Invoking a message-level secured webservice WS Security

I am not having any luck invoking a webservice that has been secured via message-level security. For simplicity, I have been using WS-Security Policies provided by WebLogic and applying them on my webservice via annotations. I have been testing with Wssp1.2-Wss1.0-X509-TripleDesRsa.xml. I am using soapUI to invoke the webservice. When I send a singed soap request, I get a response indicating that it wasn't able to validate the signature. I made sure that both soapUI and WebLogic server is using the same identity store. I have also made sure that the certificate in the identity store is also in the trust store for WebLogic. There could also be a problem with the structure of the soap request. I send a soap request that includes a signature of the timestamp, the initiator token (x509 in binary form), and the body.
Anyone have luck with WebLogic webservice security and soapUI?

Applying 'format XML' after signing it changes the message and makes the signature invalid, different content == different signature.
You should also ask yourself why you'd like to transport blank characters (zero information) over the wire just to make it more readable for yourself? Just compare the size of the unformatted and formatted message to see the waste of bandwidth.
--olaf

Similar Messages

WebServices and message level security

Hello,
I am investigating about the use of XI web services using message level security (encrypted xml), is it possible to achieve this between an SAP provider and a third party consumer, without using a PCK or developing a specific adapter? (most solutions I see always point to this).
If anyone could shed some light into this matter i would be thankful.
Regards,
Leandro Fonseca

Hello,
I am investigating about the use of XI web services using message level security (encrypted xml), is it possible to achieve this between an SAP provider and a third party consumer, without using a PCK or developing a specific adapter? (most solutions I see always point to this).
If anyone could shed some light into this matter i would be thankful.
Regards,
Leandro Fonseca

Oracle SOA Suite 10.1.3.1: Invoke a secure webservice

Hi,
How can i invoke a secure Webservice (the webservice is implemented as a Security Token Service that accepts RST messages and replies with RSTR messages [ws-trust]) using BPEL and OWSM (Oracle SOA Suite 10.1.3.1) .
The Service authenticates the user by verifying the validity of the user’s (client) X.509 certificate und return a saml assertion. This assertion confirms the user’s identity, and the successful authentication process.
Any approcahes or Ideas how to implement this?
thanks in advance
Pat

Hi,
How can i invoke a secure Webservice (the webservice is implemented as a Security Token Service that accepts RST messages and replies with RSTR messages [ws-trust]) using BPEL and OWSM (Oracle SOA Suite 10.1.3.1) .
The Service authenticates the user by verifying the validity of the user’s (client) X.509 certificate und return a saml assertion. This assertion confirms the user’s identity, and the successful authentication process.
Any approcahes or Ideas how to implement this?
thanks in advance
Pat

Invoke the secured webservice from BPEL in Solaris environment

Hi All,
Can any one tell me how to invoke the secured webservice from BPEL in Solaris environment as i am able to invoke the secured web service from BPEL in windows platform(soa suite 10.1.3.4).
we have applied 10.1.3.4 patch on solaris environment but we are not able to invoke the same.
Thanks in advance
Regards,
Nagaraju .D

Hi Nagaraju,
Read your post.We've somewhat the similar problem as yours as we are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
“Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message”
As you have wriiten that you've already called a secured web service in windows platform ,so if you can please help me out in this issue.
I've opened a separate thread for this to avoid confusion. :-
Error while invoking a WS-Security secured web service from Oracle BPEL..
Thanks,
Saurabh

Message Level Security in XI 7.0

Hi,
Have someone worked on Message level Security in XI 7.0 for transferring a file from one system to an external third party system?
If so can u provide me with links or documents?
Thanks
Manjula

Hi,
Please Find the Required Details in the Links
http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
Reward Points if Helpful
Regards
Khanna

Message Level security : PI 7.1

Hello All,
We are currently evaluating the message level security options in PI in order to communicate with native ABAP systems like CRM , HR, BW etc. Does it need us to set up a PCK (Decentralized adapter engine) in order to use it ?
http://help.sap.com/saphelp_nwpi71/helpdata/en/a8/882a40ce93185de10000000a1550b0/content.htm
The scenarios are
SOAP - XI - Proxy
SOAP - XI - WS Adapter
Thanks.
Kiran

Thanks Marcus & Caio !! The settings listed in the link
http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe10000000a1550b0/frameset.htm
Do they have to be done on our ECC box and how do I do it for both Consumer and Provide Proxy ?
Is ther a link to the blog available for the same with comm channel documents.
Thanks.
Kiran

SOAP receiver - Message level security - Encryption

Hello,
I want to use message level security when using HTTPS. Client provided us the encryption certificate which we have uploaded in the keystore, also done the necessary settings in PI 7.1 but we are getting the below mentioned error.
Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: apply( Message, CPALookupObject ). Message: SecurityException in method: apply( Message, CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: Connection timed out: connect. To-String: java.net.ConnectException: Connection timed out: connect; To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: run(). Message: Connection timed out: connect. To-String: java.net.ConnectException: Connection timed out: connect. To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: apply( Message, CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: Connection timed out: connect. To-String: java.net.ConnectException: Connection timed out: connect; To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: run(). Message: Connection timed out: connect. To-String: java.net.ConnectException: Connection timed out: connect
Thanks & Regards,
Rahul Nawale

I agree
Try executing a Full CPA Cache refresh.

WL 7.0 Client Invoking a secure webservice

Hi
I am having trouble invoking a secure webservice(https) and I turned on the
debug mode and I see the following :
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLIOContextTable.findConte
xt(is): 6760150>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 readRecord()>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 received HANDSHAKE>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHel
lo>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 readRecord()>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 received HANDSHAKE>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certifica
te>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
.record.alert.Alert@43af8c Severity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <write ALERT offset = 0 leng
th = 2>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <close(): 4648875>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <Exception during handshake,
stack trace follows
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unusea
ble certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
.record.alert.Alert@3a191e Severity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:49 PM CDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeCon
text(ctx): 1346512>
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust fai
lure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
javax.xml.rpc.JAXRPCException: failed to create service
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:99)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
My Client is pretty straightword and follows the weblogic sample
'Dynamic client using WSDL'
Pls. help
-Max

C:\Aears>java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
-Djavax.xml.rpc.ServiceFactory=weblogic.webservice.core.rpc.ServiceFactoryImpl
-Dweblogic.StdoutDebugEnabled=true -Dweblogic.webservice.security.verbose=true
Dweblogic.webservice.client.verbose=true -Dssl.debug=true TestClient
"Michael Wooten" <[email protected]> wrote:
>
Can you show us your command line?
"Max" <[email protected]> wrote:
Hi
I am having trouble invoking a secure webservice(https) and I turned
on the
debug mode and I see the following :
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLSocket willbe
Muxing>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLIOContextTable.findConte
xt(is): 6760150>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <write SSL_20_RECORD>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated:
fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <isMuxerActivated:
false>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated:
fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 readRecord()>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 received
HANDSHAKE>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
ServerHel
lo>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated:
fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <isMuxerActivated:
false>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <SSLFilter.isActivated:
fals
e>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 readRecord()>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <4648875 received
HANDSHAKE>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
Certifica
te>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
.record.alert.Alert@43af8c Severity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <write ALERT offset
= 0 leng
th = 2>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <close(): 4648875>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <Exception during
handshake,
stack trace follows
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt
or unusea
ble certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:48 PM CDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls
.record.alert.Alert@3a191e Severity: 2 Type: 40
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:241)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
>
<Jun 7, 2004 3:03:49 PM CDT> <Debug> <TLS> <000000> <SSLIOContextTable.removeCon
text(ctx): 1346512>
java.io.IOException: Write Channel Closed, possible SSL handshakingor
trust fai
lure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknow
n Source)
at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(Ht
tpsURLConnection.java:216)
at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(De
finitionFactory.java:89)
at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:66)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:108)
at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactor
y.java:84)
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:97)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
javax.xml.rpc.JAXRPCException: failed to create service
at weblogic.webservice.core.rpc.ServiceImpl.getWebService(ServiceImpl.ja
va:99)
at weblogic.webservice.core.rpc.ServiceFactoryImpl.createService(Service
FactoryImpl.java:41)
at com.verizon.iom.services.validater.ejb.AddressValidater.getResponseFr
omWS(AddressValidater.java:246)
at com.verizon.iom.services.validater.ejb.AddressValidater.validateAddre
ss(AddressValidater.java:105)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean.validateA
ddress(ValidaterServiceBean.java:1812)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl.validateAddress(ValidaterServiceBean_jf861j_EOImpl.java:98)
at com.verizon.iom.services.validater.ejb.ValidaterServiceBean_jf861j_EO
Impl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:441)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerR
ef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:382)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:726)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.jav
a:377)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
My Client is pretty straightword and follows the weblogic sample
'Dynamic client using WSDL'
Pls. help
-Max

Message Level Security with SOAP Adapter

Hi,
I need to use Message Level Security with my SOAP Adapter. Please let me know if anyone has done the same in the past?
What are the steps I would need to do? How can I use WSS based security in the SOAP Adapter?

Hi,
Message-level security is recommended and sometimes a prerequisite for inter-enterprise communication.
It improves communication-level security by adding security features that are particularly important for inter-enterprise
Message-level encryption is required if message content needs to be confidential not only on the communication lines but also in intermediate message stores.
Refer
How to use Client Authentication with SOAP Adapter
XML Encryption Using Web Services Security in SAP NetWeaver XI
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f0650f56-7587-2910-7c99-e1b6ffbe4d50
http://help.sap.com/saphelp_nw04/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
Thanks
swarup

Message Level Security

Hi All,
In the PI to PI scenario i used certificates for sigining and encryption. For this i followed message level security document.
In PI1 message is signed and encrypted, but the sign is not validated and message is not decrypted in PI2 server. Output from PI2 server is coming in encrypted form. How to solve this issue.
PI1 SP is 11 and PI2 SP is 06.
Kindly suggest some solution.
Regards
Prakash

Hi,
Message-Level Security
Message-level security allows you to digitally sign or encrypt documents exchanged between systems or business partners. It improves communication-level security by adding security features that are particularly important for inter-enterprise communication. Message-level security is recommended and sometimes a prerequisite for inter-enterprise communication.
●      A digital signature authenticates the business partner signing the message and ensures data integrity of the business document carried by a message.
Signatures are used in two scenarios:
○       Non-repudiation of origin
The sender signs a message so that the receiver can prove that the sender actually sent the message.
○       Non-repudiation of receipt
The receiver signs a receipt message back to the sender so that the original sender can prove that the receiver actually received the original message.
●      Message-level encryption is required if message content needs to be confidential not only on the communication lines but also in intermediate message stores.
SAP NetWeaver usage type Process Integration (PI) offers message-level security for the XI protocol itself, for the RosettaNet protocol, for the CIDX protocol, and for the SOAP and Mail adapters. The table below summarizes the message-level security features of these protocols and adapters.
Message-Level Security Features
XI Protocol (XI 3.0)
Messaging components
Integration Server and PCK
SOAP
Adapter Engine and PCK
Mail
Adapter Engine
RNIF 2.0
Adapter Engine
RNIF1.1/CIDX
Adapter Engine
IIly
Signature
X
X
X
X
X
Non-repudiation of origin
X
X
(Web service security)
X
X
Non-repudiation of receipt
X
X
X
Encryption
X
X
X
X
Technology
Web service security (XML signature)
Signed parts are the SAP main header, the SAP manifest, and the payloads (SOAP attachments).
Encrypted parts are the payloads (SOAP attachments).
S/MIME or
Web service security (XML signature)
The SOAP body is signed.
S/MIME
S/MIME
PKCS#7
XI 3.0 is the XI protocol valid for both SAP NetWeaver ´04 and SAP NetWeaver 7.0.
Message-level security is not guaranteed across the entire communication path of a message, but only for the intended B2B connections, which can be the following communication paths, as described under Service Users for Message Exchange.
●      XI protocol
○       (s4) Integration Server to Integration Server, PCK to Integration Server
○       (r4) Integration Server to Integration Server, Integration Server to PCK
●      SOAP protocol
○       (s3) SOAP sender to Adapter Engine or PCK
○       (r3) Adapter Engine or PCK to SOAP receiver
●      Mail protocols
○       (s3) Mail server to Adapter Engine or PCK (IMAP4/POP3)
○       (r3) Adapter Engine or PCK to mail server (IMAP4/SMTP)
●      RNIF and CIDX protocol
○       (s3) RNIF or CIDX sender to Adapter Engine
○       (r3) Adapter Engine to RNIF or CIDX receiver
You define whether and how message-level security is to be applied to messages in the Integration Directory by using sender agreements on the inbound (sender) side in scenarios (s3) and (s4) and by using receiver agreements on the outbound (receiver) side in scenarios (r3) and (r4). For more information about configuring message-level security, see Security Configuration at Message Level.
Message-level security relies on public and private x.509 certificates maintained in the J2EE keystore, where each certificate is identified by its alias name and the keystore view where it is stored. Certificates are used in the following situations:
●      When signing a message, the sender signs it with its private key and attaches its certificate containing the public key to the message.
The receiver then verifies the digital signature of the message with the senderu2019s certificate attached to the message. There are two alternative trust models to verify the authenticity of the senderu2019s public certificate:
○       In the direct trust model, the signeru2019s public key certificate is compared with the locally maintained, expected public key certificate of the partner. Therefore, the direct trust model requires offline exchange of public key certificates, which can be self-signed or issued by a CA.
○       In the hierarchical trust model, the signeru2019s public key certificate is validated by a locally maintained public certificate of the CA that issued the signeru2019s public certificate. In addition, the subject name and the issuer of the signeru2019s certificate is compared with the expected partneru2019s identity configured in a receiver agreement on the receiver side.
Generally, the hierarchical trust model enables chains of certificates attached to the message. The XI 3.0 message format, however, does not support such chains; the certificate used for signing has to be signed by a root CA.
In the hierarchical trust model, the sender and the receiver only need to agree upon the CA and the subject name that the sender has used in its certificate.
The following trust models are supported:
○       The RNIF and CIDX adapters support both a direct and a single-level hierarchical trust models.
○       The XI protocol and the SOAP adapter (with Web service security) only support a single-level hierarchical trust model.
○       The Mail adapter and the SOAP adapter (with S/MIME) support a multi-level hierarchical trust model.
●      When encrypting a message, the sender encrypts with the public key of the receiver (also verifying the correctness of the receiveru2019s certificate by using the public key of the certificateu2019s root CA).
The receiver decrypts with its private key certificate.
For more information about the certificate store, see Certificate Store.
Whenever a message is signed, the receiver archives the signed messages for non-repudiation purposes. See Archiving Secured Messages.
reg,
suresh

Message Level Security and Performance

Hi All,
Does the implementation of Message Level security features Like SSL and Encryption degrade the performance of the server in Processing the messages ?
regards,
Rahul

Encryption related performance issue is purely related to size of messages.
In my opinion, SSL wouldnt affect the performance for large messages. SSL will take its usual time for checking for security.
And the volume and size could anytime affect the performance
Regards,
Prateek

Message Level Security in FTPS

Hi ,
Did File Adapter with FTPS will provide the Message Level Security ?
And What is the Exact Difference Between FTPS for Control Connection and FTPS for Control and Data Connection .
What is the Significance of Use X.509 Certificate for Client Authentication check box. If we check it what will happen r if we dont what will happen ?
Thanks.
Anitha.

>
Anitha SAP wrote:
> Hi Rajesh,
>
> I have to use only FTPS. Because my client is suggesting that only. Isn't possible using FTPS ?
> And Tell me The Difference Between FTPS for Control Connection and FTPS and Control and Data Connection .
> Neccesity of Public key certificate from FTP Sever?
>
> Thanks.
> Anitha.
PI supports FTPS. you can use the File adapter for the same.
The basic difference when we talk about FTPS for Control Connection* and FTPS and Control and Data Connection is that in case of FTPS and Control and Data Connection, you data is also encrypted. Else the connection is secure but the data level encryption will not be active
FTPS works with Certificates and hence the need for the same

Calling secured webservice from java

Hi Experts,
I am trying to call a secured webservice from java.
I got the code to call a non secured web service in java.
What changes do i need to do in this to call a secured webservice.
Please help me.
Thank you
Regards
Gayaz
calling unsecured webservice
package wscall1;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.StringBufferInputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.Writer;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.Permission;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.serialize.OutputFormat;
import org.apache.xml.serialize.XMLSerializer;
import org.w3c.css.sac.InputSource;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
public class WSCall2 {
public WSCall2() {
super();
public static void main(String[] args) {
try {
WSCall2 ss = new WSCall2();
System.out.println(ss.getWeather("Atlanta"));
} catch (Exception e) {
e.printStackTrace();
public String getWeather(String city) throws MalformedURLException, IOException {
//Code to make a webservice HTTP request
String responseString = "";
String outputString = "";
String wsURL = "https://ewm52rdv:25100/Saws/SawsService";
URL url = new URL(wsURL);
URLConnection connection = url.openConnection();
HttpURLConnection httpConn = (HttpURLConnection)connection;
ByteArrayOutputStream bout = new ByteArrayOutputStream();
//Permission p= httpConn.getPermission();
String xmlInput =
"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ser=\"http://www.ventyx.com/ServiceSuite\">\n" +
" <soapenv:Header>\n" +
"     <soapenv:Security>\n" +
" <soapenv:UsernameToken>\n" +
" <soapenv:Username>sawsuser</soapenv:Username>\n" +
" <soapenv:Password>sawsuser1</soapenv:Password>\n" +
" </soapenv:UsernameToken>\n" +
" </soapenv:Security>" + "</soapenv:Header>" + " <soapenv:Body>\n" +
" <ser:GetUser>\n" +
" <request><![CDATA[<?xml version=\"1.0\" encoding=\"UTF-8\"?> \n" +
            "                        <GetUser xmlns=\"http://www.ventyx.com/ServiceSuite\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" +
            "                        <UserId>rs24363t</UserId>\n" +
            "                        </GetUser>]]>\n" +
" </request>\n" +
" </ser:GetUser>\n" +
" </soapenv:Body>\n" +
"</soapenv:Envelope>";
byte[] buffer = new byte[xmlInput.length()];
buffer = xmlInput.getBytes();
bout.write(buffer);
byte[] b = bout.toByteArray();
String SOAPAction = "GetUser";
// Set the appropriate HTTP parameters.
httpConn.setRequestProperty("Content-Length", String.valueOf(b.length));
httpConn.setRequestProperty("Content-Type", "text/xml; charset=utf-8");
httpConn.setRequestProperty("SOAPAction", SOAPAction);
// System.out.println( "opening service for [" + httpConn.getURL() + "]" );
httpConn.setRequestMethod("POST");
httpConn.setDoOutput(true);
httpConn.setDoInput(true);
OutputStream out = httpConn.getOutputStream();
//Write the content of the request to the outputstream of the HTTP Connection.
out.write(b);
out.close();
//Ready with sending the request.
//Read the response.
InputStreamReader isr = new InputStreamReader(httpConn.getInputStream());
BufferedReader in = new BufferedReader(isr);
//Write the SOAP message response to a String.
while ((responseString = in.readLine()) != null) {
outputString = outputString + responseString;
//Parse the String output to a org.w3c.dom.Document and be able to reach every node with the org.w3c.dom API.
Document document = parseXmlFile(outputString);
NodeList nodeLst = document.getElementsByTagName("User");
String weatherResult = nodeLst.item(0).getTextContent();
System.out.println("Weather: " + weatherResult);
//Write the SOAP message formatted to the console.
String formattedSOAPResponse = formatXML(outputString);
System.out.println(formattedSOAPResponse);
return weatherResult;
public String formatXML(String unformattedXml) {
try {
Document document = parseXmlFile(unformattedXml);
OutputFormat format = new OutputFormat(document);
format.setIndenting(true);
format.setIndent(3);
format.setOmitXMLDeclaration(true);
Writer out = new StringWriter();
XMLSerializer serializer = new XMLSerializer(out, format);
serializer.serialize(document);
return out.toString();
} catch (IOException e) {
throw new RuntimeException(e);
private Document parseXmlFile(String in) {
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
InputSource is = new InputSource(new StringReader(in));
InputStream ins = new StringBufferInputStream(in);
return db.parse(ins);
} catch (ParserConfigurationException e) {
throw new RuntimeException(e);
} catch (SAXException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (Exception e) {
throw new RuntimeException(e);
static {
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
if (hostname.equals("ewm52rdv")) {
return true;
return false;
}

Gayaz wrote:
What we are trying is we are invoking webservice by passing SOAP request and we will get soap response back.I understand what you're trying to do, the problem is with tools you're using it will take a while for you do anything a little away from the trivial... Using string concatenation and URL connection and HTTP post to call webservices is like to use a hand drill... It may work well to go through soft wood, but it will take a lot of effort against a concrete wall...
JAX-WS and JAXB and annotations will do everything for you in a couple of lines and IMHO you will take longer to figure out how to do everything by hand than to learn those technologies... they are standard java, no need to add any additional jars...
That's my thought, hope it helps...
Cheers,
Vlad

Calling A Secured webservice using Username and password in the Soap header

I want to call a secured webservice.
The Username and password should be sent with the payload in the SOAP Header
as
<wsse:Security S:mustunderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="SecurityToken-XXXXXXXXXXXXXXXXXXXXXXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>uname</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Can you please send me the steps?
I tried with giving the username and password under Service Account.
I tried to create a wspolicy under business service. But nothing works...
Please help me at the earliest.
Also please give me steps in sequence.

Now i made sure that the endpoint is available!
Now am getting this error:
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>BEA-380002: localhost1</faultstring>
<detail>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380002</con:errorCode>
<con:reason>localhost1</con:reason>
<con:location>
<con:node>RouteNode1</con:node>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
</detail>
</soapenv:Fault>
Also in the invocation trace i can observe the following things:
Under Invocation Trace:-
========================
     Receiving request =====> Initial Message context
     ===============================================
     under added header:-
     ==================
     <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
     </soap:Header>
     under RouteNode1
================
     Route to "TargetMyService_BS"
$header (request):-
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
Under Message Context changes:-
*===============================*
I can find this element also:-
con:security>
*<con:doOutboundWss>false</con:doOutboundWss>*
*</con:security>*
eventhough we enabled ws security, how the above tag can be false?
I think its getting failed to populate the header with the required login credentials.
The other doubt i have is:-
=================
I have chosen the service account type is static...is this right?

Securing WebService with Basic Security Profile

Hi,
I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

Hi,
I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

Invoking a message-level secured webservice WS Security

Similar Messages

Maybe you are looking for