OEG and OSB - username token with message protection
Salve,
I've got a simple example of OEG / OSB integration up and running -
Scenario 1 - username token validation works fine
Scenario 2 - username token /message protection has issues.
I register the web service with OEG and the security policy is auto-generated. I configure as appropriate but get the error -
No asymmetric key foundERROR12/5/11 1:46 PM signature error: not specified/not specified, key is not found:
A doc detailing all the steps I took is available at -
https://docs.google.com/open?id=0B7YrnfO7h717ODI5NGExODAtNjI0Yy00ZGE0LWI3NzQtZTg4YjM2ZDQzOWQ1
any help --> greatly appreciated.
Replied offline as forum was down. Issue sorted.
Many thanks for detailed analysis.
Similar Messages
-
OSB proxy secured with message level protection - No Protocol error
I have an OSB business service that calls a JAX-WS service protected by OWSM policy wss11_message_protection_service_policy. The business service is protected by the corresponding client policy. The proxy service is secured by wss11_message_protection_service_policy. Business service works fine but the proxy doesn't. It runs into this "no protocol" error below on the outbound. The system is a windows 8 64 bit PC and uses IPV6. The domain path has no spaces (I read online on an unrelated forum that spaces can cause this 'no protocol' error). This error occurs only with the message protection policy. UserName token works fine from proxy->business svc->webservice. There are no issues with the certificates because I am able to call the webservice using a jax-ws client using the certificates in keystore.
Caused By: java.net.MalformedURLException: no protocol: /OSBProject/proxy/HelloS
erviceProxySvc
at java.net.URL.<init>(URL.java:583)
at java.net.URL.<init>(URL.java:480)
at java.net.URL.<init>(URL.java:429)
at oracle.wsm.security.identity.WSMIdentityReaderValidator.getHostname(W
SMIdentityReaderValidator.java:200)
at oracle.wsm.security.identity.WSMIdentityReaderValidator.getIdentity(W
SMIdentityReaderValidator.java:149)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor
.fetchIdentity(SecurityScenarioExecutor.java:488)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor
.initialize(SecurityScenarioExecutor.java:455)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor
.init(SecurityScenarioExecutor.java:347)
at oracle.wsm.security.policy.scenario.executor.Wss11AnonWithCertsScenar
ioExecutor.init(Wss11AnonWithCertsScenarioExecutor.java:97)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populate
AssertionExecutors(WSPolicyRuntimeExecutor.java:259)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populate
AssertionExecutors(WSPolicyRuntimeExecutor.java:282)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.init(WSP
olicyRuntimeExecutor.java:165)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.getPolicyExecutor(
PolicyExecutionEngine.java:137)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExec
utionEngine.java:101)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1059)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:489)
at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvo
ker.java:374)
at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundH
andler.java:217)
at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundH
andler.java:215)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAs(JpsSubject.java:213)
at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler.processRequest(Wsm
OutboundHandler.java:214)
at com.bea.wli.sb.test.service.wss.WssHandler.processRequest(WssHandler.
java:279)
at com.bea.wli.sb.test.service.ServiceMessageBuilder.buildMessage(Servic
eMessageBuilder.java:468)
at com.bea.wli.sb.test.service.ServiceMessageBuilder.buildMessage(Servic
eMessageBuilder.java:116)
at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessage
Sender.java:261)
at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMe
ssageSender.java:79)
at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessage
Sender.java:137)
at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessage
Sender.java:135)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
146)
at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityCo
ntextService.java:55)
at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageS
ender.java:140)
at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.
java:454)
at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceE
JBBean.java:167)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.__WL_invoke(
Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(Ses
sionRemoteMethodInvoker.java:40)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(Unkno
wn Source)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invok
e(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:17
4)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef
.java:345)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef
.java:259)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_1036_WLStub.
invoke(Unknown Source)
at com.bea.alsb.console.test.TestServiceClient.invoke(TestServiceClient.
java:174)
at com.bea.alsb.console.test.actions.DefaultRequestAction.invoke(Default
RequestAction.java:117)
at com.bea.alsb.console.test.actions.DefaultRequestAction.execute(Defaul
tRequestAction.java:70)
at com.bea.alsb.console.test.actions.ServiceRequestAction.execute(Servic
eRequestAction.java:143)
at org.apache.struts.action.RequestProcessor.processActionPerform(Reques
tProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201
(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunn
er.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionI
nterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processAct
ionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.alsb.console.common.base.SBConsoleRequestProcessor.processAct
ionPerform(SBConsoleRequestProcessor.java:91)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.ja
va:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInt
ernal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(Pa
geFlowRequestProcessor.java:853)
at com.bea.alsb.console.common.base.SBConsoleRequestProcessor.process(SB
ConsoleRequestProcessor.java:191)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(A
utoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageF
lowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionSe
rvlet.java:262)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServ
let.java:134)
at com.bea.alsb.console.common.base.SBConsoleActionServlet.doGet(SBConso
leActionServlet.java:49)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlow
Utils.java:1199)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlow
Utils.java:1129)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.exec
uteAction(ScopedContentCommonSupport.java:687)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.proc
essActionInternal(ScopedContentCommonSupport.java:142)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.processAction(St
rutsStubImpl.java:76)
at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiAct
ionHandler.java:111)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedActi
on(NetuiContent.java:181)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedActi
on(NetuiContent.java:167)
at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackD
ata(NetuiContent.java:225)
at com.bea.netuix.nf.ControlLifecycle$2.visit(ControlLifecycle.java:180)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:324)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java
:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:199)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileS
ervlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
tyHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
a:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:32
4)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUt
il.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.jav
a:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:1
71)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:16
3)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsF
ilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
ervletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
ontext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
ava:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>Replied offline as forum was down. Issue sorted.
Many thanks for detailed analysis. -
Hello i got my comuter and its a mac and it didnt come with messages how would i get it ?
i wanted to know how to get messages on ym mac is there anyway u coukd help me
Go to the Apple menu and choose a About This Mac.
If it doesn't have the version 10.8.x or 10.9.x, the it doesn't have Messages.
Depending on the model, you might be able to upgrade to Mavericks (10.9)
While Mavericks is free, the server version costs $20. -
I am unable to access 3G network, although wireless access is working fine. When opening a page in safari it churns for a while and then says that server has stopped responding. I noticed on one forum that it said something about changing brightness settings causing a conflict - coincidentally this first started happening after I had tweaked brightness. I have tried resets etc, but still no joy. Any ideas?
Hi there humph86,
You may find the troubleshooting steps in the article below helpful.
iPad (Wi-Fi + Cellular Models): Troubleshooting a cellular data connection
http://support.apple.com/kb/TS4249
-Griff W. -
OWSM 11g: Difference between Message Protection Policies
Hi all,
I am using OWSM11g for securing web services. There are two separate policies provided oracle/wss10_message_protection_service_policy and oracle/wss10_x509_token_with_message_protection_client_policy. How does these policies differ in providing message protection?
Additionally, I have the documentations provided by oracle regarding OWSM11g. In case, there are some addtional resources or tutorials for OWSM 11g which might help me please suggest me the same.
Thanks in advance.Hi,
In OWSM 10g there was concept of Server Agent and Client agents.The server agents were attached with the service providers and client agents were attached with client consumers.Similarly there are two types of policies available with 11g for service endpoints.One is attached with the service provider endpoint and one is attached with the consumer.
For e.g- If there is a credit validation webservice which requires the payload to be signed and encrypted,then u attach oracle/wss10_message_protection_service_policy with it and if there is a SOA composite invoking this service,then u attach oracle/wss10_message_protection_client_policy with it.For each of the service side and client side policies some configurations/settings can be modified or overridden.
Now oracle/wss10_message_protection_service_policy is message integrity and confidentiality service policy implementing WS-1.0 security standards.While oracle/wss10_x509_token_with_message_protection_client_policy is X509 token based authentication with message protection client policy implementing WS-1.0 security standards.
Hence while implementing security always use the same dual pairs for service and client policies.Currently there are not many samples available but the 'Security and Administrator’s Guide for Web Services' guide is good documentation to start with for configuring security using OWSM 11g.
Rgds,
Mandrita -
Daer Security experts,
we are on ECC 6.0 (Netweaver 7.0 SP10 , SAP_ABA: SAPKA70010 and SAP_BASIS:SAPKB70010) with only stack ABAP. We want to implement a web service with username Token security. Is it possible with our release and support packages level? If not from which support packages level is it possible or is it mandatory the java stack?
Have you some documentation to implement it?
Thank you in forward
Cheers
BobHi Bob,
it should be working but you can't use digest for your password. So you will have to call it over SSL. Check [this thread|Username Token with digest password on AS ABAP; for more info. You need to set message level authentication for your web service. It's level low or medium.
Cheers -
Unable to call Web Service with Username Token
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I posted this in the JDeveloper forum but got no response.
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I have JDeveloper 10g release 3.
I created a regular Java application. Added a Web service proxy with no special mappings or anything. Right clicked on the proxy and said "Secure Proxy". I only used basic plain text username token. Added a method to my class that call instantiates a client, and called the operation.
However when I run this I get the following error message.
SEVERE: No username found
Error::oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: No username found
The Web Service Security Proxy Wizard created an xml in my src file, that I updated to put the username and password of the web service. Below is the xml file.
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1"/>
<port-info>
<wsdl-port namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1Soap"/>
<runtime enabled="security">
<security>
<inbound/>
<outbound>
<username-token name="myusername" password="xxxxx" password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
</outbound>
</security>
</runtime>
<operations>
<operation name='TryMe'>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
And this configuration file is processed in the stub file.
setupConfig("project2/runtime/Service1Soap_Stub.xml");
What am I doing wrong. I cannot find any documentation on the secure web service client wizard and it's generated code.
Thanks, MIke L.Mike,
I updated the 3 xml files with the name and password and I get a different error now ...
WARNING: Unable to connect to URL: https://dssd001.ca.boeing.com:443/bartinterface/SOAP/resSetup.cgi due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
I am using the simple text based username auth, but jdev for some reason still goes and looks for the x509 cert? How did you get yours to work?
Thanks
Sriram -
Username token in SOAP message
Dear PI experts.
I am using SAP PI 7.1 and having a scenario where a message is sent from SAP (ECC 6.0) using Abap Proxy via PI to Java legacy system with Receiver SOAP Adapter.
I am supposed to send username token in the SOAP header. I have browsed quite an amount of SAP's Web service security material, but not yet been able to implement this behaviour. Mostly these documents are handling webservice scenarios between Abap systems using WS-RM.
Could you please advise me to right track.
Thank you, Jukka.Hi,
you can use Principal Propagation to propagate your user from R/3 to PI to your target application.....you will have to ask your basis guys to enable Principal Propagation in your XI system by making your r/3 system and XI system as trusted systems to eachother.
Regards,
Rajeev Gupta -
URGENT ::: How to add UserName Token to SOAP Message Header.
Hi,
I created a webservice client using CLIENTGEN utility of weblogic from the WSDL file. When I am trying to call a webservice which is hosted on TOMCAT server, I am getting the following exception::
5/12/2008 06:09:02 com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Sending Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://settlementService.au.db.com/types">
<env:Body>
<env:Fault>
<faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:FailedAuthentication</faultcode>
<faultstring>Message does not conform to configured policy [ AuthenticationTokenPolicy ]: No Security Header found</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
==== Sending Message End ====
The webservice ic configured as secured webservice, there is some certificate file which was provided to me from client. Useing java KEYTOOL command I have created the keystore from that certificate and configure it in the weblogic server console.
Issue is the SOAP message header is blank I need to add the USERNAME TOken profile to this header, in order to access this webservice. The current CLIENT code snippet is shown below:
try{
String WSDLUrl = "https://shappzu2.au.db.com:8297/settlementService-ws/settlementService?WSDL";
String wsUserName = "tracer-us";
String wsPassword = "R0na!do#11";
InputStream[] policies = new InputStream[]{Client.class.getResourceAsStream("/wl-unt-policy.xml")};
SettlementService_Impl settlementServiceObj = new SettlementService_Impl(WSDLUrl);
SettlementServiceFacade port = settlementServiceObj.getSettlementServiceFacadePort(policies, policies);
List credProviders = new ArrayList();
CredentialProvider cp = new ClientUNTCredentialProvider(wsUserName.getBytes(), wsPassword.getBytes());
credProviders.add(cp);
Stub stub = (Stub)port;
// Set stub property to point to list of credential providers
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
if(sharesXMLString != null && sharesXMLString.length() > 0) {
port.loadEquityTrade(sharesXMLString);
}catch(Exception e){
//throw new SystemException(e.getMessage());
e.printStackTrace();
Can any one help me in this?1) Use something like TCPmon https://tcpmon.dev.java.net/ or verbose logging to see the actual message content on the wire that the client is sending
2) Inside the WLS samples there is a UNT sample in the INSTALL_DIR/wlserver_10.0(or equivalent)/samples/server/examples/src/examples/webservices/security_jws
If that works correctly and puts the UNT in the header, then I would compare that code with yours. -
Problems with JAX-WS when using security (e.g. username token profile)
Hello,
I am deploying a web service on weblogic 11g (10.3.1) with this policy:
@Policy(uri = "policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",attachToWsdl=true)
I have another web application as client which is using a JAX-WS SOAP handler to communicate with web service
and everything works fine when my client is deployed on tomcat 6 (JRE 6) (anthentication goes through)
The handleMessage() method of my handler is posted here :
public boolean handleMessage(SOAPMessageContext context) {
m_logger.debug("UserNameTokenHandler handleMessage() called");
Boolean outboundProperty = (Boolean) context.get (MessageContext.MESSAGE_OUTBOUND_PROPERTY);
SOAPMessage message =context.getMessage();
if (outboundProperty.booleanValue()) {
m_logger.debug("\n (client protocol handler) Outbound message:");
try {
SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
SOAPHeader header = envelope.getHeader();
if (header == null ) {
header = envelope.addHeader();
SOAPElement security = header.addChildElement("Security", "wsse", WSSE_NAMESPACE);
SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
usernameToken.addAttribute(new QName("xmlns:wsu"), WSU_NAMESPACE);
SOAPElement username = usernameToken.addChildElement("Username", "wsse");
username.addTextNode(user);
SOAPElement password = usernameToken.addChildElement("Password", "wsse");
password.addTextNode(pass);
} catch (Exception e) {
m_logger.error("Failed to add username token profile security", e);
} else {
m_logger.debug("\n (client protocol handler) Inbound message:");
return true;
but when I deploy the same client on weblogic server it fails to communicate with my web service with this error:
javax.xml.ws.soap.SOAPFaultException: Unable to add security token for identity, token uri =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
I noticed Weblogic has some packages to handle security like:
weblogic.wsee.security.unt.ClientUNTCredentialProvider
weblogic.xml.crypto.wss.provider.CredentialProvider
weblogic.xml.crypto.wss.WSSecurityContext
So I added another mechanism using weblogic package to add username password to SOAP header
Map<String, Object> request = ((BindingProvider) proxy).getRequestContext();
if (connectInfo.get("username") != null && connectInfo.get("password") != null) {
List<CredentialProvider> credProviders = new ArrayList<CredentialProvider>();
//client side UsernameToken credential provider
CredentialProvider cp = new ClientUNTCredentialProvider((String)connectInfo.get("username"),
(String)connectInfo.get("password"));
credProviders.add(cp);
request.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
This seems to be ok but only for weblogic.
I don't want to have one client for deploying on weblogic and another one for JAX-WS
I suppose weblogic follows the standard and should support the original approach.
Is this an incompatibly issue or am i missing somethingIn one of WLP Pageflows, I invoke a SOA BPEL WebService that needs Security Header like the way you have. I have my own Handler class and I call the below private method in handleMessage(...) and so far it is working fine. Security Header is adding fine.
One difference I could see in your method and my method is when we create SOAPElement for "Security" Tag, at the time of creation itself, I pass the third argument also that is the namespace. I remember vaguely, when I used code like yours, like first instantiate with only 2 args. Then set the namespace. It did not work. So I used the API, that takes the namespace as third argument.
So try something like below. This is a working code snipped deployed on WLP 10.3 (WLP is on top of WLS 10.3).
Thanks
Ravi Jegga
private void setSOAPSecurityHeader(SOAPEnvelope soapEnvelope) throws Exception {
try {
//soapEnvelope.addNamespaceDeclaration("soap", "http://schemas.xmlsoap.org/soap/envelope/");
soapEnvelope.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
SOAPHeader header = soapEnvelope.addHeader();
String namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
SOAPElement securityElement = header.addHeaderElement(soapEnvelope.createName("Security", "wsse", namespace));
securityElement.addNamespaceDeclaration("", namespace);
//securityElement.addNamespaceDeclaration("env", "http://schemas.xmlsoap.org/soap/envelope/");
SOAPElement usernameTokenElement = securityElement.addChildElement(soapEnvelope.createName("UsernameToken", "wsse", namespace));
usernameTokenElement.addNamespaceDeclaration("", namespace);
SOAPElement usernameElement = usernameTokenElement.addChildElement(soapEnvelope.createName("Username"));
SOAPElement passwordElement = usernameTokenElement.addChildElement(soapEnvelope.createName("Password"));
// For Testing Purposes only hardcoded this username and password values. Later on this may be set dynamically
usernameElement.setValue("xxxxxxx");
passwordElement.setValue("yyyyyyy");
//SOAPBody soapBody = soapEnvelope.getBody();
//SOAPHeader soapHeader = soapEnvelope.getHeader();
} catch (Exception e) {
// Handle This error in the main method that is calling this private method. So just return the Exception as it is...
throw e;
} -
Error message when finalizing...file already open with write protection
I just created my first movie in i Movie. It's about 9 minutes long. When I tried to finalize it it worked for a couple of hours and then came up with a message "unable to prepare project for publishing because an error occurred (file already open with write protection)". What does this mean? I thought I had closed all the files I was using. There was no error number. I tried it 3 times and got the same message. Any thoughts would be greatly appreciated.
AppleMan, I just checked that and it looks like Time Machine isn't open. I checked it by going to finder>applications>R click on time machine. It gave me the option to "open" which makes me think it's already closed. Is there somewhere else I need to be looking?
I made another movie that was just a couple of clips and it finalized fine. On that movie, I had some MTS clips and I converted them to mp4's so iMovie could read them.
In the one that didn't work I did clip one of the movies before I imported it into iMovie. It saved as a .mov instead of a .mp4. Would that make a difference? I checked all of the files and none of them are listed as locked, so I really don't get the "write protected" aspect of this error. -
WS Security with Username token
Hi Experts,
Could you please provide the details/links to do username token(WS-Security) using PI 7.1?
I am not sure what all configurations are required.
I need to use SOAP or WS Adapter on Sender side.
My consumer is going to send a request throught SOAP or WS Adapter to PI and PI will get information from ECC and pass it on to Consumer.
Consumer (.Net Application) <-> PI <-> ECC.
Regards
Hetal
Edited by: hetal shah on Nov 2, 2010 6:28 PM
Edited by: hetal shah on Nov 3, 2010 12:09 AM
Edited by: hetal shah on Nov 3, 2010 7:10 PMAsked web service team to use one service account for authentication. Used this blog How to Configure AXIS Framework for Authentication Using the "wsse" Security Standard in SAP PI to configure axis framework. Now we are able to send message to web service.
Regards,
Muni. -
I am getting the message that my email password and/or username is not correct. They are both correct! I am the only one who cannot send or receive emails...I am the only one using a mac. i use mac mail and it is my companies server. I took my computer and iPhone to the Apple store...4 hours later they said that couldn't figure out why it wasn't working. Any suggestions???? I am also not able to log into the C-Panel...
Same here! Happened yesterday to me on New iPad and iPhone 4S. On iPad I managed to correct it by removing the account and activating it again as an Exchange account...I have mail and calendar OK!
On the iPhone nothing seems to work!
Facts:
1. everything worked perfectly for years!
2. I have the 2-step authentication deactivated on my google account so it cannot be this one.
3. On desktop everything works just fine, on iPad everything is OK with Exchange account added (after Google removed support for Exchange account access I CAN ONLY HAVE ONE DEVICE with Google Exchange account, so doing the same on the iPhone does not work!)
4. Tried to remove and add the account again - no results.
5. Tried to remove and add as Google, as Exchange, as Other account - I get calendar but no mail!!!
6. Tried to reboot between remove/add accounts - no results.
7. Tried to ("reset settings") reset the device - no results.
8. Tried to add as POP account and I it worked - I get mail but I do not need POP as I am using zounds of mail with labels and need to be working on an IMAP account
9. To make things even more complicated...I have another account which works perfectly!!!!!
Anyone out there having a clue? -
Hi,
I made a 10.3 proxy service with a sign policy , added a service key provider and configured wls / wsdl.
I need to provide a xml signature in the osb tester else I get an exception.
When I use the proxy service tester in OSB and select the service provider. then it works perfectly. In the output window I get an request and response with wsse security.
Now when I use OWSM with xml signature with the same jks keystore and use the same alias and call this OSB proxy server with the xml signature generated by owsm, I got an wssecurity exception , could not validate signature using any of the supported token types.
maybe someone can help meHi,
I didn't solve it, soapUI is nice for testing but I needed to make this work for production.
I will wait for fmw 11g -
Since up grading to the new OS Lion basicly problem free except my iPhone iPod and iPad all give me sync issues they load apps , music , books , movies , but refuse photos and the sync ends with an error 50 message most times , yes I have re booted reinstalled new i Tunes and all my others help ! I have update every thing I can re installed , no other issues apart from Parallels and windows which I have deleted and will reisnstall and up date when I get my discs back moving house so in storage boxes somewhere ? , but who needs Windows ? is any one else suffering , or have any solutions
Hi Ken,
Wow, I've logged into adobe and never seen your response until now.
I need to make the forums more of a daily stop I guess.
Thank you for your response, When I go to the Archives, it states I have none. In addition, previously when I'd tried to move items to the archive, they just disappeared
Currently my desktop is not connecting at all, Everytime I connect, it's states "We have now logged you out" and requests I login again.
I have of course rebooted,
Gone into taskmanager, killed all the relevant threads, tried again to login through the desktop, no luck, I'll have to uninstall it, make sure the threads are killed, then reboot it and then reinstall it, but I've not had the time to do that.
On another note, and just as a point of reference, myself, personally, I hate these "cloud" file repositories (not to be confused with adobe cloud services which I love) but the file repositories themselves imho, are a blackhole of resource usage when one doesn't/isn't using them,
Is there a way we can use it more of a "ftp" sort of thing, when I want to I can put files there? There is no way to "Download" the repository, no way to download the folders.. only individual files and then it takes I think three different steps before the download starts.. I find this very inhibiting. Just an fyi. for what it's worth.
Please, feel free to contact me,
I'm on g+ chat [email protected]
Maybe you are looking for
-
Hi All, The multiprovider is containing infoobject (master data) and one cube. When i check the data ndividually, I can see the data for info object master data and Cube When I go listcube transaction if I check data for multi provider I canu2019t s
-
Library on an external hard disk
I have my itunes music on an external hard disk and I want to install itunes on a new laptop and view the existing itunes library that is on the external hard disk. I have installed itunes on the new laptop and changed the default location of the itu
-
Sort Order Driven By Other Field In PowerView on a Relational Source
Hi, Is there a way to sort an attribute in a chart by a different attribute that is not shown in the chart on a relational source (as e.g. possible with a PowerPivot table source where you can specify to use a different field as sort order)? I achiev
-
How to call dicoverer through menu option in forms
Hi, Need help.........Can anybody tell me .....how to call dicoverer through menu option in forms. Thanx Sunil
-
The jukebox is CoffeeCup Web Jukebox. It played before the update. Flash and Shockwave are up-to-date. See http://www.dracoboxers.com/levi.html