Securing BPEL services with OWSM: problem resolving schema

Similar Messages

• Strange error protecting BPEL service with WSM server agent

  I'm trying to protect a BPEL service with OWSM (SOA Suite 10.1.3.3 MLR#19). Everything looks fine as far as I can see, but when the service is called with WSM active it always fails with internal server error. There are no errors in the logs (BPEL logs, OPMN logs, OWSM logs, ...) except the following in the Apache access logs:
  "POST /policymanager/services/RegistrationService HTTP/1.0" 200 525
  I can connect to /policymanager/services/RegistrationService with a browser, it shows a message saying it is an Axis web service. Without WSM the BPEL service works fine.
  I have tried to fix this for two full days now and nothing I have tried makes a difference. Any suggestions for what I should do in order to solve the issue or at least get more data on what the root cause could be?
  -Erik
  Edit: There were two issues. The built-in test page doesn't work, when invoked with a real external client it works better. In addition the properties for file-based policies seem to be used even when the online check has been enabled (so they cannot be omitted/blank) and a restart is required to make the changes bite.
  Edited by: ew on Oct 4, 2010 2:50 PM

  Did you resolve this issue ? We are having same issue with one of our BPEL process ........ any help would be highly appreciated .....
  Thanks in Advance

• BPEL Services with Task are ending in Recovery console

  Hi All,
  I have a BPEL service with task activity. Once the task service is invoked, the BPEL service is ending up in recovery console. Not sure why this is happening, we are currently on SOA 10.1.3.3.1+MLR18.
  Note: In the same service I have a debug statement after the task initiation and before the receive activity of task. Once the BPEL service is invoked log I can see that my debug statement is getting executed. It means that in the back end my task is getting executed but it is not shown in BPEL console or WFTASK table.
  Please suggest if we have I am missing any thing.
  Thanks
  Ramu.

  Hi Ramu,
  Are you able to recover the process from the manual recovery section ? If yes, then its fine and now turn the cube, wf, engine loggers to DEBUG and see the corresponding errors in the log file.(to figure out the root cause)
  Regards
  A

• Osb proxy service with owsm policy auth slow when soap request very large

  I have a proxy service which is security with owsm policy: oracle/wss_username_token_service_policy, the proxy service simply route to Business Service which directly invoke a bpel exposed web service, when I call the proxy service with soap envelope large than 15MB(not attachment), waiting about 4~5 minutes, the bpel instance created ; but when I remove the security policy:oracle/wss_username_token_service_policy, it will cost only 20 seconds, why authentication cost so long? How can I deal with the problem?
  My English is poor, please don't mind!
  besides, with my OSB version is 11.1.1.6.0

  I finally figured it out. The nullpointer exception is related to the SAML assertion. The SAML assertion in my requests is signed with embedded signature and this seems to be not supported with the used OWSM policy. Without the signature is the exception gone.
  Marian

• Connect to Secure web service with certificate from SAP EP

  Hi Experts,
  Here is the current situation:
  1. Our business requirement is to connect 3rd party RESTful web service which requires secure connection with private client certificate attached
  2. I've tested in my Java test application and successfully attached private certificate to HttpsURLConection request to the web service and made a connection. No problem at all.
  KeyStore keyStore  = KeyStore.getInstance("PKCS12");
  InputStream inputStream = new FileInputStream("privateKeyCert.p12");
  keyStore.load(inputStream, "myPassword".toCharArray());
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  keyManagerFactory.init(keyStore, "myPassword".toCharArray());
  KeyManager[] kms = keyManagerFactory.getKeyManagers();
  SSLContext sslContext = SSLContext.getInstance("SSL");
  sslContext.init(kms, null, new SecureRandom());
  SSLSocketFactory sockFact = sslContext.getSocketFactory();
  URL url = new URL("https://www.thirdpartywebservice.com/testroot/");
  HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
  conn.setSSLSocketFactory(sockFact);
  conn.setRequestMethod("POST");
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  conn.setDefaultUseCaches (false);
  conn.setRequestProperty("Content-Type", "text/xml");
  3. Next, I tried to apply my Java application to SAP EP NetWeaver, and found that I have to use SecureConnectionFactory:
  https://help.sap.com/saphelp_nw70ehp1/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm
  4. So, I modified my Java code for SAP EP:
  KeyStore keyStore  = KeyStore.getInstance("PKCS12");
  InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("privateKeyCert.p12");
  keyStore.load(inputStream, "myPassword".toCharArray());
  SecureConnectionFactory scFactory = new SecureConnectionFactory(keyStore);
  HttpURLConnection conn = scFactory.createURLConnection("https://www.thirdpartywebservice.com/testroot/");
  conn.setRequestMethod("POST");
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  conn.setDefaultUseCaches (false);
  conn.setRequestProperty("Content-Type", "text/xml");
  And I'm facing the following error message:
  Exception: java.security.UnrecoverableKeyException: ja
  va.security.GeneralSecurityException: Unable to decrypt private key: javax.crypto.BadPaddingException: Invalid PKCS#5 padding length: 253
  Could you please help me what this error message means?
  Do you think do I need to to do some other configuration to make connection to web service with client certificate?
  This is our first approach. Please help...
  Thank you in advance.

  SunJSSE implement SSL server CertificateRequest in a strict mode, if client failed to find a proper certificate corresponding the server request, it does not guess what's the proper certificate and send to the server. In your case, because there is no intermediate certificate in the client context, so there is no way to make the decision which certificate would be acceptable by server, so client does not send any cert to server. That's why you got a handshaking error.
  I guess your client key store does not contains a full certificate path from the client end-entity certificate to the root CA. Please import the full certificate path into the key store.
  BTW, these approaches should work, but I found no reason why one does not adopt #1:
  1. import the full certification path of client certificate into client key store.
  2. as a workaround, configure the server to send a list including the intermediate certificates;
  3. as a workaround, you will have to customize the client KeyManager if you don't want to or are not able to configure the server to send a list including the intermediate certificates.

• Securing RPC services with TCP Wrappers

  Hello All,
  I have two node cluster running solaris 10. Since SVM needs few rpc services like metad,metamedd and metamhd, I dont want to disable them. But at the same time, wants to block them from outside world.
  But readme page of TCP Wrappers (http://www.sunfreeware.com/README.tcpwrappers) says "The wrappers do not work with RPC services over TCP. These services are registered as rpc/tcp in the inetd configuration file". And other internet sources says same. So my question is this valid still?. Or it is possible to filter RPC services using TCP Wrappers.
  When I tested this with following entries in /etc/hosts.allow and /etc/hosts.deny, my two nodes did not give any trouble after couple of reboots. SVM is working fine. So I wonder whether RPC services area really blocked (other than the local host) or not.
  Content of /etc/hosts.deny
  ===========================
  rpcbind: ALL : severity debug
  rpc.metad: ALL : severity debug
  rpc.metamhd: ALL : severity debug
  rpc.metamedd: ALL : severity debug
  rpc.metacld: ALL : severity debug
  Content of /etc/hosts.allow
  =======================================
  rpcbind: KNOWN : severity debug
  rpc.metad: localhost : severity debug
  rpc.metamhd: localhost : severity debug
  rpc.metamedd: localhost : severity debug
  rpc.metacld: localhost : severity debug
  Any hints/information regarding this will be really appreciated.

  Hello Mark,
  Sorry that I missed to thank you in your last post.
  If I get it right, The RPC bind program is used to maintain a table of dynamically allocated ports for RPC-based services.
  From internet, "The file /etc/rpc contains a list of network services. Typically, when a remote machine wants to connect to one of those services on your machine, it first issues a query to the rpcbind program running on your computer. It knows the name of the services it wants to connect with, but doesn't know what port number to use. Your rpcbind will respond with a port number. The remote host will then attempt a connection to the specified port."
  Also, Note that blocking rpcbind doesn't block access to the/etc/rpc services altogether. It does block access for those programs which do an rpcinfo query in order to reach those services. So other possible ways also exist to make remote connection without querying. Here lies the problem. I wanted to secure RPC services completely.
  Coming to metad, it is true that ldd will result nothing related to libwrap*. But inetadm tells different story
  inetadm -l /network/rpc/meta | grep -i wrap
  default tcp_wrappers=TRUE
  So encapsulating with tcpd should work for metad and other RPC services, I believe.
  What is your opinion on this?.

• Secure OSB Service with LDAP

  Hi Friends,
  Greetings!
  Is there a way to secure an OSB service so that user will be able to access it only if they pass their AD/LDAP userid and password?
  Note: I know I can add servie accounts. However I want to avoid adding a guge number of users/services acounts manually.
  Thanks,
  Sachin.

  Hi Sachin,
  You have to configure webogic security realm to add AD/LDAP Authentication provider.
  http://onlineappsdba.com/index.php/2010/02/04/how-to-integrate-weblogic-with-oracle-internet-directory-for-login-authentication/
  In order to secure OSB service you can enable HTTPS or have message level security for the same.
  >know I can add servie accounts. However I want to avoid adding a guge number of users/services acounts manually.
  No Need to maintain n nunber of accounts per n number of users.
  use Basic Authentication/Custom Authentication/OWSM username token service policy to to authenticate username/password with AD/LDAP.
  For Authorization: Use Transport/Message Level Authorization at OSB Service level
  Regards,
  Abhinav Gupta

• Securing web services with Sun Access Manager

  Hi!
  I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
  What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
  I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
  I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
  My questions are:
  1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
  2) Are there any documentation/tutorials/etc?
  Thanks in advance :-)
  Anders

  what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
  the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
  So.. having said that. here's what I'd recommend.
  1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
  2. configure it to use your access manager instance for authentication.
  3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
  4. voila... your webservices are not "protected" by acces manager ;-)

• BPEL Web Service with OWSM Server Agent  NOT AUTHENTICATING

  I have deployed OWSM Server Agent to enable WS-Security Username/Password Authentication following the steps in the below URL.
  http://www.oracle.com/technology/obe/fusion_middleware/owsm/secure%20soa/securing%20soa%20with%20owsm.htm
  Section: Creating and Installing an Oracle WSM Server Agent
  The OWSM agent configuration is working fine with individual Web Services.
  For BPEL, the authentication is not happening if we call the default endpoint from JAVA proxy or Soap UI e.g
  http://host.domainame:7777/orabpel/bpelprocess1/050101 - Authenticates as per the OWSM policy and WORKS FINE
  http://host.domainame:7777/orabpel/bpelprocess1 - Executes the process WITHOUT authenticating
  Any help would be appreciated.
  Thanks
  Shehzad

  Did you resolve this issue ? We are having same issue with one of our BPEL process ........ any help would be highly appreciated .....
  Thanks in Advance

• Securing Services with OWSM 10g gateway

  Hi
  I have a small issue with an application we are trying to secure with the Oracle SOA suite 10g Gateway.
  We have 2 application servers which we are trying to configure in a HA configuration.
  We have several internal services that are used within our ocre application and 2 services we wish to expose to the outside world.
  We initially wanted to expose these through the OWSM gateway but seem to have problems stopping external users from invoking internal services.
  We have the BPEL, ESB, WSM Monitor, Manager, Rules installed on one oracle home and the owsm gateway and policy manager installed on a seperate Oracle home. The OHS is installed on the same machine with 2 virtual hosts with different ports externalSOA:7777 and internalSOA:8888
  We have configured the OHS to filter out certain urls for the externalSOA VH such as /em, /esb_dt, /ccore which seems to work.
  However services deployed into internalSOA:8888 are still invokable but externalSOA:7777/servicename
  does anyone have a better solution or some ideas as to what we are doing wrong?
  Regards

  Yes, true,
  I was assuming a firewall protecting internal zone is part of DMZ setup, and infrastructure is on 10g, and owsm gateway, according to initial poster.
  Protecting the internal URL, only allowing gateway requests to pass through would require the requesthandler (service URL) to look into the request.
  What we did was to let the owsm gateway do the authentication/authorization, and adding a policy step to "insert SAML".
  So the client request contains a valid username/password to be authenticated towards LDAP. After authZ an additional SAML header is added, containing a magic token known only to owsm gateway, and internal requesthandler, processing the service URL request.
  If the request did not pass through gateway it will not contain the saml magic token, and thus be rejected by requesthandler.
  11g has some improvements when it comes to protection using agents, but as long as the weaknesses are not covered (lack of gw-functionality) it would be wise to handle this in current infrastructure.
  Suggesting a switch to 11g infrastructure to solve his issue is a bit over the top., switching the entire SOA infrastructure is not something done overnight.

• Securing SOA 11g Web Services with OWSM AD authentication

  I have SOA 11g with Weblogic 10.3.5 installed and running a Web Service and a Client I want to protect with Active Directory auth and perhaps some other access rules. As I read, I can use OWSM policies to do that. Most guides I found concern OWSM 10g.
  How can I make WL use AD authentication? Do I have to use Access Manager?

  I finally figured it out. The nullpointer exception is related to the SAML assertion. The SAML assertion in my requests is signed with embedded signature and this seems to be not supported with the used OWSM policy. Without the signature is the exception gone.
  Marian

• Error trying to secure Web Service through OWSM and OAM

  Hi all.
  We are trying to secure a web service using Oracle Web Service Manager and Oracle Access Manager. We have deployed it into two HTTP Servers. The intended business flow should be:
  1. The WSC make a SOAP request signed with a X.509 v1 client certificate.
  2. The OWSM Gateway intercepts this request and apply the defined policy:
  a. Verify Signature.
  b. Extract of credentials
  c. OAM Authenticate Authorize.
  3. Then OAM apply the defined rule:
  a. Credential validation and extraction of security tokens
  b. Authentication against OID security attributes
  We have protected with OAM the end-point web service URL for authentication and authorization. But we are getting an error when we invoke this web service:
  /The Web Service call failed. The service returned a SOAP fault with the
  message: Authentication Fault: Invalid User Session Token/
  It seems that OWSM Gateway are processing policies defined well, but th error became accesing to OAM authentication and authorize. We have tried to enable OAM debug system, but if we configure it, OAM are unable to start. So we are not able to obtain a more detailed error.
  T.I.A.

  Try re-configuring the AccessServerSDK AccessGate using the configureAccessGate command in the tools directory. It may be possible that the key pairing is corrupted.

• Calling a Axis2 Secure Web Service with JDeveloper 11g

  We are attempting call a Blackboard (Axis2) web service using Oracle JDeveloper 11g. We are currently unable to generate the security header required, could anyone please point me in the right direction?
  I have following the following steps highlighting my issue. What steps might I be missing? Should I have created a keystore? Should I implement this with the metro stack? Any help or suggestions to go in a different direction would be greatly appreciated.
  1. Install JDeveloper 11.1.1.5.0 (accept defaults)
  2. Open JDeveloper
  3. Create a Project by selecting File > New > Generic Project > Finish
  4. Right-click newly created project and select New
  a. Select Web Services in the Categories
  b. Select Web Service Proxy, then Next
  c. Next
  d. Select JAX-WS Style, then Next
  e. Enter http://gpstc.blackboard.com/webapps/ws/services/Context.WS?wsdl for the WSDL Document URL, then Next
  f. Next
  g. Remove “:80” from the Endpoint URL in each row, the first row should be http://gpstc.blackboard.com/webapps/ws/services/Context.WS, then Next
  h. Next
  i. I don’t see an option for WSSOAP12Binding which this webservice utilizes, so I selected “oracle/wss11_username_token_with_message_protection_client_policy”
  j. Next
  k. Finish
  5. As a test, add the following code after “// Add your code to call the desired methods.”
  GetServerVersionResponse myv = new GetServerVersionResponse();
  myv = contextWSPortType.getServerVersion(new GetServerVersion());
  System.out.println(myv.toString());
  6. Run the Project
  7. Received the following exception “Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: WSDoAllReceiver: Incoming message does not contain required Security header"
  Currently running JDeveloper 11g with Oracle WebLogic Server 11gR1
  Attempting to connect to Blackboard, Release 9.1.50119.0
  Thanks, Adam Ham

  Hi,
  Did you configure the Axis2 in Jdeveloper?
  Best Regards
  Sunny

• Securing Web Services with Access Manager

  Hello All
  I have installed the java_app_platform_sdk-5_04-windows.exe that comes with Acces Manager 7.1.
  I want to secure a webservice, so I have created a webapplication (with netbeans 6) with a webservice inside. I have also create a web client application that calls the webservice. The providers are configured in the server and I have enabled the soap security .
  When I use anonymous authentication everything works fine, but if I used any other security method the following exception arises:
  [#|2008-04-29T09:41:07.343+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|AMServerAuthModule.validateRequest: Failed in Securing the Request.|#]
  [#|2008-04-29T09:41:07.375+0200|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|java.lang.reflect.InvocationTargetException
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
       at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
       at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
       at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
       at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
       at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
       at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
       at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
       at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
       at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
       at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
       at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
  Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
       at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
       ... 46 more
  |#]
  [#|2008-04-29T09:41:07.390+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|SEC2002: Container-auth: wss: Error validating request
  com.sun.enterprise.security.jauth.AuthException: Validating Request failed
       at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:188)
       at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
       at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
       at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
       at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
       at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
       at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
       at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
       at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
       at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
       at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
       at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
  Caused by: java.lang.reflect.InvocationTargetException
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
       ... 41 more
  Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
       at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
       ... 46 more
  |#]
  It�s says something about th security mechanism is not supported. But I don�t know why. �Any idea?
  Thank you

  Hello again,
  I am not using ssl. I am using the usernametoken or de saml-voucer mechanish and It happens in both. But with the anonymous mechanism doesnt happen.
  ...

• Heterogeneous Services with password problem

  i need to connect to a password protected access database via oracle 9i.
  http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:4406709207206#18830681837358
  following the steps described at ASKTOM (link above) i was able to connect to access db and retrieve data that dont have any password. but i need to retrieve data from password protected access databse.
  can any1 pls help me?

  Hi
  yes error is here
  SQL> delete from student$@dlcompany;
  delete from student$@dlcompany
  ERROR at line 1:
  ORA-28500: connection from ORACLE to a non-Oracle system returned this message:
  [Generic Connectivity Using ODBC][Microsoft][ODBC Excel Driver] Could not
  delete from specified tables. (SQL State: S1000; SQL Code: -3049)
  ORA-02063: preceding 2 lines from DLCOMPANY
  rana adnan