SOAP SAP user credentials

Hi
we have an INBOUND SAP PROXY in PI 7.11 calling our SAP BACKEND. We want our partner to call this ws in PI. What user credentials must the user in PI have in order to complete the SOAP call?
thx in advance
Cheers
Edited by: bohamo on Dec 13, 2010 3:21 PM

HI,
    Your question is not fully clear. Looks like you are planning to do Soap to proxy i.e  webservice to proxy.
To provide end users to access your web service, you can go with many options.
a) User credentials login and password.  Talk to basis to create one user for accessing the web service. Something very similar to end user profile.
b) certificate authentication.  We can generate a certificate and maintain in the Netweaver side. Provide that information to the client.
To know more about user credentials or certificate authentication please use the below link.
http://help.sap.com/saphelp_nwpi711/helpdata/en/48/3555240bea31c3e10000000a42189d/content.htm
Thanks
Baskar

Similar Messages

  • Error while scheduling report for SAP users

    Hi All,
    We have SAP authentication enabled in our BO environment. (BO XI 3.1 sp2 FP 2.6 on windows 2003 server).
    There are some webi reports based on BW Bex queries that we are trying to run on behalf of certain SAP end users. This we are doing using "schedule for" option.
    Now what is happening here is if the end user has logged in once in BO system ,it runs fine. But in case user has not logged in to BO (using infoview etc.) ,it throws error saying "incomplete logon data" . Also if user changes or reset his password in BW and if he doesn't login to infoview after that ,system throws another error "Name or password incorrect (repeat logon)".
    Based on these observation, we are suspecting if BO system uses stored SAP users credentials while scheduling report for them based on their last login.
    Would like to mention here that we have checked option "automatically import users".
    Please advice if this behavior is normal or we are missing some setting.
    Thanks in advance,
    Chandra

    Hi All,
    Any pointers or suggestions for this issue ??
    Is there a setting/option avialable in CMC which could resolve these errors.
    Or, user has to login once to infoview in all circumstances to avoid these errors.
    Thanks,
    Chandra

  • SAP WS Navigator is asking for User Credentials

    Hi all,
    When i am trying to test a web service in SAP Transaction SOAMANAGER->WS Navigator , it is displaying a popup to provide Username and Password. I tried giving my User credentials but no luck.
    Can anyone please help me in this issue, of what credentials i should pass through it.
    At least let me know how i can test webservice from SOAPUI, my question is , will it still ask me for user credentials from SOAPUI too.
    Appreciate your help.
    Regards,
    Praveen Kambala.

    Hi Praveen,
    You can also test web service using WSADMIN transaction. In that expand SOAP application for Web serivces. there you can find your web serivce name. Select it and click on Web serivce hompage button or WSDL button in the above.
    Regards,
    Shravan Kumar N

  • SAP PI problem: User credentials are invalid or user is denied access

    Hi!
    I am about to configure SAP PI.
    Therefore I have run post installation wizard step PI_00 and get the following errors:
    Error: Not able to load Function SWF_XI_BPM_AUTO_CUSTOMIZE
    (cause:Name or password is incorrect (repeat logon)).
    Step: Execute SWF_XI_BPM_AUTO_CUSTOMIZE
    Error: User credentials are invalid or user is denied access
    Step: Add Installed Product2
    Questions:
    How can I identify which user/password makes problems here?
    P.S.
    My further problems are:
    2) It is not possible to work with XI tools, such as:
    Integration Directory, Integration Repository, Runtime Workbench
    When I try to execute some action in these tools I get the following error:
    Cannot connect to Repository
    Error during communication with System Landscape Directory: User credentials are invalid or user is denied access.
    2) When I try to access the NetWeaver configuration wizard (http://localhost:50000/nwa)
    I get the followign warnig:
    System Landscape Directory is not available
    Only local systems can be maintened
    Thank you very much
    Thom

    Hi,
    Check the similar discussion  Error in PI postinstallation wizard
    Wrong password PISUPER in PI_00 wizard
    Thanks!
    Edited by: Sudhir Tiwari on Nov 26, 2008 10:29 AM

  • How do you stop BSPs on WebSEAL for asking for user-credentials?

    Hi
    We are currently having an issue with BSP Pages. When we test the BSP pages on the R/3 system they work OK. When we test them directly on the Portal then they too also work. The problem is that they are not working properly on our Intranet.
    The intranet that we use is an IBM Tivoli product (also known as WebSEAL). We currently have WebSEAL SSO to our SAP Portal. This is working OK. When we use WebSEAL to access the portal we are prompted to enter our user-id and password so that the BSP page can be displayed. This should not be happening and it defeats the purpose of SSO. I have attached a screen shot document to demonstate this.
    Some time ago we had a similar issue where the transactions on the portal (when executed from WebSEAL) were giving us a Webdynpro time-out error. I later determined that the cookie information was not being passed to WebSEAL. To fix this, I went to the Visual Administrator and went to server >> services >> web container and for the web container "sap.com/irj" I went to the cookie configuration to add a session cookie. By doing this I fixed my previous problem.
    Coming back to my problem, I had a junction created in WebSEAL to point to the bsp directory (sap/bc/sap/bsp/*) on the host concerned. I had both a SSL and TCP junction created both resulted in error messages - stating that the client (SAP) is asking for user credentials.
    Hoping that I have provided enough information above my question is as follows:
    (1) How can I get the BSP messages to work on WebSEAL such that it will not ask for user credentials to be entered? Would this involve making a further change to a Web Container? If so - which container also needs a session cookie to be generated?
    Thanks
    Kind Regards
    Rajdeep Kumar

    Hi Peter
    I am having an issue with the re-direct and am hoping you might be able to provide a little assistance. If not then not to worry.
    My security department have logged a call with IBM 2 days ago yet have not received any response.
    In your document you mention that you need to have a junction to AS-JAVA and a junction to AS-ABAP.
    We have created the junctions "/sapep" (for AS-JAVA) and "saphr1" (for AS-ABAP).
    The junction /sapep" also contains the junction mapping entries "/irj/" and "/SSOTicket/".
    The direct URL to the hidden image is : https://uadsfi01.auiag.corp:53001/SSOTicket/1x1.gif. I have tested this (using my user id and password) and it works OK.
    When testing the image through TAM (https://test.insideiaghome.iaglimited.net/sapep/SSOTicket/1x1.gif) we get an "unexpected authentication challenge"
    I have reviewed the log below and it seems that we are having an authentication issue with the image:
    ==(START OF LOG)==
    2008-06-16-19:59:58.365+10:00I----- thread(136) trace.pdweb.debug:2 /sand/cholt/laura_amweb510_11LA/src/pdweb/wand/wand/log.c:309: -
    PD ===> BackEnd -
    Thread_ID:52943
    GET /SSOTicket/1x1.gif HTTP/1.1
    via: HTTP/1.1 uattam01:443
    host: uadsfi01.auiag.corp:53001
    user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 2.0.50727)
    iv_server_name: uatin1-webseald-uattam01
    accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
    iagsapid: 52975
    accept-language: en-au
    referer: https://test.insideiaghome.iaglimited.net/sapabap.html
    connection: close
    iv-user: s52975
    2008-06-16-19:59:58.373+10:00I----- thread(136) trace.pdweb.debug:2 /sand/cholt/laura_amweb510_11LA/src/pdweb/wand/wand/log.c:309: -
    PD <=== BackEnd -
    Thread_ID:52943
    HTTP/1.1 401 Unauthorized
    content-type: text/html
    date: Mon, 16 Jun 2008 09:59:58 GMT
    cache-control: no-cache
    content-length: 1787
    www-authenticate: Basic realm="Upload Protected Area"
    server: SAP J2EE Engine/7.00
    expires: 0
    pragma: no-cache
    connection: close
    ==(END OF LOG)==
    When logging into the SAP Portal directly general user ids have no problem accessing this (Non-Administrator portal users), however through Tivoli it is causing an issue.
    Do you know what may be causing this issue?
    Thanks in advance for any assistance you can offer.
    Kind Regards
    Rajdeep Kumar

  • Not able to pass user credentials in a full trust proxy to call web service in Sandbox solution

    Hello,
    I am trying to build a sandbox webpart that calls a windows authenticated webservice to fetch some data. I tried to pass the DefaultCredentials to the webservice proxy but The credentials passed are that of the
    usercodeserviceproxy process ( in my case it is network service) . I  see that the user account trying to authenticate is Domain\machinname$ which is the network service. 
    My question is - is there a way to pass the logged in user credentials to the web service from sandbox proxy ?

    ' in Host Names is not allowed. Our hosname has '_'.
    http://help.sap.com/saphelp_nw70ehp1/helpdata/en/67/be9442572e1231e10000000a1550b0/frameset.htm

  • Dynamic user credentials for XI receiver communication channel

    Hi Experts,
    I am working on File(XML ) to ABAP  proxy scenario. I want to know if I get the user-id and password information to login to R/3 system as part of the XML  payload, can I use this information to connect to R/3 system in my XI Receiver communication channel?
    Using a generic user credentials either in RFC destination or specifying it in communication channel configuration will not work. This is because the requirement is that the objects that will be created in inbound ABAP  proxy (for ex Material Master) should be created with the user information that is coming from payload rather than a generic user.
    Any pointers how to acheive this?
    Thanks and regards,
    Prasad
    Edited by: Prasad MLN on Nov 16, 2009 4:00 PM

    Hi,
        You might want to learn more about Principal Propagation in sap XI:
    http://www.sdn.sap.com/irj/scn/weblogs;jsessionid=(J2EE3417300)ID2039785750DB21057082877817322485End?blog=/pub/wlg/7068%3Fpage%3Dlast%26x-order%3Ddate
    http://help.sap.com/saphelp_nwpi71/helpdata/en/45/0f16bef65c7249e10000000a155369/content.htm
    Regards,
    Ravi Kanth Talagana

  • How to disable web service authentication by sap-user string in url

    Hi Experts,
    I am publish some RFC function as webservice for my SAP AS ABAP, i set the authentication as basic. I can using http basic authentication to call the service and get the result. But it also accept passing user/password through the url string: http://localhost:8001/sap/bc/soap/wsdl11?services=BAPI_PO_CHANGE&sap-client=100&sap-user=myId&sap-password=myPassword
    I want to disable this, make it no user/password through url string. Can anyone tell me how to do it, thanks.
    Best regards,
    Peter

    Well, it's not a backdoor - but (extremely) bad style: an URL should never contain any authentication data (like UID & PWD) nor should it ever contain any (security) session ID (which, if valid, would allow to skip authentication).
    So, I agree with you / your customer: it should be (made) possible to configure the system to discard / ignore any authentication data which is contained in the URL.
    I recommend to submit a customer message to SAP (using message component BC-MID-ICF). You might refer to this SDN posting (by providing the URL) in the support ticket.
    PS: Basic Authentication is not much better but at least the information (UID & PWD) is not sent in the clear (although simply Base64-encoded) and not in the URL (but in the http header). Sending cleartext data in the URL is really the worst. The best is: use stronger authentication mechanisms (e.g. X.509 client certificates, Kerberos, Biometric authentication mechanisms, etc.).

  • CR prompts for user credentials after refresh even though I'm using SSO

    Hello Experts,
    We have a problem with a customeru2019s project concerning Crystal Reportu2019s Single Sign On feature:
    Even though weu2019re using SSO, Crystal Reports prompts for user credentials every time a refresh is performed manually in the browser.
    We already checked SAP note [1214594 - How to avoid database login prompts when refreshing reports in Crystal Reports|http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes_boj/sdn_oss_boj_bi/sap%28bd1lbizjptawmq==%29/bc/bsp/spn/scn_bosap/notes%7B6163636573733d36393736354636443646363436353344333933393338323636393736354637333631373036453646373436353733354636453735364436323635373233443330333033303331333233313334333533393334%7D.do]. The note suggests using Microsoft Windows authentication (trusted connection or operating system authentication) u2013 unfortunately we cannot use this kind of authentication in our project.
    Do you have any hint, idea or suggestions?
    Thank you in advance!

    Hello,
    What kind of Project are you developing? Search for Post Back in the SDK forum and Kbase system so you can keep the log on token active. Likely what is happening is the Token or connection times out after 20 minutes, which is IIS's default timeout. Using the postback method is one way of keeping the SSO connection active.
    Thank you
    Don

  • Using SAP User name without system/client name

    Hello,
    How to display and use i9d3719 instead of db1~100/i9d3719?
    So if I want to lon on to designer, I want to enter i9d3719 in username instead of db1~100/i9d3719. Same goes for wneh an user logs to Webi, their username should be displayed without the SAP system and client id.
    Thanks,
    Nikhil

    Akhil,
    I hope this will never work. Think about your requirement for a second....
    This would mean an application is able to see my user credentials without my knowledge. It's bad enough the know my IP if I'm not using TOR.
    To get your requirement to work you have to redefine it a bit. The user have to log in to your application. The application holds the name together with an ID of the session to know the user in further requests.
    Thats a basic security theme, described in the dos [Adding Security to a Fusion Web Application|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/adding_security.htm] .
    Timo

  • SAP user authentication in ABAP program

    We are  building a custom application in SAP.
    One of the functionality required is - Before printing a certificate ,we need to verify SAP user ID and password.
    Is there any FM in SAP which I can use or any other way by which I can ask user to enter his user ID and password and then autheticate it  against actual SAP credentials.

    Hi,
    try using FM SUSR_CHECK_LOGON_DATA
    with import parameters
      AUTH_METHOD = 'P'
      USERID = <userid>
      PASSWORD= <password>
    Roy

  • How to excute workitem in outlook with out entering SAP Logon Credentials

    Hi Gurus,
    is it possible for excute the  work item in out look with out enteing sap logon credentials of the user ?
    If possible .
    Please guide me how to do ?
    Regards
    RameshG

    i have scheduled this program its working fine .
    iam getting attachment  to my outlook inbox but when i click on that attachment its asking SAP credentials.
    here problem is client don't want enter sap credentials here and client wants to excute the work item with out entering sap credentiols .
    is there any possibiity on this requirment ?
    Thanks in advance.
    RameshG

  • BizTalk User Credentials, Certificates in transport header

    BizTalk handles user credentials in Enterprise Single Sign on and the certificates are stored in Certificate store. I have been asked a general question, Is it possible that user credentials & certificates in a transport header? I am not exactly
    sure on this.
    Vijay

    You were asked this?  The problem is that the question really doesn't make sense because SSO & the Cert Store and any transport header really have nothing to do with each other.
    Also, in the scope of (assuming) an HTTP/SOAP header, it would be highly unusual to have both user credentials and a Certificate because they both exist, in that context, for authentication.
    So, to clarify, yes, you can have user credentials or a certificate in a header (there's more than one) for authentication.
    The credentials can come from SSO, but don't have to.  The certificate would come from the Cert Store.

  • CUP 5.2 - LDAP Authentication error - "User credentials not valid."

    Hi Experts ,
    I have set up LDAP "SUN ONE" as a authentication source for our CUP 5.2 SP11 Patch1 (Build-62316). But when I try to logon with my network id,I receive error "User credentials not valid."
    Please find the log below.
    Thank you for your help,
    Regards,
    Abderrahim
    2011-03-01 12:07:57,232 [SAPEngine_Application_Thread[impl:3]_27] ERROR Failed to log in a867168
    com.virsa.ae.service.umi.AuthenticationFailureException: No user details found
         at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:140)
         at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
         at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:207)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by:
    com.virsa.ae.service.umi.UMIException: SUNONE error reading search results
         at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUsers(LDAPSearchUser.java:698)
         at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUserById(LDAPSearchUser.java:760)
         at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:131)
         at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
         at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:207)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by:
    javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
         at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3030)
         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2757)
         at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1828)
         at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1751)
         at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
         at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:347)
         at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:332)
         at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:252)
         at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:252)
         at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUsers(LDAPSearchUser.java:518)
         at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUserById(LDAPSearchUser.java:760)
         at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:131)
         at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
         at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:207)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)

    My issue is stil not received, i hav send a document to the system team to follow for the integration. The AD configuration for QM shud be very expicit or else integration will not work. I am attachin the doc here. Let me knw if that helps.

  • Propagating user credentials to Web Services in WebLogic 6.1

    Hi All,
    Does anybody provide me some information about propagating client
    credentials to the Web Service. Agree with documentation I have tried as in
    code below, but it doesn't work. On a server i still have a guest user.
    Thanks in advance for any help.
    Properties h = new Properties();
    h.put(Context.INITIAL_CONTEXT_FACTORY,
    "weblogic.soap.http.SoapInitialContextFactory");
    h.put("weblogic.soap.wsdl.interface",
    RaServices.class.getName() );
    h.put(Context.SECURITY_AUTHENTICATION,"simple");
    h.put(Context.SECURITY_PRINCIPAL,"user");
    h.put(Context.SECURITY_CREDENTIALS,"password");
    Context context = new InitialContext(h);

    Hi Jerzy,
    Were you actually able to achieve what you wanted? I'm not exactly sure, because
    you said "it began to work", but you also said I "wasted much of your time". If
    you still are not satisfied, I'm sure the folks in our tech support area can help
    you.
    Regards,
    Mike Wooten
    "Jerzy Nawrot" <[email protected]> wrote:
    Hi Mike,
    Thank you for comprehensive explanation how to resolve my problem. I
    have
    done all work exactly
    as you wrote and then it began to work, both for static and dynamic
    client.
    As is written in WebLogic documentation
    I only restricted access to the stateless session bean that implements
    my
    Web Service, not the SOAP servlet.
    It seams that in this case user credentials are not propagated from servlet
    to ejb.
    Thanks once again you wasted much time for me.
    Regards ,
    Jerzy Nawrot
    "Michael Wooten" <[email protected]> wrote in message
    news:[email protected]...
    Hi Jerzy,
    This does indeed work, because I just verified it. Let's go througheverything
    to make sure you have all the pieces.
    1. You need client code that looks something like
    proxy.setUserName(userName);
    proxy.setPassword(password);
    where "userName" has been assigned the value of the user and "password"is
    a clear-text
    representation of their password.
    2. You need to use the Admin console to add the user to the system.I add
    mlwooten
    as a user, and employees as a group. Then I put mlwooten in the employeesgroup.
    3. The web.xml file for your web service should contain lines similarto
    this:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>PhoneBookService</web-resource-name>
    <url-pattern>/examples/webservices/security/PhoneBookService</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>AuthorizedUsers</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    </login-config>
    <security-role>
    <role-name>AuthorizedUsers</role-name>
    </security-role>
    4. The weblogic.xml for your web service should look something like:
    <weblogic-web-app>
    <security-role-assignment>
    <role-name>AuthorizedUsers</role-name>
    <principal-name>employees</principal-name>
    </security-role-assignment>
    <reference-descriptor>
    <ejb-reference-description>
    <ejb-ref-name>examples.webservices.security.PhoneBookService</ejb-ref-name>
    <jndi-name>examples.webservices.security.PhoneBookService</jndi-name>
    </ejb-reference-description>
    </reference-descriptor>
    </weblogic-web-app>
    6. That's all I did to get it to work.
    NOTE: wsgen does not add the stuff in 4 and 5, above. You must addit
    manually.
    Regards,
    Mike Wooten
    "Jerzy Nawrot" <[email protected]> wrote:
    Hi Michael,
    Thanks for your advice.
    The way you have proposed I've tested earlier and unfortunately this
    method
    does'nt work properly too.
    It seams that session bean used as a Web Service knows nothing about
    user
    credentials passed from a client aplication.
    Maybe, there is a bug in servlet
    weblogic.soap.server.servlet.StatelessBeanAdapter wchich does'nt
    propagate
    credentials to a session bean implementing a Web Service, or some
    configuration tasks are required on the WebLogic Web Server Components
    Jerzy Nawrot
    "Michael Wooten" <[email protected]> wrote in message
    news:[email protected]...
    Hi Jerzy,
    You must do this through the WebServiceProxy object. The methods
    you
    want
    are:
    setUserName(String userName);
    setPassword(String password);
    The internals of WebServiceProxy will Base64 encode the password
    before
    it
    invokes
    the target web service.
    Regards,
    Mike Wooten
    "Jerzy Nawrot" <[email protected]> wrote:
    Hi All,
    Does anybody provide me some information about propagating client
    credentials to the Web Service. Agree with documentation I have
    tried
    as in
    code below, but it doesn't work. On a server i still have a guestuser.
    Thanks in advance for any help.
    Properties h = new Properties();
    h.put(Context.INITIAL_CONTEXT_FACTORY,
    "weblogic.soap.http.SoapInitialContextFactory");
    h.put("weblogic.soap.wsdl.interface",
    RaServices.class.getName() );
    h.put(Context.SECURITY_AUTHENTICATION,"simple");
    h.put(Context.SECURITY_PRINCIPAL,"user");
    h.put(Context.SECURITY_CREDENTIALS,"password");
    Context context = new InitialContext(h);

Maybe you are looking for