J2EE SOAP Authentication

Similar Messages

• J2EE Basic Authentication 설정 방법(inbound)

  BPEL PM Admin Guide를 따라 해봤는데 잘 안되서 글올립니다.
  가이드 1-8 ~ 1-10에 있는 내용을 참고 하여
  1. user 생성
  java -Xbootclasspath/a:..\..\bpel\lib\orabpel-boot.jar -jar ..\home\jazn.jar -user oc4jadmin -password welcome1 -adduser jazn.com jsmith jsmith
  java -Xbootclasspath/a:..\..\bpel\lib\orabpel-boot.jar -jar ..\home\jazn.jar -user oc4jadmin -password welcome1 -addrole jazn.com jsmithrole
  java -Xbootclasspath/a:..\..\bpel\lib\orabpel-boot.jar -jar ..\home\jazn.jar -user oc4jadmin -password welcome1 -grantrole jsmithrole jazn.com jsmith
  2. <SOA_Oracle_Home>\j2ee\oc4j_soa\applications\orabpel\META-INF\orion-application.xml 수정
  <security-role-mapping name="jsmithrole">
  <group name=" jsmithrole" />
  </security-role-mapping>
  3. <SOA_Oracle_Home>\j2ee\oc4j_soa\applications\orabpel\startupWEB-INF\web.xml 수정
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Default Domain Pages</web-resource-name>
  <description>These pages are only accessible by authenticated
  users.</description>
  <url-pattern>*/orabpel/default/HelloWorld/1.0</url-pattern>
  <url-pattern>*/orabpel/default/HelloSecureWorld/1.0</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>jsmithrole</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>jazn.com</realm-name>
  </login-config>
  <security-role>
  <description>BPEL PM User</description>
  <role-name>jsmithrole</role-name>
  </security-role>
  4. HelloWorld BPEL Process 에 configration propertiy 추가
  <configurations>
  <property name="role" encryption="plaintext">jsmithrole</property>
  </configurations>
  이렇게 했는데... basic header에 username/password 설정을 하지 않고 호출을 해도 정상적으로 실행이 됩니다.
  어떻게 해야하는지 알려주세요.
  OS : win2k3
  version : 10.1.3.3.1 ( 적용 패치 : 6492514 BPEL Process Manager: Patch TRACKING BUG: 10.1.3.3.1 BUNDLE PATCH )

  Log에 에러가 없었다면 설정값이 잘 못된 것은 아니라고 생각됩니다.
  다만 설정하신 값들에 나타난 디렉토리 내용을 보니 시스템 설치는 AS middle tier type의 install을 하신 것 같은데 설정 방법은 developer type installation형태의 J2EE Basic authentication설정을 하신 것 같습니다.
  Middle tier install의 경우에는 AS control에서 설정을 해주셔야 합니다.
  작업하신 내역 중에 3번에 해당하는 내용은 AS Control에서 HelloWorld process의 basic authentication을 설정하는 방법은
  oc4j_soa > Application:orabpel > Web Service:HelloWorldPort 를 선택하고, Administration 탭에서 Enble/Disable Features버튼으로 Security Feature를 Enable시키신 후에 oc4j_soa > orabpel > Web Service:HelloWorldPort > Eidti Security Configuration에서 Inbound/Outbound Policies를 설정하시면 됩니다.
  그림으로 잘 설명되어 있는 문서를 찾아보긴했는데 아직 찾지 못했습니다. 나중에라도 구하게 되면 공유해드리도록 하겠습니다.

• Sender SOAP Authentication

  Hi All,
  We are having a scenario with SOAP adapter on the sender side and RFC adapter on the receiver side . The BAPI in the external SAP system is exposed as webservice through this interface .
  When we are trying to invoke this webservice through an external program its asking for userid and password to get into the XI system . (The external program that we are using is the JAX RPC sprng framework).
  I know that its possible to remove this basic authentication after modifying in the sda file. But we don't want to do that . Infact we would like to supply the username and password from the external program .
  Is there any way to do that.
  Are there any tweaks while creating the wsdl file so that it won't ask for the userid and password? Any extra tags to be included in the WSDL document ?
  Hoping to get a reply.
  Thanks & Regards,
  Rahul.
  Edited by: Rahul Thunoli on Apr 11, 2008 8:36 PM

  Hi,
  Check this link..  Soap to RFC
  configure SOAP to RFC scenario without secure channel
  For that chose "Https without client authentication" as an option while configuring communication channel in ID.
  Regards,
  Srini

• SOAP Authentication.

  Hi All:
  I created SOAP to SOAP Scenario and sending message using WD application for testing.
  Now can I disable the Authentication of PI  while sending a message to SOAP adapter?
  Regards,
  Farooq

  Hi,
  I dont think this is possible.
  User id authentication is SOAP Adapter Component level ie. Service User level right ?
  Refer SAP Note- 856597
  http://help.sap.com/saphelp_nw2004s/helpdata/en/fc/5ad93f130f9215e10000000a155106/frameset.htm
  Regards.,
  Divya

• How to implement complicated J2ee & Web authentication?

  My web (j2ee) application requires some complex login mechanism. Specifically:
  1. User must change the default password when they first login.
  2. Session time is 30 mins. User is prompted to login to continue the current work.
  3. User must change password for every 3 months.
  It seems it is absolutly impossible to adapt Oc4j build-in authentication mech to reach this purpose. We thought to use filters. However, not only do we have to write all the security stuff, but also we have difficult to reach the purpose 2.
  Any idea will be helpful.
  Zhou

  hi zhou,
  i dont have a perfect solution for your problem. just a suggestion ...
  any app server's built in authentication mechanism does not support all the flexibility you mentioned.
  for session time out mention the <session-timeout> in the <session-config> of your web.xml. for purpose 1 and 3 you need to write some application level program to handle this.(or a filter??)
  so you can still use the authentication mechanism of the appserver and deligate the extra work to the filter or other mechanism.
  hope this helps ....
  shrini

• J2ee runclient authentication

  Hi,
  I'm creating my first EJB application (for the J2EE server), using the examples from the book Mastering Enterprise JavaBeans (2nd Ed), which by the way is a very good book for understanding the basics, and I'm up to running the client, locally to the server. I have the session bean deployed and the server running and when I run the runclient script, it asks for a username and password. I have read somewhere that this should be "guest","guest123", but this doesn't work (it throws:
  Application threw an exception:java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write).)
  Also, I've checked that the deployment settings for the security of the EJB support the client's choice of authentication. I have even tried adding a new user and restarting the server, but no luck. Any advice? Am I missing something obvious?
  Pam

  I encountered the exact same problem running on Win2K. The fix is to edit the security policy file used by runclient.bat.
  The file to change is in [ J2EE HOME ]/lib/security/client.policy. It has a line that reads
  permission java.util.PropertyPermission "*", "read";This should be changed to
  permission java.util.PropertyPermission "*", "read,write";

• SOAP AUthentication not working

  Hi Experts,
  I have a scenario in which the data is picked from a file location and then the SOAP receiver CC posts the data to a sharepoint portal.
  The issue I am facing is that when the portal guys allow anonymous login, my data reaches the portal but when they give authorisation to a particular user, the data fails with unauthorisation error.
  I have tried all the forums and blogs but was unable to solve this issue. I even tried the transform bean in the module tab of the CC but the error still remains.
  Can anyone suggest a work around which I can use in order to make the scenario working?

  Hi
  The issue I am facing is that when the portal guys allow anonymous login, my data reaches the portal but when they give authorisation to a particular user, the data fails with unauthorisation error.
  -->You are getting the error when the portal guys are restricted to particular user.For that try with the ASSIGNED USERS in the Sender Agreement in your ID.I am not sure about this but try with that and also refer the Following thread  which explains clearly about the ASSIGNED USERS .
  Re: SQL to ORACLE
  Thanks

• AM 7.1 patch1 + GlassFish 9.1_02 + J2EE Agent authentication problem

  I've AM 7.1 running on SJS AS 9.1_02 on one host, and I want to protect a portal application also running on SJS AS 9.1_02, but on a different host.
  I did have any problem/error when installing the J2EE agent
  I can authenticate with any user to my user realm in AM, I think it's well configured but I try to connect to my portal, I get the following error in the browser:
  javax.servlet.ServletException: PWC1243: Filter execution threw an exception
  java.lang.NoClassDefFoundError
  The agent log file doesn't have anything special
  The application server server.log file contains the following error:
  [#|2008-08-22T17:07:10.892+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.container.web|_ThreadID=16;_ThreadName=httpSSLWorkerThread-8080-1;_RequestID=7
  79200cb-b4d7-4e4a-a25b-c68f2c2253d4;|StandardWrapperValve[jsp]: PWC1406: Servlet.service() for servlet jsp threw exception
  java.lang.NoClassDefFoundError
  at com.sun.identity.agents.filter.URLPolicyTaskHandler.initialize(URLPolicyTaskHandler.java:63)
  I've checked the application server CLASSPATH, and it looks fine since it contains, among others, the agent.jar file .
  So, I don't understand where's the problem. Any idea ?

  No direct solution found.
  The ClassNotFound exception actually seemed to be a side effect rather than the real origin of the problem.
  I found a workaround by uninstalling the whole J2EE agent software and using instead an embedded feature
  of the application to protect, enabling some kind of OpenSSO client module.

• Is in PI7.1 possible asynchronous communication between SOAP and ABAPProxy?

  Hi,
  when method execute_asynchronous has disapeared since XI/PI 7.1, is
  there still way how to use ABAP proxy in asynchronous way?
  We need to build asynchronous connection SOAP->PI->ABAP_Proxy.
  In PI, both interfaces are defined as asynchronous (outbound for SOAP and
  inbound for ABAP Proxy).
  Despite of this fact, when message is sent, it is processed
  synchronous way.
  I have set breakpoint in my implementation of method for ABAP Proxy
  message processing. When message is sent and breakpoint is reached,
  whole connection stays open (between SOAP and PI and between PI and
  ABAP Proxy) and waits for processing method (the breakpointed one) to
  return. Only when processing method returns, is connection finelly
  closed.
  If i understand it correctly, this is synchronous behavior. In
  asynchronous behavior, as i understand it, should be connection
  between PI and ABAP Proxy of application server closed immediately
  after message has been delivered. This mean before my processing
  method is even called.
  The same could be said about SOAP and PI communication. Connection
  should be closed immediately after PI has received message. From
  definition of asynchronous communication of PI is obvious, that PI
  should receive message correctly and close connection to sender system
  even when receiver is unreachable. It should deliver message later
  when, receiver system is back on line. So why it keeps connection to
  sender system open while it waits for receiver?
  Why is this happening, when both interfaces are defined as
  asynchronous? Could be the reason for this, if APPLICATION
  ACKNOWLEDGEMENT is set on by default? If so, how can i change it
  to SYSTEM ACKNOWLEDGEMENT, or disable it at all?
  Or is this kind of asynchronous communication even possible since
  XI/PI 7.1 ?
  Processing of message we are sending can take some time, so we dont
  want connection pending open while waiting for finish of
  processing. Thats the reason why we have chose asynchronous model to
  use.

  Quote from How to Use the J2EE SOAP Adapter:
  "If you select Best Effort, the Web service client will receive a response
  message in the SOAP body. Otherwise, the Web service client will not receive a
  response message if no error occurs."
  "if no error occurs" - that is the problem. In either case he still
  waits if some error occure or not. I dont want it. Once PI has
  received message, I want the connection with sender to be closed. If
  there will be error in communication between PI and reciever, I want
  to see it only in PI log. That mean no notification to sender to be
  send about that error.
  Is that possible?

• Error with SOAP Request to calendar web service

  Hi
  I'm sending the following SOAP request to a calendar web service to create an appointment in the calendar. The response returns what seems to be a syntax error ("The Create method did not have a proper element in the request") but I can't see the cause of the fault. Any suggestions on what it may be? It's an 11g DB.
  Many thanks
  -x-POST-x-
  POST /ocws-bin/ocas.fcgi HTTP/1.0
  Content-Type: text/xml; charset="utf-8"
  Content-Length: 993
  SOAPAction: SOAPAction: "http://www.oracle.com/WebServices/Calendaring/1.0/Create"
  Connection: close
  <SOAP-ENV:Envelope
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header><auth:BasicAuth xmlns:auth="http://soap-authentication.org/2002/01/">
  <Name>CalendarName</Name><Password>CalendarPassword</Password>
  </auth:BasicAuth> </SOAP-ENV:Header>
  <SOAP-ENV:Body><cwsl:Create xmlns:cwsl="http://www.oracle.com/WebServices/Calendaring/1.0/"><CmdId>ITS APPOINTMENT</CmdId><iCalendar>
  <vcalendar prodid="-//Oracle//Calendaring//Calendarlet//EN" version="2.0">
  <vevent><class>PUBLIC</class>
  <description>Calendar Body</description>
  <dtstart value="DATE-TIME">20102905T120000</dtstart>
  <duration>P00DT0H30M00S</duration>
  <location>Location of user</location>
  <summary>Incident ID - (name of user])</summary>
  <uid>XGjRVnpReQALNsILlBlvcyXGCoUyXF</uid>
  <x-oracle-eventtype>APPOINTMENT</x-oracle-eventtype>
  <priority>5</priority>
  </vevent>
  </vcalendar>
  </iCalendar></cwsl:Create></SOAP-ENV:Body></SOAP-ENV:Envelope>
  -x-RESPONSE-x-
  HTTP/1.1 500 Internal Server Error
  Date: Thu, 27 May 2010 08:22:16 GMT
  Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.6
  OCAS-ProcTime: 407
  Connection: close
  Content-Type: text/xml; charset=utf-8
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <soap:Body>
  <soap:Fault>
  <faultcode>soap:Server.Error::System::SOAPRequest</faultcode>
  <faultstring>The Create method did not have a proper element in the request</faultstring>
  <detail>
  <cwsl:Error xmlns:cwsl="http://www.oracle.com/WebServices/Calendaring/1.0/">
  <Class>Error::System::SOAPRequest</Class>
  <Code>0020-00-00-00000034</Code>
  <Line>3180</Line>
  <FileName>SOAPRequestHandler.cpp,v</FileName>
  <Version>1.57</Version>
  <LastMod>2007/05/30 21:13:25</LastMod>
  <Author>pscattol</Author>
  <Date>Thu May 27 09:22:16 2010</Date>
  <PID>26152</PID>
  <TID>3044838304</TID>
  <Level>Error</Level>
  </cwsl:Error>
  </detail>
  </soap:Fault>
  </soap:Body>
  </soap:Envelope>

  Hi,
  I am having problem using dii client, while sending a
  request to c# webservice. error follows
  QName QNAME_TYPE_STRING = new QName(NS_XSD,
  "string");
  call.setReturnType(QNAME_TYPE_STRING);
  call.setOperationName(new QName(BODY_NAMESPACE_VALUE,
  "GetDetails"));
  call.addParameter("String_1", QNAME_TYPE_STRING,
  ParameterMode.IN);Do you need another call to addParameter here?
  String[] params = { "02", "2004" };
  String result = (String)call.invoke(params);

• Disable J2EE Local Auth Task Handler in policy agent 2.2

  Hi,
  Is there a way of disabling the j2ee local authentication handler for a policy agent 2.2 running in filter mode ALL ?
  If not, is there a way to configure local authentication without session-binding? I am specially interested in the agent for WebLogic Server 8.1.
  Thanks,
  Andrei Dumitru

  Hi,
  Is there a way of disabling the j2ee local authentication handler for a policy agent 2.2 running in filter mode ALL ?
  If not, is there a way to configure local authentication without session-binding? I am specially interested in the agent for WebLogic Server 8.1.
  Thanks,
  Andrei Dumitru

• Hard to understand 'header mapping' and 'principal propagation'  in soap

  when i use soap adapter i meet two interesting field, 'header mapping' and 'principal propagation '
  so does any one of you may tell me
  what does it mean by header mapping in receiver agreement?
  what does it mean by principal propagation properies in sender agreement ?
  Thanks a lot!!!
  Jeff

  Hi,
  Please, familiarize yourself with this doc: [How To … Use the J2EE SOAP Adapter|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40611dd6-e66e-2910-f383-e80fb44f9cd4]. Especially, the chapter 4.4.
  Regards,
  Jakub

• Basic Authentication with Web Service

  Hello,
  I am running S1AS7 on window XP. I have deployed the sample/jaxrpc/simple with basic authentication enabled. I have also changed to Client.java to set the USERNAME and PASSWORD (ie: stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "j2ee");
  Once I have deployed the war file and run the client, I got access denied exception.
  I have checked the s1as7 log and here is the details:
  FINE: Logging in user [j2ee] into realm: file using JAAS module: fileRealm
  FINEST: Login module initialized: class com.iplanet.ias.security.auth.login.File
  LoginModule
  FINEST: File login succeeded for: j2ee
  FINEST: JAAS login complete.
  FINEST: JAAS authentication committed.
  FINE: Password login succeeded for : j2ee
  FINE: Set security context as user: j2ee
  FINE: Authenticator[jaxrpc-simple]: Authenticated 'j2ee' with type 'BASIC'
  FINE: SingleSignOn[server1]: Registering sso id '193F1461E0D9B982E6B4055C0134076
  9' for user 'j2ee' with auth type 'BASIC'
  FINE: Authenticator[jaxrpc-simple]: Calling accessControl()
  FINEST: PRINCIPAL : j2ee hasRole?: staffmember
  FINEST: PRINCIPAL TABLE: {}
  FINE: Authenticator[jaxrpc-simple]: Failed accessControl() test
  Please notice that the authentication worked, but the PRINCIPAL TABLE is null!!!! If I run the basic authentication sample, i can see from the log the PRINCIPAL TABLE is (...staff=[staffmember], j2ee=[staffmember],.....)
  so somehow the app server treats the two sample differently with the same user id (j2ee/password)
  any comments?
  thanks..

  Hello,
  I am running S1AS7 on window XP. I have deployed the
  sample/jaxrpc/simple with basic authentication
  enabled. I have also changed to Client.java to set
  the USERNAME and PASSWORD (ie:
  stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY
  "j2ee");
  Once I have deployed the war file and run the client,
  I got access denied exception.
  I have checked the s1as7 log and here is the
  details:
  FINE: Logging in user [j2ee] into realm: file using
  JAAS module: fileRealm
  FINEST: Login module initialized: class
  com.iplanet.ias.security.auth.login.File
  LoginModule
  FINEST: File login succeeded for: j2ee
  FINEST: JAAS login complete.
  FINEST: JAAS authentication committed.
  FINE: Password login succeeded for : j2ee
  FINE: Set security context as user: j2ee
  FINE: Authenticator[jaxrpc-simple]: Authenticated
  'j2ee' with type 'BASIC'
  FINE: SingleSignOn[server1]: Registering sso id
  '193F1461E0D9B982E6B4055C0134076
  9' for user 'j2ee' with auth type 'BASIC'
  FINE: Authenticator[jaxrpc-simple]: Calling
  accessControl()
  FINEST: PRINCIPAL : j2ee hasRole?: staffmember
  FINEST: PRINCIPAL TABLE: {}
  FINE: Authenticator[jaxrpc-simple]: Failed
  accessControl() test
  Please notice that the authentication worked, but the
  PRINCIPAL TABLE is null!!!! If I run the basic
  authentication sample, i can see from the log the
  PRINCIPAL TABLE is (...staff=[staffmember],
  j2ee=[staffmember],.....)
  so somehow the app server treats the two sample
  differently with the same user id (j2ee/password)
  any comments?
  thanks..
  One more thing, here is my web.xml file:
  <web-app>
  <display-name>Hello World Application</display-name>
  <description>A web application containing a simple JAX-RPC endpoint</description>
  <session-config>
  <session-timeout>60</session-timeout>
  </session-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>basic secuity test</web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>POST</http-method>
       <http-method>GET</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>staffmember</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>basic-file</realm-name>
  </login-config>
  </web-app>

• Authentication Messages - Locked User, Expired Password etc...

  In standard Servlet Security, when using the container authentication mechanism ( using j_security_check) ..., the only responses one can send to the end user are the un-authorized page and the not authenticated message.
  There is so much advancement in every other area, but none in this particular area to have a mechanism to send authentication failure error messages for specific cases like the one shown in the title.
  Is there any standard pattern that will use Container Managed security to display such error messages.
  Any pointers will be great.
  Vijay

  We can use other login mechanisms, but the problem is that the so called J2EE Pluggable Authentication Realms (or Providers or Domains or Registries) only use the j_security_check mechanism to authenticate users.
  So the end result is a very primitive mechanism.
  So I was looking for some pointers on a JSR which is dealing with this or somebody who has a pattern to circumvent this problem.
  Thanks for the info.
  Any other pointers, anyone.
  Vijay

• XML file is not being displayed in browser? Why?

  Hi all!
  I have a secnario file->XI->J2EE appl.
  I am using  File sender adapter and HTTP Receiver adapter.
  I placed XML file in D:\somedir of my machine, it is picking up well by XI, <b>all i want to know is how XI sends this XML file to my J2EE Appl.</b>Because my servlet should display the same XML file in browser. I deployed my J2EE appl on weblogic application server9.0 I am getting the following error:
  The XML page cannot be displayed
  Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later.
  XML document must have a top level element. Error processing resource 'http://localhost:7001/Invoke/DisplayRes'.
  These are settings that i have given in my Receiver HTTP adapter:
  Aadapter Type: HTTP
                     Receiver
  Transport Protocol:  HTTP1.0
  Message Protocol:    XI payload in HTTP body
  Adapter Engine:      Integration Server
  Addressing Type:     URL address
  Target host:         localhost
  Service Number:      7001(Port number of Weblogic appl server--where my J2EE appl is deployed).
  Path     :  /Invoke/DisplayRes/(Context path of J2EE appl)
  Authentication Type:Use Logon Data for SAP System
  Content Type: text/xml
  Username:   xiappluser
  password:   xx
  XML code:   UTF-8
  This is my Servlet code:
  public class DisplayRes extends HttpServlet {
       public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
       doPost(request,response);
       public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
       BufferedReader brin =new BufferedReader(new InputStreamReader(request.getInputStream()));
       String inputLine;
       StringBuffer sBuf = new StringBuffer();
       PrintWriter out = response.getWriter();
       response.setContentType("text/xml");
       while ((inputLine = brin.readLine()) != null)
           sBuf.append(inputLine);
             out.println(sBuf.toString());
            brin.close();
           out.flush();
  Where i went wrong please help me,
  NOTE: I want to know how XI sends XML file to my J2EE appl. I suppose my servlet receives it in request object.If so can i use like:
  response.setContentType("text/xml");
    String xmlFile = request.getParameter("myXMLFile");
    PrintWriter out = response.getWriter();
    out.write(xmlFile);
    out.flush();
    out.close();
  Please help me!
  Thanks a lot!

  Hi Datta,
  You seem to have big problem with this scneario as you have raised this question couple of times , in couple of topics / threads. I will try to make a few things about this clear.
  1. XI when sends data to a J2EE application , in your case a servlet, I believe you must be using a HTTP adapter to post the data to it. Whenever XI will post a XML data to a HTTP resource , it will post it as the request body and that is why the code in one of my previous post reads,
  BufferedReader brin =new BufferedReader(new InputStreamReader(request.getInputStream()));
  String inputLine;
  StringBuffer sBuf = new StringBuffer();
  PrintWriter out = response.getWriter();
  response.setContentType("text/xml");
  while ((inputLine = brin.readLine()) != null)
  sBuf.append(inputLine);
  out.println(sBuf.toString());
  brin.close();
  out.flush();
  If you 've noticed, the statement
  request.getInputStream()
  retrieves the body of the request as binary data using a ServletInputStream.
  So your answer to your question is
  <b>XI transferes data to a servlet as a part of HTTP request body</b>, if you use a HTTP adapter.
  2. By J2EE application , if you mean a server java proxy, then the method whose name matches with that of the Inbound Message interface recieves a parameter , from which you can retrieve the parameters passed by XI. Just check the getters of that object.
  Hope this clears your basic doubts!!!
  Rgds,
  Amol