Securing webservices with SAML

Hi everybody,
I'm trying to protect web services with SAML assertions using AM 7.1, I've alredy try to deploy some tutorials and samples provided by netbeans 6.0, AM7.1 and Java EE SDK, but I'm facing a lot of problems, I also found many contradictions between the tutorials and official Sun documentation and at this point I'm very confused
It's really possible to implement web services security with SAML using AM 7/7.1 +AppServer 8.1/8.2 in the way Securing Identity Web Services tutorial/lab (http://www.javapassion.com/handsonlabs/IdentityWebServices/) do it???
in many tutorials and official Sun documents I found the library amWebServicesProvider.jar that is supposed to be the Sun Java Access Manager Policy Agent 2.2, this library it's supposed to implement the JSR196(Java Authentication Service Provider Interface for Containers), using this library imply modifications to the server.policy and domain.xml files, in order to add support for SOAP and HttpServlet message security providers.
I've tryed to modify the server.policy in AppServer 8.1/8.2, but I found it's only possible to add support for SOAP message security providers, trying to add HttpServlet mesage security providers makes AppServer crash at the init. How can I add support for HttpServlet message security provider???
library amWebServicesProvider.jar its supposed to be the Policy Agent 2.2 and its currently bundled with Java EE SDK, but the currrent relese of the Policy Agent 2.2 for SJAS 8.1/8.2 does not includes this library. Does someone know where to download this release of Policy Agent and also at least an installation guide???
in the AM side, I'm refering to AM ( shall I say "THE HALF AM" ?) bundled with Java EE SDK I found that many agents are created at the installation time, this agents in combination with the library amWebServicesProvider.jar supposly protect the web services, these agents are not common agents, I'm refering to the agents usually we create following the Policy Agent installation guide where we only put agent name, password, a description (optional) and checkbox Device Status to true, the agents created in "THE HALF AM" are created with a lot of aditional properties despite the fact that Sun Java System Access Manager 7.1 Administration Guide(http://docs.sun.com/app/docs/doc/819-4670/gavwo?a=view)
says that only one property (agentRootURL) is valid and all other properties will be ignored
my real question is:
It's really possible_+ to implement web services security with SAML using AM 7/7.1 +AppServer 8.1/8.2, I mean, using REAL TECHNOLOGIES+_, in the way Securing Identity Web Services tutorial/lab (http://www.javapassion.com/handsonlabs/IdentityWebServices/) do it???
Any help is aprecciated
regards

Hi,
I have installed Glashfish 9.1 and NetBeans 6.0 seperately on Windows XP, and want to configure the Access Manager 7.1 and Policy Agent 2.2 to run the Blue Prints for Secured WebServices.
If I install the Access Manager from jdk15 version of AccessManager7_1RTM from Sun site, AM gets installed properly, but StockQuoteService blueprint not deployed properly (throws exceptions even after configuring the amWebServicesProvider.jar and amclientsdk.jar manually). But the AM documentation refers to the installation for Solaris not for Windows platform. I am not sure my configuration of amWebServicesProvider.jar is valid or not.
I ran the blueprint StockQuoteService and StockQuoteClient successfully with all the variations of WSSecurities when I installed using the "java-tools-bundle-update3-beta-windows.exe" application which installs all the Glashfish, NetBeans, AM, OpenESB, Portal etc and configures automatically after installation and Start of Glasfish server.
I have even tried to install the AM and configure from the "access_manager-7_1-p1-ea-b5" download installer, but it throws "ClassNotFoundException: com.sun.identity.setup.AMSetupFilter" exception when i deployed the amserver.war file.
My requirement is, to run the AccessManager and have secured WebServices working properly when installed individually the Glashfish, AccessManager etc.
Can anyone point me where i get the AccessManager 7.1 for Windows XP, and integrate with Glashfish 9.1, and able to run the blueprints StockQuoteService and StockQuoteClient with SAML and LibertyBeareToken security pofiles.
Thanks in advance for the help,
krishna

Similar Messages

Call a Webservice with SAML securty in PI 7.0

Hi experts,
I need to call a Webservice with SAML security from PI 7.0, Is It possible? or only It is possible with PI 7.1?
Thanks in advance,
Jose Manuel

Hi Jose,
Let me answer your questuion first :
No, using PI 7.0 I dont think its posible..
Below is a brief overview on SAML.
SAML: It stands for Security Assertion Markup Language, it is an XML standard which is used to exchange security information between a service provider and an identity provider.
Why we need it ???
We have a concept called Principal Propagation in PI 7.1, Principal Propagation allows to securely pass the identity of a user from a sender application to a receiver application. There are various adapters and protocols which support the Principal Propagation and one protocol amongst them is the Webservice Reliable Messaging Protocol or WS-RM. Principal Propagation solution for WS-RM protocol is based on SAML and uses the SAML assertions.
There are some video recordings available for configuration and you can view the same as below,
Configure a Trust Relationship between Sender and Integration Server: Exchange sender's digital certificate between sender and Integration Server.
Configure Trusted Issuer: Map user in the Integration Server, and specify issuer. Default issuer is the sender's system ID, default attester is the sender's certificate.
Configure Sender Agreement and Sender Communication Channel: In Integration Directory, select SAML Sender Vouches Assertion as authentication method.
Regards,
Divya

Invalid security error when invoking secure webservice using SAML tokens

I have deployed a JAX-WS webservice using a stateless session bean to wl 10.3.2 that uses a custom policy. The service deploys fine, but weblogic returns an HTTP error 500 with a SOAP fault. The fault states wsse:InvalidSecurity. The webservice security policy reqires SAML holder of key assertions and attributes. I have tried everything from running weblogic with Metro 1.5 to configuring SAML Identity Asserter Providers, etc with no luck. I even tried using the built in SAML 2.0 assymetric holder of key policy. What am I doing wrong? The XML of interest is attached.
Thanks;
-Dave.
*[Sample message from client]*
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
     <S:Header>
          <To xmlns="http://www.w3.org/2005/08/addressing">https://localhost:7002/NHINAdapterDocQuerySecured/AdapterDocQuerySecured</To>
          <Action xmlns="http://www.w3.org/2005/08/addressing">urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage</Action>
          <ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
               <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
          </ReplyTo>
          <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:fec656f8-a2be-4129-8412-34d9453e7cb2</MessageID>
          <wsse:Security S:mustUnderstand="1">
               <wsu:Timestamp xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
                    <wsu:Created>2010-02-24T21:38:56Z</wsu:Created>
                    <wsu:Expires>2010-02-24T21:43:56Z</wsu:Expires>
               </wsu:Timestamp>
               <saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="96cdfb70-91a3-4baf-9da1-3ff07d249926" IssueInstant="2010-02-24T21:38:56.671Z" Version="2.0">
                    <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
                    <saml2:Subject>
                         <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">UID=kskagerb*DoD</saml2:NameID>
                         <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
                              <saml2:SubjectConfirmationData>
                                   <ds:KeyInfo>
                                        <ds:KeyValue>
                                             <ds:RSAKeyValue>
                                                  <ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZiqM1BAFp9F73hMHsNrc=</ds:Modulus>
                                                  <ds:Exponent>AQAB</ds:Exponent>
                                             </ds:RSAKeyValue>
                                        </ds:KeyValue>
                                   </ds:KeyInfo>
                              </saml2:SubjectConfirmationData>
                         </saml2:SubjectConfirmation>
                    </saml2:Subject>
                    <saml2:AuthnStatement AuthnInstant="2009-04-16T13:15:39.000Z" SessionIndex="987">
                         <saml2:SubjectLocality Address="158.147.185.168" DNSName="cs.myharris.net"/>
                         <saml2:AuthnContext>
                              <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
                         </saml2:AuthnContext>
                    </saml2:AuthnStatement>
                    <saml2:AttributeStatement>
                         <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
                              <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Karl S Skagerberg</saml2:AttributeValue>
                         </saml2:Attribute>
                         <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
                              <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">InternalTest2</saml2:AttributeValue>
                         </saml2:Attribute>
                         <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
                              <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
                         </saml2:Attribute>
                         <saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
                              <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
                         </saml2:Attribute>
                         <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
                              <saml2:AttributeValue>
                                   <hl7:Role xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="307969004" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Public Health" xsi:type="hl7:CE"/>
                              </saml2:AttributeValue>
                         </saml2:Attribute>
                         <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
                              <saml2:AttributeValue>
                                   <hl7:PurposeForUse xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Use or disclosure of Psychotherapy Notes" xsi:type="hl7:CE"/>
                              </saml2:AttributeValue>
                         </saml2:Attribute>
                         <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
                              <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">500000000^^^&1.1&ISO</saml2:AttributeValue>
                         </saml2:Attribute>
                    </saml2:AttributeStatement>
                    <saml2:AuthzDecisionStatement Decision="Permit" Resource="https://158.147.185.168:8181/SamlReceiveService/SamlProcessWS">
                         <saml2:Action Namespace="urn:nhin:names:hl7:rbac:4.00:operation">EXECUTE</saml2:Action>
                         <saml2:Evidence>
                              <saml2:Assertion ID="40df7c0a-ff3e-4b26-baeb-f2910f6d05a9" IssueInstant="2009-04-16T13:10:39.093Z" Version="2.0">
                                   <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=Harris,O=HITS,L=Melbourne,ST=FL,C=US</saml2:Issuer>
                                   <saml2:Conditions NotBefore="2009-04-16T13:10:39.093Z" NotOnOrAfter="2010-12-31T12:00:00.000Z"/>
                                   <saml2:AttributeStatement>
                                        <saml2:Attribute Name="AccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
                                             <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Ref-1234</saml2:AttributeValue>
                                        </saml2:Attribute>
                                        <saml2:Attribute Name="InstanceAccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
                                             <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Instance-1</saml2:AttributeValue>
                                        </saml2:Attribute>
                                   </saml2:AttributeStatement>
                              </saml2:Assertion>
                         </saml2:Evidence>
                    </saml2:AuthzDecisionStatement>
                    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                         <ds:SignedInfo>
                              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                              <ds:Reference URI="#96cdfb70-91a3-4baf-9da1-3ff07d249926">
                                   <ds:Transforms>
                                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                   </ds:Transforms>
                                   <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                   <ds:DigestValue>VnukKqb4Bt1KWDKfy8SDfk1Hp2s=</ds:DigestValue>
                              </ds:Reference>
                         </ds:SignedInfo>
                         <ds:SignatureValue>DUwjh/H3XSfUG250rTlLdihstDXY1+qkY9GaY81Iu7Ag4MgoGvGBrGjZOJ7YnssPdrqUGiURxf6k
IBH7vaeXk24XvXP3F85WP9nBm+2M4BvGTplgOmAo0yuwze+90FvwILzFNmmX/tvy3QKTDHlh1rEx
/Jqfm6q/56WW1suAbRY=</ds:SignatureValue>
                         <ds:KeyInfo>
                              <ds:KeyValue>
                                   <ds:RSAKeyValue>
                                        <ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l
0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZ
iqM1BAFp9F73hMHsNrc=</ds:Modulus>
                                        <ds:Exponent>AQAB</ds:Exponent>
                                   </ds:RSAKeyValue>
                              </ds:KeyValue>
                         </ds:KeyInfo>
                    </ds:Signature>
               </saml2:Assertion>
               <ds:Signature xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" Id="_2">
                    <ds:SignedInfo>
                         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                              <exc14n:InclusiveNamespaces PrefixList="wsse S"/>
                         </ds:CanonicalizationMethod>
                         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                         <ds:Reference URI="#_1">
                              <ds:Transforms>
                                   <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                        <exc14n:InclusiveNamespaces PrefixList="wsu wsse S"/>
                                   </ds:Transform>
                              </ds:Transforms>
                              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                              <ds:DigestValue>oo99UrPhAcwla4Qbkdd9jAPn0cE=</ds:DigestValue>
                         </ds:Reference>
                    </ds:SignedInfo>
                    <ds:SignatureValue>ds4vqts8uCdJcNGo0uTPzId5UBX+GVrdztQPv823c1Zy9ZZGSfQC/GsBPM/EMbFInDPFsyT4e1QYZMCzmqLYnifWHlDQJb7oMJBokafavAqZda1B55Zzh3TSm6BqKWtB/DX17d6rLx/HPiLNZ9qsBfuGn3aTlUCpNsYA8ObBtp8=</ds:SignatureValue>
                    <ds:KeyInfo>
                         <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
                              <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">96cdfb70-91a3-4baf-9da1-3ff07d249926</wsse:KeyIdentifier>
                         </wsse:SecurityTokenReference>
                    </ds:KeyInfo>
               </ds:Signature>
          </wsse:Security>
     </S:Header>
     <S:Body>
          <ns3:AdhocQueryRequest xmlns:ns2="urn:gov:hhs:fha:nhinc:gateway:samltokendata" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns4="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns5="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0" maxResults="-1" startIndex="0" federated="false">
               <ns3:ResponseOption returnComposedObjects="true" returnType="LeafClass"/>
               <ns4:AdhocQuery home="urn:oid:2.16.840.1.113883.4.349" id="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d">
                    <ns4:Slot name="$XDSDocumentEntryStatus">
                         <ns4:ValueList>
                              <ns4:Value>('urn:oasis:names:tc:ebxml-regrep:StatusType:Approved')</ns4:Value>
                         </ns4:ValueList>
                    </ns4:Slot>
                    <ns4:Slot name="$XDSDocumentEntryPatientId">
                         <ns4:ValueList>
                              <ns4:Value>'1012581676V377802^^^&2.16.840.1.113883.4.349&ISO'</ns4:Value>
                         </ns4:ValueList>
                    </ns4:Slot>
               </ns4:AdhocQuery>
          </ns3:AdhocQueryRequest>
     </S:Body>
</S:Envelope>
*[Response from server:]*
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
     <env:Body>
          <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
               <faultcode>wsse:InvalidSecurity</faultcode>
               <faultstring>weblogic.xml.crypto.api.MarshalException: weblogic.xml.dom.marshal.MarshalException: Failed to unmarshal {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}SecurityTokenReference, no SecurityTokenReference factory found for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier ValueType: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID</faultstring>
          </env:Fault>
     </env:Body>
</env:Envelope>
*[webservice WSDL]*
<?xml version="1.0" encoding="UTF-8"?>

<definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:tns="urn:gov:hhs:fha:nhinc:adapterdocquerysecured"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:query="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
xmlns:plnk="http://docs.oasis-open.org/wsbpel/2.0/plnktype"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsaws="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:vprop="http://docs.oasis-open.org/wsbpel/2.0/varprop"
xmlns:sxnmp="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/NMProperty"
name="AdapterDocQuerySecured"
targetNamespace="urn:gov:hhs:fha:nhinc:adapterdocquerysecured">
<documentation>Adapter Document Query</documentation>
<types>
<xsd:schema>
<xsd:import namespace="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
schemaLocation="../schemas/ebRS/query.xsd"/>
<xsd:import namespace="urn:gov:hhs:fha:nhinc:gateway:samltokendata"
schemaLocation="../schemas/nhinc/gateway/SamlTokenData.xsd"/>
</xsd:schema>
</types>
<message name="RespondingGateway_CrossGatewayQueryRequestMessage">
<part name="body"
element="query:AdhocQueryRequest"/>
</message>
<message name="RespondingGateway_CrossGatewayQueryResponseMessage">
<part name="body"
element="query:AdhocQueryResponse"/>
</message>
<portType name="AdapterDocQuerySecuredPortType">
<operation name="RespondingGateway_CrossGatewayQuery">
<input name="RespondingGateway_CrossGatewayQueryRequest"
message="tns:RespondingGateway_CrossGatewayQueryRequestMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage"/>
<output name="RespondingGateway_CrossGatewayQueryResponse"
message="tns:RespondingGateway_CrossGatewayQueryResponseMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryResponseMessage"/>
</operation>
</portType>
<binding name="AdapterDocQuerySecuredBindingSoap11" type="tns:AdapterDocQuerySecuredPortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_SoapPolicy"/>
<operation name="RespondingGateway_CrossGatewayQuery">
<soap:operation soapAction="urn:RespondingGateway_CrossGatewayQuery"/>
<input name="RespondingGateway_CrossGatewayQueryRequest">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Input_Policy"/>
</input>
<output name="RespondingGateway_CrossGatewayQueryResponse">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Output_Policy"/>
</output>
</operation>
</binding>
<service name="AdapterDocQuerySecured">
<port name="AdapterDocQuerySecuredPortSoap11"
binding="tns:AdapterDocQuerySecuredBindingSoap11">
<soap:address
location="https://localhost:7002/NHINAdapterDocQuerySecured" />
</port>
</service>

<vprop:property name="action" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:action"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>action</vprop:query>
</vprop:propertyAlias>

<vprop:property name="resource" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:resource"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>resource</vprop:query>
</vprop:propertyAlias>

<vprop:property name="purposeForUseRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseRoleCode</vprop:query>
</vprop:propertyAlias>

<vprop:property name="purposeForUseCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystem</vprop:query>
</vprop:propertyAlias>

<vprop:property name="purposeForUseCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystemName</vprop:query>
</vprop:propertyAlias>

<vprop:property name="purposeForUseDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseDisplayName</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userFirstName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userFirstName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userFirstName</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userMiddleName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userMiddleName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userMiddleName</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userLastName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userLastName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userLastName</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userName</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userOrganization" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userOrganization"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userOrganization</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCode</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userRoleCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystem</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userRoleCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystemName</vprop:query>
</vprop:propertyAlias>

<vprop:property name="userRoleCodeDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeDisplayName</vprop:query>
</vprop:propertyAlias>

<vprop:property name="expirationDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:expirationDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>expirationDate</vprop:query>
</vprop:propertyAlias>

<vprop:property name="signDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:signDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>signDate</vprop:query>
</vprop:propertyAlias>

<vprop:property name="contentReference" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:contentReference"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>contentReference</vprop:query>
</vprop:propertyAlias>

<vprop:property name="content" type="xsd:base64Binary"/>
<vprop:propertyAlias propertyName="tns:content"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>content</vprop:query>
</vprop:propertyAlias>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_SoapPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
<sc:KeyStore wspp:visibility="private"
aliasSelector="gov.hhs.fha.nhinc.callback.KeyStoreServerAliasSelector"
callbackHandler="gov.hhs.fha.nhinc.callback.KeyStoreCallbackHandler"/>
<sc:TrustStore wspp:visibility="private"
callbackHandler="gov.hhs.fha.nhinc.callback.TrustStoreCallbackHandler"/>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:RequireClientCertificate/>
</wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:SamlToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssSamlV20Token11/>
</wsp:Policy>
</sp:SamlToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<plnk:partnerLinkType name="AdapterDocQuerySecured">

<plnk:role name="AdapterDocQuerySecuredPortTypeRole"
portType="tns:AdapterDocQuerySecuredPortType"/>
</plnk:partnerLinkType>
</definitions>
Edited by: dvazquez1027 on Feb 25, 2010 5:10 PM
Edited by: dvazquez1027 on Feb 25, 2010 5:22 PM

Hi
yes, I had the same issue and I found a solution.
You need to request a patch for BUG 9212862 (already corrected in WLS 10.3.3) and do the follwing:
javax.xml.ws.BindingProvider provider = (javax.xml.ws.BindingProvider)port;
java.util.Map context = provider.getRequestContext();
context.put(weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_PREFERENCE, weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_MSFT);
This will cause the SecurityMessageArchitect class of WLS to not send the SecurityTokenReference in the Soap security header.
Please note that is evidently a non-comformity to the specs of microsoft:
Please give a look at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf (8.3 Signing Tokens)
and also at:
http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
(3.4 Identifying and Referencing Security Tokens)
A SAML key identifier reference MUST be used for all (local and remote) references to SAML 1.1
assertions. [...]
All conformant implementations MUST be able to process SAML assertion references occurring in a
<wsse:Security> header or in a header element other than a signature to acquire the corresponding
assertion. A conformant implementation MUST be able to process any such reference independent of the
confirmation method of the referenced assertion.
It follows that the .NET 3.5 is a non conformat implementation: I would gladly know which is the position of Microsoft on that.
ciao
carlo

How to develop a webservice with SAML on Weblogic 8.1

I will develop some webservices on Weblogic 8.1. On the security part, we will
use SAML. Is there somebody who can tell me how to do it? Do I need third party
product? And where I can find samples?
Thanks.
Jian

I will develop some webservices on Weblogic 8.1. On the security part,
we will use SAML. Is there somebody who can tell me how to do it? Do I
need third party product? And where I can find samples?Currently, we don't offer any support for SAML in WLS -- so you would
have to use a third party product. Depending on how you want to use it,
you may be able to use a third party product to create a handler for your
service or client.
However, if you want to use the handler in the server to set the subject
for the invoke, the handler architecture will prevent you from doing
this -- the API you use to set the user
(weblogic.security.service.SecurityManager.runAs() -- see
http://edocs.bea.com/wls/docs81/javadocs/weblogic/security/service/SecurityManager.html)
cannot be successfully used in handler methods. If you wish to do this,
I'm afraid the only way we have to support this is to use a servlet filter.
-Pete

Securing WebService with Basic Security Profile

Hi,
I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

Hi,
I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

Using SAML secured webservice in ADF Application

I am looking for some tutorial/docs to use SAML secured webservice in ADF application. In my adf application, I am using the webservices using WebProxy and WebServiceDataControls.
Any pointers in this direction will be helpful.
Thanks,
Rajdeep

Take a look at the following blog posts - which provides some information regarding the SAML security in ADF
http://biemond.blogspot.com/2009/05/sso-with-saml-adf-security.html
http://biemond.blogspot.com/2009/05/sso-with-weblogic-103-and-saml.html
Thanks,
Navaneeth

Web Service Security with SAML - Invalid XML signature

Hello together,
we want to build a scenario where we want to use Web Service Security with SAML.
The scenario will be
WS Client (Java Application) -> WS Adapter -> Integration Engine -> WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
SAP PI release is 7.11 (SP Level 4)
We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
But we get following error at calling the CRM system when we want to communicate with SAML:
<E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
Has somebody an idea of the possible reason for the error.
Thanks in advance
Stefan

Error Messages in the Trace/Log Viewer:
CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48 with internal error id 1001 and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1 ).
Invalid XML signature

WS security on webservices with JAX-WS Provider Interface

Hi Experts:
I have developed webservices with JAX-WS Provider Interface (WSProvider),it gives message level handling and also eliminates POJOs for user defined types; but how to add operation level Weblogic security policy on such services ?
In my Weblogic console, I can see the endpoint of the service, and my services has at least 10 operations as defined in the WSDL, but I do not see operations details in the server console when I try to attach Weblogic security policy; so how do I add security rule to decide which operation is allowed by which user?
am I missing something? or this is not possible ? I am using WSProvider Interface and wondering is any issue because of that? Or my operations should be visible regards of any JAX-WS standards implementation ?
Thanks in advance!

appaerently with the switch to the oc4j ws providers - a regression was introduced - bug 5665917 ... which is to be fixed for 10.1.3.3 ..
pls contact oracle support to retrieve the patch ..
/clemens

RFC- WebServices with Security Features

Hi
I have to execute one scenario RFC - WebServices with security features. Kindly let me know where or how can I implement the secuirty features in this scenario. Any documentation/blog/ thread are welcome to undestand about implemeting the secuirty features for this scenario.
Regards
Ramesh

Hi Ramesh,
Check this:
http://help.sap.com/saphelp_nwpi71/helpdata/en/45/504971f7a708d2e10000000a11466f/frameset.htm
http://help.sap.com/saphelp_nwpi71/helpdata/en/87/0827a8d6e04a2a8f822f9c51fa7ef2/frameset.htm
and
http://help.sap.com/saphelp_nwpi71/helpdata/en/37/1a9b6a338cca448508f3a48d2d1e2d/frameset.htm
Regards,
Ravi Kanth Talagana

Call secure RestFul WebService with basic authorization via https

Hi,
is there a way to call a secure RestFul WebService with basic authorization via https from APEX?
Database: Oracle 11g XE
APEX: 4.2.1
I have a solution by calling the WebService from Java which was called from the database via scheduled job (execute).
As my hosting partner does not support Java I am looking for another option.
Regards
Markus

Hi,
I think its not possible, in this link you can find in more detail why.
Its related with the use of wallets to acess https requests.
http://www.apexninjas.com/blog/2011/06/https-access-with-utl_http-on-oracle-xe-has-anyone-managed-to-do-this/
Edit: Because you are using Oracle XE
Edited by: carlos.pereira on Jan 23, 2013 6:15 PM

XML error when Crystal report calling Webservice with Rampart (ws-security)

Could you please advise me where I am doing wrong -
I have designed the report using CR 2008 following a SAP document instructions but getting error. -
1. Created a Class file and put it in the class folder -
public class PasswordHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback pwcb = (WSPasswordCallback)callbacks<i>; pwcb.setPassword("clientPassword"); return; } } -
2. created wse_policy.xml with below content clientName com.rockalltech.action.reports.PasswordHandler -
3.Also modified CRConfig.xml with below data com.PasswordHandler -
Still I am getting Rampart error like below -
[2009-06-02 18:04:26,977,,FATAL,com.crystaldecisions.data.xml] org.apache.axis2.AxisFault: org.apache.rampart.Rampart at org.apache.axis2.deployment.URLBasedAxisConfigurator.getAxisConfiguration(URLBasedAxisConfigurator.java:77) at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:64) at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromURIs(ConfigurationContextFactory.java:190) at com.crystaldecisions.data.xml.a.b.a(Unknown Source) at com.crystaldecisions.data.xml.a.a.a(Unknown Source) at com.crystaldecisions.data.xml.f.a(Unknown Source) at com.crystaldecisions.data.xml.f.int(Unknown Source) at com.crystaldecisions.data.xml.CRDB_XMLImpl.DbExecuteQuery(Unknown Source) at com.crystaldecisions.reports.queryengine.driverImpl.xml.XMLQueryDefinition.Execute(Unknown Source) Thomas Edited by: thomasjv on Jun 2, 2009 7:15 PM Edited by: thomasjv on Jun 3, 2009 10:45 AM Edited by: thomasjv on Jun 3, 2009 10:45 AM Edited by: thomasjv on Jun 3, 2009 10:46 AM

Hi!
Thanks for the help:
- I give all proxy details. In HTTP and HTTPS proxy tabs too.
one interesting thing:
- We publicate the same WebService with HTTP and HTTPS prefix.
- If I create a proxy for the WS with HTTP, everything is correct and works well.
- If I create a proxy for the WS with HTTPS, gives the error written the previous posts. (And can't create the logical port with SOAMANAGER)
I compare the 2 WSDL. It is the same, except the links. (HTTP and HTTPS) all others are same.
- And why it is possible in both case (HTTP, HTTPS) to create the proxy with SE80 from the WSDL URL? (And after the logical port was failed)

Oracle SOA Suite 10.1.3.1: Invoke a secure webservice

Hi,
How can i invoke a secure Webservice (the webservice is implemented as a Security Token Service that accepts RST messages and replies with RSTR messages [ws-trust]) using BPEL and OWSM (Oracle SOA Suite 10.1.3.1) .
The Service authenticates the user by verifying the validity of the user’s (client) X.509 certificate und return a saml assertion. This assertion confirms the user’s identity, and the successful authentication process.
Any approcahes or Ideas how to implement this?
thanks in advance
Pat

Hi,
How can i invoke a secure Webservice (the webservice is implemented as a Security Token Service that accepts RST messages and replies with RSTR messages [ws-trust]) using BPEL and OWSM (Oracle SOA Suite 10.1.3.1) .
The Service authenticates the user by verifying the validity of the user’s (client) X.509 certificate und return a saml assertion. This assertion confirms the user’s identity, and the successful authentication process.
Any approcahes or Ideas how to implement this?
thanks in advance
Pat

Problem when adding ABAP custom webservice with Visual Studio 2010

Hi All,
After creating a webservice for a custom RFC function developed in a ECC6.0 SAP machine, I tried to add it to a Visual Studio 2010 windows aplication (through a web reference connection).
The sequence I've done is:
- Create RFC in ABAP, with testing ok
- Create a WEBSERVICE with the ABAP editor
- Configured the webservice with SICF with:
     Procedure: Standard
     Logon data: standard R3 user
     Security requirement: Standard
     Authentication: Standard SAP User
Then, in SOAMANAGER I copied the webservice URL and tried to add it to Visual Studio 2010, but it keeps asking me the user and password. I try to supply the R3 username and password but if fails.
Why is ECC6.0 asking the user and passord if I've defined a SAP user for the login process?
Is there any way to disable this?
Thanks,
Manuel Dias

Hello Manuel,
You can use the following code:
CredentialCache cache = new CredentialCache();
      cache.Add(new Uri("WEBSERVICEURL:PORTNUMBER/"), "Basic", new NetworkCredential("USERNAME", "PASSWORD"));
SAP needs a password.
Kind regards,
JK

Calling secured webservice from java

Hi Experts,
I am trying to call a secured webservice from java.
I got the code to call a non secured web service in java.
What changes do i need to do in this to call a secured webservice.
Please help me.
Thank you
Regards
Gayaz
calling unsecured webservice
package wscall1;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.StringBufferInputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.Writer;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.Permission;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.serialize.OutputFormat;
import org.apache.xml.serialize.XMLSerializer;
import org.w3c.css.sac.InputSource;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
public class WSCall2 {
public WSCall2() {
super();
public static void main(String[] args) {
try {
WSCall2 ss = new WSCall2();
System.out.println(ss.getWeather("Atlanta"));
} catch (Exception e) {
e.printStackTrace();
public String getWeather(String city) throws MalformedURLException, IOException {
//Code to make a webservice HTTP request
String responseString = "";
String outputString = "";
String wsURL = "https://ewm52rdv:25100/Saws/SawsService";
URL url = new URL(wsURL);
URLConnection connection = url.openConnection();
HttpURLConnection httpConn = (HttpURLConnection)connection;
ByteArrayOutputStream bout = new ByteArrayOutputStream();
//Permission p= httpConn.getPermission();
String xmlInput =
"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ser=\"http://www.ventyx.com/ServiceSuite\">\n" +
" <soapenv:Header>\n" +
"     <soapenv:Security>\n" +
" <soapenv:UsernameToken>\n" +
" <soapenv:Username>sawsuser</soapenv:Username>\n" +
" <soapenv:Password>sawsuser1</soapenv:Password>\n" +
" </soapenv:UsernameToken>\n" +
" </soapenv:Security>" + "</soapenv:Header>" + " <soapenv:Body>\n" +
" <ser:GetUser>\n" +
" <request><![CDATA[<?xml version=\"1.0\" encoding=\"UTF-8\"?> \n" +
            "                        <GetUser xmlns=\"http://www.ventyx.com/ServiceSuite\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" +
            "                        <UserId>rs24363t</UserId>\n" +
            "                        </GetUser>]]>\n" +
" </request>\n" +
" </ser:GetUser>\n" +
" </soapenv:Body>\n" +
"</soapenv:Envelope>";
byte[] buffer = new byte[xmlInput.length()];
buffer = xmlInput.getBytes();
bout.write(buffer);
byte[] b = bout.toByteArray();
String SOAPAction = "GetUser";
// Set the appropriate HTTP parameters.
httpConn.setRequestProperty("Content-Length", String.valueOf(b.length));
httpConn.setRequestProperty("Content-Type", "text/xml; charset=utf-8");
httpConn.setRequestProperty("SOAPAction", SOAPAction);
// System.out.println( "opening service for [" + httpConn.getURL() + "]" );
httpConn.setRequestMethod("POST");
httpConn.setDoOutput(true);
httpConn.setDoInput(true);
OutputStream out = httpConn.getOutputStream();
//Write the content of the request to the outputstream of the HTTP Connection.
out.write(b);
out.close();
//Ready with sending the request.
//Read the response.
InputStreamReader isr = new InputStreamReader(httpConn.getInputStream());
BufferedReader in = new BufferedReader(isr);
//Write the SOAP message response to a String.
while ((responseString = in.readLine()) != null) {
outputString = outputString + responseString;
//Parse the String output to a org.w3c.dom.Document and be able to reach every node with the org.w3c.dom API.
Document document = parseXmlFile(outputString);
NodeList nodeLst = document.getElementsByTagName("User");
String weatherResult = nodeLst.item(0).getTextContent();
System.out.println("Weather: " + weatherResult);
//Write the SOAP message formatted to the console.
String formattedSOAPResponse = formatXML(outputString);
System.out.println(formattedSOAPResponse);
return weatherResult;
public String formatXML(String unformattedXml) {
try {
Document document = parseXmlFile(unformattedXml);
OutputFormat format = new OutputFormat(document);
format.setIndenting(true);
format.setIndent(3);
format.setOmitXMLDeclaration(true);
Writer out = new StringWriter();
XMLSerializer serializer = new XMLSerializer(out, format);
serializer.serialize(document);
return out.toString();
} catch (IOException e) {
throw new RuntimeException(e);
private Document parseXmlFile(String in) {
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
InputSource is = new InputSource(new StringReader(in));
InputStream ins = new StringBufferInputStream(in);
return db.parse(ins);
} catch (ParserConfigurationException e) {
throw new RuntimeException(e);
} catch (SAXException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (Exception e) {
throw new RuntimeException(e);
static {
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
if (hostname.equals("ewm52rdv")) {
return true;
return false;
}

Gayaz wrote:
What we are trying is we are invoking webservice by passing SOAP request and we will get soap response back.I understand what you're trying to do, the problem is with tools you're using it will take a while for you do anything a little away from the trivial... Using string concatenation and URL connection and HTTP post to call webservices is like to use a hand drill... It may work well to go through soft wood, but it will take a lot of effort against a concrete wall...
JAX-WS and JAXB and annotations will do everything for you in a couple of lines and IMHO you will take longer to figure out how to do everything by hand than to learn those technologies... they are standard java, no need to add any additional jars...
That's my thought, hope it helps...
Cheers,
Vlad

Calling A Secured webservice using Username and password in the Soap header

I want to call a secured webservice.
The Username and password should be sent with the payload in the SOAP Header
as
<wsse:Security S:mustunderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="SecurityToken-XXXXXXXXXXXXXXXXXXXXXXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>uname</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Can you please send me the steps?
I tried with giving the username and password under Service Account.
I tried to create a wspolicy under business service. But nothing works...
Please help me at the earliest.
Also please give me steps in sequence.

Now i made sure that the endpoint is available!
Now am getting this error:
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>BEA-380002: localhost1</faultstring>
<detail>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380002</con:errorCode>
<con:reason>localhost1</con:reason>
<con:location>
<con:node>RouteNode1</con:node>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
</detail>
</soapenv:Fault>
Also in the invocation trace i can observe the following things:
Under Invocation Trace:-
========================
     Receiving request =====> Initial Message context
     ===============================================
     under added header:-
     ==================
     <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
     </soap:Header>
     under RouteNode1
================
     Route to "TargetMyService_BS"
$header (request):-
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
Under Message Context changes:-
*===============================*
I can find this element also:-
con:security>
*<con:doOutboundWss>false</con:doOutboundWss>*
*</con:security>*
eventhough we enabled ws security, how the above tag can be false?
I think its getting failed to populate the header with the required login credentials.
The other doubt i have is:-
=================
I have chosen the service account type is static...is this right?

Securing webservices with SAML

Similar Messages

Maybe you are looking for