Proxy authentication using SAAJ

Similar Messages

• How to set proxy authentication using java properties at run time

  Hi All,
  How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
  => Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
  import java.io.*;
  import java.net.*;
  public class DnldURLWithoutUsingProxy {
     public static void main (String[] args) {
        URL u;
        InputStream is = null;
        DataInputStream dis;
        String s;
        try {
            u = new URL("http://www.yahoo.com.au/index.html");
           is = u.openStream();         // throws an IOException
           dis = new DataInputStream(new BufferedInputStream(is));
           BufferedReader br = new BufferedReader(new InputStreamReader(dis));
        String strLine;
        //Read File Line By Line
        while ((strLine = br.readLine()) != null)      {
        // Print the content on the console
            System.out.println (strLine);
        //Close the input stream
        dis.close();
        } catch (MalformedURLException mue) {
           System.out.println("Ouch - a MalformedURLException happened.");
           mue.printStackTrace();
           System.exit(1);
        } catch (IOException ioe) {
           System.out.println("Oops- an IOException happened.");
           ioe.printStackTrace();
           System.exit(1);
        } finally {
           try {
              is.close();
           } catch (IOException ioe) {
  }However, it generated the following message when run behind the firewall:
  cd C:\Documents and Settings\abc\DnldURL\build\classes
  java -cp . DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.net.ConnectException: Connection refused
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
  at java.net.Socket.connect(Socket.java:452)
  at java.net.Socket.connect(Socket.java:402)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
  at sun.net.www.http.HttpClient.New(HttpClient.java:339)
  at sun.net.www.http.HttpClient.New(HttpClient.java:320)
  at sun.net.www.http.HttpClient.New(HttpClient.java:315)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
  at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  I have also tried the command without much luck either:
  java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
  There is no problem pinging www.yahoo.com from this system.
  I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
  I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
  Java Control Panel - Use browser settings without success.
  Thanks,
  George

  Hi All,
  How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
  => Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
  import java.io.*;
  import java.net.*;
  public class DnldURLWithoutUsingProxy {
     public static void main (String[] args) {
        URL u;
        InputStream is = null;
        DataInputStream dis;
        String s;
        try {
            u = new URL("http://www.yahoo.com.au/index.html");
           is = u.openStream();         // throws an IOException
           dis = new DataInputStream(new BufferedInputStream(is));
           BufferedReader br = new BufferedReader(new InputStreamReader(dis));
        String strLine;
        //Read File Line By Line
        while ((strLine = br.readLine()) != null)      {
        // Print the content on the console
            System.out.println (strLine);
        //Close the input stream
        dis.close();
        } catch (MalformedURLException mue) {
           System.out.println("Ouch - a MalformedURLException happened.");
           mue.printStackTrace();
           System.exit(1);
        } catch (IOException ioe) {
           System.out.println("Oops- an IOException happened.");
           ioe.printStackTrace();
           System.exit(1);
        } finally {
           try {
              is.close();
           } catch (IOException ioe) {
  }However, it generated the following message when run behind the firewall:
  cd C:\Documents and Settings\abc\DnldURL\build\classes
  java -cp . DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.net.ConnectException: Connection refused
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
  at java.net.Socket.connect(Socket.java:452)
  at java.net.Socket.connect(Socket.java:402)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
  at sun.net.www.http.HttpClient.New(HttpClient.java:339)
  at sun.net.www.http.HttpClient.New(HttpClient.java:320)
  at sun.net.www.http.HttpClient.New(HttpClient.java:315)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
  at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  I have also tried the command without much luck either:
  java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
  There is no problem pinging www.yahoo.com from this system.
  I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
  I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
  Java Control Panel - Use browser settings without success.
  Thanks,
  George

• Web Proxy Authentication using Kerberos or NTLM - ForeFront TMG

  Hi All
  I was hoping someone would be able to guide me on addressing an issue I have with authenticating MACs against the web proxy. I have scoured the internet and looked on the forums but I can't seem to find a solution to the problem I am experiencing.
  Our network consists and an AD domain, and a single TMG server 2010. The TMG server is enabled for integrated authentication for the Web Proxy. All the MACs have been added to the AD Domain, so all users logon as themselves. Authentication to various shares
  are granted using Kerberos - so part of the Kerberos infrastructure works.
  My Problem:
  Currently, my MAC clients are prompted for a username and password when accessing the internet within Firefox and Camino. If I use Safari I have my credentials twice as the keychains saves my credentials seperately, for HTTP and HTTPS traffic.
  Ideal Solution
  Since a kerberos ticket is issued to the user who has logged in by the domain controller, I would like to use kerberos to authenicate the user for web access.
  What I've done so far
  There is a feature within Firefox and Camino web browsers to enable trusted websites to use your kerberos ticket. If you open Mozilla, navigate to about:config and look for 'network.negotiate-auth.trusted-uris' and add various internal sites (not proxy).
  The authentication works perfectly using Kerberos as you can see the tickets that have been handed out using 'klist' and I'm not prompted for my username or password. If I disable it, it stops working and I am prompted for my username and password. I have
  tried typing in the proxy address, also tried putting in the proxy port too but to no success within the trusted-uris text field.  Maybe there is a different way of putting in the address?
  I have enabled Kerberos on the computer account in AD for the firewall (Trust this computer for delegation to any service (kerberos only)), but without any success. I must admit, I haven't rebooted the TMG server though.
  I hope someone can help me out, and really appreciate your time and support.
  Thanks
  Jamie

  Hi All
  I have resolved my issue. I added the SPN of HTTP/SERVERNAME & HTTP/IPADDRESSOFSERVER to the firewall computer account and replicated my changes and now I have authenication working on my MACS without any username and password prompts, apart
  from the user logging into the domain. Beautiful.
  https://community.mcafee.com/docs/DOC-2682 - This detailed article from McAfee helped me signfictantly.
  Cheers Anyway,
  Jamie

• Proxy Authentication Error in Web Service with SAAJ on Weblogic 9.2 MP3

  Hi,
  I have encountered a problem with proxy authentication in SAAJ web service (WS) calls on Weblogic 9.2 MP3.
  My WS client (which uses SAAJ's SOAP classes) should use a proxy that requires authentication to call the external web services.
  However, it does not perform the authentication and receives HTTP Error 407 - Unauthorized.
  The reason seems to be that Weblogic's Http Handler (weblogic.net.http.Handler) ignores the proxy authentication.
  I was able to work around it by setting sun's http handler explicitly in the WS endpoint URL. Sun's handler (sun.net.www.protocol.http.Handler) makes use of the Authenticator class I provided.
  1. Please see my code below and let me know if this is the only solution or if I'm doing something wrong. While testing on Tomcat I did not have to set the handler.
  2. I have seen that there are also System properties for http.proxyUser and http.proxyPasword, however if I use these and ommit setting the SimpleAuthenticator, it also fails (with either handler!). An explanation of that is welcome.
  Thanks in advance.
  Code:
  ===========================================================
  System.setProperty("http.proxySet", "true");
  System.setProperty("http.proxyHost", "localhost");
  System.setProperty("http.proxyPort", "808");
  //System.setProperty("http.proxyUser", "myuser");
  //System.setProperty("http.proxyPassword", "mypw");
  Authenticator.setDefault(new SimpleAuthenticator("myuser", "mypw"));
  String urlString = "http://someurl:8080/webservice..";
  URL endpoint1 = new URL(urlString);
  URL endpoint2 = new URL(null, urlString, new sun.net.www.protocol.http.Handler());
  SOAPConnectionFactory soapfactory = SOAPConnectionFactory.newInstance();
  SOAPConnection connection = soapfactory.createConnection();
  connection.call(message, endpoint1); // Gives Exception with HTTP Error 407
  connection.call(message, endpoint2); // Works and uses the proxy
  For reference:
  ===========================================================
  public class SimpleAuthenticator extends Authenticator {
       private String username, password;
       public SimpleAuthenticator(String username, String password) {
            this.username = username;
            this.password = password;
       protected PasswordAuthentication getPasswordAuthentication() {
            return new PasswordAuthentication(username, password.toCharArray());
  }

  Sorry for the 3 posts.
  Administrator, delete this thread please!!

• Cut-Through Proxy / Authentication Proxy on Cisco ASA using ISE as AAA Server for allocating SGTs

  Hi,
  We are trying to setup ASA to do cut-through authentication proxy, and use ISE as RADIUS. We can successfully authenticate the user from Radius on the ASA, while he opens a web-page, but then it displays the error: authorization denied.
  What we want:
  ISE to allocate a security group tag to the user session when he logs in, that tag would carried within out cisco network infrastrucutre to define the access
  policy for that user.
  Can someone please help me with a sort of step by step thing for ISE configuration to allocate SGTs/SGACL for the user session after authentication is completed.
  Thanks
  Lovleen

  Please refer to below step by step config guide for security group access policies
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sga_pol.html

• Strange behaviour when using connection pooling with proxy authentication

  All
  I have developed an ASP.NET 1.1 Web application that uses ODP.NET 9.2.0.4 accessing Oracle Database 8i (which is to be upgraded to 10g in the coming months). I have enabled connection pooling and implemented proxy authentication.
  I am observing a strange behaviour in the live environment. If two users (User 1 and User 2) are executing SQL statements at the same time (concurrent threads in IIS), the following is occurring:
  * User 1 opens a new connection, executes a SELECT statement, and closes this connection. The audit log, which uses the USER function, shows User 1 executed this statement.
  * User 2 opens the same connection (before it is released to the connection pool?), excutes an INSERT statement, and closes this connection. The audit log shows User 1, not User 2, executed this statement.
  Is this a known issue when using connection pooling with proxy authentication? I appreciate your help.
  Regards,
  Chris

  Hi Chris,
  I tried to reproduce your complaint, but was unable to. I didnt use auditting however, just a series of "select user from dual" with proxy authentication. You might want to see if you can put together a small complete testcase for this and open a sr with support.
  Cheers
  Greg

• 3.1EA1: proxy client used allows only BASIC authentication

  The proxy client used only use BASIC authentication. The problem the proxy we're using uses NTLM authentication, and the user/password are the domain user/password, thereby very dangerous to send using a non-secure authentication mode as BASIC (a simple base64 enconding of user and password...)
  Edited by: user8381214 on Oct 21, 2011 3:52 AM

  Hi user8381214 ,
  Can you give me more details?
  Note that there are two main types of proxy connection:
  1/username1[username2]/password
  and
  2/username1/password with proxyClient username2/password
  Which one is affected?
  -Turloch
  SQLDeveloper team
  If you would prefer this to be off the forum my email address is:
  turloch<dot>otierney<AT>oracle.com

• Mac Adobe Flash Player not supporting Web Proxy Authentication

  Anyone else got an enterprise network where you use web proxies with web authentication and no traffic allowed out except through the proxies?
  You may need to be in the UK for this, but try accessing BBC iPlayer content - http://www.bbc.co.uk/iplayer and you should discover that the content won't play. the error says "This content doesn't seem to be working. Try again later.". The content will never work as the Mac version of Flash (currently 10.1.53.64) is not able to respond to web proxy authentication requests. The BBC use various streaming server which are randomly selected when a user starts a stream and they have no DNS. Just IP addresses. They don't publish a list for security reasons. So it is almost impossible to exempt all their servers from authentication.
  I've logged a bug with Adobe. If you have this issue too, please add a comment and vote so that they can begin to grasp the impact of this problem:
  https://bugs.adobe.com/jira/browse/FP-5161

  I have the same issues in Australia trying to access flash content from the ABC website. The strange thing is the content will play if your leave the browser open for 5min.
  After several packet data captures we identified that it has to do with the amount of time it takes the Mac timeout from the proxy before it plays the video content.
  No solution yet.

• Application-to-application authentication using Calendar Web Services

  Calendar Web Services
  Application-to-application authentication
  (Proxy authentication)
  Abstract:
  Application-to-application authentication allows services to trust other services without having to authenticate the end-user making use of these services. The Calendar Web Services offers an application-to-application authentication mechanism called “Proxy Authentication”.
  What is Proxy Authentication?
  The Calendar Web Services Proxy Authentication is a solution that was developed by the Oracle Calendar team and is similar to what SSO would be to the web. Proxy Authentication allows any application developed using the Calendar Web Services Toolkit to establish a trusted authentication link to the Calendar Server via the Calendar Web Services.
  What do I need to get Proxy Authentication going?
  -     The Calendar Web Services Toolkit 9.0.4.2.X (Calendarlet.jar)
  -     The Calendar Web Services 9.0.4.2.X (OCAS)
  -     The Calendar Server 9.0.4.2.X (Calserv)
  -     Oracle Internet Directory 9.0.4.X (OID)
  Your collaboration suite deployment MUST be configured in a way where the Calendar Server is connected to the OID (done by default). This is fundamental given that Proxy Auth is designed to extensively use the OID security schemes.
  How to configure Proxy Authentication?
  You must have:
  1.     Access to the OID administrator account.
  2.     Access to the ldap tools ($ORACLE_HOME/ldap/bin).
  3.     Access to the Oracle Calendar Server administrator password.
  OID Configuration
  Create an entry for your application product in OID
  The following entry needs to be created:
  - cn=OracleContext
  - cn=Products
  - cn=MyApplicationProduct
  The MyApplicationProduct.ldif will look like:
  dn: cn= MyApplicationProduct, cn=Products, cn=OracleContext
  objectClass: orclContainer
  objectClass: top
  The command to add the entry is
  ./ldapadd -h HOSTNAME.COM -p OIDPORT -D "cn=orcladmin" -w PASSWROD -f ./MyApplicationProduct.ldif
  Where [HOSTNAME.COM] is the OID server hostname, [PASSWROD] is the password for the OID directory and [OIDPORT] is the OID port.
  Create an application entity for MyAppName in OID
  The following entry needs to be added to the OID:
  - cn=OracleContext
  - cn=Products
  - cn= MyApplicationProduct
  - orclApplicationCommonName=MyAppName
  The MyAppName.ldif will look like:
  dn: orclApplicationCommonName= MyAppName,
  cn= MyApplicationProduct, cn=Products,
  cn=OracleContext
  objectClass: orclApplicationEntity
  objectClass: top
  orclApplicationCommonName: MyAppName
  userpassword: test1
  The command to add the entry is
  ./ldapadd -h HOSTNAME.COM -p OIDPORT -D "cn=orcladmin" -w PASSWORD -f ./MyAppName.ldif
  Ensure the entry is properly configured
  Perform an LDAP search to locate the entry's distinguished name:
  "orclApplicationCommonName= MyAppName,
  cn= MyApplicationProduct, cn=Products,
  cn=OracleContext"
  ./ldapsearch -h HOSTNAME.COM -p OIDPORT -D "cn=orcladmin" -w PASSWROD
  -b "cn= MyApplicationProduct,cn=Products,cn=OracleContext"
  "objectclass=orclApplicationEntity" "c"
  Grant proxy privileges to the new application entity
  This creates an entry in OID:
  - dc=com
  - dc=oracle
  - dc=us
  - cn=OracleContext
  - cn=Products
  - cn=Calendar
  - cn=UserProxyPrivilege
  - uniquemember:
  orclApplicationCommonName= MyAppName,
  cn= MyApplicationProduct, cn=Products,
  cn=OracleContext
  From the $ORACLE_HOME/ocal/bin
  ./unioidconf -grantproxyprivilege \
  "orclApplicationCommonName= MyAppName,
  cn= MyApplicationProduct, cn=Products,
  cn=OracleContext"
  NOTE: you need the calendar server admin password.
  How to use Proxy Authentication?
  Once successfully done configuring your OID and Calendar Server, you must start the real work; coding. It is actually simple to implement.
  In your Java application, you will simply change the BasicAuth class with the ProxyAuth class. You then set the end-user identity, along with the proxy application name and proxy application password, you registered a moment ago.
  Ex:
  ProxyAuth auth = new ProxyAuth();
  auth.setApplicationName("orclApplicationCommonName=MyAppName, cn=MyApplicationProduct, cn=Products, cn=OracleContext");
  auth.setApplicationPassword(“test1”);
  auth.setName(myUserId);
  Your application will no longer need to pass the end-user’s password to the Calendar Web Services. From now on, it is your application’s responsibility to authenticate the end-user.
  Frederic Leblanc

  I found the solution:
  Using the CalendaringResponse.getReceiveBuffer() and getSendBuffer() methods, the soap request looks something like this:
  Sendbuffer: <?xml version='1.0' encoding='UTF-8'?>
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SOAP-ENV:Header>
  <auth:ProxyAuth xmlns:auth="http://www.oracle.com/WebServices/Calendaring/Authentication/1.0/"><ApplicationName>orclApplicationCommonName=MyAppName,cn=MyApplicationProduct, cn=Products, cn=OracleContext</ApplicationName><ApplicationPassword>testpw1</ApplicationPassword><Name>king</Name></auth:ProxyAuth>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body>
  <cwsl:Search xmlns:cwsl="http://www.oracle.com/WebServices/Calendaring/1.0/"><CmdId>MySearchCommandID-1</CmdId><vQuery><From>VEVENT</From><Where>DTEND &gt;= '20061007T220000Z' AND DTSTART &lt;= '20061014T215900Z'</Where></vQuery></cwsl:Search>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>

• Powershell Error for SharePoint Online -"The remote server returned an error: (407) Proxy Authentication Required."

  I am trying to call sharepoint online from powershell. Below is the code. I get 
  Exception calling "ExecuteQuery" with "0" argument(s): "The remote server returned an error: (407) Proxy Authentication Required."
  $loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
  $loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
  $webUrl = "ZZZZ"
  $username = "XXX"
  $password = "YYYY"
  $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl) 
  $ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
  $web = $ctx.Web
  $lists = $web.Lists 
  $ctx.Load($lists)
  $ctx.ExecuteQuery()
  $lists| select -Property Title
  Raj-Shpt

  Hi,
  About how to access SharePoint online site using PowerShell, the blog below would be helpful:
  http://social.technet.microsoft.com/wiki/contents/articles/29518.csom-sharepoint-powershell-reference-and-example-codes.aspx
  Another two demos for your reference:
  http://www.hartsteve.com/2013/06/sharepoint-online-powershell/
  http://www.sharepointnutsandbolts.com/2013/12/Using-CSOM-in-PowerShell-scripts-with-Office365.html
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Administration of APEX in SQL Developer with Proxy Authentication impossibl

  Hello!
  We are using latest version of SQL Developer to administer APEX. We are connecting to the database with proxy authentication. The syntax is:
  personal_user[apex_ws_owner]
  e.g.: mdecker[apex_demo]
  When trying to deploy APEX application I go to "Database Object" -> Application Express -> Application1 [100] -> right mouse click: "Deploy Application". Then I select the appropriate database identifier and next, I am presented with a screen showing import options. In second line, it says: "Parsing Schema: MDECKER".
  This is wrong: it has to be Parsing Schema: APEX_DEMO. It seems that managing APEX with SQL Developer does not support Proxy Authentication.
  Could you please confirm?
  Is there a way to formally ask for this enhancement?
  Best regards,
  Martin
  Update:
  I found out that if I check the flag "Proxy Authentication" in the connect details and provide both passwords, the deploy application parsing schema is set to the correct APEX_DEMO account. However, we are using Proxy Authentication in order to avoid having to know the application password.
  Edited by: mdecker on Jan 28, 2013 4:48 PM

  There is a write-up about connecting to APEX here: <a href ="http://www.oracle.com/technology/products/database/application_express/html/sql_dev_integration.html" >SQL Dev Oracle APEX Integration</a>
  <p>You do need to have updated to Oracle APEX 3.0.1.
  <p>Regards <br>
  Sue

• OSB Authentication using username and password (plaintext or digest)

  Hi,
  I want to implement a simple osb authentication using username/password (plain text or digest) , so that client required to provide username password token in soap header (message Level security) to access our webservices. I have read some of articles which shows how to create custom ws policy, but received following error during deployment.
  weblogic.wsee.ws.init.WsDeploymentException: The WebLogic Server 9.x-style policy is not supported in JAX-WS web services
  Please note - I can not install OWSM as part of my requirement
  =======
  <?xml version="1.0"?>
  <!-- WS-SecurityPolicy -->
  <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:wssp="http://www.bea.com/wls90/security/policy"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">
  <!-- Identity Assertion -->
  <wssp:Identity>
  <wssp:SupportedTokens>
  <!-- Use UsernameToken for authentication -->
  <wssp:SecurityToken IncludeInMessage="true"
  TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
  <wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"/>
  </wssp:SecurityToken>
  </wssp:SupportedTokens>
  </wssp:Identity>
  </wsp:Policy>

  You can use the default Auth.xml WS policy in OSB and be able implement the authentication using username and plain text password.
  Just assign the Auth.xml on the Request Policies of the Proxy Service (under Policies).
  Then use any user credentials that has access to the domain for testing.
  If you want to restrict access for each operation then in the Security tab, under Message Access Control, specify a Role.
  Then in the OSB > Security Configuration, create the appropriate role with the specific role conditions like User is User1 or User is User2 etc ...
  Hope this helps.
  Thanks,
  Patrick

• How to pass Proxy user dynamically in Toplink proxy authentication?

  Hi,
  I'm using Toplink Proxy Authentication with my ADF JSF application and want to pass the Proxy user dynamically to the preLogin(..) method of mySessionEventListener (Currently proxy user is hard coded).
  This is to make my application user as the Proxy user.
  I have tried to do this in two ways:
  1) In my Login screen Backing Bean, I retrieve the session as
  session = sessionFactory.acquireSession(); and set the application user in it as
  session.setProperty("proxyUser1", inputText1.getValue());
  But,
  session.getProperty("proxyUser1") returns null in the preLogin(..) method
  2) I add a loginUser property to the mySessionEventListener class and create a constructor to set it.
  Then I call the constructor from my Login Backing Bean as
  mySessionEventListener eventMgr = new mySessionEventListener(<proxy_user>);
  session.getEventManager().addListener( eventMgr );
  But, the loginUser property seeems to be transient and does not retain value when retrieved in preLogin(..) method.
  Please indicate if anything is wrong. Also, is there any other way to get this done?
  Thanks in advance.
  Vikas

  Hi Vikas,
  Probably your sessions.xml defines a ServerSession, and acquireSession method returns a ClientSession. ServerSession is the object that connects to the database, it may have any number of ClientSessions associated with it - all of them use connections provided by ServerSession's connection pools.
  So if you'd like to alter the serverSession before login, acquireSession is too late - it triggers login of the ServerSession and returns a ClientSession.
  To get the ServerSession before login:
  // the first param indicates that the session shouldn't be connected
  Session serverSession = sessionFactory.getSharedSession(false, false);Now you have a serverSession on which login hasn't been called yet.
  You can set the property into the session, or directly into its login.
  In fact you may choose to do whatever you wanted to do in preLogin right here - in this case no preLogin event would be required of course.
  Finally to get a ClientSession, call the same api did:
  // the first param indicates that the session shouldn't be connected
  Session clientSession = sessionFactory.getSession();On the first such call the ServerSession will be connected.
  Note that because all the ClientSessions will connect through the connections provided by the same ServerSession they will all use proxyUser1.
  If you are interested in using different proxy users for different ClientSessions http://www.oracle.com/technology/products/ias/toplink/doc/1013/main/_html/dblgcfg008.htm#BABDABCF lists several scenarios for that.
  Andrei

• Oracle Proxy Authentication and WLS 8.1/CMP

  Hey folks,
  Is there any way to configure WLS 8.1 to automatically set the Oracle CLIENT_IDENTIFIER
  variable or use Oracle Proxy Authentication on JDBC connections? I'm interested
  in using Oracle auditing with my CMP entity beans, but would like to capture the
  app tier user identity, instead of the data source pool user.
  Thanks.

  "Brent Smith" <[email protected]> wrote in message
  news:3fa15807$[email protected]..
  >
  Hey folks,
  Is there any way to configure WLS 8.1 to automatically set the OracleCLIENT_IDENTIFIER
  variable or use Oracle Proxy Authentication on JDBC connections? I'minterested
  in using Oracle auditing with my CMP entity beans, but would like tocapture the
  app tier user identity, instead of the data source pool user.
  I would ask in the weblogic.developer.interest.jdbc newsgroup.

• Acrobat Standard Proxy Authentication

  Hi,
  When we sign our PDF's we want to use an external timestamping server
  So we have configured both a Verisign and Globalsign timestamping server and made one of them as default
  Most of the time we got a response from Acrobat saying
  "Timestamp signature property generation error:
  Transport authorization failure"
  When it fails the doc is signed, but using the computers clock and we want to avoid that
  But sometime it did work which confused us but I think we have identified the problem with the Proxy authentication
  Our proxy requires full authetication against our Active Directory
  So when it worked was just because we just before signing had been surfing on the internet and the proxy had cached the credential approvals
  So when Adobe tried to get out to the timestamp server the ID was already authorized in the proxy
  But without a previous "IE-surfing" it fails, the proxy has nothing in its cache
  A network trace confirms this,  we see a "Authentication required" request from the proxy that Acrobat never responds to
  The proxy does not accept annonymous requests
  IE is configured to use a configration script for its proxy settings
  I cant find any relevant Acrobat settings that handles this and googling indicates that Acrobat has problems in this area
  But I haven't found anything for our version/release
  Now for the question, is Adobe Acrobat Standard 9.3.0 supposed to handle proxys that requires AD authentication?
  To bypass the proxy is not an option
  Setting a proxy exception for these servers is maybe an option
  Prefered is that Acrobat handles this

  To update my own question since it might help others
  I received assistance through the Adobe support channels
  Not what I was hoping for but it clarifies the problem
  The reason I asked the question is that we don’t support Shared Review with an Authenticating Proxy server. So this customer workflow isn’t too far off the mark with having a proxy server authentication expectation in the standalone client and wanting a timestamp server time.   The only workaround to this behavior is to do exactly what they have found.  Launch an instance of Internet Explorer, authenticate against the proxy server and then sign the PDF file.