SJSAS 8.2 secure and unsecure methods in one web service with ws-security

Hi
I'm trying to deploy a web-service (using SJSAS 8.2) using JAXRPC using message security (at the application level).
I have one simple question:
I have an EJB that exposes 2 methods as web-services, I specified in the sun-ejb-jar.xml that one of those methods is secure (and said nothing about the other) however when i run my test client I get a "WSS0202: No wsse:Security element in the message" error for both calls (instead of only for the secure call).
Is this normal? Isn't it possible to have a normal (with no security headers) call to one method and another (with security headers and secure envelope) to another in the same webservice (from the same EJB)?.

I wasn't clear?
This is a big dev problem for a major Sun client.
No one knows or wants to answer?

Similar Messages

Secure the JAX-RPC United Loan Web Service with WS-Security source file not

A download link 'http://www.oracle.com/technology/obe/obe1013jdev/secureunitedloan/SecureUnitedLoanSource.zip' referenced by 'http://www.oracle.com/technology/obe/obe1013jdev/secureunitedloan/SecureUnitedLoan.html' cannot be found.

After some research I found that:
1. on geronimo 2.1 you can only use basic authentication for webservices
2. advanced security requires the use of axis2

Best Practice/Standard for Securing and Attaching Files in a Web Service

Thanks in advance.
Being new to Web Services as well as most of my team. I would like to know what is the best practice for transporting files via a Web Service. I know of several methods and one that seems to be the standard, but you can't really tell in this ever changing world of Web Services. Below are the options that I have found.
1. MIME encoded the file and embed in the payload of the SOAP message
2. SwA (SOAP with Attachments) which applies MIME attachments to SOAP. I think this is similiar to the way emails are handled.
3. DIME (Direct Internet Message Encapsulation) similiar to MIME encoding but is more efficient
4. MTOM (Message Transmission Optimization Mechanism) I really not understand this method, but it seems that this is the NEW standard. I just don't understand why.
5. Utilize HTTPS and download the file from an accessible file server w/ a login id and password.
Is there someone out there that understands this problem and can assist me in understanding the pros and cons of these methods? Or maybe there is a method that I'm overlooking altogether.
Thanks

JWSDP supports securing of attachments [1]and will soon support securing MTOM attachments too. [1]http://java.sun.com/webservices/docs/2.0/xws-security/ReleaseNotes.html

Web Services with https Security without PI

Hi experts,
We wanna create Web Services in SAP CRM 7.0 without using the PI. The Requirement is, that we have to use https. I haven't found much (and no clear) Information about this isue.
Does anybody know if it is possible to use https and can you provide information how to do so?
Thanks and regards,
Sebastian

yes its possible.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0d0a250-ccd1-2c10-9e9f-b9d5cf259a6d?QuickLink=index&overridelayout=true
http://help.sap.com/saphelp_nw70ehp1/Helpdata/EN/e9/ae1b9a5d2cef4ea4b579f19d902871/content.htm
Way you create webservice from function module is same in ECC and CRM so if you google, you would find all required information.
Regards,
BJ

Secured and unsecured agent In GRID

Dear ALL,
Is their any query to find secured and unsecured agent from gird database?
Thanks

Hi,
Beat me to it - but here is some sql to make it simple.
select target_name,
case
when substr(emd_url, 1, 5) = 'https' then
'TRUE'
else
'FALSE'
end secure_upload
from mgmt$target
where target_type = 'oracle_emd'
Cheers,
Harry

Problems invoking a method from a web service

Am using netbeans 6.1 and my problem is when i invoke a method from a web service that has a custom class as a return type.
When I debug the client that consumes my web service, It get Stack in this line:
com.webservice.WebServiceInfoBean result = port.getWebServiceInfo(nameSpace, serviceName, portName, wsdlURL);
i don't get any error on the console.
 static public void function1() {
 try { // Call Web Service Operation
 com.webservice.WebServiceMonitorService service = new com.webservice.WebServiceMonitorService();
 com.webservice.WebServiceMonitor port = service.getWebServiceMonitorPort();
 // TODO initialize WS operation arguments here
 java.lang.String nameSpace = "NameSpaceHere";
 java.lang.String serviceName = "WebServicePrueba";
 java.lang.String portName = "Soap";
 java.lang.String wsdlURL = "http://localhost/Prueba/WebServicePrueba.asmx?wsdl";
 // TODO process result here
 com.webservice.WebServiceInfoBean result = port.getWebServiceInfo(nameSpace, serviceName, portName, wsdlURL); // <--- here it stack
 System.out.println("getWebServiceInfo");
 Iterator i = result.getMethods().iterator();
 while (i.hasNext()) {
 MethodBean method = (MethodBean) i.next();
 System.out.print("Nombre: " + method.getname());
 System.out.print(" Returns: " + method.getreturnType());
 Iterator j = method.getparameters().iterator();
 while (j.hasNext()) {
 ParameterBean parameter = (ParameterBean) j.next();
 System.out.print(" ParameterName: " + parameter.getname());
 System.out.print(" ParameterType: " + parameter.gettype());
 System.out.print("\n");
 System.out.print(method.getfirma());
 System.out.print("\n");
 System.out.print("\n");
 } catch (Exception ex) {
 ex.printStackTrace();
 }Web Service side
 * Web service operation
 @WebMethod(operationName = "getWebServiceInfo")
 public WebServiceInfoBean getWebServiceInfo(@WebParam(name = "nameSpace")
 String nameSpace, @WebParam(name = "portName")
 String portName, @WebParam(name = "serviceName")
 String serviceName, @WebParam(name = "wsdlURL")
 String wsdlURL) throws Throwable {
 //TODO write your implementation code here:
 webservicemonitor instance = new webservicemonitor();
 return instance.getWebServiceInfo(nameSpace, serviceName, portName, wsdlURL);
 }I have tested my internal code from the web service side and everything works fine. The problem occurs when i invoke it from a client side. probably I did not made the right serialization form my class WebServiceInfoBean? or am missing something. here it is:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package com.beans;
import java.util.ArrayList;
* @author Tequila_Burp
public class WebServiceInfoBean implements java.io.Serializable {
 * Holds value of property wsdlURL.
 private String wsdlURL;
 * Getter for property wsdlURL.
 * @return Value of property wsdlURL.
 public String getwsdlURL() {
 return this.wsdlURL;
 * Setter for property wsdlURL.
 * @param wsdlURL New value of property wsdlURL.
 public void setwsdlURL(String wsdlURL) {
 this.wsdlURL = wsdlURL;
 * Holds value of property namespace.
 private String namespace;
 * Getter for property namespace.
 * @return Value of property namespace.
 public String getnamespace() {
 return this.namespace;
 * Setter for property namespace.
 * @param namespace New value of property namespace.
 public void setnamespace(String namespace) {
 this.namespace = namespace;
 * Holds value of property serviceName.
 private String serviceName;
 * Getter for property serviceName.
 * @return Value of property serviceName.
 public String getserviceName() {
 return this.serviceName;
 * Setter for property serviceName.
 * @param serviceName New value of property serviceName.
 public void setserviceName(String serviceName) {
 this.serviceName = serviceName;
 * Holds value of property wsdlURL.
 private String portName;
 * Getter for property wsdlURL.
 * @return Value of property wsdlURL.
 public String getportName() {
 return this.portName;
 * Setter for property wsdlURL.
 * @param wsdlURL New value of property wsdlURL.
 public void setportName(String portName) {
 this.portName = portName;
 * Holds value of property methods.
 private ArrayList methods = new ArrayList();
 * Getter for property methods.
 * @return Value of property methods.
 public ArrayList getmethods() {
 return this.methods;
 * Setter for property methods.
 * @param methods New value of property methods.
 public void setmethods(ArrayList methods) {
 this.methods = methods;
 public MethodBean getMethod(int i) {
 return (MethodBean)methods.get(i);
}by the way, everything has been worked on the same PC.

Hi Paul,
This sound familiar, but I cannot at the moment locate a reference to
the issue. I would encourage you to seek the help of our super support
team [1].
Regards,
Bruce
[1]
http://support.bea.com
[email protected]
Paul Merrigan wrote:
>
I'm trying to invoke a secure 8.1 web service from a 6.1 client application and keep getting rejected with the following message:
Security Violation: User: '<anonymous>' has insufficient permission to access EJB:
In the 6.1 client, I've established a WebServiceProxy and set the userName and password to the proper values, but I can't seem to get past the security.
If there something special I need to do on either the 8.1 securing side or on the 6.1 accessing side to make this work?
Any help would be GREATLY appreciated.

Securing web services with Sun Access Manager

Hi!
I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
My questions are:
1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
2) Are there any documentation/tutorials/etc?
Thanks in advance :-)
Anders

what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
So.. having said that. here's what I'd recommend.
1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
2. configure it to use your access manager instance for authentication.
3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
4. voila... your webservices are not "protected" by acces manager ;-)

Flex/ActionScript3 support for web services using WS-Security

Does Flex/ActionScript3 have support for connecting to a web
service using WS-Security (Policy Creation). I've tried using the
Flex Data Service "Import WSDL" method and it does not allow me to
connect. Is there Flex/AS3 package that can handle creating the
Policy information for a web service that utilizies WS-Security?
Thanks,
Tom

quote:
Does Flex/ActionScript3 have support for connecting to a web
service using WS-Security (Policy Creation).
Yes and no. The "Import WSDL" doesn't create AS3 classes that
allow header injection of the appropriate WS-Security elements.
I've managed to work around this using straight mx:webservice tags
and AS3. There is an open bug at
https://bugs.adobe.com/jira/browse/SDK-15398
that I voted on, the more the merrier.
http://www.jroller.com/wookets/entry/ws_security_in_flex
Has a useful class for creating the soap header elements for a
username token,
In general though, it's been a challenge to get the simplest
of WS-Security pieces working.
-Brett

Security Error when creating a web service with Flex

Hello comminuty.
I'm using Flex to create a standalone application and I have to use web services to retrieve data from SAP.
I used the bapi bapi_flight_getlist to create an associated WS that works fine (tested with the Eclipse's WS Explorer).
In Flex Builder, I use the following code to create my web service:
 <mx:WebService
 showBusyCursor="true"
 id="service"
 wsdl="{wsdl}"
 result="resultCreateWSHandler(event);"
 fault="faultCreateWSHandler(event);">
 <mx:operation name="FlightGetList"
 result="resultWSHandler(event)"
 fault="faultWSHandler(event)"></mx:operation>
 </mx:WebService>
And this is the error I'm getting:
(mx.messaging.messages::ErrorMessage)#0
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "E578ED8C-EF29-44E7-8D57-57B4DB6EB613"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#1
 DSStatusCode = 0
messageId = "6E7AC45E-418D-90CD-96AD-57B52DB1DAF4"
rootCause = (flash.events::SecurityErrorEvent)#2
 bubbles = false
 cancelable = false
 currentTarget = (flash.net::URLLoader)#3
 bytesLoaded = 0
 bytesTotal = 0
 data = (null)
 dataFormat = "text"
 eventPhase = 2
 target = (flash.net::URLLoader)#3
 text = "Error #2048: Violation de la sécurité Sandbox : http://localhost:8300/ztest2/bin-debug/ztest2.swf ne peut pas charger de données à partir de http://XXXX:8006/sap/bc/srt/wsdl/bndg_DEB8A28C2E19EEF19C080050568D135B/wsdl11/allinone/ws_policy/document?sap-client=800."
 type = "securityError"
timestamp = 0
timeToLive = 0
Translation: "Error #2048: Sandbox security violation: http:....swf cannot load data from http:...client=800"
Would any of you have an idea about what is causing this error??
Thanks for any help you can provide.
Regards,
C.

Hi Cristina
Did your flex application worked. i am also having same problm. cant access the BAPI from standalone flex application.
Jay

How to pass username and password while invoking a web service through wsdl

Hello All,
i am calling a web service through wsdl, but it is giving error 401. i want to know how to pass userid and password when i am invoking webservice?
i am using NetBeans 6.1.
i did following thing:
First i created one web application, then i right clicked on project new->web service client, and gave the url for my wsdl.
after that i create one main class and try to call my required operation by that wsdl.
Thanks in advance

Thanks dumchikov, i tried the same thing what ever you told but there is no option for security.
when i right clicked on web service reference its open 1 window which have 2 tab one is quality of service and second is wsdl customization, then i clicked on wsdl customization. which contain Global Customization, Port Types, Port Type Operations, Port Type Faults, Binding, Binding Operations, Services, Ports and External Binding Files. it don't have security option.

Web Service authentication by security role

I define an web service with authentication by security role.
I access web service via web dynpro model in EP7.
It appear below error:
Exception on execution of web service with WSDL URL 'http://XXX:50000/XXX/Config1?wsdl ' with operation 'XXXXXXXX' in interface 'XXXVi_Document'
how should i do to solve this problem ?

Hi WU,
 Use this code with ur webservice & check the error in log file.May be we will get some more info abt this.
This code will be in execute method
Request_XXX reqData = new Request_XXXdbModel);
reqData.wdSetInvocationLogEnabled(true);
in the catch block give this
logger.traceThrowableT(
 Severity.ERROR,
 wdComponentAPI.getApplication().getDeployableObjectPart().getName(),
 ex);
 //if (logger.beDebug()) {
 logger.fatalT(requestModel.wdGetRequestLog());
 logger.fatalT(requestModel.wdGetResponseLog());
 logger.fatalT(requestModel.associatedModelClassInfo().getModelInfo().toString());
 logger.fatalT(requestModel.toString());
request model is ue model & ex is the exception in catch block.
execute the application after this change & check the server log.In case u r not able to find out the problem,send the stach trace.
regards
Sumit

Connect to Secure web service with certificate from SAP EP

Hi Experts,
Here is the current situation:
1. Our business requirement is to connect 3rd party RESTful web service which requires secure connection with private client certificate attached
2. I've tested in my Java test application and successfully attached private certificate to HttpsURLConection request to the web service and made a connection. No problem at all.
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream inputStream = new FileInputStream("privateKeyCert.p12");
keyStore.load(inputStream, "myPassword".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "myPassword".toCharArray());
KeyManager[] kms = keyManagerFactory.getKeyManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(kms, null, new SecureRandom());
SSLSocketFactory sockFact = sslContext.getSocketFactory();
URL url = new URL("https://www.thirdpartywebservice.com/testroot/");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setSSLSocketFactory(sockFact);
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
conn.setDefaultUseCaches (false);
conn.setRequestProperty("Content-Type", "text/xml");
3. Next, I tried to apply my Java application to SAP EP NetWeaver, and found that I have to use SecureConnectionFactory:
https://help.sap.com/saphelp_nw70ehp1/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm
4. So, I modified my Java code for SAP EP:
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("privateKeyCert.p12");
keyStore.load(inputStream, "myPassword".toCharArray());
SecureConnectionFactory scFactory = new SecureConnectionFactory(keyStore);
HttpURLConnection conn = scFactory.createURLConnection("https://www.thirdpartywebservice.com/testroot/");
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
conn.setDefaultUseCaches (false);
conn.setRequestProperty("Content-Type", "text/xml");
And I'm facing the following error message:
Exception: java.security.UnrecoverableKeyException: ja
va.security.GeneralSecurityException: Unable to decrypt private key: javax.crypto.BadPaddingException: Invalid PKCS#5 padding length: 253
Could you please help me what this error message means?
Do you think do I need to to do some other configuration to make connection to web service with client certificate?
This is our first approach. Please help...
Thank you in advance.

SunJSSE implement SSL server CertificateRequest in a strict mode, if client failed to find a proper certificate corresponding the server request, it does not guess what's the proper certificate and send to the server. In your case, because there is no intermediate certificate in the client context, so there is no way to make the decision which certificate would be acceptable by server, so client does not send any cert to server. That's why you got a handshaking error.
I guess your client key store does not contains a full certificate path from the client end-entity certificate to the root CA. Please import the full certificate path into the key store.
BTW, these approaches should work, but I found no reason why one does not adopt #1:
1. import the full certification path of client certificate into client key store.
2. as a workaround, configure the server to send a list including the intermediate certificates;
3. as a workaround, you will have to customize the client KeyManager if you don't want to or are not able to configure the server to send a list including the intermediate certificates.

Web Service with Complex Results and Flex

I have created a Enterprise Java Bean that has one "test" method that returns a String[]. I have compiled, deployed and registered this bean in Sun's Application Server 8.1. I am using NetBeans 5.0 to develop this project.
I try to load this web service into Flex and I get a fault thrown: TypeError: Error #1034: Type Coercion failed: cannot convert []@29e5d06 to XMLList. I have set the returnType in Flex as "e4X.". Do I need to do this in my webservice.
Any help would be appreciated.

HI Andrea,
    I think with present netweaver developer studio , we can create Web services with end points as simple data types in java and the array of that simple data types.
    not sure whether it support our own custom developed classes as end points.
     just go through these links.
http://help.sap.com/saphelp_nw2004s/helpdata/en/f7/af60f2e04d0848888675a800623a81/frameset.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/f7/af60f2e04d0848888675a800623a81/frameset.htm
from this we will get Restrictions for WS Endpoints.
                         Regards
                          Kishor Gopinathan

Designing and Running CR against XML Web Service

I created a simple XML web service with one method that returns a dataset. This runs on my Windows 2003 Server.The service(.asmx) is called "Applicants". My computer name is aricciardi-2k3s. It runs on port 89 .When I browse to <a href="http://aricciardi-2k3s:89/Applicants.asmx">http://aricciardi-2k3s:89/Applicants.asmx</a>, I am prompted to invoke the webservice and I can run it and everything is great. Further, if I browse to <a href="http://aricciardi-2k3s:89/Applicants.asmx?wsdl">http://aricciardi-2k3s:89/Applicants.asmx?wsdl</a> I get the wsdl info. Now I want to design and run a Crystal Report 11 SR 2 against my web service. I choose New Report, for Data I choose XML, then "Use Web Data Source" hit next, then choose "HTTP WSDL URL" I enter <a href="http://aricciardi-2k3s:89/Applicants.asmx?wsdl">http://aricciardi-2k3s:89/Applicants.asmx?wsdl</a>, hit Next, I leave HTTP username and HTTP password blank. Then I see the Services, Ports and Methods screen. Services: Applicants, Ports: ApplicantsSoap, Methods: GetApplicantsWhen I click Finish, I get Logon Failed, Details, Schema file is invalid. error:Element <a href="mailto:Schema@htttp://www.w3.or/2001XMLSchemal">Schema@htttp://www.w3.or/2001XMLSchemal</a> not foundHow can I get this to work? I can return anything necessary from the web service.Please help. You will make me a hero, and I'll will be in debt to you.Thanks.Anthony Ricciardi The web method for my web service is below <WebMethod()> _Public Function GetApplicants() As DataSet Dim DS As New DataSet TryDim dt As New DataTable("Applicants") dt.Columns.Add("AppID")dt.Columns.Add("Name") Dim dr As DataRow dr = dt.NewRow()dr.Item("AppID") = 1000 dr.Item("Name") = "First Applicant"dt.Rows.Add(dr)dr = Nothingdr = dt.NewRow()dr.Item("AppID") = 2000 dr.Item("Name") = "Second Applicant"dt.Rows.Add(dr)dr = Nothing DS.Tables.Add(dt)Return DS Catch ex As ExceptionDim x As String = ex.Message End TryEnd Function

I got some feed back from support that this driver doesn't work with .NET datasets. I would suggest that in your webservice method that you just return an arrary of regular objects that contain the data you need. That should work with this driver I believe. I would try it out but I just messed up my Crystal Reports and I need to re-install it.Here's the URL to a white paper that talks about connecting to this driver. http://support.businessobjects.com/communityCS/TechnicalPapers/cr_xi_native_xml_driver.pdf Rob Horne <a href="/blog/10">Rob's blog - http://diamond.businessobjects.com/blog/10</a>

Web Services with REST, SOAP and JAX-RPC

Hi,
Can somebody who has developed web services extensively comment/suggest a java development environment that works best for developing web services mainly with REST. I've found that Eclipse with Axis2 and Tomcat works well. But I would like to get your opinion on it and some other alternatives.

Hi,
Please help me its urgent.
can u give me a detail example how to do Web services
with REST.
Here is my id [email protected]
Thanks in advance.You can do this in many ways. It depends on how heavy your service is. You can write a simple servlet that will take a REST (I'm assuming you know what REST is) request and parses it out, calls a server-side method and generates a REST response.
Another way is to use a web-service container such as AXIS. You can read some examples and documentation on their website. AXIS2 has REST support as well.

SJSAS 8.2 secure and unsecure methods in one web service with ws-security

Similar Messages

Maybe you are looking for