JWSDP 1.6 xws-security Simple fails with "block not properly padded"

Environment:
- Windows 2000
- Tomcat50-jwsdp
- JAVA_HOME=C:/Progra~1/Java/jdk1.5.0_05
- Security environment handler: SecurityEnvironmentHandler.java supplied with JWSDP 1.6 (Hello, Ron!)
I get the following in the Tomcat Window:
==== Received Message End ====
Nov 13, 2005 10:38:56 AM com.sun.org.apache.xml.internal.security.encryption.XMLCipher decryptKey
INFO: Decryption of key type http://www.w3.org/2001/04/xmlenc#tripledes-cbc OK
Nov 13, 2005 10:38:56 AM com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor decryptElementWithCipher
SEVERE: WSS_ENC0004: Exception [ Given final block not properly padded ] while trying to decrypt message
Nov 13, 2005 10:38:56 AM com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Sending Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/enco
ding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.or
g/2001/XMLSchema-instance">
<env:Body>
<env:Fault>
<faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:Fail
edCheck</faultcode>
<faultstring>Unable to decrypt message</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
==== Sending Message End ====
Please help!
George

Hi, I got the xws-security/samples/simple application
working successfully with my own keystores. I have 2
questions regarding this sample application.
1) When running the application with the
encrypt-server.xml and encrypt-client.xml
configuration, why is it necessary to import the
client's certificate into the server's truststore and
the server's certificate into client's truststore when
their certificates have already been signed by a
trusted root CA (e.g. Verisign), whose certificate is
in both truststores? Shouldn't their certificates
containing their public keys get automatically
exchanged during the connection request? It's a pain
to publish a web service and expect a manual public
certificate import for each client wanting to use the
service.Certificates are sent only when the keyReferenceType is "Direct" which is the default. It's possible that our code is checking the certificate sent with one found in the KeyStore, but a quick scan of the code doesn't show it. If that's what's happening it's a bug. All of the other key reference strategies send only a referece to the sender's certificate in which case the reciever must have a copy of that certificate in its keystore.
2) I use Tomcat to run the sample application and did
set up the SSL connector to point to the keystores.
When the client connects to the server, it uses a
http endpoint not https. I'm aware that htpps is
needed for SSL support but not clear on where does
https come into play during the client's
request/server's response process.We share the SSL keystore so that certificates don't have to be stored in more than one place. The functionality of XWS-Security and SSL is logically the same so it make sense to use the same keystore. XWS-Security operates completely separately from the transport and never knows whether HTTPS is in use or not.
Phil Goodwin
Technical Lead
XWS-Security

Similar Messages

Validation Fails - BadPaddingException: Given final block not property padded

I'm following the Quick-Start Guide step-by-step and get the following message when I run Validator.bat from section "4. Setup & deploy..."
C:\Users\Charles\Desktop\FlashAccess2_0_2\Flash Access Server for Protected Stre
aming>Validator -g -r C:\Tomcat\licenseserver
Validating global deployment ...
        Validating partition deployment - flashaccessserver...
                Validating tenant deployment - flashaccessserver/sampletenant...
javax.crypto.BadPaddingException: Given final block not properly padded
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
        at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13
        at javax.crypto.Cipher.doFinal(DashoA13*..)
        at com.adobe.flashaccess.server.license.configuration.commonsadapter.Scr
ambleUtil.decode(ScrambleUtil.java:83)
        at com.adobe.flashaccess.server.license.configuration.commonsadapter.Scr
ambleUtil.unscramble(ScrambleUtil.java:51)
        at com.adobe.flashaccess.server.license.configuration.commonsadapter.Ten
antConfigurationImpl$CryptographyImpl.readCredentials(TenantConfigurationImpl.ja
va:583)
        at com.adobe.flashaccess.server.license.configuration.commonsadapter.Ten
antConfigurationImpl$CryptographyImpl.<init>(TenantConfigurationImpl.java:516)
        at com.adobe.flashaccess.server.license.configuration.commonsadapter.Ten
antConfigurationImpl.<init>(TenantConfigurationImpl.java:108)
        at com.adobe.flashaccess.server.license.configuration.commonsadapter.Com
monsConfigurationBasedFactory.getTenantConfiguration(CommonsConfigurationBasedFa
ctory.java:89)
        at com.adobe.flashaccess.server.license.tools.Validator.validateTenantDe
ployment(Validator.java:255)
        at com.adobe.flashaccess.server.license.tools.Validator.validatePartitio
nDeployment(Validator.java:283)
        at com.adobe.flashaccess.server.license.tools.Validator.validateGlobalDe
ployment(Validator.java:301)
        at com.adobe.flashaccess.server.license.tools.Validator.process(Validato
r.java:173)
        at com.adobe.flashaccess.server.license.tools.Validator.main(Validator.j
ava:117)
Failed to validate tenant deployment 'flashaccessserver/sampletenant' - null
See log for details:
(C:\Users\Charles\AppData\Local\Temp\temp82526431968521948758558823183500\flasha
ccessserver\flashaccess-partition.log)

Hi Safdar,
It's a very valid question, considering the confusion I had with the different scramblers...
This is what I am using:
For the license server I used the scrambler in "Flash Access Server for Protected Streaming". After passing the parameters directly to the jar (and not as parameters to the batch file) I get the same result on Windows and on Linux. I use this value in flashaccess-tenant.xml on both Windows and Linux and the license servers work correctly on both platforms.
The problems are on the packager. I am using Flash Access Manager running on a windows machine to configure both packagers (the one on Windows and the one on Linux). I have the same certificates installed on both machines. For both configurations I enter the same password, and when I save the configuration both flashaccess-refimpl-packager.properties files show the same scrambled value. However, the packager on Windows works fine, but on Linux I get the BadPaddingException error.
Is this clearer?
Am I worng to assume I can run Flash Access Manager on a windows machine and use it to configure and run a packager on a Linux machine? Is there a way to run the Flash Access Manager on Linux?
Thanks,
- Naomi

Jwsdp-1.4/xws-security/samples/simple/build.xml:108: wsdeploy failed

Hi everyone,
I am trying to deploy the simple sample for xws-security in the JWSDP 1.4 on redhat 9.0, I have done all the configurations as suggested by the tutorial and the readme file in the sample. But when I tried to run the sample by running "asant run-sample", I got a "wsdeploy failed" error. It looks like the following and happened at the "process-war" stage: (The earlier targets including "clean", "prepare", "gen-server", "compile-server", " set-web-inf", "raw-war" etc. work fine).
[snip]
process-war:
[echo] Running wsdeploy...
[wsdeploy] Exception in thread "main" java.lang.NoSuchMethodError: org.apache.xml.dtm.ref.sax2dtm.SAX2DTM.<init>(Lorg/apache/xml/dtm/DTMManager;Ljavax/xml/transform/Source;ILorg/apache/xml/dtm/DTMWSFilter;Lorg/apache/xml/utils/XMLStringFactory;ZIZZ)V
[wsdeploy] at org.apache.xml.dtm.ref.sax2dtm.SAX2DTM2.<init>(SAX2DTM2.java:1901)
[wsdeploy] at org.apache.xalan.xsltc.dom.SAXImpl.<init>(SAXImpl.java:767)
[wsdeploy] at org.apache.xalan.xsltc.dom.XSLTCDTMManager.getDTM(XSLTCDTMManager.java:324)
[wsdeploy] at org.apache.xalan.xsltc.dom.XSLTCDTMManager.getDTM(XSLTCDTMManager.java:267)
[wsdeploy] at org.apache.xalan.xsltc.trax.TransformerImpl.getDOM(TransformerImpl.java:477)
[wsdeploy] at org.apache.xalan.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:637)
[wsdeploy] at org.apache.xalan.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:317)
[wsdeploy] at com.sun.xml.rpc.tools.wsdeploy.DeployTool.defineServletsAndListeners(DeployTool.java:553)
[wsdeploy] at com.sun.xml.rpc.tools.wsdeploy.DeployTool.run(DeployTool.java:255)
[wsdeploy] at com.sun.xml.rpc.util.ToolBase.run(ToolBase.java:43)
[wsdeploy] at com.sun.xml.rpc.tools.wsdeploy.Main.main(Main.java:22)
[wsdeploy] Command invoked: /work/nzw3/SUNWappserver/jdk/jre/bin/java -classpath /work/nzw3/SUNWappserver/lib/endorsed/dom.jar:/work/nzw3/SUNWappserver/lib/endorsed/xercesImpl.jar:/work/nzw3/SUNWappserver/lib/endorsed/xalan.jar:/work/nzw3/SUNWappserver/lib/ant/lib/xercesImpl.jar:/work/nzw3/SUNWappserver/lib/ant/lib/ant.jar:/work/nzw3/SUNWappserver/lib/ant/lib/xml-apis.jar:/work/nzw3/SUNWappserver/lib/ant/lib/optional.jar:/work/nzw3/SUNWappserver/lib/soapprocessor.jar:/work/nzw3/SUNWappserver/lib/jaxr-api.jar:/work/nzw3/SUNWappserver/lib/saaj-api.jar:/work/nzw3/SUNWappserver/lib/activation.jar:/work/nzw3/SUNWappserver/lib/security-plugin.jar:/work/nzw3/SUNWappserver/lib/jaxb-xjc.jar:/work/nzw3/SUNWappserver/lib/jax-qname.jar:/work/nzw3/SUNWappserver/lib/jhall.jar:/work/nzw3/SUNWappserver/lib/xmlsec.jar:/work/nzw3/SUNWappserver/lib/j2ee-svc.jar:/work/nzw3/SUNWappserver/lib/deployment/sun-as-jsr88-dm.jar:/work/nzw3/SUNWappserver/lib/jaxrpc-sec.jar:/work/nzw3/SUNWappserver/lib/mail.jar:/work/nzw3/SUNWappserver/lib/appserv-admin.jar:/work/nzw3/SUNWappserver/lib/jaxb-impl.jar:/work/nzw3/SUNWappserver/lib/appserv-cmp.jar:/work/nzw3/SUNWappserver/lib/appserv-jstl.jar:/work/nzw3/SUNWappserver/lib/jaxb-libs.jar:/work/nzw3/SUNWappserver/lib/jwsdp-tools-lib/jax-qname.jar:/work/nzw3/SUNWappserver/lib/jwsdp-tools-lib/namespace.jar:/work/nzw3/SUNWappserver/lib/jaxr-impl.jar:/work/nzw3/SUNWappserver/lib/xercesImpl.jar:/work/nzw3/SUNWappserver/lib/jaxrpc-spi.jar:/work/nzw3/SUNWappserver/lib/verifier/verifierhelp.jar:/work/nzw3/SUNWappserver/lib/xalan.jar:/work/nzw3/SUNWappserver/lib/appserv-upgrade.jar:/work/nzw3/SUNWappserver/lib/appserv-assemblytool.jar:/work/nzw3/SUNWappserver/lib/deployhelp.jar:/work/nzw3/SUNWappserver/lib/j2ee.jar:/work/nzw3/SUNWappserver/lib/xmldsig.jar:/work/nzw3/SUNWappserver/lib/commons-logging.jar:/work/nzw3/SUNWappserver/lib/saaj-impl.jar:/work/nzw3/SUNWappserver/lib/jaxrpc-impl.jar:/work/nzw3/SUNWappserver/lib/appserv-tags.jar:/work/nzw3/SUNWappserver/lib/appserv-ext.jar:/work/nzw3/SUNWappserver/lib/relaxngDatatype.jar:/work/nzw3/SUNWappserver/lib/admin-cli.jar:/work/nzw3/SUNWappserver/lib/jaxrpc-api.jar:/work/nzw3/SUNWappserver/lib/jsf-api.jar:/work/nzw3/SUNWappserver/lib/jaxb-api.jar:/work/nzw3/SUNWappserver/lib/install/applications/__cp/jdbc.jar:/work/nzw3/SUNWappserver/lib/install/applications/__ds/jdbc.jar:/work/nzw3/SUNWappserver/lib/install/applications/__xa/jdbc.jar:/work/nzw3/SUNWappserver/lib/install/applications/jmsra/imqjmsra.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/admin.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/cc.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/admingui-jsp.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/framework.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/jato.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/admin-en.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/admin-xml.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/framework-en.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/help.jar:/work/nzw3/SUNWappserver/lib/install/applications/samples.jar:/work/nzw3/SUNWappserver/lib/install/applications/com_sun_web_ui/WEB-INF/lib/registrationservlet.jar:/work/nzw3/SUNWappserver/lib/install/applications/jaxr-ra/jaxr-ra.jar:/work/nzw3/SUNWappserver/lib/commons-launcher.jar:/work/nzw3/SUNWappserver/lib/jsf-impl.jar:/work/nzw3/SUNWappserver/lib/sun-appserv-ant.jar:/work/nzw3/SUNWappserver/lib/appserv-rt.jar:/work/nzw3/SUNWappserver/lib/xsdlib.jar:/work/nzw3/j2sdk1.4.2_04/lib/tools.jar com.sun.xml.rpc.tools.wsdeploy.Main -keep -tmpdir /work/nzw3/jwsdp-1.4/xws-security/samples/simple/build/server -o /work/nzw3/jwsdp-1.4/xws-security/samples/simple/dist/securesimple.war /work/nzw3/jwsdp-1.4/xws-security/samples/simple/dist/simple-portable.war
BUILD FAILED
file:/work/nzw3/jwsdp-1.4/xws-security/samples/simple/build.xml:108: wsdeploy failed
If anyone has any idea about this problem, please let me know.
Many thanks,
Jake

Hello again,
I got progress today, but still have some errors for the simple sample in the xws-security . (I am running on Redhat 9.0 and with Sun Java System Application Server 8) Looks like the sending message is ok, but at the receiving message stage, I got the following errors when running "asant run-sample":
[snip]
run-sample:
[echo] Running the simple.TestClient program....
[java] Service URL=http://giga15.ncl.ac.uk:8080/securesimple/Ping
[java] Sep 8, 2004 1:14:19 AM com.sun.xml.wss.filter.DumpFilter process
[java] INFO: ==== Sending Message Start ====
[java] <?xml version="1.0" encoding="UTF-8"?>
[java] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
[java] <env:Header>
[java] <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
[java] <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Id4487442798885738858">MIIFKDCCBBCgAwIBAgICBl4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVUsxETAPBgNVBAoT
[java] CGVTY2llbmNlMRIwEAYDVQQLEwlBdXRob3JpdHkxCzAJBgNVBAMTAkNBMS0wKwYJKoZIhvcNAQkB
[java] Fh5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMudWswHhcNMDQwMjEwMTQzMDUyWhcNMDUwMjA5
[java] MTQzMDUyWjBcMQswCQYDVQQGEwJVSzERMA8GA1UEChMIZVNjaWVuY2UxEjAQBgNVBAsTCU5ld2Nh
[java] c3RsZTEPMA0GA1UEBxMGTkVSZVNDMRUwEwYDVQQDEwxqYWtlIHpoZW5nd3UwgZ8wDQYJKoZIhvcN
[java] AQEBBQADgY0AMIGJAoGBAO7B3texMjuzdA6zT6/F/hx3U4a+iWglhNWptB3JerhHHu7El0HkWky0
[java] 9AzYVKZ7Y3n5qpgmSOe16a2MKySii5ud44DABj+3qkRBzkb/LDgNuF02X/XORbFbuZYEWwCHckZI
[java] xQ50vJpdxJQqLOwrhMP48RXNBzrdXo9iYfcWP5cnAgMBAAGjggJiMIICXjAMBgNVHRMBAf8EAjAA
[java] MBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA+gwLAYJYIZIAYb4QgENBB8WHVVLIGUt
[java] U2NpZW5jZSBVc2VyIENlcnRpZmljYXRlMB0GA1UdDgQWBBRlyb19GkybkmGa6QnQ9fPZ7mQ+NzCB
[java] mgYDVR0jBIGSMIGPgBQCOKsRo5aAiw3TFSsIpY4w2rLaqKF0pHIwcDELMAkGA1UEBhMCVUsxETAP
[java] BgNVBAoTCGVTY2llbmNlMRIwEAYDVQQLEwlBdXRob3JpdHkxCzAJBgNVBAMTAkNBMS0wKwYJKoZI
[java] hvcNAQkBFh5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMudWuCAQAwKQYDVR0SBCIwIIEeY2Et
[java] b3BlcmF0b3JAZ3JpZC1zdXBwb3J0LmFjLnVrMBkGA1UdIAQSMBAwDgYMKwYBBAHZLwEBAQEEMD0G
[java] CWCGSAGG+EIBBAQwFi5odHRwOi8vY2EuZ3JpZC1zdXBwb3J0LmFjLnVrL2NnaS1iaW4vaW1wb3J0
[java] Q1JMMD0GCWCGSAGG+EIBAwQwFi5odHRwOi8vY2EuZ3JpZC1zdXBwb3J0LmFjLnVrL2NnaS1iaW4v
[java] aW1wb3J0Q1JMMDwGCWCGSAGG+EIBBwQvFi1odHRwOi8vY2EtcmVuZXcuZ3JpZC1zdXBwb3J0LmFj
[java] LnVrL3JlbmV3Lmh0bWwwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NhLmdyaWQtc3VwcG9ydC5h
[java] Yy51ay9jZ2ktYmluL2ltcG9ydENSTDANBgkqhkiG9w0BAQQFAAOCAQEAgdN714aoC53Wef9JGaDD
[java] PDJkmgmwVbL8ZuovBpORFsgy2GOPgIdtw15qTQx1NFbsFqW2I7d/9AteeXAk3sUGUODOvq8loeYB
[java] iA+QofduwJ0VWO8TZ0e+7+J3cDQKbsukptRJd2L2W8PeCNPojCRkfiV/nT6BiF5yjh4Ui5e+pWGw
[java] t3oN1qFDZViCFOTiB6Koi0MB+cu47gOEIxBQfP8jTEyf/SSy4RzjI+7C1LpDYCZpO/jqXMb67j9b
[java] KdcmlWhMrzNOyRDM7A11rt5nBMABgRVAJsdBZIDevfKJ/kRGxUHGHqf8Pg+3qK22mNwMN8U2plr7
[java] TgORAx6aOn4EQP2AzA==</wsse:BinarySecurityToken>
[java] <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
[java] <ds:SignedInfo>
[java] <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
[java] <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
[java] <ds:Reference URI="#Id5553294937503469412">
[java] <ds:Transforms>
[java] <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
[java] </ds:Transforms>
[java] <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
[java] <ds:DigestValue>AcRqiIoxfOWauZ/FDnng4D1C5WU=</ds:DigestValue>
[java] </ds:Reference>
[java] </ds:SignedInfo>
[java] <ds:SignatureValue>
[java] omVS7TF+IqESZuMcRdsFfet8INaU4J9Vall1oGaPMRoEkc9xks+YK2ew4nG7hSekITwJrQLx42hH
[java] Vb6HvEdWgsIrjOJslqQILQkYU7qdoptb6OEgY5lHQpjUJaTKNn4krsDXgpwZieQE45Gcu/zuP4eY
[java] v8yMhUwVUE8xHy+6dLs=
[java] </ds:SignatureValue>
[java] <ds:KeyInfo>
[java] <wsse:SecurityTokenReference>
[java] <wsse:Reference URI="#Id4487442798885738858" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
[java] </wsse:SecurityTokenReference>
[java] </ds:KeyInfo>
[java] </ds:Signature>
[java] </wsse:Security>
[java] </env:Header>
[java] <env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id5553294937503469412">
[java] <ns0:Ping>
[java] <ns0:ticket>SUNW</ns0:ticket>
[java] <ns0:text>Hello !</ns0:text>
[java] </ns0:Ping>
[java] </env:Body>
[java] </env:Envelope>
[java] ==== Sending Message End ====
[java] Sep 8, 2004 1:14:23 AM com.sun.xml.wss.filter.DumpFilter process
[java] INFO: ==== Received Message Start ====
[java] <?xml version="1.0" encoding="UTF-8"?>
[java] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
[java] <env:Body>
[java] <env:Fault>
[java] <faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:InvalidSecurityToken</faultcode>
[java] <faultstring>Certificate validation failed</faultstring>
[java] </env:Fault>
[java] </env:Body>
[java] </env:Envelope>
[java] ==== Received Message End ====
[java] Sep 8, 2004 1:14:23 AM com.sun.xml.wss.filter.ProcessSecurityHeaderFilter process
[java] WARNING: Message does not contain wsse:Security header
[java] Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Certificate validation failed
[java] at com.sun.xml.rpc.client.StreamingSender._raiseFault(StreamingSender.java:515)
[java] at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:294)
[java] at simple.PingPort_Stub.ping(PingPort_Stub.java:80)
[java] at simple.TestClient.main(TestClient.java:37)
[java] Java Result: 1
I don't know if I have configured anything wrong. Basically, i just want to sign the outgoing soap message with my own p12 format certificate, hence I have chosen the following in the $JWSDP_HOME/xws-security/samples/simple/build.properties :
client.security.config=config/sign-client.xml
server.security.config=config/dump-server.xml
Also, according to the last section of the jWSDP release notes at http://java.sun.com/webservices/docs/1.4/ReleaseNotes.html#KnownIssues
I added these two changes,
1. In the <jwsdp.home>/xws-security/samples/buildconfig/sjsas-config.xml file, delete the original .... app.classpath element definition and replace it with the following definition:
<path id="app.classpath">
<fileset dir="${sjsas.home}/lib/endorsed">
<include name="dom.jar"/>
</fileset>
<fileset dir="${sjsas.home}/lib">
<include name="*.jar"/>
</fileset>
<fileset dir="${javahome}/lib">
<include name="tools.jar"/>
</fileset>
</path>
2. In the <as.home>/domains/domain1/config/server.policy file, add the following configurations to the server.policy file, for the securesimple sample and pingservice samples, respectively.
// These permissions apply to securesimple webapp grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/securesimple/WEB-INF/-" {
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "modifyPublicCredentials"; permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.x500.X500PrivateCredential * \"*\"","read";
permission java.security.SecurityPermission "putProviderProperty.BC";
Moreover, has the sent message really been signed correctly? how can I tell the message has been signed by my own certificate? I have done the following:
1. In the $JWSDP_HOME/xws-security/samples/simple/config/sign-client.xml, change to
<xwss:SecurityConfiguration
xmlns:xwss="http://com.sun.xml.wss.configuration" dumpMessages="true">
<xwss:Sign/>
</xwss:SecurityConfiguration>
2. In the $JWSDP_HOME/xws-security/samples/simple/config/build.xml, change to something like the following in the run-sample target,
<sysproperty key="javax.net.ssl.keyStore" value="/work/nzw3/jakenew.p12"/>
<sysproperty key="javax.net.ssl.keyStorePassword" value="jake"/>
<sysproperty key="javax.net.ssl.keyStoreType" value="pkcs12"/>
I didn't change anything about truststore.
What was the problem? What have I done wrong?
Many thanks,
Jake

REP-56071: Security check failed with error message: Error code30009 - Gene

REP-56071: Security check failed with error message: Error code30009 - Generic access check failed..
Hello,
I am also receiving the above error - these reports are deployed on our Portal - to which all registered SSO users should have access to.
one more thing...
We obtain the error only when execute under some "load", example: 15 reports running simultaneously.
Tx,
Diego.

I am also facing this problem - I've deployed the reports on the Portal and authenticated users can access the reports.
The problem is that when any authenticated user tries to access the report, on his very first access this error is shown.
REP-56071: Security check failed with error message: Error code30009 - Generic access check failed..
But after the user click on the Personalize link of the portlet and specify the parameters values(which are empty initially) then report runs fine.
Plz let me know the solution as no user will like to see this error message for the first time he opens the report.
Regards.

Security API failed with error 60008

HI, I have been tryng to wrap some files (or something like that) but when I select the files it comes up with an error box saying "security API failed with error 60008" can anyone help me fix this or tell me what it is?

Launch Disk Utility and run Repair Permissions on the startup volume. Try whatever you were doing again. If there's no change, continue as follows.
Triple-click the line below to select it:
/private/tmp
Right-click or control-click the highlighted line and select
Services ▹ Show Info
from the contextual menu.* An Info dialog should open.
Does the dialog show "You can read and write" in the Sharing & Permissions section?
In the General section, is the box labeled Locked checked?
*If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.

REP-56071:Security check failed with error message:No privilege to do oper

Hi
I get the following error when I try to see the job status (..../rwservlet/showjobs?)
REP-56071: Security check failed with error message: No privilege to do the operation
I also get the following error on running any report on this server:
REP-110: Unable to open file 'Test.rdf'.
REP-1070: Error while opening or saving a document.
REP-0110: Unable to open file 'Test.rdf'.
Anyone seen the same issue before?

Fugured it out - had issues with reportserver.conf file.
_*

REP-56071: Security check failed with error message

Hi!
We have an Oracle 9iAS R2 v9.0.2.2 installation on Linux (Red Hat Advanced Server 2.1). We have installed PatchSet 2703110, 2581587 and 2842923.
Oracle9i Reports version is: 9.0.2.2.0
iAS and Infrastructure are on separate hosts.
Trying to run Reports demo test.jsp or test.rdf we get the following message:
javax.servlet.jsp.JspException: REP-56071: Security check failed with error message: Error code30001 - Cannot access the server:rep_dkipcias
In package:wwv_rw_usr function:security_check
Command line is: server=rep_dkipcias report=/repdemo/examples/Tools/test.jsp rundate="29-MAY-03 09:05:01"
Found on Metalink the following Note: 216847.1
This recommends to comment out the security and destination tags in ORACLE_MIDDLETIER_HOME/report/conf/<repserver>.conf file
After commenting them out reports works fine.
BUT
at the end of the note there is a note which states that "Commenting out the security tag removes the integration of the reports server and portal."
We need reports integration with Portal. We need SSO as well.
Could you give any workaround for this problem?
PS.: I have red Note:213171.1, Note:216118.1, http://otn.oracle.com/products/reports/htdocs/getstart/whitepapers/securing9i.pdf and BUG:2645629
None of them gave any solution for the problem
Thanks in advance,
Andras Weintrauth

Hi Jeff,
Q(1): Yes.
(Report Name and Servers tab)
Report Server: REP_DKIPCIAS
Oracle Reports File Name: test.jsp
Execute: as JSP
(Other tabs)
Default values. Unchanged.
Q(2): (Acces Tab of Report Component)
Publish to Portal = checked
Inherit Privileges from Portal DB Provider = checked
(Acces Tab of Report Server Component)
Inherit Privileges from Portal DB Provider = checked
(SSO User)
The user I try to run the report with has the following group assignments:
Privilege Group
PORTAL_ADMINISTRATORS
PORTAL_DEVELOPERS
DBA
PORTLET_PUBLISHERS
Additional Info:
To be more specific: The mentioned security check failure exists outside of Portal as well. Eg. when we try to run the default portal test examples (test.jsp, test.rdf) from the iAS home page Demonstartions tab.
Thank You in advance,
Andras

SQL30082N Security processing failed with reason "15" (PROCESSING FAILURE)

Hi all.
I'm managing the following error during a system copy:
<b>SQL30082N Security processing failed with reason "15" ("PROCESSING FAILURE").
SQLSTATE=08001</b>
Inside the db2diag.log, i have the following message:
<b>2007-10-15-16.44.56.793439+120 I718413554A270     LEVEL: Warning
PID     : 483450               TID : 1
FUNCTION: DB2 Common, Security, Users and Groups, secLogMessage, probe:20
DATA #1 : String, 64 bytes
Password validation for user sapr3 failed with rc = -2146500315</b>
Can anyone help?
Thanks and regards,
Marco.

Hi,
check if the files
$INSTHOME/sqllib/security/db2c?pw
have the correct permissions. They need a SUID bit to root.
If the SUID bit is not set, you can do a
<db2_install_dir>/instance/db2iupdt db2<dbname>
as user root to update your DB2 instance. This will set the permissions correctly.
Regards
               Frank

"Import Price Catalogs" fails with RATE not valid

Importing BLANKET using "Import Price Catalogs" but it fails with Error RATE cannot be null, IF I pass rate it fails with RATE not valid.
CASE#1
po_headers_interface
rate_type: Corporate
Rate: 6.5
rate_date: xx-xx-xxxx ( same as PO creation date)
CASE#2
po_headers_interface
rate_type: NULL
Rate: NULL
rate_date: NULL
PO currency is USD but its a china PO. ORG currency is USD.
Any help is appreciated.
Thanks

RDBMS : 11.1.0.7.0
Oracle Applications : 12.1.2
OS: WIN 7
Log File:
Purchasing: Version : 12.0.0
Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.
POXPDOI module: Import Price Catalogs
Current system time is 13-APR-2011 13:23:43
+-----------------------------
| Starting concurrent program execution...
+-----------------------------
Arguments
Blanket
N
N
APPROVED
N
Y
Start of log messages from FND_FILE
To get the log messages for PDOI, please use the following id to query against FND_LOG_MESSAGES table:
AUDSID = 36565489
End of log messages from FND_FILE
Executing request completion options...
------------- 1) PRINT   -------------
Printing output file.
Request ID : 24725515
Number of copies : 0
Printer : noprint
Finished executing request completion options.
Concurrent request completed successfully
Current system time is 13-APR-2011 13:23:44
---------------------------------------------------------------------------

Patch failing with Class not found: oracle.apps.ad.jri.adjcopy

Hi.
Running a patch today and it is failing with:
Class not found: oracle.apps.ad.jri.adjcopy
The log states this:
STRT_TASK: [Run adjcopy.class] [] [Tue Mar 02 2010 13:18:22]
Running adjcopy.class:
adjava -mx512m -nojit oracle.apps.ad.jri.adjcopy @D:\oracle\testappl\admin\TEST\out\apps.cmd
Error:
Program exited with status 1
Cause: The program terminated, returning status code 1.
adjava -mx512m -nojit oracle.apps.ad.jri.adjcopy @D:\oracle\testappl\admin\TEST\out\apps.cmd
Calling D:\oracle\testcomn\util\jre\1.1.8\bin\jre.exe ...
Class not found: oracle.apps.ad.jri.adjcopy
AD Run Java Command is complete.
D:\oracle\testappl\admin\TEST\out>
I have tried running maually and still no luck.
It is a frteshly cloned environment. Autoconfig has been run successfully.
The only help from Metalink was that I have unzipped the patches in a folfer with space in it. So I renamed folder but still same error.
The patch is 7415848 ATG Framework Patch.
oracle 11.5.10.2, Windows 2003, RDBMS 10.2.
Thanks in advance,
DA
Another thing I tried was to relink, but got the following:
Do you wish to force regeneration of all jar files? [No] ?
Generating any out of date or missing jar files.
Signing product JAR files in JAVA_TOP -
D:\oracle\testcomn\java
using entity Customer and certificate 1.
Class not found: oracle.apps.ad.jri.adjversion
AD Administration error:
aiojavaGetJavaVersion(), ERROR [code= 1] creating javaversionFile.
Error : java version file format not correct
adogjf() Unable to generate jar files under JAVA_TOP
Backing up restart files, if any......Done.
You should check the file
D:\oracle\testappl\admin\TEST\log\adadmin.log
for errors.
D:\oracle\testappl\ad\11.5.0\bin>
Edited by: Dan A on Mar 2, 2010 10:03 AM

Dan,
Please see if these documents are applicable.
Note: 392870.1 - Generate product JAR files aiojavaGetJavaVersion(),ERROR creating javaVersionFile
Note: 264911.1 - adutilities error out aiojavaGetJavaVersion(), Error creating javaversionFile
Regards,
Hussein

Software necessary to communicate with Ipod not properly installed

Hi,
I updated my Itunes software and have been having problems ever since. Every time I connect my Ipod I get the message: "Software necessary to communicate with Ipod not properly installed. Reinstall Itunes..." After I click Ok it goes to Itunes but it does not recognized the Ipod. Now I have reinstalled several times and even downgraded to a previous Itunes version but keep getting the same error. Even though I don't know if this has anything to do with it, yesterday I noticed that I cannot watch any YouTube videos either, i get the error: "Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player. Get the latest Flash player" Any help would be highly appreciated!

A lot of users are getting this. See 'can not open iTunes' obove this in the forum

Jwsdp-1.4 xws-security

Hi, I got the xws-security/samples/simple application working successfully with my own keystores. I have 2 questions regarding this sample application.
1) When running the application with the encrypt-server.xml and encrypt-client.xml configuration, why is it necessary to import the client's certificate into the server's truststore and the server's certificate into client's truststore when their certificates have already been signed by a trusted root CA (e.g. Verisign), whose certificate is in both truststores? Shouldn't their certificates containing their public keys get automatically exchanged during the connection request? It's a pain to publish a web service and expect a manual public certificate import for each client wanting to use the service.
2) I use Tomcat to run the sample application and did set up the SSL connector to point to the keystores. When the client connects to the server, it uses a http endpoint not https. I'm aware that htpps is needed for SSL support but not clear on where does https come into play during the client's request/server's response process.

Hi, I got the xws-security/samples/simple application
working successfully with my own keystores. I have 2
questions regarding this sample application.
1) When running the application with the
encrypt-server.xml and encrypt-client.xml
configuration, why is it necessary to import the
client's certificate into the server's truststore and
the server's certificate into client's truststore when
their certificates have already been signed by a
trusted root CA (e.g. Verisign), whose certificate is
in both truststores? Shouldn't their certificates
containing their public keys get automatically
exchanged during the connection request? It's a pain
to publish a web service and expect a manual public
certificate import for each client wanting to use the
service.Certificates are sent only when the keyReferenceType is "Direct" which is the default. It's possible that our code is checking the certificate sent with one found in the KeyStore, but a quick scan of the code doesn't show it. If that's what's happening it's a bug. All of the other key reference strategies send only a referece to the sender's certificate in which case the reciever must have a copy of that certificate in its keystore.
2) I use Tomcat to run the sample application and did
set up the SSL connector to point to the keystores.
When the client connects to the server, it uses a
http endpoint not https. I'm aware that htpps is
needed for SSL support but not clear on where does
https come into play during the client's
request/server's response process.We share the SSL keystore so that certificates don't have to be stored in more than one place. The functionality of XWS-Security and SSL is logically the same so it make sense to use the same keystore. XWS-Security operates completely separately from the transport and never knows whether HTTPS is in use or not.
Phil Goodwin
Technical Lead
XWS-Security

Trying to assign Security Baseline fails with error 24001

We are trying to assign the Sample Security baseline updates to a cluster group in VMM.
We have followed the steps here
http://technet.microsoft.com/en-us/library/gg675110.aspx
But the job to assign the baseline fails with the following:-
Error 24001
Update server operation failed with error: The specified item could not be found in the database.
We are running VMM 2012R2 V 3.2.7510.0 on Windows Server 2012R2

Remove wsus from VMM and add it again.
This will fix the problem. Otherwise I Think cleaning SQL of missing update fixes the problem.

RSEOUT00 failing with "Could not write IDoc to file" TPRI_DEF table

Outbound Idoc processing fail with the following error:
Could not write IDoc to file
Message no. EA299
Diagnosis
The system could not convert data from the data record 000027.
Procedure
Check the port definition of the receiver port.
You can use the "Continue despite conversion error" option to write the IDoc to the file from transaction BD87 with replacement characters.
Short dump indicate that there is a some junk character in th e TPRI_DEF for program SAPLSPRI that it is unable to convert.
I have set the flag on the we21 port to "continue despite conversion error" and that seem to help, but I would like to figure out how to fix the junk characters from coming through from the TPRI_DEF table.
This is what shows up in the short dump after RSEOUT00 is run.
TPRI_DEF                                   / /       : :     00002932
    010GV21            \0\0\0\0\x0006āȂ耀㐱〲\0\0嬇\0ሟ鴂푎眩\x0802儔잏퉓
I do not see any entries for area "GV" in the table, there is one for "GF". which has no user assigned to it and it is of key version 21.
I am not sure if the table is supposed to have an entry with no user assigned?
thank you for looking at this issue .

HI Jurgen,
we have the same issue, chinese charecter is in PO text header. so facing error. If we click unicode format then it works fine as my testing in development.
I just want to knom what is the impact if i clicked directly unicode format ?( with refernce to your reply above " have you set the Unicode format flag directly above in WE21?" )
I doc is going from SAP sytem - (PO information )
Pls adivce..
waiting for your reply..
Thanks in advance

Install of SAP HANA Studio Dev Ed v1.00.80 fails with "Could not create the Java Virtual Machine"

Hello,
Scope: JVM error during initial install of SAP HANA Studio Developer Edition v1.00.80, Win86/32bit
Source: installation files pulled from HANA Studio tab at https://hanadeveditionsapicl.hana.ondemand.com/hanadevedition/, which is a link from the main HANA site of http://scn.sap.com/community/developer-center/hana. zip folder: "sap_hana_win32_studio_rev80"
Targeted O/S: Windows 7, 32-bit, local Java is SE 7, update 67.   Java environment has been confirmed via checks provided at http://www.java.com/en/download/manual.jsp
Actions taken:
Attempted to update the installation's eclipse.ini file by reducing the -Xmx value; see details below.
Read thru postings such as http://scn.sap.com/thread/3390626 and the threads it recommended.
Checked OSS (ie Note 1859686 - HANA Studio does not start)
Description of installation error:
Shortly after executing "hdbinst", it fails with the error "Could not create the Java Virtual Machine". I've verified that there is nearly 3G of memory free. What I did notice, as shown in the attached files, is that Eclipse is part of this installation and it's pre-loaded with the "eclipse.ini". I firmly believe the solution could be to reduce parameter "-Xmx1024m" to "-Xmx512m" but it's a catch-22 because even after updating eclipse.ini (in installation folder C:\Program Files\SAP\hdbstudio\tmp_p2director2014.08.13_13.36.44\director), the install program requires that the "hdbstudio" folder to be empty upon restarting it.
Since the installation is basically a package with a lot of .jar files, there is no eclipse.ini file available in the source install folder; otherwise, updating it there would be the easiest solution if that option were available. The file is only available in the targeted deployment folder above.
If you have encountered this same error and were able to resolve it, I would be grateful to know of your solution. Thanks very much.
FYI: the HANA Client installed with no issues.
Jim Cleek
FYI: the images below reflect the sequence of images produced during the installation.
after clicking OK above, the screen below gets updated (see the "is not empty" msg).
Below is the eclipse.ini file located in the deployed/target folder:
Message was edited by: Jim Cleek
FYI: Using information from the SAP HANA Database - Studio Installation and Update Guide, I tried to override the installation's use of its eclipse.ini file by passing my own modified version (with "-Xmx512m") of that file that was placed in a separate folder. The cmd used via DOS window was "hdbsetup.exe -a studio --configfile=C:\Users\Admin\Downloads\eclipse.ini" and even though it successfully launched the SAP HANA Lifecycle Management gui, it failed on the first step with the same JVM create error as above because it appears to have used its own eclipse.ini file, which has "-Xmx1024m".

Update: a message was opened with SAP but unfortunately they could not provide a resolution for this particular scenario. They admitted that the eclipse.ini file cannot be updated since it is bundled as part of the installation package. One point to make that I did not make before was that this was being attempted on an Oracle VirtualBox (4.3.10); the SAP HANA contact said he assumed that SAP has not tested this particular scenario, thus it could not be supported.
Resolution: the end result was to abort trying to install SAP HANA Client and Studio on the Oracle VirtualBox but to install it locally on my own desktop, which runs on Windows 7 Enterprise 64-bit with 8G of memory. The SAP HANA files below were downloaded, extracted and installed successfully in the order shown.
FYI: the Studio installation detected that a 64-bit version of Java was not installed so I installed that and then adjusted the User environmental variable JAVA_HOME to point to that new path, leaving the System variable still pointing to the pre-existing 32-bit Java path.
SAPCAR 7.20 -> Windows on x64 64bit: SAPCAR_315-20010453.EXE
IMDB_CLIENT100_80_0-10009664.SAR   Revision 80 for SAP HANA CLIENT 1.00
Support Package SAP HANA CLIENT 1.00 Windows on x64 64bit
IMC_STUDIO100_80_0-20007647.SAR   Revision 80 for SAP HANA STUDIO 1.00
Support Package SAP HANA STUDIO 1.00 Windows on x64 64bit
jre-7u67-windows-x64.exe - http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
Jim Cleek
HP Enterprise Services

JWSDP 1.6 xws-security Simple fails with "block not properly padded"

Similar Messages

Maybe you are looking for