Service security using SOAP request

Hi,
I need to create 2 services with SOAP request using one with X.509 Authentication and other with X.509 Encryption.
The receiver side is the RFC adapter.
Please let me know how to go about in PI7.0 or PI7.1
Regards,
Kevin

U will have to first enable SSL on the XI server using one of the following two modes:
http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
SSL can be enabled as shown
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
Then configure the system to use X.509 certificates
http://help.sap.com/saphelp_nw04/helpdata/en/a8/d9d53a9aa9e933e10000000a114084/frameset.htm
Regards,
Prateek

Similar Messages

Web Service posting via SOAP.request - Security settings prevent access...

I'm trying to call a web service via the SOAP.request object in javascript embedded into my Interactive Form. I've successfully done this with SAP NetWeaver 7.0 trial version however now I'm having this issue on a production setup. The PDF generates fine and I can fill out the form and everything. I checked the properties of both PDF documents (one that works from the trial and one that doesn't from the prod box) and they are the same, expect the one that works is PDF Version 1.6, and the one that doesn't is PDF Version 1.7.
Here's the client-side error:
Acrobat EScript Built-in Functions Version 8.0
Acrobat Annotations / Collaboration Built-in Functions Version 8.0
Acrobat Annotations / Collaboration Built-in Wizard Functions Version 8.0
Acrobat Multimedia Version 8.0
Acrobat SOAP 8.0
NotAllowedError: Security settings prevent access to this property or method.
SOAP.request:31:XFA:data[0]:mainform[0]:btnRelease[0]:click
Here's the snippet of JavaScript code:
var response = SOAP.request();
Here are the security properties of the malfunctioning PDF:
Security Method: No Security
Can be Opened By: All versions of Acrobat
Printing: Allowed
Document Assembly: Not Allowed
Content Copying: Allowed
Content Copying for Accessibility: Allowed
Page Extraction: Not Allowed
Commenting: Allowed
Filling of form fields: Allowed
Signing: Allowed
Creation of Template Pages: Allowed
How do I determine what the culprit is?

Michael,
PDF Version 1.6 means Adobe Reader 7.0.x family and PDF version 1.7 means Adobe Reader 8.0.x or 9.0.x if I am not wrong.
Also if you check LiveCycle Designer Help (Using LiveCycle Designer ES > Working with Data Sources > About data sources > Working with data connections) it clearly says that with LiveCycle Designer 8.0 secured web services are not supported and there are additional security settings for Reader 8.0 onwards, that may be causing the issue.
Chintan

Web Service Security using OpenSSO

Hi,
I have a question regarding the usage of the OpenSSO in order to secure web services.
I have read the documentation and it states the OpenSSO enables web service security.
However, in the docs the main scenario is where the WSC and WSP are protected by the agent.
In my scenario, I would like to use agents only on the WSP side, but leave the implementation of the client side open to the partners. Partners will have the interface from the OpenSSO for the authentication and saml token retrieval. The client will have to create soap by itself. This is the case since the WSC are to be standalone applications on client computers.
To set the actual question; what are web service interfaces that OpenSSO as a STS offers for authentication and saml token issuance. Is there same sort of a referential architecture for this case where only the STS and WSP can be configured and the WSC implementation of the WSS left to the partner. Any pointers and directions would be appreciated.
Thanks!

Hi
Thanks for your reply
I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
paul

Web Service Options - Editing SOAP request Options

I am trying to invoke a Web Service using Adobe LiveCycle ->
Foundation -> Web Service.
In the Web Service Options editor, while giving the SOAP request, I
would want to be able to manipulate the data I send in the SOAP
request.
For example, I have a input Request XML which is in process_data [and
which is the incoming request from Flex]. I am reading data from that
XML and setting it to a corresponding tag in the SOAP request. I want
to be able to have this feature wherein I dont include a tag at all in
the SOAP request of I see that the corresponding tag in Request XML is
empty.
So if there is a tag in Request [empty tag], I dont
want to include the ContactName tag at all in the SOAP request.
Meaning, I dont want to send an empty tag or a tag with NULL value. I
want to delete that tag altogether in the SOAP request.
Any ideas how I can go about this?
Thanks!

You can try making the whole SOAP Request a varibale of type XML. Then use a setValue before the web service call and built it the way you want.
Jasmin

Call web service (multipart MIME soap request) using pl/sql (utl_http)

I've the following header and http request.
POST http://deab/DexNETWebServices_4_0_0_4/LoginService.svc HTTP/1.1
MIME-Version: 1.0
Content-Type: multipart/related; type="application/xop+xml";start="<http://tempuri.org/0>";boundary="uuid:e4c19840-745d-45b2-90ca-12d71be4cfd9+id=1";start-info="application/soap+xml"
VsDebuggerCausalityData: uIDPo5F/qXRc4YJImqB6Ard30cQAAAAAAjIXinpIVUulXLJOsSG7yyv7Lf2yHgpHlIxvc6oeqaAACQAA
Host: deab
Content-Length: 1017
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
--uuid:e4c19840-745d-45b2-90ca-12d71be4cfd9+id=1
Content-ID: <http://tempuri.org/0>
Content-Transfer-Encoding: 8bit
Content-Type: application/xop+xml;charset=utf-8;type="application/soap+xml"
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/ILoginService/LoginByUserName</a:Action><a:MessageID>urn:uuid:cf410a05-23d4-4b92-a22c-329cbc19fbe7</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">http://deab/DexNETWebServices_4_0_0_4/LoginService.svc</a:To></s:Header><s:Body><LoginByUserName xmlns="http://tempuri.org/"><systemId>19e0ddb4-5fa5-41ee-b624-aea762865a6c</systemId><strName>FirmwareUpdateLogQueryWorker</strName><productId>0af39a3e-6549-485b-872f-b73413203998</productId><password>abc</password></LoginByUserName></s:Body></s:Envelope>
--uuid:e4c19840-745d-45b2-90ca-12d71be4cfd9+id=1--
I'm using the following code to set the header from PL/SQL and call the request. But UTL_HTTP.get_response returns the error 400 Bad Request.
DECLARE
   l_request         CLOB;
   l_http_req        UTL_HTTP.req;
   l_http_resp       UTL_HTTP.resp;
   v_buffer          VARCHAR2 (32767);
   p_status_code     NUMBER (9);
   p_error_message   VARCHAR2 (32767);
   p_response        CLOB;
BEGIN
l_request :=
            '--uuid:e4c19840-745d-45b2-90ca-12d71be4cfd9+id=1'
         || CHR (13)
         || 'Content-ID: <http://tempuri.org/0>'
         || CHR (13)
         || 'Content-Transfer-Encoding: 8bit'
         || CHR (13)
         || 'Content-Type: application/xop+xml;charset=utf-8;type="application/soap+xml"'
         || CHR (13)
         || CHR (13)
         || '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/ILoginService/LoginByUserName</a:Action><a:MessageID>urn:uuid:cf410a05-23d4-4b92-a22c-329cbc19fbe7</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">http://deab/DexNETWebServices_4_0_0_4/LoginService.svc</a:To></s:Header><s:Body><LoginByUserName xmlns="http://tempuri.org/"><systemId>'
         || '19e0ddb4-5fa5-41ee-b624-aea762865a6c'
         || '</systemId><strName>'
         || 'FirmwareUpdateLogQueryWorker'
         || '</strName><productId>'
         || '0af39a3e-6549-485b-872f-b73413203998'
         || '</productId><password>'
         || 'abc'
         || '</password></LoginByUserName></s:Body></s:Envelope>'
         || CHR (13)
         || '--uuid:e4c19840-745d-45b2-90ca-12d71be4cfd9+id=1--';
      DBMS_OUTPUT.put_line ('request ' || l_request);
      l_http_req := UTL_HTTP.begin_request ('http://deab/DexNETWebServices_4_0_0_4/LoginService.svc', 'POST', 'HTTP/1.1');
      UTL_HTTP.set_header (l_http_req, 'MIME-Version', '1.0');
      UTL_HTTP.set_header (
         l_http_req,
         'Content-Type',
         'multipart/related; type="application/xop+xml";start="<http://tempuri.org/0>";boundary="uuid:e4c19840-745d-45b2-90ca-12d71be4cfd9+id=1";start-info="application/soap+xml"');
      --      UTL_HTTP.set_header (l_http_req, 'Content-ID', '<http://tempuri.org/0>');
      --      UTL_HTTP.set_header (l_http_req, 'Content-Transfer-Encoding', '8bit');
      UTL_HTTP.set_header (
         l_http_req,
         'VsDebuggerCausalityData',
         'uIDPo5F/qXRc4YJImqB6Ard30cQAAAAAAjIXinpIVUulXLJOsSG7yyv7Lf2yHgpHlIxvc6oeqaAACQAA');
      UTL_HTTP.set_header (l_http_req, 'Content-Length', LENGTH (l_request));
      --                  UTL_HTTP.set_header (l_http_req,
      --                                       'SOAPAction',
      --                                       'http://tempuri.org/ILoginService/LoginByUserName');
      UTL_HTTP.write_text (l_http_req, l_request);
      DBMS_LOB.createtemporary (p_response, FALSE);
      l_http_resp := UTL_HTTP.get_response (l_http_req);
   BEGIN
      LOOP
         UTL_HTTP.read_text (l_http_resp, v_buffer, 32767);
         DBMS_OUTPUT.put_line (v_buffer);
         DBMS_LOB.writeappend (p_response, LENGTH (v_buffer), v_buffer);
      END LOOP;
   EXCEPTION
      WHEN UTL_HTTP.end_of_body
      THEN
         NULL;
   END;
   UTL_HTTP.end_response (l_http_resp);
   p_status_code := l_http_resp.status_code;
   p_error_message := l_http_resp.reason_phrase;
   p_response := REPLACE (p_response, '<', '<');
   p_response := REPLACE (p_response, '>', '>');
   DBMS_OUTPUT.put_line (
      'Status: ' || p_status_code || '-' || p_error_message || ': ' || p_response);
END;
Thank you for your help on this.

HI Michiel
I am also trying to achieve something similar to that. I am trying to call a web service that sends an xml attachment over MTOM? Kindly, let me know if this was achievable from your end? I mean how did the issue got resolved.
thanks
vijay

Web Services Security using JDeveloper 10.1.3.1

Hi,
I would need some tutorial to secure a web service using X.509 Digital Certificate. I could find a tutorial on Text Password but not X.509.
In fact i tried X.509 with a sample web service but getting following error. So any tutorial on this would be great helpful..Thanks
oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: An invalid token was provided
     at oracle.security.wss.interceptors.AbstractSecurityInterceptor.throwSOAPFaultException(AbstractSecurityInterceptor.java:225)
     at oracle.security.wss.interceptors.AbstractSecurityInterceptor.handleOutbound(AbstractSecurityInterceptor.java:199)
     at oracle.security.wss.interceptors.ClientInterceptor.handleRequest(ClientInterceptor.java:48)
     at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:124)
     at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
     at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:698)
     at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
     at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
     at helloworldproxy1.proxy.runtime.HelloWorldWebServiceSoapHttp_Stub.sayHello(HelloWorldWebServiceSoapHttp_Stub.java:77)
     at com.HelloWorldWebServiceSoapHttpPortClient.sayHello(HelloWorldWebServiceSoapHttpPortClient.java:41)
     at com.HelloWorldWebServiceSoapHttpPortClient.main(HelloWorldWebServiceSoapHttpPortClient.java:29)
Caused by: FAULT CODE: InvalidSecurity FAULT MESSAGE: An invalid token was provided
     at oracle.security.xmlsec.wss.WSSecurity.sign(Unknown Source)
     at oracle.security.wss.WSSecurity.sign(WSSecurity.java:2177)
     at oracle.security.wss.WSSecurity.build(WSSecurity.java:1903)
     at oracle.security.wss.interceptors.AbstractSecurityInterceptor.handleOutbound(AbstractSecurityInterceptor.java:189)
     ... 9 more
Caused by: oracle.security.xmlsec.dsig.SigningException
     at oracle.security.xmlsec.dsig.XSSignature.computeSignature(Unknown Source)
     at oracle.security.xmlsec.dsig.XSSignature.sign(Unknown Source)
     ... 13 more
Caused by: oracle.security.crypto.core.InvalidKeyException
     at oracle.security.crypto.core.RSAMDSignature.setPrivateKey(RSAMDSignature)
     ... 15 more

I am also having the same problem. Calling a web service inside JDeveloper 10.1.3.3 works fine. When I deploy to a jar file and include all Jars that the dependency analyzer identifies, the following error occurs:
standard type mapping initialization error: javax.xml.rpc.JAXRPCException: javax
.xml.soap.SOAPException: Unable to create SOAP Factory: Provider com.sun.xml.messaging.saaj.soap.ver1_1.SOAPFactory1_1Impl not found
Your work around defining Java system properties does work, but why do we need to do this using the Oracle SOAP stack?
If there are alternatives to this problem please share. Thank you.

Web service security using Jdev 10.1.2.0.2

Hi
I am currently developing our first web service. It is based on a pl/sql procedure. We are using App server 10.1.2.0.2 and Jdev 10.1.2.0.2.
I found this document
http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
However it is based on JDev 10.1.3. I managed to create the webservice and set security settings in Jdev 10.1.3 however I had problems when creating an app server connection. And the web service would not deploy to our 10.1.2.0.2 app server.
Are there any security options available when creating web services in Jdev 10.1.2.0.2? Is it expected that Jdev 10.1.3 won't be able to deploy to our 10.1.2.0.2 app server?
thanks
paul schweiger
Message was edited by:
[email protected]
Message was edited by:
[email protected]

Hi
Thanks for your reply
I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
paul

Web service Security using X.509 certificate

Hi All,
I have a web service deployed on the SAP Web AS J2EE.
I want to include Authentication option in my web service
I have configured the settings for using X.509 certificate(HTTPS) in my
web service configuration and similarly I've configured my client proxy
for the same.
My question is..... from where do I get the X.509 certificate?
actually I have the .crt and .der files, which I created from
the visual administrator.
And also do I need to install anything on my SAP server
in order to use the authentication service? (Any prerequisite)
Thanks,
Talimeren

Hi Talimeren,
when you want to use certificates you have to setup SSL which you've started already. You have to get and import a server certificate which authenticates the server while the client creates a SSL connection. The cert has to assigned to the SSL port. For NW04 you can find the guide here http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
If you want client authentication by certificates as well you have to import at least one root certificate from a certficate authority (CA) which you trust and by which all user certificates are signed.
SAP delivers the IAIK library for WebAS security, but this depends on your WebAS version and installation. I suggest you setup SSL and try to make a connection. If the connection can be made, the security library should be there.
HTH
Daniel
Message was edited by: Correct Link
Daniel Sass

Web Services Security using X509 certificate

Hi,
I have secured a web service using X509 certificate. i also secured the proxy of it but when i run the proxy client it says.
javax.security.auth.login.LoginException: Cannot authenticate X509 certificate, User CN=Sam, OU=Technology, O=FS, L=Dallas, ST=Texas, C=US does not exist in our system
Any idea on this. Do i need to configure the X509 certificate in the server. I am using Oracle SOA Suite and JDeveloper 10.1.3.1
Thanks

Hi,
I have secured a web service using X509 certificate. i also secured the proxy of it but when i run the proxy client it says.
javax.security.auth.login.LoginException: Cannot authenticate X509 certificate, User CN=Sam, OU=Technology, O=FS, L=Dallas, ST=Texas, C=US does not exist in our system
Any idea on this. Do i need to configure the X509 certificate in the server. I am using Oracle SOA Suite and JDeveloper 10.1.3.1
Thanks

Web service security in PI

Mine is PROXY to SOAP asynchronous.
PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
so that at receiver statem they can validate the user using these.
When i am calling webservice from soapui with the header parameters
Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>xxxxx</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
<wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
<wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
What configuration needs to be done in PI.

I got this in Runtime work bench
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
- <SOAP:Header>
- <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
<sap:MessageClass>ApplicationMessage</sap:MessageClass>
<sap:ProcessingMode>asynchronous</sap:ProcessingMode>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
- <sap:Sender>
<sap:Party agency="" scheme="" />
<sap:Service>test2310</sap:Service>
</sap:Sender>
- <sap:Receiver>
<sap:Party agency="" scheme="" />
<sap:Service>test_serivce</sap:Service>
</sap:Receiver>
<sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
</sap:Main>
- <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
<sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
</sap:ReliableMessaging>
- <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
<sap:TraceLevel>Fatal</sap:TraceLevel>
<sap:Logging>On</sap:Logging>
</sap:Diagnostic>
- <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
- <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
<sap:Engine type="BS">test_serivce</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:Info>3.0</sap:Info>
</sap:Hop>
- <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
<sap:Engine type="IS">is.68.devai020</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
<sap:Info>3.0</sap:Info>
</sap:Hop>
- <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
<sap:Engine type="AE">af.dxi.devai020</sap:Engine>
<sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
<sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
</sap:Hop>
</sap:HopList>
</SOAP:Header>
Edited by: Vamsi on Jul 15, 2009 7:06 PM

What is needed on non-weblogic client to make soap request

Hi, I am trying to make a soap request from a client that is not weblogic to a
weblogic6.1 server. I was under the impression that all I needed was the client.jar
created by wsgen. But when I try to access the service through the client I get
the below exception. It appears to be trying to access a weblogic class that is
not contained in the client.jar. Does this mean I also need to include the weblogic.jar
on the client(I'm hoping not to). Thanks
java.lang.NoClassDefFoundError: weblogic/net/http/HttpsURLConnection
     at weblogic.soap.http.SoapContext.lookup(SoapContext.java:87)
     at javax.naming.InitialContext.lookup(InitialContext.java:350)
     at index_1._jspService(index_1.java:68)
     at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java)
     at org.apache.tomcat.facade.ServletHandler.doService(ServletHandler.java:574)
     at org.apache.tomcat.core.Handler.invoke(Handler.java:322)
     at org.apache.tomcat.core.Handler.service(Handler.java:235)
     at org.apache.tomcat.facade.ServletHandler.service(ServletHandler.java:485)
     at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:917)
     at org.apache.tomcat.core.ContextManager.service(ContextManager.java:833)
     at org.apache.tomcat.modules.server.Http10Interceptor.processConnection(Http10Interceptor.java:176)
     at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:494)
     at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:516)
     at java.lang.Thread.run(Thread.java:484)

Hi Jane,
Looks like you have run smack dab into one of the first "myths" about web services
- "SOAP client software is not vendor- dependent" :-) This is in fact, exactly
the opposite! And it's not just WebLogic's SOAP client API that has this "vendor-dependent"
code. Apache SOAP, Apache AXIS, Systinet WASP, GLUE, etc. exhibit the same behavior.
The difference is that WebLogic's client.jar, is not really a "standalone, SOAP
client package". It's a "web service-specific" client package.
JAX-RPC (and the other APIs in the Java Web Services Developer's Pack) is attempting
to reduce a fair amount of this "vendor-dependency", but there will always be
some :-) WLS 6.1 doesn't use JAX-RPC, so...
Anyway, how many "vendor classes" you need, depends on what you are attempting
to do in the client. If you are just consuming a web service that uses "SOAP encoding",
then you'll need less. If you are consuming a web service that uses "literal encoding",
you'll need more. An easy (albeit time consuming) way to figure out which classes
you need from the weblogic.jar file, to use WebLogic's Web Service client package
inside Tomcat, is to use the "-verbose:class" option, on the Java command used
to start Tomcat. This will produce a lot of output, so I suggest you capture it
to a log, instead of sending it to stdout :-) But, as I said, this is a very,
very, very time consuming way to determine all the classes you need from the weblogic.jar
file. Trust me, I've done this before and it took me about 3 hours to find every
class that's needed! It's simpler just to include the weblogic.jar file in the
CLASSPATH you start Tomcat with :-)
Another option is to just use the Apache SOAP package to create the web service
client. This works wonderfully, if you don't want to use WSDL (Apache SOAP doesn't
support WSDL). If you want to use WSDL, go with the Apache AXIS package. It has
an implementation of JAX-RPC, and is pretty close to the Web Services implementation
in WLS 7.0 (which I'm assuming you'll eventually upgrade to anyway, right?).
Regards,
Mike Wooten
"Jane" <[email protected]> wrote:
>
Hi, I am trying to make a soap request from a client that is not weblogic
to a
weblogic6.1 server. I was under the impression that all I needed was
the client.jar
created by wsgen. But when I try to access the service through the client
I get
the below exception. It appears to be trying to access a weblogic class
that is
not contained in the client.jar. Does this mean I also need to include
the weblogic.jar
on the client(I'm hoping not to). Thanks
java.lang.NoClassDefFoundError: weblogic/net/http/HttpsURLConnection
     at weblogic.soap.http.SoapContext.lookup(SoapContext.java:87)
     at javax.naming.InitialContext.lookup(InitialContext.java:350)
     at index_1._jspService(index_1.java:68)
     at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java)
     at org.apache.tomcat.facade.ServletHandler.doService(ServletHandler.java:574)
     at org.apache.tomcat.core.Handler.invoke(Handler.java:322)
     at org.apache.tomcat.core.Handler.service(Handler.java:235)
     at org.apache.tomcat.facade.ServletHandler.service(ServletHandler.java:485)
     at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:917)
     at org.apache.tomcat.core.ContextManager.service(ContextManager.java:833)
     at org.apache.tomcat.modules.server.Http10Interceptor.processConnection(Http10Interceptor.java:176)
     at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:494)
     at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:516)
     at java.lang.Thread.run(Thread.java:484)

Problem creating web service client using WSM Policies

Hello everyone,
I'm trying to make a simple java client to a Web Service secured using a WSM 11gR1 policy (from Soa Suite 11.1.1.2.0). The policy on the server side is oracle/wss11_x509_token_with_message_protection_service_policy which I attached via the Weblogic Admin Console. To implement the client I'm trying to follow the instructions from this documentation: http://download.oracle.com/docs/cd/E15523_01/web.1111/e13713/owsm_appendix.htm#WSSOV386 section "Policy Configuration Overrides for the Web Service Client" and also I'm using OEPE 11.1.1.3.0 (Eclipse 3.5.0) to develop the client. The only weblogic jar I've added to the build path is the weblogic.jar . Unfortunately, the oracle.wsm.security.util.SecurityConstants.ClientConstants interface (used in the example A-6) is not included in this jar and I have no idea what other libraries should I include in order to follow the example. I tried manualy adding other jars but without success. In fact I found one jar which includes this interface, the wsm-secpol.jar but it does not have the properties described in the documentation, so I guess it's not the right jar, and also I don't think this is the right procedure since there might be another dependent jars. So I would like to know what libraries exactly I should add to the build path (or some other procedure if you noticed I'm doing anything wrong)
Thank you !

Hi
I am having the same problem almost where i wrote a client to comsume a JWS server in https. Where the server is setup to require a certificate to connect to.
My code:
public static void main(String[] args) {
try {
DataBaseSyncServerImpl port = new DataBaseSyncServerImplService().getDataBaseSyncServerImplPort();
int number1 = 20;
int number2 = 10;
System.out.printf("Invoking divide method(%d, %d)\n", number1, number2);
double result = port.divide(number1, number2);
System.out.printf("The result of dividing %d and %d is %f.\n\n", number1, number2, result);
when run this code throw
run:
[java] Invoking divide method(20, 10)
[java] Exception in thread "main" javax.xml.ws.WebServiceException: HTTP transport error: javax.net.ssl.SSLHandshak
eException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCert
PathBuilderException: unable to find valid certification path to requested target
Does any one know how can I solve this problem or how can I make the client be able to use self signed certificates. Any help is greatly apprecited. Thanks

Why SOAP Request as Impersonator account fails?

Hi everyone,
I have created an Impersonator account and accessing item of another account using SOAP Request. I am unable to query the account. The request is as follows:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
<soap:Header>
<t:RequestServerVersion Version="Exchange2013"/>
</soap:Header>
<soap:Body>
<GetItem
xmlns="http://schemas.microsoft.com/exchange/services/2006/messages"
xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
<ItemShape>
<t:BaseShape>Default</t:BaseShape>
<t:IncludeMimeContent>true</t:IncludeMimeContent>
</ItemShape>
<ItemIds>
<t:ItemId Id="AAMkADhiYjY0NGIxLTMyZTYtNDA2YS04ZmM1LTBiZjRmZGJjMDY0NABGAAAAAAABEJy6UddET6O8EWfW99taBwABc/Z+U4EQRZ7tUFT0S/bsAAA76u/+AAABc/Z+U4EQRZ7tUFT0S/bsAAA9Cn6iAAA=" />
</ItemIds>
</GetItem>
</soap:Body>
</soap:Envelope>
And the response is as follows:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<h:ServerVersionInfo MajorVersion="15" MinorVersion="0" MajorBuildNumber="516" MinorBuildNumber="29" Version="Exchange2013" xmlns:h="http://schemas.microsoft.com/exchange/services/2006/types" xmlns="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<m:GetItemResponse xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
<m:ResponseMessages>
<m:GetItemResponseMessage ResponseClass="Error">
<m:MessageText>Access is denied. Check credentials and try again.</m:MessageText>
<m:ResponseCode>ErrorAccessDenied</m:ResponseCode>
<m:DescriptiveLinkKey>0</m:DescriptiveLinkKey>
<m:Items/>
</m:GetItemResponseMessage>
</m:ResponseMessages>
</m:GetItemResponse>
</s:Body>
</s:Envelope>
When I query using that account, then it is successful. Kindly help me?
Thanks & regards,
Talib Hussain

I don't see any of the elements that would indicate you're doing impersonation in your request. See
https://msdn.microsoft.com/EN-US/library/office/dn722378(v=exchg.150).aspx. So your request would be acting against the mailbox owned by the account that you've authenticated as, which doesn't sound like what you want. Make sure you're authenticated
as your impersonation account, and you include an ExchangeImpersonation element to indicate the account you want to impersonate.

Unable to receive special characters in XML using UTL_HTTP request from Other application

Hi Team,
We are using SOAP request in Oracle Application to Pull XML data from Other application.I am using below commands before receving response but still i am unable to receive special charcters/Spanish Charcters in XML.
utl_http.set_body_charset(v_http_req, 'UTF-8');
utl_http.set_header (v_http_req, 'Content-Type', 'text/xml');
Thanks and Regards,
Raghul

Hello,
Just when you think that you know everything, it is slammed in your face that you don't. The .Mac member name field in the System Preferences DOES NOT take your whole e-mail address. It only takes your user name or whatever comes BEFORE the "@" symbol. There was absolutely nothing wrong with my MacBook Pro (other than ther brain dead user).
Sorry for wasting your time...
If we learn from our mistakes, then I obtained my PhD years ago,
Dr. Z.

SOAP Request with Web Service Security

Hi masters of XI,
the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>XXXX</wsse:Username>
<wsse:Password>XXXXXXXXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
How can we send UserNameToken's elements inside SOAP web service envelope
signing with X.509 certificate also? There are any way to do it in the
receiver agreement or receiver SOAP adapter?
thanks.

Hi,
thank you very much for your answers.
I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>XXXX</wsse:Username>
<wsse:Password>XXXXXXXXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
This is my Request:
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#id-104309952">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#Timestamp-104310599">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-104377209">
          <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
            <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
        <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
        <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
</soapenv:Header>
And this is the request I need:
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#id-104309952">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#Timestamp-104310599">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-104377209">
          <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
            <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>

<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
        <wsse:Username>xxxxxxx</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
      </wsse:UsernameToken>

<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
        <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
        <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
</soapenv:Header>

Service security using SOAP request

Similar Messages

Maybe you are looking for