Mutual Certificate Security in Web Services

Hi all,
I need some help about mutual certificate in glassfish on netbeans 6.8. I already imported my self-signed-certificates for server and client in the truststore cacert.jks and created private keys for each of them in the keystore.jks. The next thing I did was to use the Security Mechanism: Mutual Certifacte Security to enable the usage of my self-signed-certificates.....So far so good...Here comes the problem: I looked into Wireshark and I saw the transaction of my selfsigned certifcates between client and server, but now I want to print out the extension(like uri=http://xxx) from the client-certificate on serverside.
This is my serverside source code :
package org.me.calculator;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.*;
* @author User
@WebService()
public class CalculatorWS {
* Web service operation
@WebMethod(operationName = "add", action="add")
public int add(@WebParam(name = "i") int i, @WebParam(name = "j") int j) {
int k= i+j;
return k;
@WebMethod(operationName = "Extensionthrower", action="Extensionthrower")
@RolesAllowed("users")
public String Extensionthrower() {
HttpServletResponseWrapper response = null;
String clientcert = response.getResponse().toString();
if(clientcert.isEmpty()== false){
try{
InputStream inStream = new ByteArrayInputStream(clientcert.getBytes());
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inStream);
java.util.Collection altNames = cert.getSubjectAlternativeNames();
if (altNames.size() > 1) {
throw new Exception("Unable to handle multiple SubjectAltName.");
java.util.List item = (java.util.List)altNames.iterator().next();
Integer type = (Integer)item.get(0);
Object value = item.get(1);
String result = null;
switch (type.intValue()) {
case 0: throw new Exception("SubjectAltName of type OtherName not supported.");
case 1: result = "rfc822Name=" + (String)value;
break;
case 2: result = "dNSName=" + (String)value;
break;
case 3: throw new Exception("SubjectAltName of type x400Address not supported.");
case 4: throw new Exception("SubjectAltName of type directoryName not supported.");
case 5: throw new Exception("SubjectAltName of type ediPartyName not supported.");
case 6: result = "uri=" + (String)value;
break;
case 7: result = "ipaddress=" + (String)value;
break;
default: throw new Exception("SubjectAltName of unknown type.");
return result;
}catch(Exception e){System.out.println(""+e);}
return null;
}When my clietn sends a request to the server, I get the following message:
Servlet ClientServlet at /SecureCalculatorClientApp
Successfully authenticated!
Result: 2 + 2 = 4. Extension: null .The right Extension it has to print out is i.e.: Extension: http://polizei
I just used the Debug mode and when it gets to line: "final X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inStream);" it throws an Exception....Can anyone help me out? Is something with the input "inStream" wrong?
Many thanks in advance

Yes, the server has to load/receive the client cert and compare it with the certs in the truststore.
Every cert that you generate has to be imported in the truststore, and because every cert that you use has an
alias, it is easier to look for the right cert.
If I use @RolesAllowed("users") the credentials are stored in the sun-web.xml, like this:
<security-role-mapping>
    <role-name>users</role-name>
<principal-name>CN=..., OU=......</principal-name>
</security-role-mapping>In the sun-web.xml you define the credentials, now you have to use them for authentication purpose and this is done in the web.xml.
Wishing best luck

Similar Messages

  • Secured Sybase Web Service with outside certificate authority

    Hello,
    I would like to use Secured Sybase Web Service with outside certificate authority, like Symantec. Could you let me know how I can create CSR for sending to Symantec? What other steps do I need to do?
    Thanks,
    Sudarat.

    Hello Jason,
    Thanks for your reply. The certificate authority require the CSR file before issue a signed certificate. If this is a signed certificate for IIS web server, I can create CSR from IIS. But I cannot use a signed certificate created from CSR of IIS with Sybase Web Service. The below steps are what I have tried.
    1. I use CreateCert.exe with /r parameter to create CSR and private key.
    2. I sent CSR to a certificate authority and they send back a signed certificate.
    3. I have to combine a signed certificate from #2 with private key created from #1. Then use that file to specify with -xs{https …when starting the service.
    Are the above steps what I have to do?  If so, do I need to redistribute createcert.exe to my customers who want to use my application and how? Why I cannot use the signed certificate created from CSR of IIS?
    Thanks,
    Sudarat.

  • Certificate for a web service

    Hi,
    Our company has a SAP Netweaver Enterprise Portal implementation.
    Recently we have been asked to create a Web service from a Java class in SAP Netweaver using Netweaver Developer Studio. The connection to Web service must be an https connection.
    In steps of web service's creation we saw that we have the option to create an https (secure soap) web service.
    Can anyone tell us how we can create an https web service?
    The portal server belongs to a Windows Active Directory Domain that has a Certification Authority from which we can request and take a certificate.
    What is the configuration that we must do on server, so that we can call the web service using https?
    Thanks in advanced

    Hi,
    Check this URL:
    [Web Services Over SSL |http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html]
    Regards,
    Shyam.

  • Exception while accessing web service secure through web services Manager

    Hi All,
    I deployed sime Hello World web service on JWSDP1.6 and secure it through web service manager(gateway) using Certificate based security.But when I try to access this web service using JWSDP client,I got the following Error while monitoring the soap messages through TCP-Monitor:
    /////////////////////////////////Request///////////////////////////////////////////////////////////////
    POST /gateway/services/SID0003009 HTTP/1.1
    Content-Type: text/xml; charset=utf-8
    Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Content-Length: 5631
    SOAPAction: ""
    User-Agent: Java/1.5.0_05
    Host: ivy.cs.ucl.ac.uk:8082
    Connection: keep-alive
    <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://hello.org/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><env:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <wsse:SecurityTokenReference>
    <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">eN9famBBWzHNUIwWRhMPktcM+VQ=</wsse:KeyIdentifier>
    </wsse:SecurityTokenReference>
    </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MHjtgA4wOtvI1B+SuRVEmD07yE+jl6axd4XbJ0nvQ3EzSuVVoST9vHzURh+B47yj41187s8T+yjt
    Bmpk9OB278Jghonkacv6r+q+LVlxRrQDudNGir7plzFeM6bUadMxf+FLgn5O0a44vU/tvy6V9+zi
    yqFdhTvS21No/aW62No=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#XWSSGID-1155126003241-1198323932"/></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-11551260018331598979688">MIIC3TCCAkagAwIBAgIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzEMMAoGA1UECBMD
    U0NBMQwwCgYDVQQKEwNTVU4xHjAcBgNVBAMTFWNlcnRpZmljYXRlLWF1dGhvcml0eTAeFw0wNjAz
    MTkxMzQ5MDJaFw0xNjAzMTYxMzQ5MDJaMEcxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAK
    BgNVBAoTA1NVTjEcMBoGA1UEAxMTeHdzLXNlY3VyaXR5LWNsaWVudDCBnzANBgkqhkiG9w0BAQEF
    AAOBjQAwgYkCgYEAzNDPKUz1MhUH1LsrLqXKxciOKSWeTrdoe/SVwe/4uy5eobAWSsSTposaOYFy
    uxf3cGCCIs7u0jMAXLQ9jzobDbt9XQ4tXPoBzKKzS+yU6hDk2TcOCkioeT9A9db5LF8yevhwXKB4
    AJ1Eh//Dp/djoonXCCxsxupQZp3ueRJrR98CAwEAAaOB1jCB0zAJBgNVHRMEAjAAMCwGCWCGSAGG
    +EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUECH05VC3/WGW
    H4AGD6tnH0h+kFUweQYDVR0jBHIwcIAUdry1wGRZ2fyJSKisVSxpMEmIiaahTaRLMEkxCzAJBgNV
    BAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAKBgNVBAoTA1NVTjEeMBwGA1UEAxMVY2VydGlmaWNhdGUt
    YXV0aG9yaXR5ggkA4HaEvd6hq8YwDQYJKoZIhvcNAQEEBQADgYEA0RhOk67pCrO6MgZZGqrmAMW6
    76fZowBxTKlFq88nrf8v1MUxV8H9wgbTDrwR0HtxY3TGpDFw2tNAww2pyDX/pQ2Wt46ichluGxjf
    aEV53loKTOM7syAmlicWqViGzBfgzriIl918TzFaX9BD/Y55bKZQk057maBCSkUuFfF453s=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse enc env ns0 xsd xsi"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#XWSSGID-1155126002593447652186"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>UJ1kuwI+WuF/RkrQpZrj1GvraLI=</ds:DigestValue></ds:Reference><ds:Reference URI="#XWSSGID-1155126002602761294100"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>sKG/z5OIGgqJ2nw7JtpXyJzr8pY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SBc65VTG1xpEkRUTz70H0fVGIgoBJ0QnNad0k07RMSfw4vG1WHJdt19R05pO2AvU5aoYuBSaguJe
    ZGEjmWzw8mnSWKBi+zeDMeJiwgqwW6HHHX9P7JDslxuTIqoJIVUbSjUTSVz6ww8siIK65quXdkMT
    ZzLfp7Cd0gBuA3EEZpg=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-11551260025411896275738">
    <wsse:Reference URI="#XWSSGID-11551260018331598979688" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
    </wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002602761294100"><wsu:Created>2006-08-09T12:20:02Z</wsu:Created><wsu:Expires>2006-08-09T12:20:07Z</wsu:Expires></wsu:Timestamp></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002593447652186"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1155126003241-1198323932" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><xenc:CipherData><xenc:CipherValue>XNqEzHNp47ILtOagAUNCXYkxOCWv4CjHqmZ7j6VKN/NO96ce4BsNSL6lKzqa9dPxHB1sTVGZQ8KA
    COQ6DGwyWCP8ip+CU2hor3uUAml7nzHTx1LUw3Db+0p31VAT3EqKJA3aFy38GQrBTr9ojMOUA6tm
    Cj71yucN3UCKRUl3RpE8qU68y7AwNxPsyAZeSa2AVm2cmWvSDZlxgMsx+JCEZaf3+D0o1zMp0Fxb
    MSISPt/JrEolt1H5UM1AoFGU4QkckWrQNLPyEF9oxEgZ8oCE5U8v/YJwZIAHFrx67XfaLwQLjzXw
    VPigsH9gLkfbP2BU8Vp31GsPwBZtUeNz9S35+CZPD7EiqoAB1QuAxZkJV7n00VChYH+scT64tNja
    c81bcD8tf4sAr7toCMNDAU6+74+Qy0EyPqgwLtotDxErn4kF8e72cONMMQBQ91tQs+iI+D6C1I6+
    f9UiSfgtm/MTuKQK1CRqarEtI9N6lpqVH8k7ulUwH/jFstihxmhMJ3aZY+qQgSwSs3pwSSim+e18
    eR7dOEq4vG8ivKuGvTDO4sSV2RP/nL/3eXr0y7eM0kMFKwTUA4JqL4Y/l8Bo/rie/ZXkkbF6hwEu
    dX1QmB0gf5k=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>
    ////////////////////////////////Response///////////////////////////////////////////////////////////////
    HTTP/1.1 100 Continue
    Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
    Date: Wed, 09 Aug 2006 12:28:47 GMT
    HTTP/1.1 500 Internal Server Error
    Date: Wed, 09 Aug 2006 12:28:47 GMT
    Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
    Connection: Keep-Alive
    Keep-Alive: timeout=15, max=100
    Content-Type: text/xml
    Transfer-Encoding: chunked
    157
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
    0
    So basically, what I am doing here as follows:
    HelloClient(using JWSPD1.6)->gateway(web service manager for securing the web service using message level security through certificate )->helloservice(deployed using JWSDP1.6)
    I would appreciate if someone could tell me the cause of this errror.Thanks.
    Kashif

    time to look into the gateway logs as stated by the fault ..
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
    looks like the cipher step might have failed

  • Unable to call WSS (WS-Security) enabled Web Service using UTL_DBWS

    We are attempting to call a WSS (WS-Security) enabled Web Service from PL/SQL using the UTL_DBWS package (see [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/u_dbws.htm#CHDIDGJH] ). We are doing this in similar fashion to [http://www.oracle-base.com/articles/10g/utl_dbws10g.php] with calls to utl_dbws.create_service, utl_dbws.create_call and utl_dbws.invoke.
    Using this method we can successfully call an unsecured Web Service, but calls to WSS-enabled Web Services fail. We are currently using Oracle Database 10.2.0.3.
    The failure we are getting is:
    ORA-29532: Java call terminated by uncaught Java exception: javax.xml.rpc.soap.SOAPFaultException:
    com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
    policy ( AuthenticationTokenPolicy(S) ): No Security Header found;nested
    exception is com.sun.xml.wss.XWSSecurityException:
    com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
    policy ( AuthenticationTokenPlicy(S) ): No Security Header found
    Apparently UTL_DBWS does not support calling WSS enabled services, although this doesn't appear to be an officially recognised position. Does anyone know if Oracle are planning to support this soon (if ever)? Looking at Re: Calling WS from PL/SQL using WS-security suggests that support has been considered before, but not yet realised.
    Thanks,
    Tom

    Having raised a Service Request with Oracle support on this, I got the following response from Oracle Development (On unpublished bug [8542959|https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=BUG&p_id=8542959]):
    Development has confirmed that WS-Security is not supported through UTL_DBWS. They have also acknowledged that this is not documented and they will change the official Oracle documentation will reflect this fact. From what is being stated, it would appear that there is no plan to support the use of WS-Security through UTL_DBWS in any release in the near future.
    So, in short, without developing your own home-grown SOAP request, there is no way to call a WSS enabled web service from within PL/SQL.
    -Tom

  • Security in Web services

    I am new to web services so please pardon me if what I am asking is really dumb.....
    I have created a simple PL/SQL web service using JDeveloper that I have published to an installation of 9iAS. My client is calling this URL directly passing the parameters in the URL and getting the SOAP message back. Everything works great.
    Now I need to secure this somehow. This is an internal application, so I am not terribly concerned with security, but we do need something that will prevent somebody who stumbles across this URL to start using it.
    I have read a lot of documentation on securing web services, but it all seems to be around creating clients, but I don't want a client, I just want to be able to call the URL directly from external systems programmatically.
    One option is obviously to pass username / pw in as parameters and then validate this in PL/SQL, but this is obviously not very secure.
    Another things I was thinking was to use the owa_util.get_cgi_env('REMOTE_ADDR') inside by PL?SQL function to get the IP Address of the client calling and then validate this to make sure this client is allowed to access the web service. This function returns ORA-06502. Does anybody know anything about how to get the IP address of the client calling? I know there are ways to limit access to certain IP addresses on the web server level, but this server is used for other things so I don’t want to do that.
    Is there anything else I can do to secure a web service like this?
    Any help is appreciated.

    More reading and code sample (see end of this post) of what is coming and what is possible today:
    http://www.oracle.com/oramag/oracle/02-jul/index.html?o42special_web.html
    http://otn.oracle.com/oramag/webcolumns/2003/techarticles/smith_wss.html
    This article from Vipin Samar gives the state of WS-Security pretty accurately:
    http://otn.oracle.com/tech/webservices/standards/Samar_Security.htm
    Accompanying paper:
    http://otn.oracle.com/tech/webservices/pdf/33206.pdf
    And, this code sample/tutorial illustrates SSL with Web services:
    http://otn.oracle.com/sample_code/tutorials/wspki/toc.htm
    Mike.

  • Security of Web Services, Agents and Sequantial Calling of Web Services

    I want to ask about the secure invocation of web services and the role of agents.
    Suppose that I have greet() web service:
    public String greet() {
    String S1=sayHello(); // A web service, actually its proxy
    String S2=sayGoodMorning(); // A web service, actually its proxy
    return S1+" "+S2;
    It calls two other webservices and they return "HELLO" and "Good Morning". Also assume that I need to secure all my web services but I need these calls to work!
    I put an agent in front of those two web services and require them to check a SAML token. I also attach an agent to greet() to authenticate the inbound and sign and add SAML token for outbound.
    But I think these two calls fail because the SAML is not created on each call. (Is it?)
    How can I make those two calls, secure each web service and at the same time keep the security code out of business code, in other words keep my web service security agnostic?
    Thank you in advance.
    Best Regards
    Farbod

    Any Comments on this?

  • Use of security in web service

    Hi,
    I have tried to use security from the example jaas-sample of jwsdp 1.5 .
    I just want to secure my web service with a username/password.
    When I called my service from the client...I see the xml flow :
    <?xml version="1.0" encoding="UTF-8"?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
    <env:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
    <wsse:UsernameToken>
    <wsse:Username>Ron</wsse:Username>
    <wsse:Password>****</wsse:Password>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3k18Sv+DMhcO3aoq6YWLB4xa</wsse:Nonce>
    <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2005-03-01T15:26:05Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    </env:Header>
    <env:Body>
    <ns0:getInformations/>
    </env:Body>
    </env:Envelope>
    it seems to be correct but I have an exception :
    Thread : main at 01 mars 2005 16:10:06,593 ERROR Error occured during retrieving informations
    java.rmi.ServerException: JAXRPCSERVLET28 : Informations sur le port manquant
         at com.sun.xml.rpc.client.StreamingSender._raiseFault(StreamingSender.java:497)
         at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:294)
    It works when I not use the security option (in wscompile) ...
    Have you any idea for a solution?

    Hi,
    I tried the xws-security samples and everything worked fine.
    After editing the "java.security" according to the manual with:
    security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
    After that change and a restart of the application server I get the same error message.
    I copied the jar file "bcprov-jdk14-127.jar" from bouncycastle to the jre/lib/ext folder.
    I will check further.
    br
    Dieter

  • Configuring use of clinet certificates for jax web services  configuring u

    Hello dear people,
    I have a very simple jax web service under glassfish v.2.1 and I want to secure it using mutual authentication. I could configure using server certificates but I have problems with configuring the server to ask client certificates. The problem is that the clients are not asked to provide a valid client certificate to use the service. The clients can easily use the service without having a certificate.
    Can anyone tell me what should I do to have this?
    I got the example code from http://java.net/projects/javaeetutorial/downloads and the sample code that I used is in the folder : javaeetutorial5/examples/jaxws/helloservice-clientcert
    Best regards,
    Arash.

    Did you resolve your issue?
    I´m posting some comments that maybe can help newer administrators facing similar doubts.
    I´m using NW PI 7.1 EHP1 also and some interfaces were developed for using an external site providing web services through SSL (HTTPS) connection.
    As in browser navigation, secure sites protected with SSL has a certificate emited by a international CA. We didn´t perceive the "handshake" in the most of cases because normally the web browser has a group of trusted CAs loaded on its certificate store.
    With SAP PI and its WAS Java a similar procedure occurs with a small difference. The WAS Java didn´t have the trusted CAs loaded on KeyStorage. So, when the adapter tries to establishing a connection with an HTTPS site (it is a background process)  a "handshake" is required to accepting the certificate and produces a error.
    We completes the handshake importing the entire certificate chain (you can upload the site´s certificate to your browser and export it as file) on Keytore under the Trusted CAs view.
    Hope this can help someone. It´s an "easy" part of SSL communication.
    Now I´m trying to configure the inverse: Some third party consuming the PI web services using SSL. I have an additional component on inbound/ incoming connections that is the SAP Web Dispatcher.
    The Help.sap.com is the reference but as always its a little difficult to find the (sequential) path following the links (go ahead, go ahead, go ahead, go back, go back, go ahead)...
    Regards,
    Rodrigo Aoki

  • Problem in invoking a secure weblogic web service from javaws client

    Hi all,
    the situation is this: there is a secure web service (Wssp1.2-2007-Wss1.1-X509-Basic256.xml policy) which is accessed by a stand-alone remote web service client (swing-enabled) which is initiated via java web start. You'll probably wondering why this is a special case. Let me elaborate...
    The first step was to develop the service and the client. This wasn't much of a trouble, since the documentation was very good apart from creating a ClientBSTCredentialProvider object at the client side. The documentation should explicitly state that the sixth argument, that of the server certificate, is required! In any case, the first step was a success and the invocation was encrypted and signed at the message level.
    The second step was to create a stand-alone remote client, without any local weblogic installation. That was a bit of a problem, since wlfullclient.jar or wseeclient.jar or weblogic.jar were not enough. I should note that the client was created via netbeans 7.0 and not with the help of weblogic clientgen. So, I had to make a verbose run from netbeans, in order to enumerate the jars which are accessed and gather them into the same directory. That was OK too. The standalone client works just fine.
    The third step is to simply (not so simply...) make a java web start version of the client. Since the previous step was a success (having all necessary jars in the same directory) this one should not be a problem. Well... that turned out to be a huge issue. What I get back as the error message (shown in the java web start console) is this:
    java.lang.InternalError: error initializing kernel caused by: java.lang.AssertionError: Duplicate initialization of WorkManager
         at weblogic.work.WorkManagerFactory.set(WorkManagerFactory.java:107)
         at weblogic.work.ExecuteQueueFactory.initialize(ExecuteQueueFactory.java:23)
         at weblogic.kernel.Kernel.initialize(Kernel.java:103)
         at weblogic.kernel.Kernel.ensureInitialized(Kernel.java:64)
         at weblogic.rjvm.wls.WLSRJVMEnvironment.ensureInitialized(WLSRJVMEnvironment.java:50)
         at weblogic.protocol.ProtocolManager$DefaultAdminProtocolMaker.<clinit>(ProtocolManager.java:53)
         at weblogic.protocol.ProtocolManager.getDefaultAdminProtocol(ProtocolManager.java:218)
         at weblogic.protocol.ProtocolHandlerAdmin.<clinit>(ProtocolHandlerAdmin.java:23)
         at weblogic.rjvm.wls.WLSRJVMEnvironment.registerRJVMProtocols(WLSRJVMEnvironment.java:120)
         at weblogic.rjvm.RJVMManager.ensureInitialized(RJVMManager.java:87)
         at weblogic.rjvm.RJVMManager.<clinit>(RJVMManager.java:46)
         at weblogic.rjvm.LocalRJVM.<init>(LocalRJVM.java:97)
         at weblogic.rjvm.LocalRJVM.<init>(LocalRJVM.java:28)
         at weblogic.rjvm.LocalRJVM$LocalRJVMMaker.<clinit>(LocalRJVM.java:31)
         at weblogic.rjvm.LocalRJVM.getLocalRJVM(LocalRJVM.java:72)
         at weblogic.xml.crypto.utils.DOMUtils.generateId(DOMUtils.java:403)
         at weblogic.xml.crypto.utils.DOMUtils.generateId(DOMUtils.java:395)
         at weblogic.xml.crypto.utils.DOMUtils.assignId(DOMUtils.java:374)
         at weblogic.xml.crypto.wss.SecurityBuilderImpl.assignUri(SecurityBuilderImpl.java:148)
         at weblogic.wsee.security.policy.SigningReferencesFactory.getSigningReferences(SigningReferencesFactory.java:100)
         at weblogic.wsee.security.wss.policy.wssp.SigningPolicyBlueprintImpl.addSignatureNodeListToReference(SigningPolicyBlueprintImpl.java:446)
         at weblogic.wsee.security.wss.policy.wssp.SigningPolicyBlueprintImpl.addSignatureNodeListToReference(SigningPolicyBlueprintImpl.java:335)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.resolveSignatureList(SecurityMessageArchitect.java:574)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.resolveSignatureList(SecurityMessageArchitect.java:428)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.constructMessage(SecurityMessageArchitect.java:304)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.buildWssMessage(SecurityMessageArchitect.java:138)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.buildWssMessage(SecurityMessageArchitect.java:121)
         at weblogic.wsee.security.wss.SecurityPolicyArchitect.processOutbound(SecurityPolicyArchitect.java:225)
         at weblogic.wsee.security.wss.SecurityPolicyArchitect.processMessagePolicy(SecurityPolicyArchitect.java:123)
         at weblogic.wsee.security.wss.SecurityPolicyConductor.processRequestOutbound(SecurityPolicyConductor.java:119)
         at weblogic.wsee.security.wss.SecurityPolicyConductor.processRequestOutbound(SecurityPolicyConductor.java:91)
         at weblogic.wsee.security.wssp.handlers.WssClientHandler.processOutbound(WssClientHandler.java:117)
         at weblogic.wsee.security.wssp.handlers.WssClientHandler.processRequest(WssClientHandler.java:69)
         at weblogic.wsee.security.wssp.handlers.WssHandler.handleRequest(WssHandler.java:112)
         at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:222)
         at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
         at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
         at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
         at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
         at com.sun.xml.ws.client.Stub.process(Stub.java:272)
         at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
         at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
         at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
         at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
         at $Proxy29.fetchCSD(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
         at $Proxy30.fetchCSD(Unknown Source)
         at exchangecsdclient.CSDExchangeClientImpl.fetchCSD(CSDExchangeClientImpl.java:151)
         at pdfutil.PDFUtilApp.initialize(PDFUtilApp.java:55)
         at org.jdesktop.application.Application$1.run(Application.java:170)
         at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
         at java.awt.EventQueue.dispatchEvent(EventQueue.java:597)
         at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
         at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
         at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
         at weblogic.kernel.Kernel.ensureInitialized(Kernel.java:66)
         at weblogic.rjvm.wls.WLSRJVMEnvironment.ensureInitialized(WLSRJVMEnvironment.java:50)
         at weblogic.protocol.ProtocolManager$DefaultAdminProtocolMaker.<clinit>(ProtocolManager.java:53)
         at weblogic.protocol.ProtocolManager.getDefaultAdminProtocol(ProtocolManager.java:218)
         at weblogic.protocol.ProtocolHandlerAdmin.<clinit>(ProtocolHandlerAdmin.java:23)
         at weblogic.rjvm.wls.WLSRJVMEnvironment.registerRJVMProtocols(WLSRJVMEnvironment.java:120)
         at weblogic.rjvm.RJVMManager.ensureInitialized(RJVMManager.java:87)
         at weblogic.rjvm.RJVMManager.<clinit>(RJVMManager.java:46)
         at weblogic.rjvm.LocalRJVM.<init>(LocalRJVM.java:97)
         at weblogic.rjvm.LocalRJVM.<init>(LocalRJVM.java:28)
         at weblogic.rjvm.LocalRJVM$LocalRJVMMaker.<clinit>(LocalRJVM.java:31)
         at weblogic.rjvm.LocalRJVM.getLocalRJVM(LocalRJVM.java:72)
         at weblogic.xml.crypto.utils.DOMUtils.generateId(DOMUtils.java:403)
         at weblogic.xml.crypto.utils.DOMUtils.generateId(DOMUtils.java:395)
         at weblogic.xml.crypto.utils.DOMUtils.assignId(DOMUtils.java:374)
         at weblogic.xml.crypto.wss.SecurityBuilderImpl.assignUri(SecurityBuilderImpl.java:148)
         at weblogic.wsee.security.policy.SigningReferencesFactory.getSigningReferences(SigningReferencesFactory.java:100)
         at weblogic.wsee.security.wss.policy.wssp.SigningPolicyBlueprintImpl.addSignatureNodeListToReference(SigningPolicyBlueprintImpl.java:446)
         at weblogic.wsee.security.wss.policy.wssp.SigningPolicyBlueprintImpl.addSignatureNodeListToReference(SigningPolicyBlueprintImpl.java:335)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.resolveSignatureList(SecurityMessageArchitect.java:574)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.resolveSignatureList(SecurityMessageArchitect.java:428)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.constructMessage(SecurityMessageArchitect.java:304)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.buildWssMessage(SecurityMessageArchitect.java:138)
         at weblogic.wsee.security.wss.plan.SecurityMessageArchitect.buildWssMessage(SecurityMessageArchitect.java:121)
         at weblogic.wsee.security.wss.SecurityPolicyArchitect.processOutbound(SecurityPolicyArchitect.java:225)
         at weblogic.wsee.security.wss.SecurityPolicyArchitect.processMessagePolicy(SecurityPolicyArchitect.java:123)
         at weblogic.wsee.security.wss.SecurityPolicyConductor.processRequestOutbound(SecurityPolicyConductor.java:119)
         at weblogic.wsee.security.wss.SecurityPolicyConductor.processRequestOutbound(SecurityPolicyConductor.java:91)
         at weblogic.wsee.security.wssp.handlers.WssClientHandler.processOutbound(WssClientHandler.java:117)
         at weblogic.wsee.security.wssp.handlers.WssClientHandler.processRequest(WssClientHandler.java:69)
         at weblogic.wsee.security.wssp.handlers.WssHandler.handleRequest(WssHandler.java:112)
         at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:222)
         at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
         at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
         at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
         at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
         at com.sun.xml.ws.client.Stub.process(Stub.java:272)
         at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
         at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
         at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
         at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
         at $Proxy29.fetchCSD(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
         at $Proxy30.fetchCSD(Unknown Source)
         at exchangecsdclient.CSDExchangeClientImpl.fetchCSD(CSDExchangeClientImpl.java:151)
         at pdfutil.PDFUtilApp.initialize(PDFUtilApp.java:55)
         at org.jdesktop.application.Application$1.run(Application.java:170)
         at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
         at java.awt.EventQueue.dispatchEvent(EventQueue.java:597)
         at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
         at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
         at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
    The two invocations (one using java and the other using javaws) should obviously have not differences at all since all resources (jars) are the same.
    I have tried all client jar combinations (with wlfullclient.jar, wseeclient.jar, weblogic.jar) and the result is the same. One additional piece of information is that when removing all security parameters (message level encryption and signing) from the web service the java web start client works just fine!!!
    This is not an issue of additional jars that somehow mess with weblogic jars, since the same error occurs even in the basic hello world web service.
    I wonder if someone has faced the same problem. I would really really appreciate any help. Thank you in advance and keep up the good work.
    Cheers,
    Paul.
    Edited by: PaulP on Jan 11, 2012 5:31 AM

    Hi Kal,
    since we're currently evaluating the software and haven't acquired a license, we cannot contact support.
    I only need to know if this is a solved bug or not. Does it have to do with the classloading process (I cannot think of anything else)?
    Thank you again very very much!
    Cheers,
    Paul.

  • Using PFX certificate to call web services

    Hi,
    I need to use a PFX certificate to invoke a web services over HTTPS using a simple Java client; I've followed these steps:
    1 - convert .pfx certificate in .cer format: I've imported the certificate in Internet Explorer and then exported in .cer format
    2 - write a simple code before invocation of web service like this:           System.setProperty("javax.net.ssl.trustStore","C:\\myCertificate.cer");
    System.setProperty("javax.net.ssl.trustStoreType","PKCS12");
    System.setProperty("javax.net.ssl.trustStorePassword","myPwd");but it does'nt work and this exception occured:
    java.net.SocketException: Default SSL context init failed: DerInputStream.getLength(): lengthTag=109, too big.Then I've tried to import my certificate in a jsk keystore by keystore tool; after I've changed my code like this:
    System.setProperty("javax.net.ssl.keyStore","C:\\myjks.jks");          
    System.setProperty("javax.net.ssl.keyStoreType","JKS");     
    System.setProperty("javax.net.ssl.keyStorePassword","myPwd");but the eception is:
    sun.security.validator.ValidatorException: No trusted certificate foundWich are the right stpes to use a pfx certificate in a Java environment?
    Thanks in advance.
    Rob

    I've resolved my problem coding a custom SecureSocketFactory which I load programmatically into my SSL Context and then activate in my Axis client:
    public class MySocketFactory implements SecureSocketFactory {
         private Hashtable ht;
         public MySocketFactory(Hashtable ht) throws Exception {
         this.ht = ht;
         public Socket create(String host, int port, StringBuffer hds,
                   BooleanHolder bh) throws Exception {
              SSLSocket theSocket = null;
              try {
                   KeyStore keyStoreKeys;
                   KeyManagerFactory keyMgrFactory;
                   SSLContext sslContext;
                   keyStoreKeys = KeyStore.getInstance("PKCS12");               
                   keyStoreKeys.load(new FileInputStream("mykey.pfx"),"mypwd".toCharArray());
                   keyMgrFactory = KeyManagerFactory.getInstance("SunX509");
                   keyMgrFactory.init(keyStoreKeys, "mypwd".toCharArray());
                   sslContext = SSLContext.getInstance("SSL");
                   sslContext.init(keyMgrFactory.getKeyManagers(), null, null);
                   SSLSocketFactory socketFactory = sslContext.getSocketFactory();
                   theSocket = (SSLSocket) socketFactory.createSocket(host, port);
              } catch (Exception e) {
                   e.printStackTrace();
              return theSocket;
    }Then, in my proxy client, I activate in Axis my factory by this statement:
                   AxisProperties.setProperty("org.apache.axis.components.net.SecureSocketFactory", "socketfactory.MySocketFactory");bye
    Rob

  • Certificate Issue in web services Using j2ee in oracle apps 11i

    Hi all,
    I am working with web services integration in oracle apps 11i. I used j2ee technology. I installed j2eesdk-1_4_03 and test with j2eetutorial. I have to integrate third party payment system with web services in oracle apps 11i. I run following commands in putty
    build: asant build
    packing: asant create-war
    deploy: asant deploy-war
    client java:
    compile: asant build
    run: asant run
    While i run the "asant run" command, i got below the error
    sun.security.validator.ValidatorException: No trusted certificate found
    I added third party certification but i got same error which i mentioned above.
    Is any certification or settings need for run the web services in ebs.
    Thanks
    Edited by: 910361 on Nov 1, 2012 7:09 AM

    Hi,
    I do the settings according to your advice, i got below error when i run below command to add certificate to keystore.
    command:
    keytool -import -keystore /usr/j2ee/jdk/jre/lib/security/cacerts -file /usr/Class3G2.cer
    Error:
    keytool error: java.lang.Exception: Input not an X.509 certificate
    Thanks
    Edited by: 910361 on Jan 27, 2012 4:38 AM
    Edited by: 910361 on Jan 27, 2012 4:39 AM
    Edited by: 910361 on Jan 27, 2012 4:39 AM
    Edited by: 910361 on Jan 27, 2012 5:29 AM
    Edited by: 910361 on Nov 1, 2012 7:09 AM

  • Document Security in web service.

    Hi all,
    I am trying to implement document security in the web service. here for that i have create a Ejb and exposed it as web service. now that i have enabled the Document security for the SOAP message. i want to know that which certificate (Keys) are used for the encryption and decryption of the message.
    I saw in help.sap.com that i have to use view WebServiceSecurity in which their is a key XMLEncryption.
    Now i have following issues with it.
    <b>I found no key in the view with name XMLEncryption</b>
    Should i create one or not.
    Now i created one key with that name.
    Now when i am using that key from .Net client to access the web service i get following responce form the web service.
    <b>0002E3562FFE004A00000012000003200003FB109FE6903A : Found 0 operation definitions using keys: Key name:'first-body-element-ns' key value:'urn:CostCenterSecureSignatureVi'; Key name:'SoapRequestWrapper' key value:'getDetail'</b>
    How do i correct above problem?.

    sorry for the post in wrong area.....

  • Sending SSL Certificate to external Web service in BizTalk 2010

    Hi,
    We are facing issues in calling the external web service(SAP I Web service) which is authenticated using the SSL self signed certificates.
    When BizTalk sends the request to SAP it fails with HTTP 401 error, and in SAP PI the log says calling application not sending the client certificate. Please help us in sending the request to external web service by signing with the client
    certificate.
    Below are the details,
    1. This is a 2-way SSL communication authenticating based on the client Certificate.
    2. BizTalk server public key certificate is shared to SAP PI and using SAP PI certificate public key in biztalk
    3. Configuration done at BizTalk as given below
    1. Created BizTalk Certificate using makecert command
    2. Client and Server Certificate Installation
    - Installed BizTalk Client Certificate in Certificates Store under
    a. Current User--> Personal (Private Key)
    b. Current User --> Trusted Root Certification Authorities (Public Key)
    c. Local Computer --> Personal (Private key)
    d. Local Computer --> Trusted Root Certification Authorities (Public Key)
    e. Current User--> Other People
    Installed SAP Server Certificate in Certificates Store under
    a. Current User --> Trusted Root Certification Authorities
    b. Current User --> Trusted People
    c. Local Computer --> Trusted Root Certification Authorities
    d. Local Computer --> Trusted People
    e. Current User--> Other People
    3. BizTalk Status Solicit Response Send Port(used to call the SAP PI Web service) Configuration
    - Transport Type  WCF-Custom
    - Binding  BasicHttpbinding
    Security Mode : Transport
     Client Credential Type : Certificate
     Proxy Credential Type : None
     Realm : localhost
    • Message
     Client Credential Type : Certificate
    Client CredentialsClient Certificate
     findValue : CN=< Thumbprint >
     x509Findype : FindByThumbPrint
    • Server Certificate
     findValue : <Thumbprint>
     x509Findype : FindByThumbPrint

    Hi All,
    The reasons why the trigger from BizTalk is failing and the trigger from SoapUI is successful.
    In SoapUI configuration we select the Private key of the client certificate and provide the password for the same.
    In BizTalk we only have the option of selecting the certificate and we cannot provide the password. Below is the MSDN article for the same
    In one of the Site  , its mentioned as below, Kindly let us knwo whether the below mentioned will work or not
    Organization Security Restrictions::
    Each organization may have restriction on using client certificates for security reasons . One such restriction is when a user requests a client certificate a password prompt is displayed . A client certificate can be used only if the correct password is provided
    becuase Biztalk Server uses services and services cannot interact with dialog boxes so do not use client certificates requiring password validation.
    To Prevent the issue , configure the policy so no password are prompted when a certificate is used this setting is enforced by the Group policy Object (GPO) system cryptography: Force strong Key protection for user keys stored on the computer . If setting
    this policy , then the value should be set to "User input is not required when new keys are stored and used "
    Kindly let us know whether setting needs to be done in the system cryptography
    Thanks

  • Implementing Security in web services developed using JAX WS approach

    Hi ,
    Our Organization has developed a Web service using JAX WS approach exposing EJB as EndPoint .This wsdl file URL is only used by third party companies that register with us (Means i want to say that this wsdl url is not world wide accessable).
    Now we need to implement security for this service , please tell me what is the appropiate for doing so ??
    Thank you in advance .
    Waiting for your valuable suggestions .
    Please help .

    You can implement message level security in many ways. Some of the ways are
    SAML
    Digital certificates etc
    You may have to work with your vendor specific API to achieve this. Take a look at one case study.
    http://www.ibm.com/developerworks/webservices/library/ws-security.html
    You will find lot of articles on google to implement message level security however my recommendation would be to get in touch with security expert.

Maybe you are looking for

  • PC wont recognize Iphone anymore after update failed . Stuck in recovery

    Hello. I was trying to update my gf iphone 3g to the latest firmware and i guess during the updating process my pc stop recognizing the iphone (during phone restart maybe?) and it said could not update and it gave me an error. So now i got a usb and

  • Homegroup madness Win 8.1 and Toshiba cloud TV

    I purchased both a Dell "all in one" running Win 8 and a Toshiba Cloud TV that includes "mediashare". For some time, it worked great. But around the time I upgraded to Win 8.1, mediashare stopped working. I've gone through all my settings (that I kno

  • SVG Objects

    Is there an SVG library that we can download on the internet from either SAP or any that are on a free site?

  • CCMS agents, alert monitoring, SNMP traps

    Hi Guys, I have a question. There is a requirement about monitoring. Any documenation or links will be really appreciated. My client needs me to use CCMS agents, alert monitoring for both ABAP and JAVA stacks, SNMP traps, sending SNMP traps, interfac

  • Formula help needed

    Hi, I have a sheet with abt. 3.000 rows. From one of the rows I want to extract the date. The row looks like this: Festgelegt für 5. September 1946 von 09:15 bis 10:15, that is a textstring So in the first field I used part to get the Date "5. Septem