UDDI inquiry service HTTP-Basic authentication in BPEL (10.1.3.1)

Hi Gurus,
I'd like to know how we can setup BPEL server for Oracle Service Registry UDDI with HTTP-BASIC authentication for inquiry service (apart of OWSM solution)?
Imagine that in Service Registry I have defined HTTP-BASIC authentication (REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml) for inquiry service used in BPEL domain (uddiLocation key in BPEL domain configuration). And now I'd like to provide credentials. In package.xml I have this
<service-endpoint path="/inquiry" version="3.0" name="UDDIInquiryV3Endpoint"
service-instance="tns:UDDIInquiryV3" processing="tns:UDDIv1v2v3InquiryProcessing"
accepting-security-providers="HttpBasic">
<wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Inquiry_SoapService"/>
<envelopePrefix xmlns="arbitraryNamespace" value=""/>
<namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
</service-endpoint>
I don't see any field with username or password. Is it automaticaly taken from security provider configured for Service Registry (for example LDAP)? If yes then it is clear.
But what about BPEL engine, where can I provide those credentials? Is it some secret configuration file? Or only supported way is to configure it through OWSM component in order to enrich request by credentials (what about license, when customer doesn't want to use OWSM)?
Do I miss something in this concept?
Thanks
Peter

as said internally - file an ER for it pls - and I will take care of it, depending on the demand - either for 10.1.3.1 GA or 10.1.3.1 patchset ..
we will support only HTTP Basic Auth - rest will follow per customer demand ..
/clemens

Similar Messages

How to call a web service from BPEL that requires HTTP basic authentication

Hi All,
I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
Can anyone help?
Thanks,
Mark Nelson

Thanks Bas,
I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
<property name="basicHeaders">credentials</property>
<property name="basicUsername">WMDATA</property>
<property name="basicPassword">WMDATA</property>
Instead of:
<property name="httpUsername">WMDATA</property>
<property name="httpPassword">WMDATA</property>
I don’t know why this is, maybe because it is an Axis Web Service.
Sorry for wasting your time.
Regards Pete

BPEL to invoke Webservice secured with HTTP Basic authentication

Hi All,
Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
1) Created Target Synchronous process ex : B
2) Created Source Syncronous Process ex : A
Iam trying to call B(Target) from A(source).
3) Open Composite.xml of A(Source)
4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
5) Under Security tab attach oracle/wss_username_token_client_policy
6) Login to em/console
7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
8) Enter username and password under HTTP Basic Authentication.
9)Test from em.console(when we are testing under security tab I have checked None radio button)
So this is the Error message which is throwing.
==================================
The selected operation process could not be invoked.
An exception occured while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
=======================================
Please let me know if Iam missing any steps.
Thanks
SSV

Followed this post.......
This is avery good question
in 11g i have taken out the steps from my document which i created for one our customer
go to composite
Right click on the external reference service and select “Configure WS policies” :done
Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
7. Include the “oracle.webservices.auth.username--> :done
value-->password :done
8. Include the “oracle.webservices.auth.password”-->name :done
value-->password :done
Thanks
SSV

How to access SOAP web service with authentication, HTTP basic Authentication

Dear All
i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
http://forums.adobe.com/message/4262868
private function authAndSend(service:HTTPService):void
        var encoder:Base64Encoder = new Base64Encoder();
        encoder.insertNewLines = false; // see below for why you need to do this
        encoder.encode("someusername:somepassword");
        service.headers = {Authorization:"Basic " +encoder.toString()};
        service.send();
Also i noticed in debug mode, always that WARNNING raised up
Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
any idea ?

Hello,
I don't know if this could help.
Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

HTTP Basic authentication for proxy service and its wsdl?

Hello:
For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
Is this possible to configure on OSB / WLS? How?
Greetings!
Edited by: user4483647 on 02-sep-2010 12:59
Edited by: user4483647 on 02-sep-2010 13:25

If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
Edited by: mneelapu on Apr 2, 2009 2:09 PM

HTTP Basic authentication on EJB 3.0 based web service

How do I enable HTTP Basic authentication on EJB 3.0 based web services for OAS? Does any one have a sample solution ?
I manually updated oracle-webservices.xml file to include the following:
<ejb-transport-security-constraint>
<soap-port/>
<role-name>users</role-name>
<transport-guarantee>NONE</transport-guarantee>
</ejb-transport-security-constraint>
<ejb-transport-login-config>
<auth-method>BASIC</auth-method>
<realm-name>jazn.com</realm-name>
</ejb-transport-login-config>
When I use SOAP UI to test the web service I get the following error.
403 Forbidden
Error initializing security, security-role not found: users

I still get the 403 forbidden error message. I do not get the second part of the error message though.

Calling Web Service with Http Basic authentication in SOA 11g

I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
Am i missing some steps?
Please let me know.
Note - I am working on SOA 11.1.1.4.
Regards
Ayush

Hi Ayush,
Please refer -
http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
Regards,
Anuj

Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
For, point one,
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
For point 2,
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

Calling web service with basic authentication from EP "unauthorized"

Hello,
I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
Problem in server response: [Unauthorized].
I'm using the following code for calling the .NET web service:
...Licence_GetList lParameter = new Licence_GetList();
lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);...
I've also configured a http system in the portal system landscape using the following parameters:
Authentication Method : Basic Authentication
Authentication Type : Server
User Mapping Type : admin,user
The user mapping is also personalized for this system!
What's wrong? Please help! This is really urgent!
Kind Regards
Joerg Loechner

Hello Renjith,
here is a small cutout of my "portapp.xml";
<services>
<service alias="LicenceManager" name="LicenceManager">
 <service-config>
 <property name="className" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager"/>
 <property name="startup" value="false"/>
 <property name="WebEnable" value="false"/>
 <property name="WebProxy" value="true"/>
 <property name="SecurityZone" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager/
 DefaultSecurity"/>
 </service-config>
 <service-profile>
 <property name="SystemAlias" value="LicMan_NET"/
 </service-profile>
</service>
</services>
I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
Regards
Joerg Loechner

Problem consuming web service with basic authentication

Hello,
I've set up a web service with basic authentication. Although I have to log in before being able to open the overview page of the web service in the Web Service Navigator, the response I get after sending a request is:
Authority check failed
I get this response in the Web Service Navigator as well as when consuming the web service via standalone proxy classes.
The following is strange, too: It is not possible to change authentication in the generated logical port. It is set to "none". I changed it via the XML file where I added the properties "AuthenticationMethod" (value "BasicAuth") and "AuthenticationMechanism" (value "HTTP"). But I got the above response anyway.
Thanks for your help!
Regards

I used basic authentication for my web service.
I was able to obtain a hardcopy of the logfiles in the meantime. The invocation of the web service is stored there with the following error messages:
SOAP Runtime: Exception message: Schwerer Prozessierungsfehler macht eine SOAP-Fault-Behandlung erforderlich
SOAP Runtime: SOAP Fault exception occurred in program CL_SOAP_RUNTIME_SERVER========CP in include CL_SOAP_RU NTIME_SERVER... [the picture is cut here]
In addition to that I found a thread in SDN that dealt with exactly the same problem:
Web Service Homepage: Authority check failed
But I have the same problem like Kimberly Carmack (the last post on the second page). We do not have that role in our system.

How set UserName and Password for HTTP Basic Authentication for a servlet

Hi..
How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
But i dont know how do it in JBOSS..
I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
Thank u

Hi Raj,
You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
Store the user information in a database table and check the username and password when the user enters it.
You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
CASE sy-ucomm.
 WHEN 'BACK'.
 LEAVE PROGRAM.
 WHEN <fcode for submit>.
 SELECT SINGLE uname pwd
 FROM <DB table>
 INTO (user, pass)
 WHERE username = user AND
 password = passwd.
 IF sy-subrc = 0.
<Go to next screen for further processing>
 ELSE.
<Display Error message and exit>
 ENDIF.
ENDCASE.
Regards,
Amit
Message was edited by:
 Amit Kumar

Ignoring Http basic authentication header in wls 7.0.sp2 web service servlet (weblogic.webservice.server.servlet.WebServiceServlet)

Hi!
We need to implement authentication using our own methods, and the authentication
information is provided to the web service implementation in a basic authentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles web services
in
wls 7.0.sp2, always attempts to perform authentication, if the header is present.
Is there any way to circumvent this, because we want to implement authentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for our own
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet, which
would
remove the basic authentication header, and put the authentication info in custom
headers, such as x-auth: <user:password>, or smthng similar, and after successful
authentication, make a call to bea's servlet weblogic.webservice.server.servlet.WebServiceServlet.
But still, I'd like to know if there is any way to tell bea's servlet to ignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Currently there is no option to turn off security check.
I think you can use a servlet filter mapped to the URL
of your service, instead of a proxy servlet?
Regards,
-manoj
http://manojc.com
"Toni Nykanen" <[email protected]> wrote in message
news:3ef1577b$[email protected]..
>
Hi!
We need to implement authentication using our own methods, and theauthentication
information is provided to the web service implementation in a basicauthentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
in
wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
Is there any way to circumvent this, because we want to implementauthentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for ourown
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet,which
would
remove the basic authentication header, and put the authentication info incustom
headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
>
But still, I'd like to know if there is any way to tell bea's servlet toignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Invoking Web Service with PKI Authentication from BPEL process

Hello --
I am trying to test calling a Web service utilizing PKI-based authentication from BPEL running under the 10.1.2.0.2 Process Manager. When I access the service from a browser I am prompted for Username and Password the first time. When I attempt to access it from BPEL I receive this error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
Is it possible to access this service from BPEL in 10.1.2.0.2? How can I pass the service the required credentials?
Thank you for your time,
Paul Camann

I've gotten past the original error by importing the security certificate of the Web service into my keystore/truststore. I'm also running the process on SOA 10.1.3.1.0. Now when I invoke the Web service from the BPEL process I get this error:
exception on JaxRpc invoke: HTTP transport error:
javax.xml.soap.SOAPException: java.security.PrivilegedActionException:
javax.xml.soap.SOAPException: Bad response: 403 Forbidden
I've tried passing the credentials every way I can -- partner link properties, Oracle Web Services Manager, whatever -- and still get the same error. I would expect to see a 401 error for problems with credentials, not a 403.
Any suggestions?
Thanks for your time.
Paul Camann

OSB : Restful proxy service with basic authentication

Hi,
We want to expose a restful webservice from OSB with Basic authentication (username and password). Let us know what is the procedure for the same.
THanks,

Hi Vinoth,
The users/groups are picked up from the LDAP configured in Security Realms->myRealm->Providers
You basically have 2 options:
- You can configure your LDAP in Providers
- Use the DefaultAuthenticator that weblogic provides you by default.
If you do not want to configure an LDAP, and want to use weblogic's default, then all you have to do is add users and groups in Security Realms->myRealm->Users and Groups
Do mark this as useful or answered, if this has helped.

JAX-WS setting header HTTP basic authentication

Hello
How can I set HTTP header vars in JAX-WS?
I found a lot of questions but no answer works.
This is my code:
Service service = Service.create(url, portName);
OnlineSIUIDef hello = service.getPort(OnlineSIUIDef.class);
Map<String, Object> contextws = ((BindingProvider)service).getRequestContext();
contextws.put(BindingProvider.USERNAME_PROPERTY, SIUI_USERNAME);
contextws.put(BindingProvider.PASSWORD_PROPERTY, SIUI_PASSWORD);
All examples I found on the web are based on such a structure.
Problem is that first is created a new service, then the header vars are changed.
But this can't work because when the service is created(at line 1) error 401 is already thrown.
What is the equivalent in JAX-WS of the following lines?
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.setSSLSocketFactory(factory);
con.setRequestProperty(varName, val);
Can someone help with this problem?
I'm looking for a solution for over a day and I can't find nothing usefull about this.
Thank you.

Hi
Seems that the URL you are referring in Service.create() is a basic auth protected URL(wsdlLocation) ie why you are getting 401 error.
there are different options to resolve this.
Authenticator.setDefault(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
 return new PasswordAuthentication(
 SIUI_USERNAME,
 SIUI_PASSWORD.toCharArray());
try to add the above code ,before creating the URL.
2 Download the WSDL from Endpoint and refer that WSDL locally,and dynamically hook the correct endpoint using
contextws.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,"ur Endpoint");
Haven't tried this...
custom SSLSocketFactory come in picture only if you have protected your webservice using one way/2 way SSL.
Thanks,
Paul

UDDI inquiry service HTTP-Basic authentication in BPEL (10.1.3.1)

Similar Messages

Maybe you are looking for