Mutual authentication for Web services in BPEL
Hi Guys,
We have to call a few web services in bpel and our partners would want us to mutually authenticate the data that is exchanged.
So that mean they provide us with a certificate file and we provide them with a certificate file.
We have been using client certificates in our cacerts file and encrypting the request we send using that but we are not too sure how to set up a key in bpel so that we can decrypt the responses of the webservices.
Does anybody have any idea how to do it. It would be a great help.
Cheers
Sandeep
I would suggets to read the online tutorial:
http://www.oracle.com/technology/products/ias/bpel/index.html
and try one of the tutorials:
2-Minute Product Tour
BPEL: Learn by Example (PDF)
Quick Start Tutorial - JDeveloper 10g (PDF)
Quick Start Tutorial - Eclipse (PDF)
Similar Messages
-
Error calling for web-service from BPEL
hello,
I'm getting an exception thrown when I try to call for a web service. Until yesterday it was fine, but since today we keep getting this error message:
<2006-05-29 21:02:03,635> <ERROR> <red.collaxa.cube>
<BaseCubeSessionBean::logError> Error while invoking bean "finder": Instance not found in datasource.
The process domain was unable to fetch the instance with key "c2c73aae36359a11:84cc09:10b7b50ebef:-7d45" from the datasource.
Please check that the instance key "c2c73aae36359a11:84cc09:10b7b50ebef:-7d45" refers to a valid instancet
hat has been started and not removed from the process domain.
ORABPEL-02152
Instance not found in datasource.
The process domain was unable to fetch the instance with key "c2c73aae36359a11:84cc09:10b7b50ebef:-7d45" from the datasource.
Please check that the instance key
"c2c73aae36359a11:84cc09:10b7b50ebef:-7d45" refers to a valid instance that has been started and not removed from the process domain.
at com.collaxa.cube.engine.data.AdminFinder.__lookupInstanceMetaData(AdminFinder.java:314)
at com.collaxa.cube.engine.data.AdminFinder.__lookupInstanceMetaData(AdminFinder.java:262)
at com.collaxa.cube.engine.data.AdminFinder.lookupInstanceByConversationId(AdminFinder.java:235)
at com.collaxa.cube.ejb.impl.FinderBean.lookupInstanceByConversationId(FinderBean.java:177)
at IFinderBean_StatelessSessionBeanWrapper42.lookupInstanceByConversationId(IFinderBean_StatelessSessionBeanWrapper42.java:669)
at com.oracle.bpel.client.Locator.lookupInstance(Locator.java:420)
at displayInstance.jspService(_displayInstance.java:111)
at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:350)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:509)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:413)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind.server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:222)
at com.collaxa.cube.fe.DomainFilter.doFilter(DomainFilter.java:152)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:663)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:285)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:126)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
Any ideas how I can fix it?
Thanks.Hi,
We've tried increasing the
<transaction-config timeout="60000" /> to 120000, and also tried increasing the syncMaxWaitTime from the console...
But nothing seems to help.
In addition, the test page of the web service we are invoking returns after 1 second (so there shouldn't be a latency problem)
Maybe you have any other ideas? -
Basic Authentication for Web Services
I have build Web Service according to the weblogic 6.1 examples
successfully deploying the .ear file etc.
Now I want to add security to the WebService uri.
I have added a <web-resource-collection> tag to the web.xml file, but
what should I put for the <url-pattern> ?
Am I obliged to 'manually' add <servlet> tags to the web.xml file in
order to add a security constraint to a WebService deployed thru a
.ear ?
Taking WebLogic's own statelessSession.Weather example, what is the
minimum I need to add to the web.xml file to have basic authentication
on the weatheruri ?
Thanks,
AdamOk, now I'm confused. Is this a Flex app (runs in the browser) or an AIR app? This makes a difference because in the browser, Flash Player/Flex uses the browser's http mechanism for transport, while AIR implements it directly. The original posted indicated some difference between Firefox and IE, which led me to believe it was a Flex browser app. Difference between these two would make me think something was wrong with the server response, and the two browsers were passing it (the problem) back to Flash Player differently.
Mark -
SUP user authentication for web services
Hi there.
Has anyone in the comunity had any experience with building Web Service based Mobile Business Object (MBO) in SUP 1.5.2. We have built a mobile application for a blackberry device which consumes two ERP web services. The application deploys successfully and runs on the blackberry device just fine. However, untill now the user credentials needed to authenticate a consumer to a web service has been hard-coded into the mobile business object. This, from an accountability point of view, is not an acceptible model (i.e. all mobile users would be logging in to the ERP backend with 1 common user ID).
Has anyone had any experience and could suggest an an alternative solution to this that would support accountability i.e. map SUP users to ERP users, trusted connections etc. and is this possible with SUP 1.5.2?
SActually, SUP 1.5.2 just provides the HTTP basic authentication for WS-MBO. It is enable that to create 'username' and 'password' on the WS-MBO as two input parameters. Thus, you can design your device app in SUP to prompt the dialog to accpet the username and password before you access your WS-MBO. Similar, if your web-service has input argument for username and password, you also can design a dialog like above.
-
Server-side authentication for web services
I was hoping to use Azure's server-side authentication for a HTML/JS web app. Some things are a bit unclear. For example, if a new user authenticates via Facebook, I want to create an associated record on the server-side and associate extra data with the
user, irrespective of the service used to log in. If they log in again, I want the client to be able to get this extra data (eg preferences) from the server. On the back-end, I also want to be able to update particular fields of this record that the user cannot
change themselves. I know how to go about this in a plain Node.js backend, but not sure how some of these basic things map to using Azure's services.Once the user logs in, you will have their information available to your server scripts. So one option is to use a custom API (or a Mobile Services Table) to insert/read/update the user data. You would protect this endpoint so that only logged-in users can
access it, and then access the
user object to obtain an ID an associate it in a table row. Lookups could be performed by similarly querying for the ID.
In terms of some fields being restricted, you could remove these from the update request itself.
Some pointers that might be helpful:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-data/
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-call-custom-api/
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-authorize-users-in-scripts/ -
Implementing authentication for web services
Hi all,
I'm struggling trying to guess how to implement basic HTTP authentication as well as using certificates in order to apply HTTPS, for some web services we've created, running on the Oracle Application Server 10.1.12. The web services were implemented using JDeveloper 9.0.4. Any help would be very appreciated.
Thanks in advanced and regards,
LuisHi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks. -
User Authentication for Web Services
Hi,
I am developing a web services that resides in Intranet. Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is allowed to call subsequence web service methods, else exception needs to be thrown when calling subsequence methods.
As understand that each method call to web services is treated seperately. Thus, how can we implement the authentication so that the client program only passes in the user name and password at once through logon() method, instead of perfoming the authentication for each method?
Appreciate the advice. Thanks.Hi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks. -
Setting Basic Authentication for Web Service in WLS 6.1
Hi,
I am trying to set-up a Basic Username/Password authentication for a Web Service
that is hosted in WLS 6.1.
How do I go about doing that? Also once I get the username and password, how do
I pass that info
to the SOAP servlet to do the authentication? Can you give me some pointers on
this?
Thanks
MadhuHow do you want to do it? Through use of client.jar for the service or
directly? Here is how I do it directly:
String auth = "guest", pwd = "guest";
URL url = new URL("http://localhost:7001");
URL cmdURL = new URL(url.toString()+"/systemtest/TestWebService");
HttpURLConnection conn = (HttpURLConnection) cmdURL.openConnection();
String encAuth =
new BASE64Encoder().encode((auth + ":" + pwd).getBytes());
// BASE64Encode distributes long strings on multiple
// lines; we don't like that, no siree
int it = 0;
while ((it = encAuth.indexOf('\n')) != -1
|| (it = encAuth.indexOf('\r')) != -1) {
encAuth = encAuth.substring(0, it) +
encAuth.substring(it + 1);
conn.setRequestProperty("Authorization", "Basic " + encAuth);
conn.setRequestProperty("Content-Type", "text/xml");
conn.setRequestProperty("SOAPAction", cmdURL.toString());
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
OutputStream oStr = conn.getOutputStream();
String cmd =
"<?xml version=\"1.0\" ?>\n"
+ "<soap:Envelope xmlns:soap=\"http://schemas.xmls"
+ "oap.org/soap/envelope/\"><soap:Body>"
+ "<ping><arg0>false</arg0></ping>"
+ "</soap:Body></soap:Envelope>";
oStr.write(cmd.getBytes());
oStr.close();
InputStream iStr = conn.getInputStream();
byte[] buffer = new byte[1024];
while (true) {
int size = iStr.read(buffer);
if (size == -1)
break;
System.out.println(new String(buffer, 0, size));
ThorAAge -
Authenticating the web service
Hi
i am using a web service but not able there i have hard coded the username and password to access the web service i don't want that i want user should enter the user name and password used in UME authentication or it should call separate HTTP Authentication but i am not able to do that so please guide me in this regards
Thanks in advanceHi,
Run through the following links to know about authentication for web service:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/aed49d0d-0301-0010-6d84-e3e104dc1644
http://help.sap.com/saphelp_nw04/helpdata/en/7c/a6d13f83a14d21e10000000a1550b0/frameset.htm
Hope this helps,
Regards,
Srinivasan T -
Basic http authentication not working when consuming Web Service in BPEL.
Hi,
I am consuming an AXIS Web Service from BPEL 10.1.3. The Web Service uses basic http
authentication so we need a way to get username and password into the http
header. In the Oracle BPEL Process Manager Administrator's Guide 10g
(10.1.3.1.0) section 1.3.4.1 HTTP Basic Authentication (10.1.2.0.2) is stated
that this can be done using the properties httpUsername and httpPassword. I
have set the 2 for the partner link in bpel.xml but username and password does
not get in to the http header. Has anybody got an idea?
Regards PeteI'm having the same sorts of problems with 10.1.3.1.0. I've got a deployed BPEL suitcase that's trying to hit a BASIC AUTH-secured web service running on a WebLogic 8.1 server. I've set up my partner link according to the documentation, and the BPEL console Descriptor tab even shows the parameters correctly:
partnerLinkBindings
client
wsdlLocation awardService.wsdl
spsAwardSubmitPartnerLink
basicHeaders credentials
basicUsername ko1
basicPassword xxxxx
wsdlLocation IAwardDraftServiceRef1.wsdl
However, when I funnel the resultant call to the endpoint specified in IAwardDraftServiceRef1.wsdl, none of the fields I would expect show up in the HTTP header:
POST /pd2WebServices/service/IAwardDraftService HTTP/1.1
Host: vm-orcl-app-srv:4444
Connection: Keep-Alive, TE
TE: trailers, deflate, gzip, compress
User-Agent: Oracle HTTPClient Version 10h
SOAPAction: ""
Accept-Encoding: gzip, x-gzip, compress, x-compress
Content-type: text/xml; charset=UTF-8
Content-length: 3800
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Body><IAwardDraftSubmitNew xmlns="http://www.caci.com/pd2/pub">
<IAwardDraft>
<accessController/>
<agreementEndDate/>
Is there some other configuration piece I'm missing?? I've tried the other variation using httpBasicHeaders, with the same results. I even noted that the "Oracle® BPEL Process Manager Administrator's Guide" says that "Starting with Oracle BPEL Process Manager release 10.1.3, all partner link properties are automatically propagated into the HTTP header." I've tried putting "extra" parms in the partner link bindings, but they don't show up either.
What am I missing??
Thanks,
Mike -
How to call a web service from BPEL that requires HTTP basic authentication
Hi All,
I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
Can anyone help?
Thanks,
Mark NelsonThanks Bas,
I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
<property name="basicHeaders">credentials</property>
<property name="basicUsername">WMDATA</property>
<property name="basicPassword">WMDATA</property>
Instead of:
<property name="httpUsername">WMDATA</property>
<property name="httpPassword">WMDATA</property>
I don’t know why this is, maybe because it is an Axis Web Service.
Sorry for wasting your time.
Regards Pete -
Anyone Tried Using Sharepoint Web Services with BPEL?
I've tried using SharePoint Web Services with BPEL, I'm able set it to use the sharepoint web service as a partner link in orchestration, but when I try to compile the bpel file, I get a "error: null" on the compiler log for the *.bpel file.
Anyone have any success with using Sharepoint Web Services with BPEL?Hi,
Please refer the below article and browse code.
http://code.msdn.microsoft.com/Remote-Authentication-in-b7b6f43c
Thanks,
Srikanth -
Calling SAP Web Service from BPEL
Hi
I am trying to call a SAP Web Service friom BPEL using the SAP WSDL.It requires a basic authentication (Username/Password) which i am providing as partnerlink properties in bpel.xml.
While testing the BPEL Process from the console, it is giving me an error
"<summary>exception on JaxRpc invoke: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 Unauthorized</summary>"
But when i am testing it from SOAP UI tool it is giving me the desired response.
Does anyone has any idea why it is failing from BPEL?Is there any configuration which i am missing?
Regards
AyushHI Ayush / Suryaveer..
I am stuck at the same situation, trying to invoke a secured SAP webservice. The invoke fails with a security previlege exception.
Am using the basicHeaders property to propagate the credentials to the SAP system.
Can you please suggest on the same.
credential propagation in bpel.xml :
<property name="basicHeaders">propagate</property>
<property name="basicUsername">ABC</property>
<property name="basicPassword">DEF</property> -
Calling Siebel web service from BPEL flow
Hi,
I am using Jdeveloper 10.1.3 to build BPEL.
Does anyone have a sample to call Siebel web service from BPEL flow?
I cannot make web service call success by adding partner link from BPEL flow.
Error:
Error Code: 10944642 Error Message: Error: Inbound SOAP Message - Session Token is missing or invalid or has expired
My understanding is Siebel needs special soap header.
I can build webservice proxy to call siebel web service, it works fine by overwrite the soap header function. However, I cannot make it work from BPEL flow.
Does anyone have this experience?
ThanksAnyone has insight on this? Is it possible to call a WCF service with NTLM authentication from SOA.
Thanks!
Sandeep -
Calling WCF web service from BPEL
We are getting ‘oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "http://<host>:<port>/services/<servicename>.svc" successfully due to: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Bad response: 400 Bad Request’ error while calling a WCF web service from BPEL.
1. Is it possible to call a WCF webservice from BPEL.
2. The WCF service is having ‘BasicHttpBinding’ and ‘<http:NegotiateAuthentication xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http" />’
3. Do we need to configure the SOA WS Policy in the composite xml? If yes what properties have to be set?
Thanks!
SandeepAnyone has insight on this? Is it possible to call a WCF service with NTLM authentication from SOA.
Thanks!
Sandeep
Maybe you are looking for
-
MSI K7N2 Delta-ILSR (MS-6570) BSOD problems grrr
I recently purchased this board and although it is an awesome product, I'm having a problem with BSOD's when I play a game for a certain period of time Specs: MSI K7N2 Delta-ILSR (7.6 BIOS) AMD Athlon XP 2800+ Barton 512MB (2x256MB) Samsung PC-2700
-
I just bought a power adapter and it is not working, says "not charging". The same for the mobile charger. Anything I need to do in the setting?
-
Hi, I am new to the Mac world, and I just got my iBook with a hard disk memory of 80G. However, when I checked out the formatted memory, 20G has already been used, leaving slightly more than 60G. Is this typical? My last notebook was only 20G (not a
-
Sap authorizations in Webdynpro
I have a question regarding the use of authorizations from WebDynpro. We wants to use standard SAP authorizations when accessing the BAPIs through WebDynpro. For example: A sales person having a SAP logon should be allowed to see the data he would se
-
Hi, I'm running a 2012 iMac Intel with OS X 10.8., and on this Mac everything just runs fast, fine and smooth. But we still run also several older iMac G5 that share the printer which is connected to the new Intel iMac. With OS X Lion 10.7., printer