Log4j.jar issue under Web Service Security Module

I am running into an issue with log4j.jar for WebLogic OES PDP. there is a custom appender class that extends org.apache.log4j.AppenderSkeleton, if we packed into one jar file under \bea\ales32-ssm\webservice-ssm\lib\log4j.jar everthing is fine. if we split this class with another jar file(sth like patch.jar) and add a entry in the config file WLESws.wrapper.conf under bea\ales32-ssm\webservice-ssm\instance\WSSM\config and it failed with this error,
but an error is
generated when starting the WSSM(Web Service Security Module):
log4j:ERROR A "com.foo.AuditJMSQueueAppender" object is not assignable to a "org.apache.log4j.Appender" variable.
log4j:ERROR The class "org.apache.log4j.Appender" was loaded by
log4j:ERROR [com.bea.security.providers.utils.InverseURLClassLoader@5f7d3f] whereas object of type
log4j:ERROR "com.foo.AuditJMSQueueAppender" was loaded by [sun.misc.Launcher$AppClassLoader@a18aa2].
log4j:ERROR Could not instantiate appender named "JMS_AUDIT".
130
ARME is started now
Rendering object type: AuditAtzEvent
I have tried add java option:log4j.ignoreTCL=true. in this WLESws.wrapper.conf file, but does not work.
How to resolve this issue, Thanks for your help!

hi
Can anyone help with this...

Similar Messages

Issue with Web Service Security

Dear Forum Members and Readers,
I am a beginner to Web Services, and facing an issue with WS-Security.
My issue seemingly is quite specific to my projects though, It will be great if you can provide me your views.
Context Description:
I am developing a Java Web Service application that is deployed on JBoss Application Server.
This application will communicate with two other applications those are not deployed in same JBoss Application Server.
These 2 applications are third party applications, one is C++ based web services and other is Java based web services.
My application gives a call to Third Party Application1 and receives the response back form it. It then passes this received response to Third Party Application 2.
Issue Description:
I now need to enable https paradigm among these 3 applications. (I need to implement web service security model here)
I started with looking in to JBoss specific WS-Security but found it not suitable in my case, as it requires to configure both the client and server. I have the control over my application but not on other 2 third party applications.
To this extent, I am unable to identify a solution that can address my issue.
Can anybody please provide me with initial thoughts or any reference material that might help me to give this a start.
Any clue will be highly appreciated!
Thanks in advance
Mukul

mukul.object wrote:
Actually, my SOAP messages contains some critical information that needs to be encrypted.You think that its critical information however your third party doesn't. If they would have had same thought they would have enabled the security. As I said earlier, you will have to discuss this with them.
Another solution (however I don't know the viability in your case) could be to deploy one component before each third party service. Your web service will call this new component (Which is installed in their environment i.e. local to third party web service) and new component will forward the request to third party service. Now you can apply security/encryption/decryption between your web service and your component.
I have had a look in to XMLEncrytion using that I can encrypt my SOAP messages but I wonder how would other tools decrypt that.My above comments answers this.
Is there anyway I can encrypt my SOAP messages (without having to customize third party tools) in this scenario ??My above comments answers this.

Problen when using log4j.jar in my web service application

Hi, i have a little problem. I have to migrate an existing java application to web services, and this application uses log4j.jar. So i put that jar file in the lib dir in WEB-INF. However, when i try to deploy the application, i get an error saying
org.apache.commons.LoggingException: No suitable Log constructor [LJava.lang.Class;c492c8 for org.apache.commons.logging.impl.Log4JLogger
And of course if i remove that jar from the lib dir, the app deploys ok, but it crashes because it can't find the class Logger (located in that jar)
Any ideas how to solve this?????
Thank you

When is the log4j constructor invoked ?....you said you moved the java application to webservice....in the java application they might have initialized the log4j with the log4j properties file some where when they start the application..
Have a start up servlet which initializes the lof4j.

"Define Web Service" - Security Issues

Hello all,
I have successfully defined a Web service with the wizard in ID. So I already have my WSDL file.
Now, I need to use this WSDL file from a Web Application that exposed to all public internet.
Now my question is, how is security managed for this web service? I mean, if the web service is exposed to any user of the web application in the internet, how can I assure that, the information in the WSDL file will not be used to access the XI Server with out authorization?
Who should be in charge of the security, the web application? the web service? or xi?
Thanks,
Felipe

If you are using the SOAP Adapter for receiving the information it provides the features like
1. HTTP without Client Authentication
2. HTTP with Client Authentication
Even you can select Security Prameters like
1. Web Service Security
2. S/MIME
If you configure all this then which other kind of security you are looking for.
Gaurav Jain
Reward Point if answer is helpful

InstantiationException when trying to reference an external jar in my web service sample

Dear all,
I'm working with Weblogic 6.1 SP3 (on NT platform) and, starting from weather
weblogic web service sample, I'm trying to build my first web service sample.
I developed a simple EJB (called OrderManager) that exposes the following functionalities
in its remote:
import com.bosslab.abs.beb.sci.ServiceHeaderVO;
public interface OrderManager extends EJBObject {
public OrderManagerServiceResponseVO
submitOrder(
ServiceHeaderVO header,
OrderManagerServiceVO data) throws Throwable;
the ServiceHeaderVO interface is in another package and it is included in an external
Beb.jar.
This Beb.jar is located under serverclasses in mydomain directory and it is included
in the classpath set in startWeblogic.cmd.
Using wsgen weblogic task & ant I created my WSOrderManager.ear and I deployed
it.
Now no problem testing the EJB (OrderManager) with a simple client (in order to
verify that classpath is correct and also the EJB is running properly).
Also no problem pointing out to this URL "http://localhost:7011/ordermanager/com.bosslab.abs.mediator.OrderManager/com.bosslab.abs.mediator.OrderManager.wsdl"
to see the WSDL of my web service.
But when I run the web service client I got the following error:
Exception in thread "main" ------------- Remote Stack Trace ------------
Server side error:
java.lang.InstantiationException: com.bosslab.abs.beb.sci.ServiceHeaderVO
at weblogic.soap.codec.SimpleSoapEncodingCodec.newInstance(SimpleSoapEncodingCodec.java:198)
at weblogic.soap.codec.SimpleSoapEncodingCodec.decode(SimpleSoapEncodingCodec.java:178)
at weblogic.soap.codec.SimpleSoapEncodingCodec.decode(SimpleSoapEncodingCodec.java:151)
at weblogic.soap.codec.CodecFactory.decode(CodecFactory.java:96)
at weblogic.soap.codec.Operation.read(Operation.java:100)
at weblogic.soap.codec.SoapMessage.readOperation(SoapMessage.java:200)
at weblogic.soap.codec.SoapMessage.read(SoapMessage.java:130)
at weblogic.soap.server.servlet.StatelessBeanAdapter.getInputMessage(StatelessBeanAdapter.java:162)
at weblogic.soap.server.servlet.StatelessBeanAdapter.doPost(StatelessBeanAdapter.java:105)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2546)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2260)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
------------- Local Stack Trace ------------
weblogic.soap.SoapFault:
org.xml.sax.SAXException
at weblogic.soap.codec.FaultOperation.getException(FaultOperation.java:16)
at weblogic.soap.WebServiceProxy.processResult(WebServiceProxy.java:487)
at weblogic.soap.WebServiceProxy.invoke(WebServiceProxy.java:434)
at weblogic.soap.SoapMethod.invoke(SoapMethod.java:186)
at weblogic.soap.wsdl.WebServiceInvocationHandler.invoke(WebServiceInvocationHandler.java:27)
at $Proxy0.submitOrder(Unknown Source)
at StaticWSOrderManagerClient.main(StaticWSOrderManagerClient.java:30)
It seems that there is a problem to instantiate the com.bosslab.abs.beb.sci.ServiceHeaderVO
class included in the Beb.jar, so I thought the problem was related to the classpath
setting, maybe Beb.jar is not set properly in some place ...
To try solving this problem I did these steps:
-> exploded my WSOrderManager.ear
-> created a lib directory and put into it the Beb.jar
so now the ear structure is:
lib/Beb.jar
MediatorOrderManager.jar
META-INF
web-services.war
-> modified the application.xml, adding:
<module>
<java>lib/Beb.jar</java>
</module>
-> modified the Manifest.mf, adding:
Manifest-Version: 1.0
Created-By: 1.3.1_03 (Sun Microsystems Inc.)
Class-Path: lib/Beb.jar
-> regenerate the WSOrderManager.ear
jar cvf WSOrderManager.ear lib MediatorOrderManager.jar ...
-> and redeployed the ear
But after stopping/starting my instance, I got yet the same error when I run my
client.
Could you please help me to understand how solving this problem ?
I thank you in advance
Kind regards

The WSDL is generated from my web service. I made heavy revisions to my web service which, in turn, affected the resultant WSDL. The changes I made to my web service were almost exclusively related to object substitution. For example, prior to the change I was referencing object A from my web service; after the change, I was referencing object B. The objects that I'm referring to are XMLBeans, if that matters. I can't really describe it more than that without actually showing you the WSDL.
I would post the WSDL file here to allow you to try to create a types jar out of it, but the WSDL exceeds the 30000 character limit for this field. There is no way for me to attach the WSDL to this post.

Web Services Security - What to expect

I am reviewing a vendor�s product that will run on a J2EE platform. One of the features of this product is a web services framework for developing web services. What I want to assess is how well they support web services security. They may say they rely on the underlying application server to �do the security stuff� � is this enough?
A further question is: what should I expect from different J2EE application server vendors in the area of security. Is there reasonable compliance between them or is there still an amount of proprietary implementation, that will ultimately result in application server lock-in, should I need a particular security feature?

I may have posted this to the wrong area so I have also now posted it to the web services technology forum (although the layout of the forums made this area look as though it was a sub set of web services). So excuse the duae posting, although arguably it is a portability issue standalone also.

Web Service Security Question

I have created a web service in the NetWeaver portal using a Portal Service. I have marked the service as requiring basic http authentication. However, when I call the web service from the Enterprise Portal Web Services Checker in NWDS it just let's me supply the params of the web service and no authentication. Any ideas?
I also noticed that my web service does not appear under the Web Services Container or Web Services Security section in Visual Administrator. Anybody have any idea why this is?
Thanks in advance.
Curtis

Hi Curtis,
My guess is that since you are logged into the Portal while calling this web service, it will use the current session cookie to authenticate automatically. I'm not sure on the second question, tried a restart?
Regards,
Raj

Web Services Security Problem

hi all,
I am publishling the BC4J Component(Application module) as a webservice. The particular web service method will be as follows. The method is returning the element object.
public Element getEmp(String searchString,String selectedItem, int pageNoInput)
return (Element)hits.writeXML(1,Row.XML_OPT_LIMIT_RANGE);
I am securing the web service by the instructions which are given in the following link
http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
Then i am creating the proxy client. when i run the proxy client it gives me the following exception
javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
     at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:553)
     at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
     at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
     at aptuitclient.runtime.ReviewProtocolAppModuleServiceSoapHttp_Stub.getEmp(ReviewProtocolAppModuleServiceSoapHttp_Stub.java:91)
     at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.getEmp(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:58)
     at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.main(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:44)
When i am removing the security for the web service it is giving the Element object.
The Problem is when i am securing the web service it is giving the above said exception.
Please help me regarding this... this is very urgent...
rgds
Parameswaran

Hello,
When you are using WS-Security you need to secure the client too. So in your case the client is the ADF Data Control.
The way you should configure your data control is documented here:
- Web Services Security and ADF Data Control
Regards
Tugdual Grall

Web Service Security not configured on this component.

Hi Experts,
                       Before configuring the scenario, i went to RWB to check whether the comopnents are in active mode or not.
                              Integration Engine XID
                              Business Process Engine XID
                              Mapping Runtime XID
                              Adapter Engine XID
                              Integration Engines
                      All components are in Green mode Except Integration Engine, The Integration is in yellow mode
                       and shows the following details.
                     Details for 'Is Web service security available?'
                       Web Service Security not configured on this component.
Can you give the solution for this.

Hi,
                  1, While sending idoc from sapR/3 to PI , in r/3 sm58 shows the foll error:
"No service for system SAPQA,client 200 in integration directory"*
                           Even the Bussiness sytem pointing R/3.
From your initial post, it appears that you are using XID system and from above error, I believe you are trying to send the IDoc from QA system. R3 dev will communicate to PI dev, so verify the partner profile and ports in your IDoc Header settings.
                     2, When i execute the tcode sm58 in PI   it shows the following error:
                               "Syntax error in program SAPLSXI_AC_CACHE _REFERESH"
I am kinda confused how come sm58 tcode can show an error for this program, as sm58 is for checking the transactional RFCs and SAPLSXI_AC_CACHE_REFERESH is for XI Cache refresh for Alert Category. Might be some one else can explain this.
                     3, WHEN I EXECUTE THE tcode SXI_CACHE
                                         Under the *STATUS OF RUNTIME CACHE
                                                       Unable to refresh cache contents
                                                       Error during last attempt toreferesh cache
                                                         (red colour triangle leading above both)
Check this SAP Note 764176, might help in your situation.
Worth reading - http://help.sap.com/saphelp_nw04/helpdata/en/0d/28e1c20a9d374cbb71875c5f89093b/frameset.htm
                    4, Still there is no messages in Message monitoring.
Obviously because of error # 1, you are unable to send IDocs, how come you expect messages to reach PI ... strange, isn't it
Hope this helps.
Regards,
Neetesh

RWB - Integration Engine self test - web service security and proxy

Hi,
I am working with a new installation of PI 7.0. In the runtime workbench, under self test for integration engine, there is this error/warning:
""Details for 'Is Web service security available?'
Communication error: Proxy calls are not permitted on sender or receiver side on the IS (client)""
What exactly is the problem? Is there any additional configuration needed within PI to use proxies? We do not have the cryptographic toolkit installed. Is that nesseccary to work with proxies? We have done several other scenarios with RFC, MAIL, HTTP, etc and they work fine. If anyone else had this problem and managed to fix it, please let me know..
Thanks,
Lasya

You can ignore this error. It is simply a warning that says message level security has not been configured. Without message security too, you can do proxy communication.
But, if you want to configure messag level security, go through XI Config guide section 12.4.
Message was edited by: Jay

How to make my Portal Web Service SECURED?

Hi Experts,
I created one portal Service and exposed it as Portal Web Service.
Everything is working fine, as i deployed my Portal Web Service on to the SAP J2EE Engine ie SAP Server.
I m able to access functions of Web Service from my StandAlone Java Application.
but the problem is my Web Service is not SECURED.
How can i make my Portal Web Service SECURED?
Please help me out.
Help will be appreciated and rewarded!!!!!

user13046122 wrote:
I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
I now need to make SOAP Web Service calls - from an 8.1.7.4 database
But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.

Web Service Security with SAML - Invalid XML signature

Hello together,
we want to build a scenario where we want to use Web Service Security with SAML.
The scenario will be
WS Client (Java Application) -> WS Adapter -> Integration Engine -> WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
SAP PI release is 7.11 (SP Level 4)
We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
But we get following error at calling the CRM system when we want to communicate with SAML:
<E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
Has somebody an idea of the possible reason for the error.
Thanks in advance
Stefan

Error Messages in the Trace/Log Viewer:
CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48 with internal error id 1001 and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1 ).
Invalid XML signature

Details for 'Is Web service security available?'

Hi i am working on scenario rfc to webservice.Its as secued webserivce i need to do ssl configuration.
In component monitoring..for the integration engine its in yellow...
Details for 'Is Web service security available?'
Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
can any one please help me out..
Thanks
sriram

I have already installed certificates on the j2ee engine & i have given the paramaters for keystore entry & keystore value.Still i have the same error
In component monitoring
For integration engine
Details for 'Is Web service security available?'
Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
In message monitoring
Audit Log for Message: f614df00-e9e0-11da-95ef-0004ac577b32
Time Stamp Status Description
2006-05-22 15:18:58 Success The message was successfully received by the messaging system. Profile: XI URL: http://saptst01:51000/MessagingSystem/receive/AFW/XI
2006-05-22 15:18:58 Success Using connection AFW. Trying to put the message into the request queue.
2006-05-22 15:18:58 Success Message successfully put into the queue.
2006-05-22 15:18:58 Success The message was successfully retrieved from the request queue.
2006-05-22 15:18:58 Success The message status set to DLNG.
2006-05-22 15:18:58 Success Delivering to channel: ZCH_VERISIGNPPGR
2006-05-22 15:18:58 Success SOAP: request message entering the adapter
2006-05-22 15:18:58 Success SOAP: call failed
2006-05-22 15:18:58 Error SOAP: error occured: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter
2006-05-22 15:18:58 Error Exception caught by adapter framework: Peer sent alert: Alert Fatal: illegal parameter
Can any one please help me out.
Thanks
sriram

Web service security in PI

Mine is PROXY to SOAP asynchronous.
PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
so that at receiver statem they can validate the user using these.
When i am calling webservice from soapui with the header parameters
Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>xxxxx</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
<wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
<wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
What configuration needs to be done in PI.

I got this in Runtime work bench
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
- <SOAP:Header>
- <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
<sap:MessageClass>ApplicationMessage</sap:MessageClass>
<sap:ProcessingMode>asynchronous</sap:ProcessingMode>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
- <sap:Sender>
<sap:Party agency="" scheme="" />
<sap:Service>test2310</sap:Service>
</sap:Sender>
- <sap:Receiver>
<sap:Party agency="" scheme="" />
<sap:Service>test_serivce</sap:Service>
</sap:Receiver>
<sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
</sap:Main>
- <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
<sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
</sap:ReliableMessaging>
- <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
<sap:TraceLevel>Fatal</sap:TraceLevel>
<sap:Logging>On</sap:Logging>
</sap:Diagnostic>
- <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
- <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
<sap:Engine type="BS">test_serivce</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:Info>3.0</sap:Info>
</sap:Hop>
- <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
<sap:Engine type="IS">is.68.devai020</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:Info>3.0</sap:Info>
</sap:Hop>
- <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
<sap:Engine type="AE">af.dxi.devai020</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
</sap:Hop>
</sap:HopList>
</SOAP:Header>
Edited by: Vamsi on Jul 15, 2009 7:06 PM

Web Service Security using OpenSSO

Hi,
I have a question regarding the usage of the OpenSSO in order to secure web services.
I have read the documentation and it states the OpenSSO enables web service security.
However, in the docs the main scenario is where the WSC and WSP are protected by the agent.
In my scenario, I would like to use agents only on the WSP side, but leave the implementation of the client side open to the partners. Partners will have the interface from the OpenSSO for the authentication and saml token retrieval. The client will have to create soap by itself. This is the case since the WSC are to be standalone applications on client computers.
To set the actual question; what are web service interfaces that OpenSSO as a STS offers for authentication and saml token issuance. Is there same sort of a referential architecture for this case where only the STS and WSP can be configured and the WSC implementation of the WSS left to the partner. Any pointers and directions would be appreciated.
Thanks!

Hi
Thanks for your reply
I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
paul

Log4j.jar issue under Web Service Security Module

Similar Messages

Maybe you are looking for