HTTPS and socket policy files.  See http://www.adobe.com/go/strict_policy_files for details.
  any idea ?

  Hello,
  I don't know if this could help.
  Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

• BPEL to invoke Webservice secured with HTTP Basic authentication

  Hi All,
  Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
  1) Created Target Synchronous process ex : B
  2) Created Source Syncronous Process ex : A
  Iam trying to call B(Target) from A(source).
  3) Open Composite.xml of A(Source)
  4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
  5) Under Security tab attach oracle/wss_username_token_client_policy
  6) Login to em/console
  7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
  8) Enter username and password under HTTP Basic Authentication.
  9)Test from em.console(when we are testing under security tab I have checked None radio button)
  So this is the Error message which is throwing.
  ==================================
  The selected operation process could not be invoked.
  An exception occured while invoking the webservice operation. Please see logs for more details.
  oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
  java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
  =======================================
  Please let me know if Iam missing any steps.
  Thanks
  SSV

  Followed this post.......
  This is avery good question
  in 11g i have taken out the steps from my document which i created for one our customer
  go to composite
  Right click on the external reference service and select “Configure WS policies” :done
  Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
  6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
  7. Include the “oracle.webservices.auth.username--> :done
  value-->password :done
  8. Include the “oracle.webservices.auth.password”-->name :done
  value-->password :done
  Thanks
  SSV

• HTTP Basic authentication for proxy service and its wsdl?

  Hello:
  For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
  My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
  Is this possible to configure on OSB / WLS? How?
  Greetings!
  Edited by: user4483647 on 02-sep-2010 12:59
  Edited by: user4483647 on 02-sep-2010 13:25

  If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
  http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
  Edited by: mneelapu on Apr 2, 2009 2:09 PM

• How to call a web service from BPEL that requires HTTP basic authentication

  Hi All,
  I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
  I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
  I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
  I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
  Can anyone help?
  Thanks,
  Mark Nelson

  Thanks Bas,
  I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
  <property name="basicHeaders">credentials</property>
  <property name="basicUsername">WMDATA</property>
  <property name="basicPassword">WMDATA</property>
  Instead of:
  <property name="httpUsername">WMDATA</property>
  <property name="httpPassword">WMDATA</property>
  I don’t know why this is, maybe because it is an Axis Web Service.
  Sorry for wasting your time.
  Regards Pete

• Calling Web Service with Http Basic authentication in SOA 11g

  I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
  Am i missing some steps?
  Please let me know.
  Note - I am working on SOA 11.1.1.4.
  Regards
  Ayush

  Hi Ayush,
  Please refer -
  http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
  Regards,
  Anuj

• How set  UserName and Password for HTTP Basic Authentication for a servlet

  Hi..
  How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
  Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
  But i dont know how do it in JBOSS..
  I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
  Thank u

  Hi Raj,
  You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
  Store the user information in a database table and check the username and password when the user enters it.
  You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
    CASE sy-ucomm.
      WHEN 'BACK'.
        LEAVE PROGRAM.
      WHEN <fcode for submit>.
        SELECT SINGLE uname pwd
         FROM <DB table>
         INTO (user, pass)
         WHERE username = user AND
                 password = passwd.
        IF sy-subrc = 0.
  <Go to next screen for further processing>
        ELSE.
  <Display Error message and exit>
        ENDIF.
    ENDCASE.
  Regards,
  Amit
  Message was edited by:
          Amit Kumar

• UDDI inquiry service HTTP-Basic authentication in BPEL (10.1.3.1)

  Hi Gurus,
  I'd like to know how we can setup BPEL server for Oracle Service Registry UDDI with HTTP-BASIC authentication for inquiry service (apart of OWSM solution)?
  Imagine that in Service Registry I have defined HTTP-BASIC authentication (REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml) for inquiry service used in BPEL domain (uddiLocation key in BPEL domain configuration). And now I'd like to provide credentials. In package.xml I have this
  <service-endpoint path="/inquiry" version="3.0" name="UDDIInquiryV3Endpoint"
  service-instance="tns:UDDIInquiryV3" processing="tns:UDDIv1v2v3InquiryProcessing"
  accepting-security-providers="HttpBasic">
  <wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Inquiry_SoapService"/>
  <envelopePrefix xmlns="arbitraryNamespace" value=""/>
  <namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
  </service-endpoint>
  I don't see any field with username or password. Is it automaticaly taken from security provider configured for Service Registry (for example LDAP)? If yes then it is clear.
  But what about BPEL engine, where can I provide those credentials? Is it some secret configuration file? Or only supported way is to configure it through OWSM component in order to enrich request by credentials (what about license, when customer doesn't want to use OWSM)?
  Do I miss something in this concept?
  Thanks
  Peter

  as said internally - file an ER for it pls - and I will take care of it, depending on the demand - either for 10.1.3.1 GA or 10.1.3.1 patchset ..
  we will support only HTTP Basic Auth - rest will follow per customer demand ..
  /clemens

• HTTP Basic authentication on EJB 3.0 based web service

  How do I enable HTTP Basic authentication on EJB 3.0 based web services for OAS? Does any one have a sample solution ?
  I manually updated oracle-webservices.xml file to include the following:
  <ejb-transport-security-constraint>
  <soap-port/>
  <role-name>users</role-name>
  <transport-guarantee>NONE</transport-guarantee>
  </ejb-transport-security-constraint>
  <ejb-transport-login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>jazn.com</realm-name>
  </ejb-transport-login-config>
  When I use SOAP UI to test the web service I get the following error.
  403 Forbidden
  Error initializing security, security-role not found: users

  I still get the 403 forbidden error message. I do not get the second part of the error message though.

• Configuring Basic Authentication with Username and password on BizTalk Schema Service

  Hi,
  I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
  I wanted to have a Basic Authentication(User name and password restriction).
  I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
  I also set the Service in IIS with Basic Authentication only enabled.
  But I don't know how to provide a UserName and Password Authentication.
  Please provide your suggestions
  Regards, Vignesh S

  Hi,
  Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
  http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
  HTH,
  Sumit
  Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question

• WLS 10.3.3 - Web service - NTLM authentication

  Hi,
  We have generated web service proxy based on a wsld file for a .Net web service secured with NTLM authentication.
  Running the code that connects to the web service from a java class main method works fine, but when running the same code from a web application deployed on weblogic server (we have tried both integrated and standalone) we get the following error: com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 401: Unauthorized.
  Is there something that we should set in weblogic?
  Regards,
  Delia

  Delia,
  We had exactly the same issue and it took ages to resolve! Oracle didn't have a solution so I knuckled down and eventually worked out a solution...
  When running your JAR under WLS you may have noticed that the exception looks like this:
  java.io.FileNotFoundException: Response: '401: Unauthorized' for url: 'http://+your.domain.here+/default.aspx'
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:474)
  Notice that it is not using the java.net.HttpURLConnection as you might have expected (and your Java code explicitly imports!), rather it employs weblogic.net.http.HttpURLConnection and there lies the rub.
  As it turns out, it is easy to have your code force the use of the handler you desire.
  Instead of:
  HttpURLConnection http = (HttpURLConnection) new URL(+yourURL+).openConnection();
  Use:
  URL url = new URL(null, yourURL, new sun.net.www.protocol.http.Handler());
  HttpURLConnection http = (HttpURLConnection) url.openConnection();
  Regards,
  Jerome

• Ws-basic username inside pl/sql procedure published as web service

  I'm new to jdeveloper, but been working with Oracle for 13 years...
  We have used Jdevelper to expose a pl/sql procedure as a web service using the "Publish as web service..." wizard. We then used Web Services Manager in server agent mode to protect that web service using ws-basic header auth. OWSM does a lookup on the user supplied credentials against our active directory ldap server to determine if the user should be able to call the service. That all works, EXCEPT...
  The problem is that the stored procedure runs a query against data protected by virtual private database and extensive audit logs. We need access to the ws-basic credential from within oracle so that we can set the session context and pull the end-user's id for auditing purposes.
  Right now, all we know inside the stored procedure is the oracle username used to connect to the database. This is of course different from the one used to authenticate our user in the OWSM layer.
  The pl/sql procedure does not have a parameter to specify the user name, and even if it did, there is no way for us to verify that any user supplied parameter matches the credentials used in OWSM.
  So, I assume, I need to modify the code generated by the "Publish as web service" wizard and somehow pull the ws-basic credentials (just username) and push them into the Oracle session_context.
  Anyone have any sample code or advice on how to get access to ws-basic credentials or even any of the metadata on a certificate supplied to OWSM for authentication/authorization?

  I change p_action value ( before p_action => 'alta' ) now ( p_action => '"alta"' )
  res := Xxm_Web_Service_Client_Pkg.invoke(p_init_msg_list => FND_API.G_TRUE,
  p_url => 'http://198.137.253.178:7777/event/DefaultSystem/clienteService_RS',
  p_action => '"alta"',
  x_return_status => l_return_Status,
  x_msg_count => l_msg_count,
  x_msg_data => l_msg_data,
  x_req => req)
  And the invokation an ESB service from a PLSQL procedure began to work fine !!!
  Thanks for all answers
  Thans Peter !!!
  Claudio

• Configuring WLS to invoke a web service on SSL

  Hi,
  It will be really helpful if I get some pointers on this. Stuck with this without any progress. I havent experimented too much working with Certificates and so on...
  I have a web service on my WLS...This has to invoke an external web service (provided by a third party).
  They have given me a url for WSDL.
  .p12 certificate - privateKeyEntry
  .cer certificate - trustCertEntry
  In my browser(IE), to display the WSDL page, I had to import this .p12 certificate in the "Personal" tab and .cer certificate in the "Trusted Root Certification Authorities" tab. It works !! I can see the WSDL.
  Now I have to do a equivalent setting in WLS so that my WS invokes the external WS. I can test this with the Weblogic Test Client for my WS.
  This is what I thought I had to do.
  Configure Custom Identity and Custom Trust in WLS.
  Custom Identity - directly used the .p12 file and specified type as PCKS12 with a password. That seems OK.
  Custom Trust - Since I didnt think I could use .cer file, I imported this certificate into .jks file using the below command
  keytool -import -trustcacerts -alias mykey -keystore mytrust.jks -file TestRootCert.cer -keyalg RSA
  configured this .jks file as a custom truststore.
  In the SSL tab, specified the alias name that existed in the PrivateKeyEntry(.p12 file) assuming this is used to identify myself to the external WS.
  Set -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true in the WLS startup file just to see some more additional info.
  When I invoke the external WS using the WLS test client, this is how the output on console looks..(sorry, had to edit some stuff related to company names etc.)
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loading server SSL identity>
  <Sep 16, 2010 5:35:02 PM CEST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias e74476a0b5a8cfce6e426c266aee9bbc_2d3fa38c-4f19-4115-b030-11acb1de5cd5 from the PKCS12 keystore file C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\TestPoints.p12.>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Loaded public identity certificate chain:>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Subject: [email protected], CN=Test , OU=Digital ID Class 1 - Microsoft Full Service, OU=Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."; Issuer: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
  <Sep 16, 2010 5:35:02 PM CEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\ebmscert.jks.>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 1 trusted CAs from C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\ebmscert.jks>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
  <Sep 16, 2010 5:35:02 PM CEST> <Info> <WebLogicServer> <BEA-000307> <Exportable key maximum lifespan set to 500 uses.>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28972139>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <8413295 SSL3/TLS MAC>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <8413295 received HANDSHAKE>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 320858270326811821565694692014706744673
  Issuer:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
  Subject:C=SE, ?=19587, ST=None, L=country, ?=Test Address, O=CompanyName Denmark-Norway-Sweden, OU=DK Wintel AS, OU=Hosted by Melbourne IT Corporate Brand Services, OU=Comodo PremiumSSL, CN=a.b.com
  Not Valid Before:Thu Mar 19 01:00:00 CET 2009
  Not Valid After:Sun Mar 20 00:59:59 CET 2011
  Signature Algorithm:SHA1withRSA
  >
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 109339514828885055587748732527481675047
  Issuer:C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
  Subject:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
  Not Valid Before:Tue Jun 07 10:09:10 CEST 2005
  Not Valid After:Sat May 30 12:48:38 CEST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 320858270326811821565694692014706744673
  Issuer:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
  Subject:C=SE, ?=19587, ST=None, L=country, ?=Test Address, O=CompanyName Denmark-Norway-Sweden, OU=DK Wintel AS, OU=Hosted by Melbourne IT Corporate Brand Services, OU=Comodo PremiumSSL, CN=a.b.com
  Not Valid Before:Thu Mar 19 01:00:00 CET 2009
  Not Valid After:Sun Mar 20 00:59:59 CET 2011
  Signature Algorithm:SHA1withRSA
  >
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 109339514828885055587748732527481675047
  Issuer:C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
  Subject:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
  Not Valid Before:Tue Jun 07 10:09:10 CEST 2005
  Not Valid After:Sat May 30 12:48:38 CEST 2020
  Signature Algorithm:SHA1withRSA
  >
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
  <Sep 16, 2010 5:35:02 PM CEST> <Warning> <Security> <BEA-090477> <Certificate chain received from a.b.com - 194.182.249.133 was not trusted causing SSL handshake failure.>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
  <Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
  If I understood rite, the external server is sending some certificates which is not there in the WLS trust store. Is this correct?
  Also tried to get these certificates into the truststore using the InstallCert.java utility class, but then I get a 403:Forbidden.
  So I have no clue at the moment. Basically, my WLS acts as a client to the external WS rite? so this is a one-way SSL. IS that correct?
  Can you help with some pointers please?
  best regards,
  Murali

  Hi,
  I just noticed this post and it seems that I had the same problem ( [see the relevant topic|http://forums.sun.com/thread.jspa?threadID=5378686] ) -- it is now answered.
  Simply follow the instructions on [this page|http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1] - note that the answer was provided by Miroslav777.
  Bye
  Urbas