Secure vs. Non-Secure Web

I want to have my users able to access webmail from outside of our internal domain. Of course, this means I need to set up some form of secure communication between the server and the user that is trying to connect. In this case, its SSL. However, I am running into two problems when trying to implement this. First, because I am running mailman to administer lists, when I try to connect to the mailman web interface the server wants to use https instead of http and none of the mailman links work until I manually type at s after http. This gets very tedious when you're trying to administer a list of 100+ users that send hundreds of e-mails per day.
Second, I want the server to default to https. Users type my.occu-med.net to connect to the server, but that defaults to http and not https. Again, users have to type in the additional s before the website will work.
Any help is appreciated.
Thanks,
James

For the mailman issue, there's a script in the mailman distribution that lets you reset the list URL
/usr/share/mailman/bin/fix_url.py
You can reset each list's URL to point to the HTTPS rather than the HTTP version.
As for defaulting everything to HTTPS the standard option here is to have the HTTP site generate redirects to the HTTPS site. You can do this via a RewriteRule (as well as other options)
RewriteRule ^/(.*)$ https://your.domain.com/$1 [R]
You can either add the above to your site's config, or use Server Admin to add a rewrite.

Similar Messages

Sending WSSE security headers to non-weblogic web service

I have been trying to send wsse headers to a non-weblogic web service. I am looking for a way to do this using the control file I generated from the wsdl or the page flow where I implement the control, or the message handler file. I have username and password parameters but I cannot get this to function.
Here is the signature I need:
<?xml version="1.0" encoding="UTF-8" ?>
- <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <env:Header>
- <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
- <wsse:UsernameToken wsu:Id="Id-dFQDZm_34ewPYtaARIJ_4BfI" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>weblogic</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
- <env:Body>
<n1:hello xmlns:n1="http://workshop.bea.com/WebServiceB" />
</env:Body>
</env:Envelope>
Of course the Body is different, but this is the security signature that I need to get into the header. After looking at all the examples, I only see the option of using a java proxy class to call the web service, which would be a little difficult to use as my whole page flow application so far is calling the web service from a generated control. There are also lots of coplex datatypes that are being sent to the web service so a jave proxy would be a little difficult. I have tried to take the code from the java proxy class example and put it in my handler class, but the handler seems to only use MessageContext, not WebServiceContext and will not let me add the username password tokens. When I have tried to case a WebServiceContext out of a MessageContext, it gives me a runtime error "Class Cast Exception" even though workshop lets me do it.
This is extremely urgent. Please help me! I am using the sample handler class called MessageHandler.java and the sample WSSE java proxy class called WebServiceBClient.java that generated the above signature.

More information:
Here is the first part of my Java Control where I am calling the web service and the message handler:
package controls;
* @jc:location http-url="http://localhost:7001/Checking.jws"
* @jc:wsdl file="#CheckingWsdl"
* @jc:handler callback="MessageHandler" operation="MessageHandler"
public interface CheckingService extends com.bea.control.ControlExtension, com.bea.control.ServiceControl
public static class CustomerInfo
implements java.io.Serializable
public java.lang.String FirstName;
public java.lang.String LastName;
public java.lang.String MiddleName;
public int SSN;
public int CustomerNumber;
public java.util.Calendar CreationDate;
public java.util.Calendar LastModifiedDate;
public static class FundingInfo
implements java.io.Serializable
public float Amount;
public java.util.Calendar CurrentDate;
public int AccountNumber;
public static class anyType
implements java.io.Serializable
public com.bea.xml.XmlObject[] t;
public static class AccountInfo
implements java.io.Serializable
public int AccountNumber;
public float Balance;
public int CustomerNumber;
public java.util.Calendar LastModifiedDate;
* @jc:protocol form-post="false" form-get="false"
public AccountInfo CreateAccountChecking (CustomerInfo CustomerInfo, FundingInfo FundingInfo, anyType CommonHeader);
static final long serialVersionUID = 1L;
Here is the section of the MessageHandler class where I am attempting to add security token to the header:
protected void addSecurityHeader (MessageContext mc)
* Registers a handler for the SOAP message traffic.
HandlerRegistry registry = mc.getHandlerRegistry();
List list = new ArrayList();
list.add(new HandlerInfo(WSSEClientHandler.class, null, null));
registry.setHandlerChain(new QName("hello"), list);
try
WebServiceContext context = (WebServiceContext)WebServiceContext.currentContext().getLastMessageContext();
//(WebServiceContext)mc;
WebServiceSession session = context.getSession();
* Set the username and password token for SOAP message sent from the client, through
* the proxy, to the web service.
UserInfo ui = new UserInfo("weblogic", "weblogic");
session.setAttribute(WSSEClientHandler.REQUEST_USERINFO, ui);
//mc.setProperty(WSSEClientHandler.REQUEST_USERINFO, ui);
* Adds the username / password token to the SOAP header.
SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
Security security = factory.createSecurity(null);
security.addToken(ui);
session.setAttribute(WSSEClientHandler.REQUEST_SECURITY, security);
//mc.setProperty(WSSEClientHandler.REQUEST_SECURITY, security);
} catch (Exception ex) {System.out.println("EXCEPTION CAUGHT DOING SECURITY STUFF " + ex.getMessage());}
I tried to use the MessageContext to do this but it came out null. I tried to cast the MessageContext to WebServiceContext and it gave me a Class Cast Exception. I tried to add the HandlerRegistry section to this but of course the assignment mc.getHandlerRegistry is improper and is not compiling so don't let that confuse you.

Error while invoking secure web service.

Hi,
I am trying to access a secure web service through a simple BPEL process in SOA Suite 11g. When I test it through enterprise manager I am getting the following error. Since it's a secured websecure i set the WS policy(oracle/wss_username_token_client_policy) in the external reference and also provided the credentials. If anyone has come across similar error or know the solution please let me know. Also I am not sure if its related to security or is it with the way I am trying to call the service.
Error Message:
Fault ID     reference:80014
Fault Time     May 22, 2011 12:54:45 PM
Non Recoverable System Fault :
javax.xml.ws.soap.SOAPFaultException: 99999: Unknown Service
Error Message: {http://schemas.oracle.com/bpel/extension}remoteFault
Fault ID     default/Mocking!1.0*soa_be35cb3e-5f05-49df-a696-a653d5703681/BPELProcess1/30017-BpInv0-BpSeq0.3-3
Fault Time     May 22, 2011 12:54:46 PM
Non Recoverable System Fault :
<bpelFault><faultType>0</faultType><remoteFault xmlns="http://schemas.oracle.com/bpel/extension"><part name="summary"><summary>99999: Unknown Service</summary></part><part name="detail"><detail><con:fault xmlns:con="http://www.bea.com/wli/sb/context"> <con:errorCode>99999</con:errorCode> <con:reason>Unknown Service</con:reason> <con:location> <con:node>PipelinePairNode1</con:node> <con:pipeline>PipelinePairNode1_request</con:pipeline> <con:stage>stage1</con:stage> </con:location> </con:fault> </detail></part><part name="code"><code>soap:Server</code></part></remoteFault></bpelFault>

Thanks very much for your suggestion. I will take a look into the wsdl again and see if something is wrong in that.
I have a peculiar problem with the wsdl. When I created the partner link using the remote wsdl it would throw a compilation error. But when I took a local copy of the remote wsdl and seperated all the schema's from the wsdl and imported them inside wsdl it gets compiled. But I am not sure if this is a appropriate thing to do and if that is creating this problem. Any thoughts on this would be really helpful.

Calling secured Web Service

Hi,
I am new in calling web service from PL/SQL block.
From the code I'm successfully able to call non-secured webservice like this "http://www.ignyte.com/webservices/ignyte.whatsshowing.webservice/moviefunctions.asmx?wsdl"
And also by setting the wallet I'm also able to call secured web service like this "https://www.docusign.net/api/3.0/Credential.asmx?WSDL" (ping method).
For calling this secured service I stored certs with chain into the wallet and that works.
But my problem is a different web service where that web service is authenticating me with my certificate. I have VeriSign certificate with private key and that web service has my public key. Whenever I will send SOAP request I need to send my certificate with the request. And communication will be over SSL.
I have created a wallet with complete chain from the PFX file I received from VeriSign and Wallet is in Ready state, also I have included web service's certificate also.
Whenever I am trying to make SOAP call I'm getting
ORA-00600: internal error code, arguments: [kgazmo_1], [], [], [], [], [], [], []
Please let me know where is the problem. May be I'm not able to send my certificate for authentication or may be I'm not able to establish SSL for communication from PL/SQL.
I'm using 10.1.2 as database. I also have 10g AS installed, if that can help in achieving this.
Code is as follows:
FUNCTION CallWS
RETURN xmltype
AS
l_request soap_api.t_request;
l_response soap_api.t_response;
l_url VARCHAR2(32767);
l_namespace VARCHAR2(32767);
l_method VARCHAR2(32767);
l_soap_action VARCHAR2(32767);
l_doc xmltype;
BEGIN
l_url := 'https://secured.webservice.com/WS/WebService.asmx';
l_namespace := 'xmlns="https://secured.webservice.com/WS"';
l_method := 'GetMe';
l_soap_action := 'https://secured.webservice.com/WS/GetMe';
utl_http.set_wallet('file:c:/wallets','pass123');
l_request := soap_api.new_request(p_method => l_method,
p_namespace => l_namespace);
soap_api.add_parameter(p_request => l_request,
p_name => 'param1',
p_type => 'xsd:string',
p_value => 'val1');
soap_api.add_parameter(p_request => l_request,
p_name => 'param2',
p_type => 'xsd:string',
p_value => 'val2');
l_response := soap_api.invoke(p_request => l_request,
p_url => l_url,
p_action => l_soap_action );
l_doc := l_response.doc;
RETURN l_doc;
END CallWS;
You can find SOAP_API package here [SOAP_API|http://www.oracle-base.com/dba/miscellaneous/soap_api.sql] .
Thanks in advance.
-Smith

Thanks again Billy,
I have configured a wallet with all the necessary certificates. Actually I have purchased a VeriSign trusted certificate and convert that into Oracle Wallet (p12) using openssl with appropriate password. And I'm calling UTL_HTTP.set_wallet('<path_to_wallet>','<pass_to_open_it>');
I have send my public key to them (web service company) and they need me to send my certificate with every request so that they can authenticate.
You are saying we don't have to write any code for TLS/SSL UTL_HTTP will take care of that, thats really good.
One more thing I want to mention here...
In Internet Explorer - When I am importing my certificate without my private key and trying to access web service I'm getting 404 page not found error.
But when I'm importing my certificate with the private key, I can see WSDL and all other methods offered by that web service.
I'm guessing Oracle Wallet that I'm creating with my certificate will store private key also. B'coz it is showing me User Certificate in Ready state.
ORA-00600 is not giving me proper location where I can find any error in my code.
Thanks
-Smith

Does it secured web site?

There are two general indications of a secured web page, but I found none for
www.i-access.com, but customer service representative mention they used other
tools for security based on flash application, so you would not see following two general indications
and tell me feel safe to trade online. They get no proofs on any security for
online trading, can you trust them? is there any SSL setting on flash application? which replace following two general indications of a secured web page.
Does anyone have any suggestions on how to check whether this web site would
encrypt transition data or not?
Thanks for any suggestions
John
1) Check the web page URL
Normally, when browsing the web, the URLs (web page addresses) begin with
the letters "http". However, over a secure connection the address displayed
should begin with "https" - note the "s" at the end.
Try it! - Visit our home page (http://www.ssl.com). ; Note the URL begins
with the "http" meaning this page is not secure. Click the link in the
upper-right hand corner to "Log in". Notice the change in the URL? It now
begins with "https", meaning the user name and password typed in will be
encrypted before sent to our server.
2) Check for the "Lock" icon
There is a de facto standard among web browsers to display a "lock" icon
somewhere in the window of the browser (NOT in the web page display area!)
For example, Microsoft Internet Explorer displays the lock icon in the
lower-right of the browser window:

Do you have any suggestions on how security the site is?
Do you know any online tools to check it?
Thanks in advance for any suggestions

Accessing Social Security web site

I suddenly cannot access the social security web site, both its old url and its new url. I have tried to change my dns server. I can get to everything else. I live in Germany. This is a problem with both safari and firefox. My ipad can't get there either.

OK I went there and it says it's just me. I am lost as to where to go from here. None of my devices can get to the site, ipad, iphone, mac book pro. I tried adding a different dsn server. I still get a time out.

Trouble connecting to https secure web service using Adobe Livecycle Designer

I am attempting to use Adobe Livecycle Designer ES2 to create a data connection in a Form to a secure (https) web service and I'm having some difficulty.
I'm new to Livecycle and have tried searching online for an answer, but the help isn't very clear and the only tutorials online that I can find are ones that connect to non-https services.
The WSDL I'm trying to connect to is: https://uk.ws.ondemand.qas.com/ProOnDemand/V3/ProOnDemandService.asmx?WSDL
My questions are:
Q1. Does Adobe Livecycle support https web service connections? The following link suggests that this isn't possible: http://books.google.co.uk/books?id=yOOcM3Bn4BAC&pg=PA179&lpg=PA179&dq=secure+web+service+w ith+adobe+livecycle&source=bl&ots=jm1GIZflOJ&sig=uLfv5Xda4eXXJl5o_7vBViwU-w0&hl=en&sa=X&ei =WLvIT5P4OujW0QWmv7nDAQ&ved=0CI4BEOgBMAk#v=onepage&q=secure%20web%20service%20with%20adobe %20livecycle&f=false
Q2. I've managed to consume the WSDL but can only see the body of the XML request for a particular SOAP action. Where can I add the username/password credentials? I've selected "Requires Message-Level Authentication" during the new connection wizard, but it doesn't prompt me at all for these details.

Hi,
I tried using SOAP.Connect too..
But I am facing the same problem.
Any solution found yet?
Rgerads, Amith

Error while invoking a WS-Security secured web service from Oracle BPEL..

Hi ,
We are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
“Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message”
Any pointers in this regard will be highly appreciated.
Thanks,
Saurabh

Hi James,
Thanks for the quick reply.
We've tried to call that web service from an HTML designed in Visual Studios with the same username and password and its working fine.
But on the BPEL console, we are getting the error as mentioned.
Also if you can tell me how to set the user name and password in the header of the parter link.I could not find how to do it.
Thanks,
Saurabh

Calling secured web service from Pl SQL

Hi
I am trying to call a secured web service from pl/sql using utl_http.
Is there a sample pl/sql program that i can refer to call a secured web service.
sample soap header that am trying to acheive.
<soap:Header>
<wsa:Action>http://myactaction</wsa:Action>
<wsa:MessageID>uuid:asdfadrewrwqr</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://myact</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="SecurityToken-321321">
<wsse:Username>mordfsafsdae</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">werwqrewrwe</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
Thanks a ton in advance

Hi,
On way we can call a web service is to pass the Web Service URL to UTL_HTTP package:
Sample Web Service URL
===================
lv_url :=
'http://67.97.189.151:8888/plsqlsample/dbfunc?invoke=placeOrder'
|| '&'
|| 'param0=1'
|| '&'
|| 'param1=1'
|| '&'
|| 'param2=1';
Sample Call using UTL_HTTP
=====================
SELECT UTL_HTTP.request (lv_url)
INTO lv_result
FROM DUAL;
Thank you.
Regards,
Balu

Error when trying to access a secured web service from Forms 10g 10.1.2.3

Hello,
I'm trying to access a secured web service from Forms10g 10.1.2.3 but i'm getting the next error when pressing the button the first time:
java.rmi.RemoteException: ; nested exception is: HTTP transport error: javax.xml.soap.SOAPException:
java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 UnauthorizeWhen i press the button a second time i got this error:
javax.xml.rpc.soap.SOAPFaultException: The SOAP request is invalid. The required node 'Envelope' is missingThis is the code i have in my button:
DECLARE
jo ora_java.jobject;
pdfObject ora_java.jobject;
pdf     varchar2(900);
rv varchar2(100);
ex ora_java.jobject;
BEGIN
JO := SEARCHSOAPCLIENT.new;
SEARCHSOAPCLIENT.setUsername(JO,'weblogic');
SEARCHSOAPCLIENT.setPassword(JO,'welcome1');
pdfObject := SEARCHSOAPCLIENT.quicksearch(JO,'1234',NULL);
pdf := SEARCHSOAPCLIENT.tostring(pdfObject);
message(pdf);
message(' ');
EXCEPTION
WHEN ORA_JAVA.JAVA_ERROR then
message('Unable to call out to Java, ' ||ORA_JAVA.LAST_ERROR);
WHEN ORA_JAVA.EXCEPTION_THROWN then
ex := ORA_JAVA.LAST_EXCEPTION;
:error := Exception_.toString(ex);
END;When i run it from JDeveloper it works, this is a portion of java code the proxy web service has:
import oracle.webservices.transport.ClientTransport;
import oracle.webservices.OracleStub;
import javax.xml.rpc.ServiceFactory;
import javax.xml.rpc.Stub;
public class SearchSoapClient {
    private webservicesproxywebcontent.proxy.SearchSoap _port;
    public SearchSoapClient() throws Exception {
        ServiceFactory factory = ServiceFactory.newInstance();
        _port = ((webservicesproxywebcontent.proxy.Search)factory.loadService(webservicesproxywebcontent.proxy.Search.class)).getSearchSoap();
        this.setUsername("weblogic");
        this.setPassword("welcome1");
        System.out.println("callling from _port "+ _port.quickSearch("1234234", null));
     * @param args
    public static void main(String[] args) {
        try {
            webservicesproxywebcontent.proxy.SearchSoapClient myPort = new webservicesproxywebcontent.proxy.SearchSoapClient();
            System.out.println("calling " + myPort.getEndpoint());
        } catch (Exception ex) {
            ex.printStackTrace();
     * delegate all operations to the underlying implementation class.
    public QuickSearchResult quickSearch(String queryText, IdcPropertyList extraProps) throws java.rmi.RemoteException {
        return _port.quickSearch(queryText, extraProps);
    }Also the secured web service was generated from Webcenter Content 11.1.1.6 that is why it's a secured web service.
Kind Regards
Carlos

Without going into any technical discussion about the code, my first question is what JDK version was used to create this which was imported into the form? Understand that Forms 10 runs on JDK 1.4.2, so if you used any newer JDK version, likely there will be problems.

Best Practice for Securing Web Services in the BPEL Workflow

What is the best practice for securing web services which are part of a larger service (a business process) and are defined through BPEL?
They are all deployed on the same oracle application server.
Defining agent for each?
Gateway for all?
BPEL security extension?
The top level service that is defined as business process is secure itself through OWSM and username and passwords, but what is the best practice for security establishment for each low level services?
Regards
Farbod

It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
You can enforce rules at your network layer to allow access to the App server only from Gateway.
When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
The next BPEL developer in your project may not be aware of Security extensions
Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
Thanks
Ram

How to consume a secure web service?

Could someone post me an sample to invoke the certificate based secure web service?
All I have is wsdl, certificate (.pfx file) and password and client jar file. Searching for the sample program to access the secure web service.
I work on weblogic workshop.

Unfortunately, I have just been provided with the endpoint and the SOAP action. Don't have any other details :(

How to call a secure web service via XAI Sender in CC&B

Hi All,
I want to a call a secure web service from CC&B through out bound message. I have configured the calling WSDL in XAI Sender. The wevservice is secured one.I tried to call it by configuring user name and password in XAI sender context.But still i am not able to call the service.
Can anybody help me how to over come this issue ??
I have cretaed the same post under utilities,but i am not able reply it.
I am using HTTPSNDR as XAI class.
Thanx in advance.
Regards
sunil

Are you getting any errors? What type of XAI Class are you using?
One thing I've noticed is that if you are making changes to the XAI Sender you will have to restart the environment before the changes can take effect.
Also, if you are using RTHTTPSNDR as XAI Class you may have to include the HTTP Method - Post in the context.
Hope this helps.
Regards,
Philip

How to create a crystal report using secured web service as a datasource?

Hi All Expert,
I having some challenges on how to create a report using secured web service as a datasource in crystal report designer (CR11 R3).
Secured Web Service including the certificate trusting, token authentication, header and/or body encryption. All web services running on https protocal.
Could you please suggest me on the solution?
Thank you and Best Regards,
Cherr

Please re-post if this is still an issue or purchase a case and have a dedicated support engineer work with you directly:
http://store.businessobjects.com/store/bobjamer/DisplayProductByTypePage&parentCategoryID=&categoryID=11522300?resid=-Z5tUwoHAiwAAA8@NLgAAAAS&rests=1254701640551

Why can't I print a secured web page (https)? Win7, FireFox 5.0

Whenever I try to print a secured web page using FireFox 5.0 nothing happens.
I have to switch to Internet Explorer 9.0 to get the printed secured web page.
I'm using win 7 Pro 32-bit on a desktop machine

I tried the steps you indicated. It brought me to IE which I don't use, unless someone will die due to my decision. I hate monopoly, such as Microsof imposes to its customers. My printer works fine with any application, except with firefox, since I updated to version 5.0

Confirming method to secure web services through oracle web service manager

Hi All,
I am just wondering about the method to secure web service through oracle web service manager.
I have a unsecure web service "helloworld" which is deployed on JWSDP1.6 toolkit.I want to secure it through oracle web service manager.
Inorder to secure this unsecure web service,I use gateway(web service manager for securing web service using message level security through certificate).
So when client want to access the helloworld service,it contacts the gateway securely and gateway intern connect to original web service after decrypting and verification of the signature.When gateway gets response from the web service,it signs the response message and then encrypt and passs on to the client.
So my question is,is it the right way to secure web service?
As I am getting the following fault exception :
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode "http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode>
<faultstring>Step execution failed with an exception
</faultstring>
<detail></detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I checked the log at :
C:\coresv_install_home\external\oc4j-10.1.2.0.0\j2ee\home\log\http-web-access
but there is no helpful information available.Thanks for any help.
Kash

Hi Rajesh,
Thanks for your reply.I am using the following policy steps:
1)for Request (Decrypt and Verify signature).
2)for Response(Sign Message and Encrypt).
The configuration for Request is shown below:
Pipeline "Request"
Pipeline Steps:
Start Pipeline
Log
Decrypt and Verify Signature
Basic Properties Type Default Value
Enabled (*) boolean true true
XML Decryption Properties Type Default Value
Decryptor''s keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Decrypt Keystore Type (*) string jks jks
Decryptor''s keystore password string *******
Decryptor''s private-key alias (*) string s1as
Decryptor''s private-key password string *******
Enforce Encryption (*) boolean true true
XML Signature Verification Properties Type Default Value
Verifying Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Verifying Keystore type (*) string jks jks
Verifying Keystore password string *******
Signer''s public-key alias (*) string xws-security-client
Enforce Signing (*) boolean true true
End Pipeline
And the configuration for Response is shown below:
Pipeline "Response"
Pipeline Steps:
Start Pipeline
Log
Sign Message and Encrypt
Basic Properties Type Default Value
Enabled (*) boolean true true
Signing Properties Type Default Value
Signing Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Signing Keystore Type (*) string jks jks
Signing Keystore password string *******
Signer''s private-key alias (*) string s1as
Signer''s private-key password string *******
Signed Content (*) string BODY BODY
Sign XPATH Expression string
Sign XML Namespace string[]
Encryption Properties Type Default Value
Encryption Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Encrypt Keystore Type (*) string jks jks
Encryption Keystore password string *******
Decryptor''s public-key alias (*) string xws-security-client
Encrypted Content (*) string BODY BODY
Encrypt XPATH Expression string
Encrypt XML Namespace string[]
End Pipeline
I checked the log again but nothing useful there,it is just giving the following values:
2006-08-14 16:32:50,372 INFO [Thread-21] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - INSERT INTO MEASUREMENT_PERSISTED_STORE (ID,DEF_ID,CONTEXT_ID,PARENT_CONTEXT_ID,TIME,STORETIME,KEY0,KEY1,KEY2,KEY3,KEY4,KEY5,KEY6,KEY7,KEY8,KEY9,KEY10,KEY11,KEY12,KEY13,KEY14,KEY15,KEY16,KEY17,KEY18,KEY19,KEY20,KEY21,KEY22,KEY23,KEY24,KEY25,KEY26,KEY27,KEY28,KEY29,KEY30,KEY31,KEY32,KEY33,KEY34,KEY35,KEY36,KEY37,KEY38,KEY39,DBM0,MEASUREMENT_STR) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,'R',empty_clob())
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
Any help would be appreciated.Thanks.
Kash

Secure vs. Non-Secure Web

Similar Messages

Maybe you are looking for