Securing Web Services based on simple Java Classes

Hi @all!
We`ve got the following problem.
There`s a .NET client calling our Web services deployed on Bea Weblogic 8.1 (without
SP).
The Web Services are generated by the ANT task servicegen. They are based on simple
Java classes containing the service methods as public members.
Is there a possibility to secure these methods without using the console menu
item "Define Security Policy" ?
We can`t use this menu because it has got a javascript bug with methods returning
an array.
Thanks in advance for help.
Michael

Hi Michael,
Could you use transport level security, SSL [1]?
I'm not sure what limitation you are experiencing with the console? Is
there a traceback? Have you contacted customer support on this issue?
Thanks,
Bruce
[1]
http://edocs.bea.com/wls/docs81/webserv/security.html#1053203
Michael Albrecht wrote:
>
Hi @all!
We`ve got the following problem.
There`s a .NET client calling our Web services deployed on Bea Weblogic 8.1 (without
SP).
The Web Services are generated by the ANT task servicegen. They are based on simple
Java classes containing the service methods as public members.
Is there a possibility to secure these methods without using the console menu
item "Define Security Policy" ?
We can`t use this menu because it has got a javascript bug with methods returning
an array.
Thanks in advance for help.
Michael

Similar Messages

  • Invoking a secure web service from a standalone java client

    I am using stand alone java client to invoke a web service. This web service in turn invokes a jcs which is protected ( role based access ).
    I am using a proxy at the client side for web service invocation
    FileSubmission_Impl filesubmission_impl = new FileSubmission_Impl();
    FileSubmissionSoap filesubmissionsoap = filesubmission_impl.getFileSubmissionSoap();
    filesubmissionsoap.processFiles(...)
    This works if there are no security constraints on any of the resources (@common:security).
    I need to pass the username and password from the java client that will be authenticated and allowed to access the protected resources.
    Please let me know as to how this can be achieved ( passing username and password from client )

    Paula,
    I suppose you're using CFINVOKE (http://www.activsoftware.com/code_samples/code.cfm/CodeID/44/ColdFusion/Invoking_SOAP_Web_Services_with_ColdFusion_MX_CFINVOKE_Tag) or are you using a third party tool like CFX_SOAP (http://www.activsoftware.com/products/productdetail.cfm/id/1015)?
    Are you working with WebAS 6.4 or 6.2?
    It works with web services created with WebAS 6.4, but you should generate proxy classes. Check Thomas' weblog (second part of it)->https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/1012. [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]
    The WSDL generated by this method is more standard than the one generated when you just Remote enable an FM and look at the webservice browser.
    Th core of CF MX is Java and that engine is rather strict in standards.
    Eddy

  • Secured web service for secured AM method

    Hello,
    I need to invoke method of secured Application Module (jbo.security.enforce = Must) from secured web service.
    I have a simple java class with Configuration.createRootApplicationModule ... and a web service built for this java class.
    I found I have to authentificate users twice. First time when invoking web service (this is ok) and second time when creating application module instance.
    The problem is I can get name of user logged in web service but I cannot get his password. So I cannot login to application module with the same user.
    How can I force adf business components to use user authentificated in web service to use him/her as adf bc user?
    Rado

    Hi Mayank,
    Chapter 7, Custom Serialization of Java Value Types, of the Web services developer guide may be a good place to get started.
    All the best,
    -Eric

  • Error while invoking secure web service.

    Hi,
    I am trying to access a secure web service through a simple BPEL process in SOA Suite 11g. When I test it through enterprise manager I am getting the following error. Since it's a secured websecure i set the WS policy(oracle/wss_username_token_client_policy) in the external reference and also provided the credentials. If anyone has come across similar error or know the solution please let me know. Also I am not sure if its related to security or is it with the way I am trying to call the service.
    Error Message:
    Fault ID     reference:80014
    Fault Time     May 22, 2011 12:54:45 PM
    Non Recoverable System Fault :
    javax.xml.ws.soap.SOAPFaultException: 99999: Unknown Service
    Error Message: {http://schemas.oracle.com/bpel/extension}remoteFault
    Fault ID     default/Mocking!1.0*soa_be35cb3e-5f05-49df-a696-a653d5703681/BPELProcess1/30017-BpInv0-BpSeq0.3-3
    Fault Time     May 22, 2011 12:54:46 PM
    Non Recoverable System Fault :
    <bpelFault><faultType>0</faultType><remoteFault xmlns="http://schemas.oracle.com/bpel/extension"><part name="summary"><summary>99999: Unknown Service</summary></part><part name="detail"><detail>&lt;con:fault xmlns:con="http://www.bea.com/wli/sb/context"> &lt;con:errorCode>99999&lt;/con:errorCode> &lt;con:reason>Unknown Service&lt;/con:reason> &lt;con:location> &lt;con:node>PipelinePairNode1&lt;/con:node> &lt;con:pipeline>PipelinePairNode1_request&lt;/con:pipeline> &lt;con:stage>stage1&lt;/con:stage> &lt;/con:location> &lt;/con:fault> </detail></part><part name="code"><code>soap:Server</code></part></remoteFault></bpelFault>

    Thanks very much for your suggestion. I will take a look into the wsdl again and see if something is wrong in that.
    I have a peculiar problem with the wsdl. When I created the partner link using the remote wsdl it would throw a compilation error. But when I took a local copy of the remote wsdl and seperated all the schema's from the wsdl and imported them inside wsdl it gets compiled. But I am not sure if this is a appropriate thing to do and if that is creating this problem. Any thoughts on this would be really helpful.

  • Web Services - Simple Java Classes

    Hi folks,
    I'm new to using Netweaver and web services in general. I have some existing simple java classes already that I want to convert to a web service. I've decided to try and do a simple test first to make sure I understood how to do this correctly so I followed the steps outlined in this link: (I find I understand this better than the other help files)
    <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/60046fb9-ac5b-2910-08a6-b7b04b463c62">https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/60046fb9-ac5b-2910-08a6-b7b04b463c62</a>
    In the end what I got was a class file that has been turned into webservices (the code has @WebService, etc). When I try to do a deployment, everything goes well but I'm not quite sure which link I should use to check out my WSDL or anything. I tried the link like in the article above (but used http://localhost:50000 instead) and wound up getting a 404 error. Is there something I'm doing wrong?
    Also, as a quick follow up...since the link shows steps on building EJB's for web services, is it correct to assume that I can use the same steps when building simple java classes? (Create project --> Java Project, create my methods/classes, create new webserive and put slider to Test to check if everything works).
    Any help with this will be greatly appreciated I've been trying to figure this out for days already.

    Hi Bianca,
    Welcome on SDN!
    Have you tried to follow the steps exactly as described in the above document? That is, move the slider to "Develop service", then deploy your application, and request http://localhost:50000/HelloWorldBeanService/HelloWorldBean?wsdl - this worked fine for me.
    > I find I understand this better than the other help files
    Well, which help files you use depends on which version of the NetWeaver AS Java you're using. The link above is applicable to the Java EE 5 preview version; the help files you're probably referencing are the official documentation of the NetWeaver 04 and 04s releases.
    Hope it helps!
    -Vladimir

  • Creating simple Web Services from Plain Old Java Objects (PoJo)

    This post is with reference to a sun web page at URL - http://developers.sun.com/appserver/reference/techart/ws_mgmt.html
    It is a crisply written tutorial on creating a simple Java class and deploy the class as a JAX-WS 2.0 Web service.
    Requires -
    a) Sun Application Server - I got App Server Platform Edition 9.0_01
    b) Also requires Java_Home to JDK 1.5.0 - this was something i did even though my App Server i believe is using jdk 1.6.
    [The reason i know that is because when i removed jdk 1.6. directory from my C:\Java location, my app server asadmin commands would not be found. While i dont remember configuring the App Server to point to JDK 1.6. specifically, i am assuming the app server version i downloaded and installed auto installs it and uses it]
    I wrote up the class as described in the tutorial.
    Initially i had difficulty compiling the class, and it would error out as being unable to find the javax.jws package.
    I researched the problem a little and included the jaxws-tools.jar in the classpath and that error went away.
    According to the tutorial the presence of the @WebService annotation will tell the App Server to process it as such and also auto deploy it to the App Server.
    However while the class file is created, the autodeploy part fails completely.
    I have the entries in server.log corresponding to this javac execution stored in a separate file. Didnt know how best to attach it here.
    Please help.
    Best regards,

    Just inline the appropriate pieces of the server log.

  • Security exception while running the java client for a secured web service.

    hi,
    I created a proxy for a secured web service.
    When I run the client java program I am getting the following exception :
    java.io.IOException: could not load the default-keystore.jks file because The keystore file is tampered or password is incorrect.
    Its saying that password is invalid.
    Can you please help me on this thanks in advance.
    Regards,
    Chandra

    hi,
    I created a proxy for a secured web service.
    When I run the client java program I am getting the following exception :
    java.io.IOException: could not load the default-keystore.jks file because The keystore file is tampered or password is incorrect.
    Its saying that password is invalid.
    Can you please help me on this thanks in advance.
    Regards,
    Chandra

  • How to call OWSM secured web-service from ADF application

    I have a OWSM secured web-service, which takes username/password.
    I want to invoke this webservice from ADF application. ADF application has its own security and it takes its own username/password. End user can't provide the username/password for web-service call. My ADF application should call the webservice and provide it appropriate username/password.
    What is the best practice to handle such scenario. I don't want to hardcode username/password in Java (ADF) code.
    Thanks
    Sanjeev.

    it is not clear to me if you are having problems with calling java code from OIM or if the problem is the web service API.
    Lets do some divide and conquer:
    Can you create a simple java class that just writes a couple of lines to the log? Please attach this code to the OIM task and make sure it runs.
    Once this works we can start looking at the web service call.
    Best regards
    /Martin

  • Security procesing failed(actions mismatch) while invkng secure web-service

    Hi,
    This mail is to seek help from our Java community in a issue that we are currently facing with web service we have written in the application
    that I am currently working on. An early response in this is highly appreciated.
    I have implemented Java client to invoke the secure web-service(Signing and Encryption of SOAP Request). I am using the classes WSSecEncrypt & WSSecSignature for signing and encrypt the request.
    I did the signing and encryption for the SOAP request, invoked the Web-service. The server side received the request and sent the encrypted response. But I am getting an error in the client side while receiving the encrypted response.
    Client side :
    1) sign the SOAP reuqest with client private key
    2) Encrypt the request with server side public key
    3) invoke the web-service ( request sent to server and server sent the response) but getting error while reading the encrypted the response.
    Server side :
    1) receive the request
    2) decrypt the request, process the request
    3) encrypth the response and send to client
    I am getting the below exception exactly at below line (while getting encrypted response) and I have pasted the java client code below
    SOAPEnvelope resEnvelope = call.invoke(msg);
    Exception message :
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultSubcode:
    faultString: security processing failed (actions mismatch)
    faultActor:
    faultNode:
    faultDetail:
    {http://xml.apache.org/axis/}hostname:apsp9097
    security processing failed (actions mismatch)
    at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
    at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
    at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1774)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2930)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
    at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
    at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
    at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
    at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
    at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
    at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:796)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
    at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:727)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:1870)
    at CallSecWS.main(CallSecWS.java:118)
    Java Code :
    Properties clinetProps = new Properties();               
              MessageContext msgContext = null;          
              System.setProperty("javax.xml.soap.MessageFactory", "org.apache.axis.soap.MessageFactoryImpl");          
              FileInputStream fis = new FileInputStream("C:\\crypto.properties");          
              clinetProps.load(fis);
              Crypto ClientCrypto = CryptoFactory.getInstance(clinetProps);
              //Creating Messaging Object
              InputStream inStream = new ByteArrayInputStream(soapMsg.getBytes());
              Message axisMsg = new Message(inStream);
              axisMsg.setMessageContext(msgContext);
    //creating envelople based on Message
              SOAPEnvelope envelope = axisMsg.getSOAPEnvelope();
    // Encrypting an signing the SOAP request
              WSSecEncrypt encrypt = new WSSecEncrypt();
              WSSecSignature sign = new WSSecSignature();
    // Set the encryption and signging details
              encrypt.setUserInfo("serverpublickey");     
              String strProvateKey = clinetProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
              String password = clinetProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.password");
              sign.setUserInfo(strProvateKey,password);     
    // Creating the header
              Document doc = envelope.getAsDocument();     
              WSSecHeader secHeader = new WSSecHeader();
              secHeader.insertSecurityHeader(doc);
         // Dcoument ment signed and encrypted
              Document encryptedDoc = encrypt.build(doc, ClientCrypto, secHeader);
              System.out.println("After Encryption....");
              Document encryptedSignedDoc = sign.build(encryptedDoc, ClientCrypto, secHeader);
         Message msg = (Message) toSOAPMessage(encryptedSignedDoc);
         System.out.println(msg.getSOAPPartAsString() );
    // Encryption and signing done and invoking the secure web-service
              String endpoint = "http://sys.ws.com/services/SecureService";
              Service service = new Service();
              Call call = (Call) service.createCall();
              call.setTargetEndpointAddress( new java.net.URL(endpoint) );
              call.setOperationStyle(org.apache.axis.constants.Style.MESSAGE);
    // Sender handler
              WSDoAllSender send = new WSDoAllSender();     
              send.setOption( WSHandlerConstants.SIG_PROP_FILE , "crypto.properties" );
              send.setOption( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
              send.setOption( WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT +" " + WSHandlerConstants.SIGNATURE );
              send.setOption( WSHandlerConstants.USER, "PrivateKey" );     
              send.setOption( WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");     
              send.setOption( WSHandlerConstants.PW_CALLBACK_CLASS,com.client.B2BCallBack.class.getName() );     
    // Receiver handler
              WSDoAllReceiver recv = new WSDoAllReceiver();
              recv.setOption( WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE+ " " + WSHandlerConstants.ENCRYPT );
              recv.setOption( WSHandlerConstants.SIG_PROP_FILE, "crypto.properties" );
              recv.setOption( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
              recv.setOption( WSHandlerConstants.PW_CALLBACK_CLASS,com.client.B2BCallBack.class.getName() );          
              recv.setOption( WSHandlerConstants.ENCRYPTION_USER ,"serverpublickey");
              // Setting the handlers          
    call.setClientHandlers(send, recv);
              System.out.println("Set the all parameters");
    // Invoking the web-service.
              SOAPEnvelope resEnvelope = call.invoke(msg);
    public static SOAPMessage toSOAPMessage(Document doc) throws Exception
         Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
         byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
         ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage);
         MessageFactory factory = MessageFactory.newInstance();
         return factory.createMessage(null, in);
    Thanks
    J Ashok
    Edited by: 846090 on Mar 21, 2011 11:34 AM

    Hi,
    This mail is to seek help from our Java community in a issue that we are currently facing with web service we have written in the application
    that I am currently working on. An early response in this is highly appreciated.
    I have implemented Java client to invoke the secure web-service(Signing and Encryption of SOAP Request). I am using the classes WSSecEncrypt & WSSecSignature for signing and encrypt the request.
    I did the signing and encryption for the SOAP request, invoked the Web-service. The server side received the request and sent the encrypted response. But I am getting an error in the client side while receiving the encrypted response.
    Client side :
    1) sign the SOAP reuqest with client private key
    2) Encrypt the request with server side public key
    3) invoke the web-service ( request sent to server and server sent the response) but getting error while reading the encrypted the response.
    Server side :
    1) receive the request
    2) decrypt the request, process the request
    3) encrypth the response and send to client
    I am getting the below exception exactly at below line (while getting encrypted response) and I have pasted the java client code below
    SOAPEnvelope resEnvelope = call.invoke(msg);
    Exception message :
    AxisFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultSubcode:
    faultString: security processing failed (actions mismatch)
    faultActor:
    faultNode:
    faultDetail:
    {http://xml.apache.org/axis/}hostname:apsp9097
    security processing failed (actions mismatch)
    at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
    at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
    at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1774)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2930)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
    at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
    at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
    at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
    at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
    at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
    at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:796)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
    at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:727)
    at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
    at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
    at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
    at org.apache.axis.client.Call.invoke(Call.java:2767)
    at org.apache.axis.client.Call.invoke(Call.java:1870)
    at CallSecWS.main(CallSecWS.java:118)
    Java Code :
    Properties clinetProps = new Properties();               
              MessageContext msgContext = null;          
              System.setProperty("javax.xml.soap.MessageFactory", "org.apache.axis.soap.MessageFactoryImpl");          
              FileInputStream fis = new FileInputStream("C:\\crypto.properties");          
              clinetProps.load(fis);
              Crypto ClientCrypto = CryptoFactory.getInstance(clinetProps);
              //Creating Messaging Object
              InputStream inStream = new ByteArrayInputStream(soapMsg.getBytes());
              Message axisMsg = new Message(inStream);
              axisMsg.setMessageContext(msgContext);
    //creating envelople based on Message
              SOAPEnvelope envelope = axisMsg.getSOAPEnvelope();
    // Encrypting an signing the SOAP request
              WSSecEncrypt encrypt = new WSSecEncrypt();
              WSSecSignature sign = new WSSecSignature();
    // Set the encryption and signging details
              encrypt.setUserInfo("serverpublickey");     
              String strProvateKey = clinetProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
              String password = clinetProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.password");
              sign.setUserInfo(strProvateKey,password);     
    // Creating the header
              Document doc = envelope.getAsDocument();     
              WSSecHeader secHeader = new WSSecHeader();
              secHeader.insertSecurityHeader(doc);
         // Dcoument ment signed and encrypted
              Document encryptedDoc = encrypt.build(doc, ClientCrypto, secHeader);
              System.out.println("After Encryption....");
              Document encryptedSignedDoc = sign.build(encryptedDoc, ClientCrypto, secHeader);
         Message msg = (Message) toSOAPMessage(encryptedSignedDoc);
         System.out.println(msg.getSOAPPartAsString() );
    // Encryption and signing done and invoking the secure web-service
              String endpoint = "http://sys.ws.com/services/SecureService";
              Service service = new Service();
              Call call = (Call) service.createCall();
              call.setTargetEndpointAddress( new java.net.URL(endpoint) );
              call.setOperationStyle(org.apache.axis.constants.Style.MESSAGE);
    // Sender handler
              WSDoAllSender send = new WSDoAllSender();     
              send.setOption( WSHandlerConstants.SIG_PROP_FILE , "crypto.properties" );
              send.setOption( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
              send.setOption( WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT +" " + WSHandlerConstants.SIGNATURE );
              send.setOption( WSHandlerConstants.USER, "PrivateKey" );     
              send.setOption( WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");     
              send.setOption( WSHandlerConstants.PW_CALLBACK_CLASS,com.client.B2BCallBack.class.getName() );     
    // Receiver handler
              WSDoAllReceiver recv = new WSDoAllReceiver();
              recv.setOption( WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE+ " " + WSHandlerConstants.ENCRYPT );
              recv.setOption( WSHandlerConstants.SIG_PROP_FILE, "crypto.properties" );
              recv.setOption( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
              recv.setOption( WSHandlerConstants.PW_CALLBACK_CLASS,com.client.B2BCallBack.class.getName() );          
              recv.setOption( WSHandlerConstants.ENCRYPTION_USER ,"serverpublickey");
              // Setting the handlers          
    call.setClientHandlers(send, recv);
              System.out.println("Set the all parameters");
    // Invoking the web-service.
              SOAPEnvelope resEnvelope = call.invoke(msg);
    public static SOAPMessage toSOAPMessage(Document doc) throws Exception
         Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
         byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
         ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage);
         MessageFactory factory = MessageFactory.newInstance();
         return factory.createMessage(null, in);
    Thanks
    J Ashok
    Edited by: 846090 on Mar 21, 2011 11:34 AM

  • Error when trying to access a secured web service from Forms 10g 10.1.2.3

    Hello,
    I'm trying to access a secured web service from Forms10g 10.1.2.3 but i'm getting the next error when pressing the button the first time:
    java.rmi.RemoteException: ; nested exception is: HTTP transport error: javax.xml.soap.SOAPException:
    java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 UnauthorizeWhen i press the button a second time i got this error:
    javax.xml.rpc.soap.SOAPFaultException: The SOAP request is invalid. The required node 'Envelope' is missingThis is the code i have in my button:
    DECLARE
    jo ora_java.jobject;
    pdfObject ora_java.jobject;
    pdf     varchar2(900);
    rv varchar2(100);
    ex ora_java.jobject;
    BEGIN
    JO := SEARCHSOAPCLIENT.new;
    SEARCHSOAPCLIENT.setUsername(JO,'weblogic');
    SEARCHSOAPCLIENT.setPassword(JO,'welcome1');
    pdfObject := SEARCHSOAPCLIENT.quicksearch(JO,'1234',NULL);
    pdf := SEARCHSOAPCLIENT.tostring(pdfObject);
    message(pdf);
    message(' ');
    EXCEPTION
    WHEN ORA_JAVA.JAVA_ERROR then
    message('Unable to call out to Java, ' ||ORA_JAVA.LAST_ERROR);
    WHEN ORA_JAVA.EXCEPTION_THROWN then
    ex := ORA_JAVA.LAST_EXCEPTION;
    :error := Exception_.toString(ex);
    END;When i run it from JDeveloper it works, this is a portion of java code the proxy web service has:
    import oracle.webservices.transport.ClientTransport;
    import oracle.webservices.OracleStub;
    import javax.xml.rpc.ServiceFactory;
    import javax.xml.rpc.Stub;
    public class SearchSoapClient {
        private webservicesproxywebcontent.proxy.SearchSoap _port;
        public SearchSoapClient() throws Exception {
            ServiceFactory factory = ServiceFactory.newInstance();
            _port = ((webservicesproxywebcontent.proxy.Search)factory.loadService(webservicesproxywebcontent.proxy.Search.class)).getSearchSoap();
            this.setUsername("weblogic");
            this.setPassword("welcome1");
            System.out.println("callling from _port "+ _port.quickSearch("1234234", null));
         * @param args
        public static void main(String[] args) {
            try {
                webservicesproxywebcontent.proxy.SearchSoapClient myPort = new webservicesproxywebcontent.proxy.SearchSoapClient();
                System.out.println("calling " + myPort.getEndpoint());
            } catch (Exception ex) {
                ex.printStackTrace();
         * delegate all operations to the underlying implementation class.
        public QuickSearchResult quickSearch(String queryText, IdcPropertyList extraProps) throws java.rmi.RemoteException {
            return _port.quickSearch(queryText, extraProps);
        }Also the secured web service was generated from Webcenter Content 11.1.1.6 that is why it's a secured web service.
    Kind Regards
    Carlos

    Without going into any technical discussion about the code, my first question is what JDK version was used to create this which was imported into the form? Understand that Forms 10 runs on JDK 1.4.2, so if you used any newer JDK version, likely there will be problems.

  • Create a Secure Client for a Secure Web Service- is failing

    Hi,
    This is actually with reference to the webservice tutorial.I am trying the example on Create a Secure Client for a Secure Web Service and have followed all the steps mentioned,however I am getting the following error:
    D:\JDev11gTp\jdk\bin\javaw.exe -client -classpath D:\Jdev11gTpInstance\mywork\WebServiceApplications\.adf;D:\Jdev11gTpInstance\mywork\WebServiceApplications\WebServiceProjects\classes;D:\JDev11gTp\webservices\lib\jaxws-api.jar;D:\JDev11gTp\webservices\lib\jws-api.jar;D:\JDev11gTp\webservices\lib\orawsmetadata.jar;D:\JDev11gTp\webservices\lib\wsclient.jar;D:\JDev11gTp\j2ee\home\lib\activation.jar;D:\JDev11gTp\j2ee\home\lib\ejb.jar;D:\JDev11gTp\j2ee\home\lib\jms.jar;D:\JDev11gTp\j2ee\home\lib\jta.jar;D:\JDev11gTp\j2ee\home\lib\mail.jar;D:\JDev11gTp\j2ee\home\lib\servlet.jar;D:\JDev11gTp\webservices\lib\jaxrpc-api.jar;D:\JDev11gTp\webservices\lib\wsserver.jar;D:\JDev11gTp\webservices\lib\wssecurity.jar;D:\JDev11gTp\webservices\lib\wsdl.jar;D:\JDev11gTp\webservices\lib\orasaaj.jar;D:\JDev11gTp\webservices\lib\saaj-api.jar;D:\JDev11gTp\webservices\lib\orawsdl.jar;D:\JDev11gTp\webservices\lib\orawsrm.jar;D:\JDev11gTp\webservices\lib\orawsrel.jar;D:\JDev11gTp\webservices\lib\jaxr-api.jar;D:\JDev11gTp\webservices\lib\orajaxr.jar;D:\JDev11gTp\webservices\lib\relaxngDatatype.jar;D:\JDev11gTp\webservices\lib\xsdlib.jar;D:\JDev11gTp\webservices\lib\mdds.jar;D:\JDev11gTp\webservices\lib\wsif.jar;D:\JDev11gTp\webservices\lib\fabric-common.jar;D:\JDev11gTp\webservices\lib\fabric-interceptors.jar;D:\JDev11gTp\jlib\jaxen.jar;D:\JDev11gTp\jlib\oraclepki.jar;D:\JDev11gTp\jlib\ojpse.jar;D:\JDev11gTp\jlib\jsr106.jar;D:\JDev11gTp\jlib\jsr105.jar;D:\JDev11gTp\jlib\osdt_xmlsec_jce.jar;D:\JDev11gTp\jlib\osdt_wss_jce.jar;D:\JDev11gTp\jlib\osdt_saml_jce.jar;D:\JDev11gTp\jlib\osdt_saml2_jce.jar;D:\JDev11gTp\jlib\osdt_core.jar;D:\JDev11gTp\jlib\osdt_cert.jar;D:\JDev11gTp\jlib\osdt_xmlsec.jar;D:\JDev11gTp\jlib\osdt_wss.jar;D:\JDev11gTp\jlib\osdt_saml.jar;D:\JDev11gTp\jlib\osdt_saml2.jar;D:\JDev11gTp\jlib\ojmisc.jar;D:\JDev11gTp\j2ee\home\lib\http_client.jar;D:\JDev11gTp\j2ee\home\jazncore.jar;D:\JDev11gTp\j2ee\home\oc4jclient.jar;D:\JDev11gTp\rdbms\jlib\xdb.jar;D:\JDev11gTp\j2ee\home\lib\javax77.jar;D:\JDev11gTp\lib\java\api\jsr173_api.jar;D:\JDev11gTp\lib\java\shared\sun.jaxb\2.0\jaxb-impl.jar;D:\JDev11gTp\lib\java\shared\sun.jaxb\2.0\jaxb-xjc.jar;D:\JDev11gTp\lib\java\shared\sun.jaxb\2.0\jaxb1-impl.jar;D:\JDev11gTp\j2ee\home\lib\oc4j-schemas.jar;D:\JDev11gTp\jlib\ojdl.jar;D:\JDev11gTp\jlib\ojdl2.jar;D:\JDev11gTp\jlib\fmw_audit.jar;D:\JDev11gTp\j2ee\home\lib\jmxri.jar;D:\JDev11gTp\j2ee\home\lib\jmx_remote_api.jar;D:\JDev11gTp\j2ee\home\lib\adminclient.jar;D:\JDev11gTp\j2ee\home\lib\jmxframework.jar;D:\JDev11gTp\j2ee\home\lib\jmxspi.jar;D:\JDev11gTp\j2ee\home\lib\xmlcfg.jar;D:\JDev11gTp\jlib\dms.jar;D:\JDev11gTp\jlib\orai18n.jar;D:\JDev11gTp\j2ee\home\lib\commons-digester.jar;D:\JDev11gTp\j2ee\home\lib\spring.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-policy-core.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-pmclient.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-pap.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-agent.jar;D:\JDev11gTp\lib\java\shared\oracle.wsm\11.1.1.0\wsm-secpol.jar;D:\JDev11gTp\lib\java\shared\oracle.javatools\11.1.1.0.0\javamodel-rt.jar;D:\JDev11gTp\lib\java\shared\oracle.javatools\11.1.1.0.0\javatools-nodeps.jar;D:\JDev11gTp\lib\java\shared\oracle.toplink\11.1.1.0.0\toplink-sdo.jar;D:\JDev11gTp\lib\java\api\jaxb-api.jar;D:\JDev11gTp\lib\xmlparserv2.jar;D:\JDev11gTp\lib\xml.jar;D:\JDev11gTp\jakarta-taglibs\commons-logging-1.0.3\commons-logging.jar -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8099 -Dhttp.nonProxyHosts= -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8099 -Dhttps.nonProxyHosts= HelloPolicyPortClient
    Feb 1, 2008 5:13:43 PM oracle.j2ee.ws.common.context.ContextInterceptor init
    INFO: Context provider properties file not found
    Feb 1, 2008 5:13:44 PM oracle.wsm.audit.Auditor <init>
    INFO: Created J2SE auditor for componentType=OWSM-AGENT busstop=D:\oracle\product\10.2.0\client_1\auditlogs\OWSM-AGENT filter=false auditor=oracle.security.audit.Auditor@143a083
    Feb 1, 2008 5:13:44 PM oracle.wsm.audit.Auditor <init>
    INFO: Created J2SE auditor for componentType=OWSM-PM-LIB busstop=D:\oracle\product\10.2.0\client_1\auditlogs\OWSM-PM-LIB filter=false auditor=oracle.security.audit.Auditor@15af049
    SEVERE: WSM-04514 An MDS error occurred.
    SEVERE: WSM-09012 No key, WSM-06002, was found in the resource bundle oracle.wsm.resources.policyvalidation.PolicyValidationMessageBundle.
    javax.xml.ws.WebServiceException: oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06002 PolicyReference Invalid policy reference
    at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:466)
    at oracle.j2ee.ws.client.jaxws.WsClientProxyInvocationHandler.invoke(WsClientProxyInvocationHandler.java:204)
    at $Proxy28.sayHello(Unknown Source)
    at HelloPolicyPortClient.main(HelloPolicyPortClient.java:35)
    Caused by: oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06002 PolicyReference Invalid policy reference
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:217)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:104)
    at oracle.j2ee.ws.client.mgmt.runtime.SuperClientInterceptorPipeline.handleRequest(SuperClientInterceptorPipeline.java:91)
    at oracle.j2ee.ws.client.jaxws.DispatchImpl.handleRequest(DispatchImpl.java:309)
    at oracle.j2ee.ws.client.jaxws.DispatchImpl.handleRequest(DispatchImpl.java:290)
    at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:444)
    ... 3 more
    Process exited with exit code 0.
    Can anyone please give any clue as to why this error is coming?
    Thanks.

    Hi
    Please refer to this thread
    Re: Can I create a login/password protection in Muse for a HTML5 page or two?

  • Securing web services with Sun Access Manager

    Hi!
    I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
    What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
    I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
    I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
    My questions are:
    1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
    2) Are there any documentation/tutorials/etc?
    Thanks in advance :-)
    Anders

    what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
    the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
    So.. having said that. here's what I'd recommend.
    1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
    2. configure it to use your access manager instance for authentication.
    3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
    4. voila... your webservices are not "protected" by acces manager ;-)

  • Accessing Secured Web Services fromPL/SQL  Code.

    Hi ,
    This is an urgent requirement.We need to call a Web Sercured which is secured(That we need Authenticate using Digital Signatures).I don't how to call a Secured web service from PL/SQL code.with java it is possible.
    Can anyone help me in confoguring/Writing code to call web services with Digital Certificates.
    Regards,
    Ram

    In the XmlDigester class you would have to change the following 2 functions...
    public int Compare(Object x, Object y)
    XmlAttribute lhs = (XmlAttribute)x;
    XmlAttribute rhs = (XmlAttribute)y;
    string ls = lhs.NamespaceURI;
    string rs = rhs.NamespaceURI;
    if ((ls == rs) || (ls.Equals(rs) && ls != null && rs != null))
    ls = lhs.LocalName;
    rs = rhs.LocalName;
    if (ls == null)
    return -1;
    if (rs == null)
    return 1;
    byte[] larr = Encoding.UTF8.GetBytes(ls);
    byte[] rarr = Encoding.UTF8.GetBytes(rs);
    int len = Math.Min(larr.Length, rarr.Length);
    for (int i = 0; i < len; i++)
    int li = (int)(larr[i] & 0xFF);
    int ri = (int)(rarr[i] & 0xFF);
    int d = li - ri;
    if (d != 0)
    return d;
    return larr.Length - rarr.Length;
    private void Serialize(string s, Stream outStream)
    byte[] bytes = Encoding.UTF8.GetBytes(s);
    int len = bytes.Length;
    Serialize((byte)(len >> 8), outStream);
    Serialize((byte)(len), outStream);
    Serialize(bytes, outStream);
    That should do the trick.

  • Re: Using simple java class in an .war file.

    Hi All,
    I have a simple question,
    Can I access an simple java class from a jsp file that I have written by putting it in the "classes" folder?? What entry should go in the web.xml file?
    Here is my directory structure:
    sample.war
    |
    ----test.jsp <file>
    |
    ----WEB-INF <folder>
    | |
    | ----classes<folder>
    | | |
    | | ----simpleJavaClass.class<file>
    | |
    | ----lib<folder>
    | |
    | ----web.xml
    I want to access the simpleJavaClass.class from the jsp test.jsp.
    Please suggest.
    Thanks and regards
    Ayusman

    It is possible to access the class in u r classes folder from u r jsp file.
    For example
    <%@ page import="com.test.service.PricingSolution,
    com.test.core.PhoneNumber
    %>
    <% PricingSolution solution = (PricingSolution)session.getAttribute("solution"); %>
    This is a simple scriplet example. You do the same using jstl tags also.
    --Shinoy

  • Selection of tools for web-service based applications

    Hi,
    I have 3 options now to develop web-service based applications,
    1)Visual Composer
    2)CAF
    3)Web Dynpro Java
    Which is best for security, future-proofness at the same time feasible cost ?

    hi arvind,
    i am giving some links pls see.
    www.crosschecknet.com/web_services_testing_tools_sap_netweaver.php - 20k -
    www.aivea.com/eshipinfo.htm - 107k
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/60046fb9-ac5b-2910-08a6-b7b04b463c62
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/5f3ee9d7-0901-0010-1096-f5b548ac1555
    thanks
    karthik
    reward me points if usefull

Maybe you are looking for

  • 3G camera & Photo App Still Not Working-outbound email not working properly

    I have restored my 3G phone NUMEROUS times. I have restored it as new, I have restored it from Backup. Each time I deleted the previously downloaed upgrades, so that it would get them again, thinking this would fix the problem as Apple says it will M

  • Help REQ receiver FILE CC CONFIG ...POINTS WILL BE GIVEN!!!!

    Hi I am having problem configuring File receiver CC. This is a IDOC to File scenario... My payload is <?xml version="1.0" encoding="UTF-8"?> <ns0:Test_MT xmlns:ns0="urn:test.com"> <Record> <Target> <ProdNum>111</ProdNum> <Weight>10</Weight> </Target>

  • Copying A DVD...

    A friend of mine lent me a DVD he made of various music videos. Now, I want to make a copy of it, but I don't know how. Someone mentioned something about Disk Utility and making a Disk Image or something... Anyway, what I want is an exact copy of the

  • Bind Data directly in Component in case of BEx?

    Hi Everyone, As per SAP tutorials, we can bind the data of universe query directly into Canvas Component means without the use of spreadsheet. But Can we bind the data of BEx query directly into component in dashboard 4.0?? Please suggest your commen

  • Why does my iPad 2 keeps freezing .. ?

    My iPad keeps freezing ... What I do need to  do to correct this problem?