OWSM 11g: Invoking a secured web service through a java proxy service

Similar Messages

• Calling a WSSE Enabled Web Service Through a Java Proxy Class

  I am trying to create a client that can access a WSSE enabled web service through
  the generated java proxy. For now all I am asking for in the .wsse file is the
  username and password with the line <token tokenType="username"/>. In the client
  I am setting the username and password token exactly as the BEA documentation
  describes:
  UserInfo ui = new UserInfo("myuser", "mypassword");
  session.setAttribute(WSSEClientHandler.REQUEST_USERINFO, ui);
  Yet I am getting the following error message when I try to run the client:
  java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException:
  EJB Exception: ; nested exception is:
  com.bea.wlw.runtime.jws.wssecurity.exception.WLWWSSEException: Policy
  requires Message to contain UsernameToken, UsernameToken not found in the Message.
  Can anyone tell me what I am missing?
  Thanks,
  John

  Hi John,
  In your standalone client, use the following two properties to send a
  user name and password to the service so that the client can
  authenticate itself: javax.xml.rpc.security.auth.username
  javax.xml.rpc.security.auth.password
  See the docs [1]
  Hope this helps,
  Bruce
  [1]
  http://edocs.bea.com/wls/docs81/webserv/security.html#1073863
  John H wrote:
  >
  I am trying to create a client that can access a WSSE enabled web service through
  the generated java proxy. For now all I am asking for in the .wsse file is the
  username and password with the line <token tokenType="username"/>. In the client
  I am setting the username and password token exactly as the BEA documentation
  describes:
  UserInfo ui = new UserInfo("myuser", "mypassword");
  session.setAttribute(WSSEClientHandler.REQUEST_USERINFO, ui);
  Yet I am getting the following error message when I try to run the client:
  java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException:
  EJB Exception: ; nested exception is:
  com.bea.wlw.runtime.jws.wssecurity.exception.WLWWSSEException: Policy
  requires Message to contain UsernameToken, UsernameToken not found in the Message.
  Can anyone tell me what I am missing?
  Thanks,
  John

• Error While Consuming Public Web Service through Stand Alone Proxy

  Hi,
  I am getting the below error when I am consuming a public web service through Stand Alone Proxy.
  java.rmi.RemoteException: Service call exception; nested exception is:
       com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (407) Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ).
       at com.mindtree.examples.GlobalWeatherSoapStub.getCitiesByCountry(GlobalWeatherSoapStub.java:159)
       at com.mindtree.examples.GlobalWeatherSoapStub.getCitiesByCountry(GlobalWeatherSoapStub.java:168)
       at com.mindtree.examples.WebServiceClient.main(WebServiceClient.java:18)
  Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (407) Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ).
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:903)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1346)
       at com.mindtree.examples.GlobalWeatherSoapStub.getCitiesByCountry(GlobalWeatherSoapStub.java:152)
       ... 2 more
  Regards,
  Venkatesh

  Hi,
  I am still facing the same issue.
  Regards,
  Venkatesh

• Unable to invoke a secured web service

  Hi all
  I have been trying to call a secured web service which enforces wss11_saml_token_with_message_protection_client_policy policy. To create a web proxy in JDev, I am using the following wiki - http://aseng-wiki.us.oracle.com/asengwiki/display/ASDevOWSM/How+can+I+create+a+JSE+client+to+invoke+ADF+BC+Web+Service+with+OWSM+wss11_saml_token_with_message_protection_service_policy (scroll down to find "Creating JSE client for above Web service")
  I have got the default-keystore.jks, cwallet.sso and jps-config.xml from the webservice env. I am getting this error now -
  SEVERE: WSM-00055 The keystore located at xyzabc\default-keystore.jks cannot be loaded due to java.io.IOException: Keystore was tampered with, or password was incorrect. Ensure that valid keystore type and password are configured.
  Any pointers would be appreciated.
  Thanks,
  Pushkal

  One more update i tried printing l_http_response.status_code and got 302.
  Thanks,
  PKV

• Problems to invoke a secure Web service from Oracle BPM Studio 10.3

  Hi all
  I'm trying to consume a web service through HTTPS protoloco Oracle BPM Studio v10.3, but I get the following error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
  Some help!!
  Thanks

  Without going into any technical discussion about the code, my first question is what JDK version was used to create this which was imported into the form? Understand that Forms 10 runs on JDK 1.4.2, so if you used any newer JDK version, likely there will be problems.

• 11G - invoking an asynchronous Web service that is not a BPEL process

  Hi all,
  Is there an 11G example of implementing and invoking an asynchronous Web service that is not a BPEL process ? . In 10g there is an example for Axis web service (Oracle_Home\integration\orabpel\samples\interop\axis\BPELCallingAsyncAXIS ) but I can't find anything related to 11G so far.
  Thanks in advance,
  sasha

  Hey Chris.
  I am just starting to write a jcd that calls an external web service but cannot find any sample code nor instructions on how to do it in the supplied documentation. Could you send me a code sample from your one?
  Cheers
  Matt

• Unable to invoke WebLogic 8.1 sp2 web service from a java proxy client...

  I am not able to invoke a web service deployed on WebLogic 8.1 SP2 via a client using the proxy jar provided by WebLogic's JWS > Overview > Generate Java Proxy tool.
  I am getting a java.net.ConnectException.
  Both the client and the WebService are on the same server.
  Thanks!!
  Inder./

  Please see the instructions below. If this does not help, please open a case with customer support and tell them it may be related to CR235479
  DESCRIPTION:
  When a platform domain is created, the admin server can be started without
  any issues and a managed server can also be started without any errors if
  using startManagedWebLogic.sh. But when a managed server is started using the
  nodemanager, the managed server fails to start with the following error.
  The WebLogic Server did not start up properly.
  java.lang.NoClassDefFoundError: com/bea/wsrp/util/debug/Debug
  (Complete stack trace with be added as a note)
  The reason for this is that:
  startWebLogic.sh(cmd) and startManagedWebLogic.sh(cmd) for platform domains
  call <User domain>/setDomainEnv.sh which includes all the jars necessary for
  a platform domain in the CLASSPATH.
  Whereas startNodeManager.sh calls <WL_HOME>/common/bin/commEnv.sh, which is
  the same for both platform and server installations of weblogic and has only
  weblogic.jar in the CLASSPATH.
  Looking at historical cases, the steps to start NodeManager successfully in a
  platform domain are:
  1.
  a. Copy admin server classpath (from <user Domain>/startWebLogic.sh) to
  that of all managed servers in the 'Remote Start' tab of the WLS Console
  OR
  b. Copy admin server classpath to <WL_HOME>/server/bin/startNodeManager.sh
  (If the same nodemanager is used to manage server domain servers and platform
  domain servers, will there be any issue with this approach??)
  2. Copy the wsrpKeystore.jks file from your domain directory to the
  nodemanager directory (the parent of the directory where all the server
  directories are replicated in the node manager. By default: <WL
  HOME>/common/nodemanager)
  But these steps are not publicly documented in edocs.
  CONFIGURATION:
  Weblogic Platform Domain 8.1 (all service packs)
  WORKAROUND:
  Steps 1 and 2 above.

• OWSM user name token service policy for a proxy service at OSB

  Hi Friends,
  I am facing an issue while trying for the OWSM user name token service policy Authentication for a proxy service at OSB. I am using the PS4 SOA suite with AIA foundation pack. very first I am login into the EM console and choose the domain<soaosb_domain> form web logic domain I moved to security->security provide configuration. Inside the security provide configuration we have to key store section and I expand that and we have a configure button inside the keys tore. I click that button and it open a new page. In that page I got the Java key store (JKS) as the default key store and in the access Attributes I keep the default key store path and fill password and confirm password fields. Then in Identity certificates I fill the signature key and Encryption key with key Alias as 'orakey' and same password which I am mentioned at access Attributes. I got the message like the key store is created successfully. Then I restarted the server and again I am login into the EM console and choose the domain<soaosb_domain> form web logic domain I moved to security. In security I choose the credentials. In credentials we have create key. In the create key I add the key as hari-key and provide the hari as a user and his password.
  While trying to test the proxy service i am getting the [OSB Security - OWSM: 387253] Failed to initialize OWSM Credential Manager. Please validate the Key store Configuration.
  can anyone please look at this and suggest me how can I proceed for this.
  Thanks
  Hari

  anyone please respond to the above request.
  Thanks
  Hari

• Issue with ADF security enabled App deployed to java cloud services

  Hi,
  Here are the instance details:
  Jdev cloud build:JDEVADF_11.1.1.6.0CLOUD_GENERIC_121118.1600.6229
  Java cloud service version:13.1
  I have created a simple ADF Application & enabled security by editing web.xml:
  <login-config>
      <auth-method>CLIENT-CERT</auth-method>
      <realm-name>default</realm-name>
    </login-config>
    <security-role>
      <description>manager</description>
      <role-name>manager</role-name>
    </security-role>
  Then I have tried to deploy this Application to Java cloud services.Deployment works fine.
  I have 2 users created in Identity console- x & y.In my case x user has manager role enabled & y doesn't have manager role enabled.
  Now when I try to access the above deployed ADF Application with 'y' user,the page is accessible.
  My question here is that since 'y' user does not have the privilege he should not be able to access this page,could you please let me know if am missing something?
  Thanks.

  Hi,
  You may refer to the documentation available in the link: Developing Applications for Oracle Java Cloud Service - Release 13.1
  Please refer to the section: Securing Java EE Applications- Roles and Constraints
  Hope this helps
  Regards,
  Santhosh

• Oracle Service Bus SSO with Proxy Service

  Hi all,
  I protect Proxy Service. It means only authenticated user can able to access it.
  But when i want to access from my application server (weblogic), i don't want to authenticate again with OSB.
  Is there any way to use SSO between application server and Oracle Service Bus ?
  With Regards,
  Wai Phyo

  Hi Wai,
  I think it is not supported with OSB. The doc says -
  46.15 Is single sign-on supported in Oracle Service Bus?
  Strictly speaking single sign-on (SSO) is not applicable to Oracle Service Bus messaging scenarios for several reasons. First, Oracle Service Bus is stateless; there is no notion of a session or conversation among multiple parties. Second, Oracle Service Bus clients are typically other enterprise software applications, not users behind a Web browser. Therefore, it is acceptable to require that these clients send credentials such as username and password on every request, provided that the communication is secured by means such as SSL or WS-Security. However, SSO between the Oracle Service Bus Console and the Oracle WebLogic Server Administration Console is supported. For more information, see "Single Sign-On" in "Security Fundamentals" in Oracle Fusion Middleware Understanding Security for Oracle WebLogic Server.http://download.oracle.com/docs/html/E15866_01/security_faq.htm#i1058723
  http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/security_faq.html#wp1053670
  Regards,
  Anuj

• OSB example calling multiple business services using a single proxy service???

  Hi,
  I have three business services created using http urls i.e.
  1. LoginBS
  2. GetListBS
  3. LogoutBS
  My requirement is to get a list of names from GetListBS using a single proxy service and to call GetListBS I have to first call LoginBS then GetListBS i.e. after authentication and then finally logout.
  Kindly help with a detailed example for this and I am new to OSB.
  Thanks,
  Vik

  Hi Eric,
  Thanks for the response. We figured that it is possible to call multiple services with Split Join. However, we ran into the issue you described. We had a blocking call and had to wait until each of the services returned a response.
  However, we needed a Async model for our design and felt that this might not be a right fit.
  We are now looking at implementing the publish option with QoS configured as this fits our usecase better. Thanks for the help again.
  Rudraksh

• Calling an MFL business service from a WSDL proxy service

  Hi,
  I'm using Service Bus v2.6, and trying to call an MFL business service from a wsdl based proxy service.
  I have done the following so far:
  - Define an MFL-based business service that writes MFL messages to a JMS queue and reads reply messages off another queue, and it works when I debug this business service by itself.
  - Define a wsdl proxy service that routes requests to the MFL business service.
  Since the tutorials don't have MFL examples, I'm struggling to get this working. I've tried different ways, but no luck.
  Here's my definition of the route node in the Proxy Service at the moment.
  1. Call a custom XQuery (.xq file) to convert incoming message to an XML representation of the MFL message, and assign the result to a variable "param1"
  2. Use "Service Callout" to call the MFL business service, and set Request Document Variable to "param1" and Response Document Variable to "param2".
  When I debug the flow, param2 (reply) comes up as empty, and I don't know how to make it work.
  I've turned on the JMS trace etc and the JMS bit is working (i.e messages being written, and read by the business service).
  There seems to be something wrong with the way I call it from the proxy service.
  Any help would be much appreciated..
  Thanks

  Hello,
  Can you indicate the classpath that you use to run your client, version of weblogic and the version of jaxrpc api that you are using.
  As a quick experiment adding the jaxrpc jar files to your classpath one at a time.
  This [url http://www.javaworld.com/javaforums/showflat.php?Cat=&Board=Enterprisejava&Number=3801&page=12&view=collapsed&sb=9&o=&fpart=1]chap seemed to have a similar problem to you and solved it by adding the jaxprc-spi jar file to his class path. It may be that the jaxrpc-impl is causing you greif.
  Also see this thread:
  http://forums.bea.com/bea/message.jspa?messageID=200612003&tstart=0
  Hussein Badakhchani
  www.orbism.com

• Invoking a secure web service from a standalone java client

  I am using stand alone java client to invoke a web service. This web service in turn invokes a jcs which is protected ( role based access ).
  I am using a proxy at the client side for web service invocation
  FileSubmission_Impl filesubmission_impl = new FileSubmission_Impl();
  FileSubmissionSoap filesubmissionsoap = filesubmission_impl.getFileSubmissionSoap();
  filesubmissionsoap.processFiles(...)
  This works if there are no security constraints on any of the resources (@common:security).
  I need to pass the username and password from the java client that will be authenticated and allowed to access the protected resources.
  Please let me know as to how this can be achieved ( passing username and password from client )

  Paula,
  I suppose you're using CFINVOKE (http://www.activsoftware.com/code_samples/code.cfm/CodeID/44/ColdFusion/Invoking_SOAP_Web_Services_with_ColdFusion_MX_CFINVOKE_Tag) or are you using a third party tool like CFX_SOAP (http://www.activsoftware.com/products/productdetail.cfm/id/1015)?
  Are you working with WebAS 6.4 or 6.2?
  It works with web services created with WebAS 6.4, but you should generate proxy classes. Check Thomas' weblog (second part of it)->https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/1012. [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]
  The WSDL generated by this method is more standard than the one generated when you just Remote enable an FM and look at the webservice browser.
  Th core of CF MX is Java and that engine is rather strict in standards.
  Eddy

• Handshaking problem while invoking a secured web service

  Hi,
  I have developed a web service. I made my WLS 7.0 secured, using SSL. Also
  I made the
  my web service accessible only by https protocol. Also I configured the WLS SSL
  to have one
  way SSL. The problem is I am not able to access this web service using a swing
  client, It throws
  an exception saying some Handshaking exception. This problem occured only when
  I made
  the web service secured (https).
  Has anybody faced this problem ever?.
  For one way SSL do I need to supply any certificate file or PEM file from the
  client to the
  server?.
  Thanks,
  Anish

  Hi Anish,
  No, in this case the client is checking the cert provided by the
  server. Have you tried the flag
  -Dweblogic.webservice.client.ssl.strictcertchecking=false on the client
  side?
  Also take a look at the entry by Michael Jouravlev, on SSL "how to"
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.webservices&item=1910&utag=
  Have you gone through the simpleSSL example:
  http://webservice.bea.com/simpleSSL.zip
  HTHs,
  Bruce
  Anish wrote:
  >
  Hi,
  I have developed a web service. I made my WLS 7.0 secured, using SSL. Also
  I made the
  my web service accessible only by https protocol. Also I configured the WLS SSL
  to have one
  way SSL. The problem is I am not able to access this web service using a swing
  client, It throws
  an exception saying some Handshaking exception. This problem occured only when
  I made
  the web service secured (https).
  Has anybody faced this problem ever?.
  For one way SSL do I need to supply any certificate file or PEM file from the
  client to the
  server?.
  Thanks,
  Anish

• Invoking a secured web service

  Hello,
  I'm using a clustered osb with a loadbalancer, i have two nodes osb1 and osb2.
  i'm trying to test a secured business service which points to a web service deployed on another server.
  i installed its certificate in both nodes.
  if i stop osb1, the test is always successful.
  if i stop osb2, the test always fails.
  if they are both running, the test fails sometimes and succeeds sometimes.
  the log in osb1 contains the following errors :
  java.security.InvalidKeyException: Illegal key size
  at javax.crypto.Cipher.a(DashoA13*..)
  at javax.crypto.Cipher.init(DashoA13*..)
  at javax.crypto.Cipher.init(DashoA13*..)
  <Error> <WliSbTransports> <BEA-381304> <Exception in HttpTransportServlet.service: java.net.SocketException: Broken pipe
  java.net.SocketException: Broken pipe
  at java.net.SocketOutputStream.socketWrite0(Native Method)
  at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
  at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
  at weblogic.utils.io.ChunkedOutputStream.writeTo(ChunkedOutputStream.java:193)
  at weblogic.servlet.internal.ResponseHeaders.writeHeaders(ResponseHeaders.java:434)
  Truncated. see log file for complete stacktrace
  <Error> <Socket> <soaapp1> <osbms1> <ExecuteThread: '4' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1263614497772> <BEA-000403> <IOException occurred on socket: Socket[addr=/10.100.10.112,port=59913,localport=7001]
  java.net.SocketException: Connection refused.
  java.net.SocketException: Connection refused
  at java.net.SocketInputStream.socketRead0(Native Method)
  at java.net.SocketInputStream.read(SocketInputStream.java:129)
  at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:887)
  at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:859)
  at weblogic.socket.DevPollSocketMuxer.processSockets(DevPollSocketMuxer.java:120)
  at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
  at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
  the log in osb2 contains the following error :
  <Error> <WliSbTransports> <BEA-381304> <Exception in HttpTransportServlet.service: java.net.SocketException: Broken pipe
  java.net.SocketException: Broken pipe
  at java.net.SocketOutputStream.socketWrite0(Native Method)
  at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
  at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
  at weblogic.utils.io.ChunkedOutputStream.writeTo(ChunkedOutputStream.java:193)
  at weblogic.servlet.internal.ResponseHeaders.writeHeaders(ResponseHeaders.java:434)
  Truncated. see log file for complete stacktrace
  <Error> <Socket> <soaapp2> <osbms2> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1261190759758> <BEA-000403> <IOException occurred on socket: Socket[addr=/10.100.10.112,port=41815,localport=7001]
  java.net.SocketException: Connection refused.
  java.net.SocketException: Connection refused
  at java.net.SocketInputStream.socketRead0(Native Method)
  at java.net.SocketInputStream.read(SocketInputStream.java:129)
  at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:887)
  at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:859)
  at weblogic.socket.DevPollSocketMuxer.processSockets(DevPollSocketMuxer.java:120)
  at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
  at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
  >
  could someone help?

  Hi - I know it has been a long time since you posted into this forum. I am seeing a similar error though I have "Hostname verification" set to none. Can you please tell me if your problem has been fixed and if so, how? Thanks