SOAP message security

Hello,
1) Could you please suggest best way to handle PI web service with regard to security. We are exposing PI to use web services from external system.As the external system are not part of our DMZ and do not reside in our network what is the best approach to configure the SOAP sender and receiver channels.
2) Also When we give the WSDL to external parties normally the PI host would be local would there be any issues wrt security should the network team open up ports for them or map the local host to public host.
Thanks.

About Soap Security, refer to the below documents & help, about SSL configuration for SOAP Adapter (Security Checks):
http://help.sap.com/saphelp_nw04/helpdata/en/fc/5ad93f130f9215e10000000a155106/content.htm
HTTP & SSL
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
How to use Client Authentication with SOAP Adapter
http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/3721

Similar Messages

SOAP message security fault:FailedCheck error

Hi,
I have a client application that adds a signature to the SOAP request. (Most of
the code has been taken from "Writing the Java Code to Invoke a Secure Non-WebLogic
Web Service" at http://e-docs.bea.com/wls/docs81/webserv/security.html)
Enabling the jvmarg verbose flag in build.xml indicates that the request going
out has a wsse:Security element with a signature, binary and username token.
The response from the server is as follows :
[java] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://sche
mas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><en
v:Header/><env:Body><env:Fault xmlns:fault="http://schemas.xmlsoap.org/ws/2002/0
7/secext"><faultcode>fault:FailedCheck</faultcode><faultstring>failed security
c
heck for message body</faultstring></env:Fault></env:Body></env:Envelope>
After which i get a javax.xml.rpc.soap.SOAPFaultException: failed security check
for message body.
I believe that i maybe getting this error because the server is unable to verify
the signature for some reason. Am i missing something here?
Also please let me know if you need more information to diagnose the problem.
thanks,
Nadeem.

The root cause being:
[java] [weblogic.xml.security.encryption.EncryptionException: http://www.w3
org/2001/04/xmlenc#tripledes-cbc can only be used with a domestic license]].>
I believe the security frameworks checks the WebLogic license file
(license.bea) to determine whether to use domestic or international
strength encryption.
Nadeem Ilkal wrote:
Hi Bruce,
I tried the example you pointed out and i am getting the following exception.
The signature and encryption verbose flags are enabled by default in build.xml.
run:
[java] <Jun 2, 2003 11:19:22 AM PDT> <Info> <webservice> <BEA-220024> <Hand
ler weblogic.webservice.core.handler.WSSEClientHandler threw an exception from
i
ts handleRequest method. The exception was:
[java] weblogic.xml.security.SecurityConfigurationException: Failed adding
encryption to request - with nested exception:
[java] [weblogic.xml.security.SecurityProcessingException: Problem adding
e
ncrypted key - with nested exception:
[java] [weblogic.xml.security.encryption.EncryptionException: http://www.w3
org/2001/04/xmlenc#tripledes-cbc can only be used with a domestic license]].>
[java] java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultExc
eption: Failed adding encryption to request; nested exception is:
[java] javax.xml.rpc.soap.SOAPFaultException: Failed adding encryption
to request
[java] at sign.SecurityPort_Stub.echo(SecurityPort_Stub.java:30)
[java] at sign.SecureClient.main(SecureClient.java:63)
[java] Caused by: javax.xml.rpc.soap.SOAPFaultException: Failed adding encr
yption to request
[java] at weblogic.webservice.core.ClientDispatcher.receive(ClientDispa
tcher.java:270)
[java] at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDisp
atcher.java:131)
[java] at weblogic.webservice.core.DefaultOperation.invoke(DefaultOpera
tion.java:430)
[java] at weblogic.webservice.core.DefaultOperation.invoke(DefaultOpera
tion.java:416)
[java] at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:2
75)
[java] at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:2
50)
[java] at sign.SecurityPort_Stub.echo(SecurityPort_Stub.java:27)
[java] ... 1 more
[java] Exception in thread "main"
[java] Java Result: 1
thanks,
Nadeem.
Bruce Stephens <[email protected]> wrote:
Hello,
Have you tried going through the example:
http://webservice.bea.com/index.html#qz15 and making sure this works
OK
for you?
Also, try the following system properties to view more runtime security
information:
weblogic.xml.encryption.verbose=true
weblogic.xml.signature.verbose=true
HTH,
Bruce
Nadeem Ilkal wrote:
Hi,
I have a client application that adds a signature to the SOAP request.
(Most of
the code has been taken from "Writing the Java Code to Invoke a Secure
Non-WebLogic
Web Service" at http://e-docs.bea.com/wls/docs81/webserv/security.html)
Enabling the jvmarg verbose flag in build.xml indicates that the request
going
out has a wsse:Security element with a signature, binary and username
token.
The response from the server is as follows :
[java] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://sche
mas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><en
v:Header/><env:Body><env:Fault xmlns:fault="http://schemas.xmlsoap.org/ws/2002/0
7/secext"><faultcode>fault:FailedCheck</faultcode><faultstring>failed
security
c
heck for message body</faultstring></env:Fault></env:Body></env:Envelope>
After which i get a javax.xml.rpc.soap.SOAPFaultException: failed security
check
for message body.
I believe that i maybe getting this error because the server is unable
to verify
the signature for some reason. Am i missing something here?
Also please let me know if you need more information to diagnose the
problem.
thanks,
Nadeem.
[att1.html]

Processing of soap message

some help is required on the SOAP processing
<SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body>
<getPricedAvailability xmlns="http://www.openuri.org/" xmlns:tget="http://www.ba.com/schema/tGetPricedAvailabilityV1">
<tget:GetPricedAvailabilityRequest>
<Name>ian</Name>
....i need to add a tag name[in between the two tags] <asl>US </asl>
<age>1234</age>
</tget:GetPricedAvailabilityRequest>
</getPricedAvailability>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope
Can any one suggest or send me the piece of code which does this..
i tried to add the tag by using the below code but in vain it didn't happen ...it is not adding in between the 2 tags.
it is adding after <age>.... Can any one help me in this...Is there is any other way of parsing the SOAP message is possible
SOAPMessageContext smc = (SOAPMessageContext)mc;
SOAPMessage sm = smc.getMessage();
SOAPEnvelope env = sm.getSOAPPart().getEnvelope();
SOAPBody body = env.getBody();
javax.xml.soap.Name sName;
System.out.println(" Entering callEndTag #########################################");
System.out.println("body"+body +" "+"env"+env);
if ( body != null ){
java.util.Iterator childElems = body.getChildElements();
SOAPElement child;
int i=0;
// iterate through child elements
while (childElems.hasNext())
System.out.println("childElems" +childElems);
Object elem = childElems.next();
System.out.println("elem" +elem);
if(elem instanceof SOAPElement )
// get child element and its name
child = (SOAPElement) elem;
sName = child.getElementName();
if (sName.getLocalName().equals("getPricedAvailability"))
childElems = child.getChildElements();
while (childElems.hasNext())
// get next child element
elem = childElems.next();
if(elem instanceof SOAPElement )
child = (SOAPElement) elem;
sName = child.getElementName();
if (sName.getLocalName().equals("GetPricedAvailabilityRequest"))
{childElems = child.getChildElements();
 sName = child.getElementName();
 System.out.println("SNAME inSIDE IF LOOP" +sName);
 System.out.println("If Elem is a) instance ====After");
 if (childElems.hasNext())
 // get next child element
 elem = childElems.next();
 System.out.println("If Elem is a) instance == before");
 if(elem instanceof SOAPElement )
 System.out.println("If Elem is a) instance ====After");
 System.out.println("before type cast" );
 child = (SOAPElement) elem;
 sName = child.getElementName();
 System.out.println("Start adding process added end date" +sName);
 SOAPElement fResponse12 = child.addChildElement(env.createName("EndDate-- ==child "));
 fResponse12.addAttribute(env.createName("xmlns"),
 fResponse12.addTextNode(strEndDate );
((SOAPMessageContext)mc).setMessage(sm);

Hi Experts,
I'm trying to protect a web service deployed in jcaps 5.1.1, using SAML assertions against an Access Manager 7/7.1, the web services clients are both, web and standalone applications, I also have read netbeans tutorials, that expose how to implement identity webservices using AppServer 9.1 + AccessManager 7.1 using the SAML Holder of key and other security mechanisms, but this implementation requiere modifications to the server.policy file to add support to SOAP message security providers and HttpServlet message security providers, the addition of a library called amwebservicesprovider.jar to the classpath suffix (this library implements the jsr-196 java Authentication Service Provider Interface for Containers) and aditional configuration required in the AM side that is not detailed in the tutorials.
Could someone guide me on how to protect the acces to a web services deployed in the jcaps logicalhost based on AM roles assigned to users?
Any help is aprecciated
Juan

SOAP message format after signing

Experts,
Can any one tell me the format of the soap message after the message is signed with certificate issued by third party?
I am getting signed soap message as follows :
- <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
- <SOAP:Header>
- <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIE1TCCA72gAwIBAgICGyQwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCU0ExDTALBgNVBAoTBFNBTUExGzAZBgNVBAsTElNBTUEgZVRydXN0IENlbnRlcjEfMB0GA1UEAxMWU0FNQSBTdGFnaW5nIFNoYXJlZCBDQTAeFw0wODA5MTYxMDUyNDJaFw0xMDA5MTYxMDUyMzdaMIGUMQswCQYDVQQGEwJTQTEoMCYGA1UEChMfTkNCQiAtIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuazEoMCYGA1UECxMfTkNCQiBXZWIgUmVnaXN0cmF0aW9uIEF1dGhvcml0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMTG2UtZGhxLXMyMDF3ZWIuc2VjLnNlLmNvbS5zYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2JDBfb/o41YV7/JOBKa0H/zCIF6Szpn5oEEPjIu63UoD2t3uKZgL0pDpKTrl8hNgSfnbePsn9te0sqmstflIUV8OYv6VCUKIL6ZsxcZliFP7LTWcN7VHa5J80zwJpuZI0lSOTmssRfTczT5wbRiJuf/z/ZUsc9VvP7hMT93Vc0CAwEAAaOCAewwggHoMIIBPAYDVR0gBIIBMzCCAS8wggErBg0rBgEEAYGHHQEBBgUBMIIBGDCB1QYIKwYBBQUHAgIwgcgagcVUaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBieSBTQU1BIGVUcnVzdCBDZW50ZXIgb24gYmVoYWxmIG9mIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuayAoTkNCQikuIE5laXRoZXIgU0FNQSBub3IgTkNCQiBhY2NlcHQgYW55IGxpYWJpbGl0eSBmb3IgYW55IGNsYWltIGV4ZXB0IGFzIGV4cHJlc3NseSBwcm92aWRlZCBpbiB0aGlzIENQLjABggrBgEFBQcCARYyaHR0cDovL3d3dy5lVHJ1c3RjZW50ZXIuY29tLnNhL2RvY3Mvcm9vdGNhX2Nwcy5wZGYwMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzABhhRodHRwOi8vMTAuMTMxLjEuNjo4MDALBgNVHQ8EBAMCA7gwJwYDVR0lBCAwHgYIKwYBBQUHAwQGCCsGAQUFBwMHBggrBgEFBQcDATAfBgNVHSMEGDAWgBSgYJsSh4qnwzTjhepPMHVJj9ncDAdBgNVHQ4EFgQUXWMeLP/opd8VqdnCf/xSX0/dD8wDQYJKoZIhvcNAQEFBQADggEBAJ2Pjv0V8ke9Vxe4FAOVJ7Hi67STUnad6gIIeT2wTUYwZD9dFf2g4NJnqJ2SF3Q9QKw5rBofU1SjuFw11hnQ3G3UK6Erkn7klS0/vVrAEAg55nzDhYPU3uZyVoobJmtLgNk507U7qkIL86p8tPCDlZoN23od1RG8uAP4K3TyiYgFozVA9tUIUGDDFbqOSACZ6tSrXDzHTfmA2l7zz4tizi/yX57SLjg3kIXKWfwo3nOEJm9xGL/4PyxaXQlNsd3srBrYl9/L78563ExKJ0UvnqKTjvuhRIsm3+E9eFhYAq1Wd/xBIXKPZEK8VwcrEQJqBnEi/2RL0jDULYMR8=</wsse:BinarySecurityToken>
- <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsu-targetID-eed81bc1-2818-11de-a649-000e0cf559d1">
<wsu:Created ValueType="xsd:dateTime">2009-04-13T10:50:41Z</wsu:Created>
<wsu:Expires ValueType="xsd:dateTime">2009-04-13T10:55:41Z</wsu:Expires>
</wsu:Timestamp>
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <ds:Reference URI="#wsuid-body-eed81bc0-2818-11de-cc6a-000e0cf559d1">
- <ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ybxqsfOoHwh8eItwlr2GgCzrN8Y=</ds:DigestValue>
</ds:Reference>
- <ds:Reference URI="#wsu-targetID-eed81bc1-2818-11de-a649-000e0cf559d1">
- <ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Kdki/tVoqS6zmkF7x8nA19QouzM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>a60173OR4QNYvp/0nEFjPaR2wR6glTj1FQO31YNGn0NR5XKuB2Ye3dfsfwfB6bdDEmXwvOcEfNln grH7hjoItDC1z8luCpXjs7Gy2viF4XCOdgqxC6MnFOwdZpKodrjESYTjzsNUiXcHUEntGzv4Ry8U zCEw9lLT7koAcTXk/NM=</ds:SignatureValue>
- <ds:KeyInfo>
- <wsse:SecurityTokenReference>
<wsse:Reference URI="#sap-6" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIE1TCCA72gAwIBAgICGyQwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCU0ExDTALBgNVBAoTBFNBTUExGzAZBgNVBAsTElNBTUEgZVRydXN0IENlbnRlcjEfMB0GA1UEAxMWU0FNQSBTdGFnaW5nIFNoYXJlZCBDQTAeFw0wODA5MTYxMDUyNDJaFw0xMDA5MTYxMDUyMzdaMIGUMQswCQYDVQQGEwJTQTEoMCYGA1UEChMfTkNCQiAtIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuazEoMCYGA1UECxMfTkNCQiBXZWIgUmVnaXN0cmF0aW9uIEF1dGhvcml0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMTG2UtZGhxLXMyMDF3ZWIuc2VjLnNlLmNvbS5zYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2JDBfb/o41YV7/JOBKa0H/zCIF6Szpn5oEEPjIu63UoD2t3uKZgL0pDpKTrl8hNgSfnbePsn9te0sqmstflIUV8OYv6VCUKIL6ZsxcZliFP7LTWcN7VHa5J80zwJpuZI0lSOTmssRfTczT5wbRiJuf/z/ZUsc9VvP7hMT93Vc0CAwEAAaOCAewwggHoMIIBPAYDVR0gBIIBMzCCAS8wggErBg0rBgEEAYGHHQEBBgUBMIIBGDCB1QYIKwYBBQUHAgIwgcgagcVUaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBieSBTQU1BIGVUcnVzdCBDZW50ZXIgb24gYmVoYWxmIG9mIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuayAoTkNCQikuIE5laXRoZXIgU0FNQSBub3IgTkNCQiBhY2NlcHQgYW55IGxpYWJpbGl0eSBmb3IgYW55IGNsYWltIGV4ZXB0IGFzIGV4cHJlc3NseSBwcm92aWRlZCBpbiB0aGlzIENQLjABggrBgEFBQcCARYyaHR0cDovL3d3dy5lVHJ1c3RjZW50ZXIuY29tLnNhL2RvY3Mvcm9vdGNhX2Nwcy5wZGYwMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzABhhRodHRwOi8vMTAuMTMxLjEuNjo4MDALBgNVHQ8EBAMCA7gwJwYDVR0lBCAwHgYIKwYBBQUHAwQGCCsGAQUFBwMHBggrBgEFBQcDATAfBgNVHSMEGDAWgBSgYJsSh4qnwzTjhepPMHVJj9ncDAdBgNVHQ4EFgQUXWMeLP/opd8VqdnCf/xSX0/dD8wDQYJKoZIhvcNAQEFBQADggEBAJ2Pjv0V8ke9Vxe4FAOVJ7Hi67STUnad6gIIeT2wTUYwZD9dFf2g4NJnqJ2SF3Q9QKw5rBofU1SjuFw11hnQ3G3UK6Erkn7klS0/vVrAEAg55nzDhYPU3uZyVoobJmtLgNk507U7qkIL86p8tPCDlZoN23od1RG8uAP4K3TyiYgFozVA9tUIUGDDFbqOSACZ6tSrXDzHTfmA2l7zz4tizi/yX57SLjg3kIXKWfwo3nOEJm9xGL/4PyxaXQlNsd3srBrYl9/L78563ExKJ0UvnqKTjvuhRIsm3+E9eFhYAq1Wd/xBIXKPZEK8VwcrEQJqBnEi/2RL0jDULYMR8=</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sap-6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIE1TCCA72gAwIBAgICGyQwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCU0ExDTALBgNVBAoTBFNBTUExGzAZBgNVBAsTElNBTUEgZVRydXN0IENlbnRlcjEfMB0GA1UEAxMWU0FNQSBTdGFnaW5nIFNoYXJlZCBDQTAeFw0wODA5MTYxMDUyNDJaFw0xMDA5MTYxMDUyMzdaMIGUMQswCQYDVQQGEwJTQTEoMCYGA1UEChMfTkNCQiAtIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuazEoMCYGA1UECxMfTkNCQiBXZWIgUmVnaXN0cmF0aW9uIEF1dGhvcml0eTELMAkGA1UECxMCSVQxJDAiBgNVBAMTG2UtZGhxLXMyMDF3ZWIuc2VjLnNlLmNvbS5zYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2JDBfb/o41YV7/JOBKa0H/zCIF6Szpn5oEEPjIu63UoD2t3uKZgL0pDpKTrl8hNgSfnbePsn9te0sqmstflIUV8OYv6VCUKIL6ZsxcZliFP7LTWcN7VHa5J80zwJpuZI0lSOTmssRfTczT5wbRiJuf/z/ZUsc9VvP7hMT93Vc0CAwEAAaOCAewwggHoMIIBPAYDVR0gBIIBMzCCAS8wggErBg0rBgEEAYGHHQEBBgUBMIIBGDCB1QYIKwYBBQUHAgIwgcgagcVUaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBieSBTQU1BIGVUcnVzdCBDZW50ZXIgb24gYmVoYWxmIG9mIE5hdGlvbmFsIENvbW1lcmNpYWwgQmFuayAoTkNCQikuIE5laXRoZXIgU0FNQSBub3IgTkNCQiBhY2NlcHQgYW55IGxpYWJpbGl0eSBmb3IgYW55IGNsYWltIGV4ZXB0IGFzIGV4cHJlc3NseSBwcm92aWRlZCBpbiB0aGlzIENQLjABggrBgEFBQcCARYyaHR0cDovL3d3dy5lVHJ1c3RjZW50ZXIuY29tLnNhL2RvY3Mvcm9vdGNhX2Nwcy5wZGYwMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzABhhRodHRwOi8vMTAuMTMxLjEuNjo4MDALBgNVHQ8EBAMCA7gwJwYDVR0lBCAwHgYIKwYBBQUHAwQGCCsGAQUFBwMHBggrBgEFBQcDATAfBgNVHSMEGDAWgBSgYJsSh4qnwzTjhepPMHVJj9ncDAdBgNVHQ4EFgQUXWMeLP/opd8VqdnCf/xSX0/dD8wDQYJKoZIhvcNAQEFBQADggEBAJ2Pjv0V8ke9Vxe4FAOVJ7Hi67STUnad6gIIeT2wTUYwZD9dFf2g4NJnqJ2SF3Q9QKw5rBofU1SjuFw11hnQ3G3UK6Erkn7klS0/vVrAEAg55nzDhYPU3uZyVoobJmtLgNk507U7qkIL86p8tPCDlZoN23od1RG8uAP4K3TyiYgFozVA9tUIUGDDFbqOSACZ6tSrXDzHTfmA2l7zz4tizi/yX57SLjg3kIXKWfwo3nOEJm9xGL/4PyxaXQlNsd3srBrYl9/L78563ExKJ0UvnqKTjvuhRIsm3+E9eFhYAq1Wd/xBIXKPZEK8VwcrEQJqBnEi/2RL0jDULYMR8=</wsse:BinarySecurityToken>
</wsse:Security>
</SOAP:Header>
- <SOAP:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-body-eed81bc0-2818-11de-cc6a-000e0cf559d1">
- <ns0:MasterData xmlns:ns0="http://s24dh043/SA2SEC/WSD/SATOSEC">
- <MasterData_Input>
<PARTNER_ID>XYZ</PARTNER_ID>
</MasterData_Input>
</ns0:MasterData>
</SOAP:Body>
</SOAP:Envelope>
In the above soap envelope tag "BinarySecurityToken" repeated thrice. So is it the standard method or I am missing any configuration. Becacuse our partner(webmethods) understands only one occurance of "BinarySecurityToken" in soap message.
Edited by: Santhosh on Apr 13, 2009 1:42 PM

Hi ,
Just a few pointers:
"Element caching should not be used at the top levels of an XML document by a generic encoder, since it is
unlikely that the full document would be repeated. With SOAP, it is typically wise to start element caching at the
third level, i.e. leave Envelope and Body alone. Of course, if the encoder has more knowledge of the messages
sent, going further up may pay off."
regards
joel

WSM Sign Message - BinarySecurityToken ordering in Soap message

Hi,
We are trying to send X509 signed messages to a remote client who is using WSE 3.0. WSM is using a Reference URI in SecurtiyTokenReference which relates to a BinarySecurityToken. Currently the BinarySecurityToken follows the SecurityTokenReference in the SOAP message we are sending. The 3rd party has asked we ensure the BST comes first in SOAP:
Has anybody come accross this before or have any suggestions for OWSM on how to make this happen?
*{color:#ff0000}Currently:{color}*
<?xml version="1.0" encoding="UTF-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#_1wUgSgZOxWwla32XNs9alA22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>it3C2jxQsyJg3cu4lJw1bi1yE50=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#_FZT6dshZtCCekjthPWe1BQ22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>KRsvU/IqWlCPd8ywrmO3EAg5TTg=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>KW8qS+50jy8CQeH9dfZCOAT0yWIUJpRysEOG+yucD6wj7VgRA8VXQLkn9yuG+G85ndVXyydCDrFyapJNL8MyEa3XI/oYWaB2Q2OFCg+ctxm7wbkwN+Wgdh/nxOp9Wls447wxfwiBF9N8XIWmGwyKa103rixazzIf1l1vny7cw+M=</dsig:SignatureValue>
{color:#ff0000}<dsig:KeyInfo>
<wsse:SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#BST-1PYIu9y1RAUXT74Pde0XvQ22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-1PYIu9y1RAUXT74Pde0XvQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">*token in here+*</wsse:BinarySecurityToken>{color}
Should be:
<?xml version="1.0" encoding="UTF-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#_1wUgSgZOxWwla32XNs9alA22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>it3C2jxQsyJg3cu4lJw1bi1yE50=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#_FZT6dshZtCCekjthPWe1BQ22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>KRsvU/IqWlCPd8ywrmO3EAg5TTg=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>KW8qS+50jy8CQeH9dfZCOAT0yWIUJpRysEOG+yucD6wj7VgRA8VXQLkn9yuG+G85ndVXyydCDrFyapJNL8MyEa3XI/oYWaB2Q2OFCg+ctxm7wbkwN+Wgdh/nxOp9Wls447wxfwiBF9N8XIWmGwyKa103rixazzIf1l1vny7cw+M=</dsig:SignatureValue>
{color:#ff0000}<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-1PYIu9y1RAUXT74Pde0XvQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">*token in here+*</wsse:BinarySecurityToken>
<dsig:KeyInfo>
<wsse:SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#BST-1PYIu9y1RAUXT74Pde0XvQ22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>{color}

This is registered as BUG 8359856 with Oracle Support.

Signing a soap message seems to not work in jwsdp14

I'm trying to sign a soap message according to the latest oasis specifications (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf) using the libraries provided with jwsdp14 (mainly xmlsec.jar).
As far as I know, there is not yet documention/example about this specific issue.
The following is the code I have to sign a soap message: it seems to work fine because the signed soap message respects the above specifications... but what I notice is that the digest and the signature values it contains are always the same, I mean: if i change the source soap message, the signed soap message in output is always the same!
Any clue??
import com.sun.org.apache.xml.security.Init;
import com.sun.org.apache.xml.security.signature.XMLSignature;
import com.sun.org.apache.xml.security.transforms.Transforms;
import com.sun.org.apache.xml.security.utils.Constants;
import com.sun.xml.wss.*;
import com.sun.xml.wss.reference.DirectReference;
import org.w3c.dom.Document;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPBody;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
public class Main {
public static void main(String[] args) {
// The file from which we will load the sample SOAP message
String fileName = "F:\\SampleSoapMessage.xml";
// Store the WSSE signed message here
String signatureFileName = "F:\\SignedSampleSoapMessage.xml";
try {
// Initialize the apache libraries
Init.init();
// Obtain security elements from the keystore
PrivateKey privateKey = MySecurityUtils.getPrivateKey();
X509Certificate cert = MySecurityUtils.getCertificate();
// Obtain a sample SOAPMessage from a file
FileInputStream fis = new FileInputStream(new File(fileName));
Document doc = XMLUtil.toDOMDocument(fis);
SOAPMessage message = MyFileUtils.getMessageFromFile(doc);
SOAPHeader header = message.getSOAPHeader();
SOAPBody body = message.getSOAPBody();
// Set the wsu:Id attribute to the Body
XMLUtil.setWsuIdAttr(body, "MyId");
// Create a WSSE context for the SOAP message
SecurableSoapMessage sssm = new SecurableSoapMessage(message);
// Create a security header for the message (<wsse:Security>)
SecurityHeader sh = sssm.findOrCreateSecurityHeader();
// Insert the certificate (<wsse:BinarySecurityToken>)
X509SecurityToken stoken = new X509SecurityToken(header.getOwnerDocument(), cert, "X509TokenRef");
sh.insertHeaderBlock(stoken);
// Insert the keyinfo referring to the certificate (<ds:KeyInfo>)
KeyInfoHeaderBlock kihb = new KeyInfoHeaderBlock(header.getOwnerDocument());
SecurityTokenReference secTR = new SecurityTokenReference(header.getOwnerDocument());
DirectReference dirRef = new DirectReference();
dirRef.setURI("#X509TokenRef");
secTR.setReference(dirRef);
kihb.addSecurityTokenReference(secTR);
//sh.insertHeaderBlock(kihb);
// Insert the Signature block (<ds:Signature>)
SignatureHeaderBlock shb = new SignatureHeaderBlock(header.getOwnerDocument(), XMLSignature.ALGO_ID_SIGNATURE_RSA);
Transforms transforms = new Transforms(header.getOwnerDocument());
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
shb.addSignedInfoReference("#MyId", transforms, Constants.ALGO_ID_DIGEST_SHA1);
shb.addChildElement(kihb.getAsSoapElement());
sh.insertHeaderBlock(shb);
// Digest all References (#MyId) in the SignedInfo, calculate the signature value
// and set it in the SignatureValue Element
shb.sign(privateKey);
// Add the signature data to the header element
header.addChildElement(sh.getAsSoapElement());
// Save the signed SOAP message
FileOutputStream fos = new FileOutputStream(new File(signatureFileName));
message.writeTo(fos);
message.writeTo(System.out);
} catch (Exception exc) {
exc.printStackTrace();
System.out.println("An error has occurred : " + exc.toString());
PS: Classes MySecurityUtils and MyFileUtils are not included since they have nothing interesting.
The sample input sopa message is:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<Intestazione>
</Intestazione>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
and the output signed sample message is:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#MyId">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
YdKNSPWnx630AYeZ6AXVco1b0RMo8C3WWbziq7C009gg4nhknEZmH0ds78y328SgAlAAVR6Swwok
HE3OWgL8TZ1Ks0IimmmDd8/XIb2KlfiqnUNtTjGjUn9FLQEv/CMbmrCr7EO9rf/N+0cyAyGzrKo5
ieEQhtZy9uZAKh2mrmM=
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#X509TokenRef"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo></ds:Signature><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="X509TokenRef">MIIDITCCAsugAwIBAgIQIdu5EMFuQntM5IBOMeFcETANBgkqhkiG9w0BAQUFADCBqTEWMBQGA1UE
ChMNVmVyaVNpZ24sIEluYzFHMEUGA1UECxM+d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1Rl
c3RDUFMgSW5jb3JwLiBCeSBSZWYuIExpYWIuIExURC4xRjBEBgNVBAsTPUZvciBWZXJpU2lnbiBh
dXRob3JpemVkIHRlc3Rpbmcgb25seS4gTm8gYXNzdXJhbmNlcyAoQylWUzE5OTcwHhcNMDQwODA1
MDAwMDAwWhcNMDQwODE5MjM1OTU5WjBhMQswCQYDVQQGEwJJVDENMAsGA1UECBMEUk9NQTENMAsG
A1UEBxQEcm9tYTEOMAwGA1UEChQFaXNzcGExDjAMBgNVBAsUBWNoaWVmMRQwEgYDVQQDFAt3d3cu
dGVzdC5pdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtIsomDk9VthgMorPmG0dAwqLtTBi
U69liwopwrnAbtzIiO56R9yh4tXvG9+QWtEFRcDHVwWi9YdaHQFCvjymnNYDUHkpJsWp11nIAfOA
k+d9v1YDje4S6oba7tsIJSEkUu7LQ888Q3cGt/KUaEu6b0lZJ5zY9slK0onUPeTB3e8CAwEAAaOB
0TCBzjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3Js
LnZlcmlzaWduLmNvbS9TZWN1cmVTZXJ2ZXJUZXN0aW5nQ0EuY3JsMFEGA1UdIARKMEgwRgYKYIZI
AYb4RQEHFTA4MDYGCCsGAQUFBwIBFipodHRwOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5
L1Rlc3RDUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA0EA
Y66OqTOpHcpNUPlD4A38s8bPIIjrf+C+Wv08lUj+DGN5pm+gBWdbWEGaQmqU8fPPtGrQnHz2NAUr
ZmLaEw/qKw==</wsse:BinarySecurityToken></wsse:Security></SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="MyId">
<aTag>
<aChild>a value</aChild>
</aTag>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
NOTE: Check the value of <ds:SignatureValue> and <ds:DigestValue>: they never change even if I change the body of the source message.

Quoting Farrukh's reply to this question on java.net -
I can share some examples of how I have used JWSDP 1.4 and XML DSIG API to sign and verify a "standalone" soap message with and without mime attachments.
Please see the following Utility class written for the freebXML Registry project [1] for an example of how to do what you seek:
http://cvs.sourceforge.net/viewcvs.py/ebxmlrr/omar/src/java/org/freebxml/omar/common/security/SecurityUtil.java?view=markup
See methods signSOAPMessage(...), signPayload(...), verifySOAPMessage(...) and verifyPayloadSignature(...)
What you are trying to do is definitely doable and has been done with JWSDP 1.4. In my experience XML DSIG API met my needs very well.
Best of luck.
[1] freebXML Registry Project:
http://ebxmlrr.sourceforge.net
---------------------------------------------------------------------------------

I need to secure SOAP message sent into SOAP adapter, how to?

Hi guys,
My scenario uses SOAP and I need to secure this SOAP message sent into SOAP adapter. As I have read in the documentation, HTTPS is possible only on the SOAP receiver adapter. But my is SENDER.
COuld you help me please, how to solve it? Or post some link? Or, if you have your own approach, to let me know?
Thanx, Peter

Hi,
you can use SSL with the sender adapter. Please see the extract of the SOAP Adapter FAQ (Note #856597) below:
Q: Can I use SSL for my sender adapter?
A: Yes. Normally, the SOAP adapter servlet runs on the engines HTTP port. But you can activate the engine's HTTPS port so that this servlet can receive messages sent to the HTTPS port. See the documentation about the J2EE engine's security configuration.
I am afraid, I haven't yet tried this myself, so you will need to consult the J2EE documentation.
Regards,
HC

OWSM SAML Verify step problem: Missing Security Header in SOAP message

I'm having a problem with SAML steps. From gateway log:
2008-09-17 13:21:32,987 INFO [HTTPThreadGroup-58] saml.InsertSAMLSVStep - User attributes map set to generate the attribute assertions: null
2008-09-17 13:21:33,034 INFO [HTTPThreadGroup-60] saml.SAMLProcessor - Assertion Major Version :1 , Minor Version :1
2008-09-17 13:21:33,034 WARNING [HTTPThreadGroup-60] saml.SAMLProcessor - SAML Assertion verification error: An invalid token was provided
2008-09-17 13:21:33,034 WARNING [HTTPThreadGroup-60] saml.VerifySAMLStep - SAML Token verification failed:
2008-09-17 13:21:33,096 SEVERE [HTTPThreadGroup-58] wssecurity.OSDTWSSecurity - Missing Security Header in SOAP message
2008-09-17 13:21:33,096 WARNING [HTTPThreadGroup-58] wssecurity.SecurityBaseStep - Failure while applying XML Security
FAULT CODE: InvalidSecurity FAULT MESSAGE: Missing WS Security header in the SOAP message
at com.cfluent.policysteps.security.wssecurity.OSDTWSSecurity.decryptVerify(OSDTWSSecurity.java:369)
at com.cfluent.policysteps.security.wssecurity.DecryptStep.performXmlSecurity(DecryptStep.java:131)
at com.cfluent.policysteps.security.wssecurity.SecurityBaseStep.execute(SecurityBaseStep.java:238)
at com.cfluent.pipelineengine.container.DefaultPipeline.executeStep(DefaultPipeline.java:124)
but the wsse:Security header with SAML assertion IS confirmed in the incoming message log. Anybody seen this issue?

Below is the log of the incoming message just prior to the failing SAML Verify step:
<?xml version="1.0" encoding="UTF-8" ?>
- <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://exception.common.periop.gehc.com" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="http://www.patient.patientmanager.periop.gehc.com/service/" xmlns:ns3="http://entity.common.periop.gehc.com" xmlns:ns4="http://entity.patient.patientmanager.periop.gehc.com" xmlns:ns5="http://entity.allergy.patientmanager.periop.gehc.com" xmlns:ns6="http://pdo.domain.customizer.periop.gehc.com" xmlns:ns7="http://entity.cases.scheduler.periop.gehc.com" xmlns:ns8="http://entity.insurance.patientmanager.periop.gehc.com">
- <env:Header>
- <ns1:Security>
- <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="158RBY2QvCFPiTqdXYWh9A22" IssueInstant="2008-09-17T19:58:43Z" Issuer="GE" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2008-09-17T19:58:13Z" NotOnOrAfter="2008-09-17T19:59:43Z" />
- <saml:AuthenticationStatement AuthenticationInstant="2008-09-17T19:58:43Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
- <saml:Subject>
<saml:NameIdentifier NameQualifier="www.ge.com" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">gowri</saml:NameIdentifier>
- <saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
</ns1:Security>
</env:Header>
- <env:Body>
- <ns2:getPatient>
<ns2:patientId>137115</ns2:patientId>
</ns2:getPatient>
</env:Body>
</env:Envelope>

Exception created : flex.messaging.security.SecurityException

Hi ,
The message below keep appearing in the systemout.log file. Any idea?
00002ca4 webcontainer E com.ibm.ws.webcontainer.WebContainer handleRequest SRVE0255E: A WebGroup/Virtual Host to handle / has not been defined.
00002ca4 servlet       E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0068E: Uncaught exception created in one of the service methods of the servlet documents in application LiveCycleES2. Exception created : flex.messaging.security.SecurityException
    at com.adobe.workspace.users.Authentication.validateContext(Authentication.java:445)
    at com.adobe.workspace.tasks.DocumentServlet.doGet(DocumentServlet.java:166)
00002ca4 webcontainer E com.ibm.ws.webcontainer.WebContainer handleRequest SRVE0255E: A WebGroup/Virtual Host to handle / has not been defined.
00002ca4 webapp        E com.ibm.ws.webcontainer.webapp.WebApp logServletError SRVE0293E: [Servlet Error]-[documents]: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method PROPFIND is not defined in RFC 2068 and is not supported by the Servlet API
    at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext. java:637)
    at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:1187)
-Dhiyane

Hello Nitin,
i didnt say that its working fine with ATG REST. i mentioned that its working fine with 10.0.2 version of ATG but not with ATG10.1.1 . Also i am using SOAP only in both the versions. i am getting the boolean exception in the line where will i pass username, password and ispasswordEncrpted. i am passing defalut username,
password and false(ispasswordencrypted).
so can you help me on this.
i am pasting my clinet program here
public class LoginClient {
* @param args
* @throws RemoteException
* @throws ServletException
* @throws SecurityException
* @throws ServiceException
public static void main(String[] args) throws SecurityException, ServletException, RemoteException, ServiceException {
/*System.getProperties().put("socksProxyHost", "172.26.183.65");
System.getProperties().put("socksProxyPort", "8180");*/
LoginUserSEIService loginService = new LoginUserSEIServiceLocator();
LoginUserSEI loginStub = loginService.getLoginUserSEIPort();
org.apache.axis.client.Stub axisStub = (org.apache.axis.client.Stub) loginStub;
CookieContainer cookieContainer = new CookieContainer();
axisStub.setMaintainSession(true);
// Don't allow XML elements to reference other XML elements
axisStub._setProperty(AxisEngine.PROP_DOMULTIREFS, new Boolean(false));
// Push cookies onto the Stub
cookieContainer.pushCookies(axisStub);
String userId = loginStub.loginUser("[email protected]", " password", false);
// Get cookies out of the Stub, and pass them to subsequent calls as needed
cookieContainer.extractCookies(axisStub);
System.out.println("User ID : " + userId);

Adding PDF file as attachment to SOAP message

Hi,
I want to add a pdf file from the hard disk to a soap message as attachment. I have the following code:
// CREATE MESSAGE
SOAPMessage msg= fac.createMessage();
SOAPEnvelope nEnv= msg.getSOAPPart().getEnvelope();
//READ FILE FROM THE HD
String pdfFileName = "somepdffile.pdf";
FileReader fr = new FileReader(pdfFileName);
BufferedReader buffr = new BufferedReader(fr);
String sPdf="";
String line = testB.readLine();
while(line!=null)
sPdf += line;
line = testB.readLine();
//WRITE THE FILE TO BYTE ARRAY AND THEN TO STREAM
byte[] pdfData = sPdf.getBytes();
ByteArrayInputStream stream = new ByteArrayInputStream(pdfData);
//CREATE ATTACHMENT ADD THE STREAM AS CONTENT
AttachmentPart attPDF = msg.createAttachmentPart();
attPDF.setContent(stream, "application/pdf");
msg.addAttachmentPart(attPDF);
return msg;
I GET THE NEXT EXCEPTION:
javax.activation.UnsupportedDataTypeException: no object DCH for MIME type application/pdf
at javax.activation.ObjectDataContentHandler.writeTo(DataHandler.java:851)
at javax.activation.DataHandler.writeTo(DataHandler.java:305)
at javax.mail.internet.MimeBodyPart.writeTo(MimeBodyPart.java:1089)
at javax.mail.internet.MimeBodyPart.writeTo(MimeBodyPart.java:635)
at javax.mail.internet.MimeMultipart.writeTo(MimeMultipart.java:233)
at com.sun.xml.messaging.soap.MessageImpl.saveChanges(MessageImpl.java:356)
at javax.xml.messaging.JAXMServlet.doPost(JAXMServlet.java:192)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:190)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2343)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:468)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1012)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1107)
at java.lang.Thread.run(Thread.java:536)
javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.messaging.JAXMException: Bad response: (500, Internal Server Error)
at com.sun.xml.messaging.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:93)
at mp.soap.SendingServlet.getPolisPrint(SendingServlet.java:320)
at mp.soap.SendingServlet.doPost(SendingServlet.java:234)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:190)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2343)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:468)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1012)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1107)
at java.lang.Thread.run(Thread.java:536)
CAN ANYONE TELL ME WHAT THE SOLUTION IS ?
PLEASE HELP ME !!!
Birol

testB == buffr ! Sorry.
IT IS STILL NOT WORKING !!!!!
// CREATE MESSAGE
SOAPMessage msg= fac.createMessage();
SOAPEnvelope nEnv= msg.getSOAPPart().getEnvelope();
//READ FILE FROM THE HD
String pdfFileName = "somepdffile.pdf";
FileReader fr = new FileReader(pdfFileName);
BufferedReader buffr = new BufferedReader(fr);
String sPdf="";
String line = buffr.readLine();
while(line!=null)
sPdf += line;
line = buffr.readLine();
//WRITE THE FILE TO BYTE ARRAY AND THEN TO STREAM
byte[] pdfData = sPdf.getBytes();
ByteArrayInputStream stream = new ByteArrayInputStream(pdfData);
//CREATE ATTACHMENT ADD THE STREAM AS CONTENT
AttachmentPart attPDF = msg.createAttachmentPart();
attPDF.setContent(stream, "application/pdf");
msg.addAttachmentPart(attPDF);
return msg;

SAAJServet error when sending a SOAP message on 10.1.2

Hi,
We have deployed a server application in OC4J 10.1.2 with a servlet listening for SOAP messages (SAAJ 1.2). If we use Standalone OC4J with SSL enabled and HTTPS communication between client app and server, it works fine, but when we move it to an Application Server environment where client goes HTTPS to the frontend HTTP_Server and then AJP to the OC4J, the following exception appears on the application.log:
07/03/27 17:48:36 application/gpm-0.1: Servlet error
javax.servlet.ServletException: SAAJ POST failed Unable to internalize message
at com.sun.xml.messaging.soap.server.SAAJServlet.doPost(SAAJServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:663)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind
Any ideas what can go wrong here, or where else to look?
Message was edited by:
[email protected]

The standalone OC4J is 10.1.3, sorry. Nevertheless, we include all the libraries we use (saaj and dependencies) in the appliaction .ear archive that we deploy in both environments. May be a configuration issue?

Issue in receiving custom header in response SOAP message

Hi,
I have created a simple BPEL process with custom headers in request and response message.
I tried to send SOAP message through SOAPUI tool. Service is getting instantiated, able to access the request header and able to send response message. But only body is send as response message. Header is not sent in the response message.
Also tried to invoke the above service through another BPEL process. I could able to send the header through request but not able to receive the header in response message.
Pls. throw some light on this..
Regards
Jude.

Hi,
Input request is working as you mentioned but the output custom headers are not working. When I use bpelx:outputHeaderVariable="varOutManifest" I am getting exception while running the interface. So I used bpelx:outputHeaderVariables="varOutManifest" but I am not getting back the custom header from the partner service to the variable.
Any hint.
receive:
bpelx:headerVariable="varManifest varSecurity"
reply:
bpelx:inputHeaderVariable="varOutManifest"
Invoke:
bpelx:outputHeaderVariables="varOutManifest"
bpelx:inputHeaderVariable="varManifest varSecurity"
Is anything wrong?
I am on 10.1.3.3.1 MLR # 14. I am getting following exception when I use bpelx:outputHeaderVariable.
<2009-03-06 17:33:36,840> <ERROR> <default.collaxa.cube> <BaseCubeSessionBean::logError> Error while invoking bean "delivery": [com.oracle.bpel.client.ServerException: 1] -> [java.lang.ArrayIndexOutOfBoundsException: 1]
java.lang.ArrayIndexOutOfBoundsException: 1
 at com.collaxa.cube.ejb.impl.DeliveryBean.request(DeliveryBean.java:109)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.interceptor.system.JAASInterceptor$1.run(JAASInterceptor.java:31)
 at com.evermind.server.ThreadState.runAs(ThreadState.java:646)
 at com.evermind.server.ejb.interceptor.system.JAASInterceptor.invoke(JAASInterceptor.java:34)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.interceptor.system.TxRequiredInterceptor.invoke(TxRequiredInterceptor.java:50)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
 at com.evermind.server.ejb.StatelessSessionEJBObject.OC4J_invokeMethod(StatelessSessionEJBObject.java:87)
 at DeliveryBean_RemoteProxy_4bin6i8.request(Unknown Source)
 at com.collaxa.cube.ws.soap.oc4j.SOAPRequestProvider.processNormalOperation(SOAPRequestProvider.java:451)
 at com.collaxa.cube.ws.soap.oc4j.SOAPRequestProvider.processBPELMessage(SOAPRequestProvider.java:274)
 at com.collaxa.cube.ws.soap.oc4j.SOAPRequestProvider.processMessage(SOAPRequestProvider.java:120)
 at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:956)
 at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:349)
 at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:466)
 at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:114)
 at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:96)
 at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:177)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
 at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
 at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
 at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
 at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
 at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
 at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
 at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
 at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
 at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
 at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
 at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
 at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
 at com.collaxa.cube.engine.ext.wmp.BPELInvokeWMP.__callback(BPELInvokeWMP.java:626)
 at com.collaxa.cube.engine.ext.wmp.BPELInvokeWMP.__executeStatements(BPELInvokeWMP.java:436)
 at com.collaxa.cube.engine.ext.wmp.BPELActivityWMP.perform(BPELActivityWMP.java:195)
 at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:3703)
 at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1652)
 at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:75)
 at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:184)
 at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:281)
 at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:5689)
 at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:1082)
 at com.collaxa.cube.engine.ejb.impl.CubeEngineBean.createAndInvoke(CubeEngineBean.java:132)
 at com.collaxa.cube.engine.ejb.impl.CubeEngineBean.syncCreateAndInvoke(CubeEngineBean.java:161)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.interceptor.system.JAASInterceptor$1.run(JAASInterceptor.java:31)
 at com.evermind.server.ThreadState.runAs(ThreadState.java:646)
 at com.evermind.server.ejb.interceptor.system.JAASInterceptor.invoke(JAASInterceptor.java:34)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.interceptor.system.TxRequiresNewInterceptor.invoke(TxRequiresNewInterceptor.java:52)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
 at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
 at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
 at com.evermind.server.ejb.StatelessSessionEJBObject.OC4J_invokeMethod(StatelessSessionEJBObject.java:87)
 at CubeEngineBean_LocalProxy_4bin6i8.syncCreateAndInvoke(Unknown Source)
 at com.collaxa.cube.engine.delivery.DeliveryHandler.initialRequestAnyType(DeliveryHandler.java:515)
 at com.collaxa.cube.engine.delivery.DeliveryHandler.initialRequest(DeliveryHandler.java:457)
 at com.collaxa.cube.engine.delivery.DeliveryHandler.request(DeliveryHandler.java:131)
 at com.collaxa.cube.ejb.impl.DeliveryBean.request(DeliveryBean.java:95)
 ... 48 more
Thanks,
Arul
Edited by: user599098 on Mar 6, 2009 2:42 PM

ABAP runtime error in sxmb_moni when SOAP message has header with some tags

Hi!!!
I have a problem with sxmb_moni transaction.
If I double-click on a successfully processed
message, then this monitor can't show me
the message details but fails with the following error:
<COPY_AND_PASTE_FROM_SCREEN>
Runtime errors OBJECTS_OBJREF_NOT_ASSIGNED_NO
Exception CX_SY_REF_IS_INITIAL
Occurred on 02.03.2005 at 16:44:21
Access with 'ZERO' object reference not possible.
What happened?
Error in ABAP application program.
The current ABAP program "CL_XMS_PROP_STRING============CP " had to be
terminated because one of the
statements could not be executed.
This is probably due to an error in the ABAP program.
</COPY_AND_PASTE_FROM_SCREEN>
This situation takes place only when I want
to look at a SOAP message which was sent to XI
from .Net platform or was sent to
.Net platform from XI (via SOAP adapter).
In all other cases sxmb_moni works fine.
I know that the problem is connected with some tags from Header record of SOAP message:
 <soap:Header>
 <wsa:Action>http://aaa.bbb.ccc/MessageResponse</wsa:Action>
 <wsa:MessageID>uuid:1838f870-1688-4cfe-8c4f-afe14d98c515</wsa:MessageID>
 <wsa:RelatesTo>uuid:308b950f-8cff-4b63-9861-93b041825f9d</wsa:RelatesTo>
 <wsa:To>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:To>
 <wsse:Security>
 <wsu:Timestamp wsu:Id="Timestamp-389847df-8760-4d57-9777-6ce159d85205">
 <wsu:Created>2005-03-02T08:54:29Z</wsu:Created>
 <wsu:Expires>2005-03-02T08:59:29Z</wsu:Expires>
 </wsu:Timestamp>
 </wsse:Security>
 </soap:Header>
If I take a SOAP message I have problem with, and
I remove all tags from this Header (or remove
the whole Header) and send it from any XML editor
that can send SOAP messages then sxmb_moni hasn't
any problems with showing me details of a such message.
Any hints how to force a .Net platform not to send
a such header or how to force sxmb_moni transaction
not to fail if a such header occurs?
Regards,
Andrzej Filusz

Hi Santhosh
1.Check your authorization settings in XI and R/3. Whether the user has sufficient rights to execute the Function Module etc. This is the most common reason for this error.
2.If the XI system was brought online even before the R/3 system then re-activate the communication channels from the Integration directory.
Cheers..
Vasu
** Reward Points if found useful **

ApplicationResponseFault with namespace longer than 60 in sync soap message

Hi,
we are on pi 7.0 and our scenario is a async-sync bpm. In the sync soap message, the webservice raise an application error. In the response soap message we get the following detail tag:
<detail><ApplicationResponseFault xmlns="http://schemas.datacontract.org/2004/07/BizLayerNT.ServiceLayer.v10"><DocumentResponse xmlns="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2"><Response><ResponseCode xmlns="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2">BusinessReject</ResponseCode></Response></DocumentResponse></ApplicationResponseFault></detail>
In sxi_monitor this application error isn't caught and a system error is generated.
In the system error message we get:
<SAP:Category>XIServer</SAP:Category>
<SAP:Code area="INTERNAL">HTTP_RESP_STATUS_CODE_NOT_OK</SAP:Code>
<SAP:P1>500</SAP:P1>
<SAP:P2>Internal Server Error</SAP:P2>
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>java.lang.NullPointerException at java.util.Hashtable.put(Hashtable.java:393) at com.sap.aii.messaging.mo.MessageContext.setAttribute(MessageContext.java:140) at com.sap.aii.adapter.xi.ms.XIMessage.updateHeaders(XIMessage.java:4271) at com.sap.aii.adapter.xi.ms.XIMessage.getTransportHeaders(XIMessage.java:572) at com.sap.aii.af.ra.ms.impl.ServerConnectionImpl.request(ServerConnectionImpl.java:212) at
In defaulttrace.trc we get ","<sap:ApplicationFaultMessageNamespace> is longer than 60 characters: http://schemas.datacontract.org/2004/07/BizLayerNT.ServiceLayer.v10",":
"09/04/2009","10:22:43:421","unable to generate the header map","Error","","com.sap.aii.adapter.xi.ms.XIMessage.getHeaderMap()","sap.com/com.sap.aii.af.app","SAPEngine_Application_Thread[impl:3]_14","34103150:F:\usr\sap\TPI\DVEBMGS03\j2ee\cluster\server0\log\defaultTrace.trc","001A64317EEE005E00005F2300000A6C000472BC344957CC","com.sap.aii.adapter.xi.ms.XIMessage","","","n/a","b82f88e0992b11dea4d8001a64317eee","","0","0","","0","","","0","com.sap.aii.adapter.xi.ms.XIMessage","SAPEngine_Application_Thread[impl:3]_14","","J2EE_GUEST",
"09/04/2009","10:22:43:421","<sap:ApplicationFaultMessageNamespace> is longer than 60 characters: http://schemas.datacontract.org/2004/07/BizLayerNT.ServiceLayer.v10","Error","","com.sap.aii.messaging.mo.xmb.XMBErrorHeader.marshal(XMLWriter)","sap.com/com.sap.aii.af.app","SAPEngine_Application_Thread[impl:3]_14","34103150:F:\usr\sap\TPI\DVEBMGS03\j2ee\cluster\server0\log\defaultTrace.trc","001A64317EEE005E00005F2200000A6C000472BC34495771","com.sap.aii.messaging.mo.xmb.XMBErrorHeader","http://schemas.datacontract.org/2004/07/BizLayerNT.ServiceLayer.v10,","http://schemas.datacontract.org/2004/07/BizLayerNT.ServiceLayer.v10,","n/a","b82f88e0992b11dea4d8001a64317eee","","0","0","","1","","","0","com.sap.aii.messaging.mo.xmb.XMBErrorHeader","SAPEngine_Application_Thread[impl:3]_14","","J2EE_GUEST",
"09/04/2009","10:22:43:421","Could not process message from 192.168.130.21 due to java.lang.NullPointerException.","Error","","com.sap.aii.af.ra.ms.impl.core.transport.http.MessagingServlet.doPost(HttpServletRequest, HttpServletResponse)","sap.com/com.sap.aii.af.ms.app","SAPEngine_Application_Thread[impl:3]_55","34103150:F:\usr\sap\TPI\DVEBMGS03\j2ee\cluster\server0\log\defaultTrace.trc","001A64317EEE0083000072F700000A6C000472BC344955F3","com.sap.aii.af.ra.ms.impl.core.transport.http.MessagingServlet","192.168.130.21,java.lang.NullPointerException,","192.168.130.21,java.lang.NullPointerException,","SAPDES_TPI_34103150","1d72b100992c11dec67f001a64317eee","PIISUSER","0","0","","1","","","15337","com.sap.aii.af.ra.ms.impl.core.transport.http.MessagingServlet","SAPEngine_Application_Thread[impl:3]_55","","PIISUSER",
"09/04/2009","10:22:43:421","The SAP XI Adapter Framework Messaging Service caught an exception during rendering an XML Message. Details can be found in the trace file for Location com.sap.aii.messaging.mo.xmb. Action: Please contact SAP Support and provide the trace file.","Error","/Applications/ExchangeInfrastructure/AdapterFramework/SAPLibraries/SAPXDK","com.sap.aii.messaging.mo.xmb.XMBErrorHeader.marshal(XMLWriter)","sap.com/com.sap.aii.af.app","SAPEngine_Application_Thread[impl:3]_14","34103150:F:\usr\sap\TPI\DVEBMGS03\j2ee\cluster\server0\log\defaultTrace.trc","001A64317EEE005E00005F2000000A6C000472BC3449559F","com.sap.aii.messaging.mo.xmb.XMBErrorHeader","","","n/a","b82f88e0992b11dea4d8001a64317eee","","0","0","","0","/Applications/ExchangeInfrastructure/AdapterFramework/SAPLibraries/SAPXDK","","0","com.sap.aii.messaging.mo.xmb.XMBErrorHeader","SAPEngine_Application_Thread[impl:3]_14","","J2EE_GUEST",
So I think the problem is due to the namespace length. I'm right?
We can't change the consumed webservice to reduce namespace length and our customer ask us to solve it in PI. Is there any way to change the namespace before to be treated and get a correct application error?
Thanks in advance,
Marc
Edited by: Marc Mauri on Sep 5, 2009 12:06 PM

Hi Neetesh,
we developed our own adapter module. We use it in our receiver soap adapter, module tab, before and after the standard module sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean.
In this audit log secuence you can see that the problem seems not to be solved, because the error is triggered when processing response message inside adapter module sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean, so our module is not called and the problem remains.
2009-09-22 19:06:41 Success Message successfully received by messaging system. Profile: XI URL: http://sapdes:50300/MessagingSystem/receive/AFW/XI Credential (User): PIISUSER
2009-09-22 19:06:41 Success The message status set to DLNG.
2009-09-22 19:06:41 Success Delivering to channel: CC_WS_DOS
2009-09-22 19:06:41 Success MP: Entering module processor
2009-09-22 19:06:41 Success MP: Processing local module *localejbs/AM_OWN_MODULE*
2009-09-22 19:06:41 Success GetHostName: Module called
2009-09-22 19:06:41 Warning Inside my own adapter Module <-- THIS IS A TRACE MESSAGE CODED INSIDE OUR MODULE
2009-09-22 19:06:41 Success MP: Processing local module localejbs/sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean
2009-09-22 19:06:41 Success SOAP: request message entering the adapter with user J2EE_GUEST
2009-09-22 19:06:41 Success SOAP: Web Services Security processing...
2009-09-22 19:06:41 Success SOAP: apply Web Services Security...
2009-09-22 19:06:41 Success SOAP: Web Services Security applied.
2009-09-22 19:06:42 Success SOAP: completed the processing
2009-09-22 19:06:42 Success SOAP: continuing to response message 4d2c88e0-a79a-11de-9ffa-001a64317eee
2009-09-22 19:06:42 Error SOAP: response message contains an error Application/UNKNOWN/APPLICATION_ERROR - application fault <----
THIS ERROR IS DUE TO NAMESPACE LENGHT (WE CAN SEE THIS ERROR IN DEFAULT_TRACE.LOG)
2009-09-22 19:06:42 Success MP: Processing local module localejbs/AM_OWN_MODULE
2009-09-22 19:06:42 Success MP: Leaving module processor
2009-09-22 19:06:43 Success The message was successfully delivered to the application using connection SOAP_http://sap.com/xi/XI/System. 2009-09-22 19:06:43 Success The message status set to DLVD.
Any suggestion?
Thanks in advance,

Settings for enabling message security tab in message display tool

Hi Experts,
We have a scenario where we are sending data by applying web service security using SOAP receiver communication channel .
I want to check message security log along with audit log in message display tool in RWB.
Can anybody know what are the required settings to enable message security tab in message display toolin RWB?
Regards,
Sari

Hello
Check the link, [Security Configuration at Message Level |http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe10000000a1550b0/content.htm], which describes the steps required.
Regards
Mark

SOAP message security

Similar Messages

Maybe you are looking for