Use of security in web service

Similar Messages

• Using WS-Security with Web Service Controls in WLI 8.1 SP3

  We have a process that calls a web service hosted on a .NET environment. The technique we have used is to generate a service control from the web service WSDL and call that control from a process. The web service is protected using a WS-Security usernameToken policy. The problem is that the .NET environment requires the wsse:Nonce and wsu:Created elements to be provided along with the token and I cannot see how I can specify this using a wsse policy file in WebLogic workshop. Does anyone have any advice for the best way to add this information to the security element in the SOAP header from within a WLI process? I've seen some example code for a java web service client, but that would not really fit with the control-based approach normally adopted in a WLI environment.

  You won't be able to do this using the WSSE file.
  An easy way to get around this is to use an XML Bean built from the WS-Security XML Schema. You'll have to read the WS-Security spec to determine how to create the nonce, but you'll be able to convert this XML Bean into the Element[] that the setOutputHeaders() method, which is on the service control you call the .NET Web Service with.
  Regards,
  Mike Wooten

• Unable to call WSS (WS-Security) enabled Web Service using UTL_DBWS

  We are attempting to call a WSS (WS-Security) enabled Web Service from PL/SQL using the UTL_DBWS package (see [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/u_dbws.htm#CHDIDGJH] ). We are doing this in similar fashion to [http://www.oracle-base.com/articles/10g/utl_dbws10g.php] with calls to utl_dbws.create_service, utl_dbws.create_call and utl_dbws.invoke.
  Using this method we can successfully call an unsecured Web Service, but calls to WSS-enabled Web Services fail. We are currently using Oracle Database 10.2.0.3.
  The failure we are getting is:
  ORA-29532: Java call terminated by uncaught Java exception: javax.xml.rpc.soap.SOAPFaultException:
  com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
  policy ( AuthenticationTokenPolicy(S) ): No Security Header found;nested
  exception is com.sun.xml.wss.XWSSecurityException:
  com.sun.xml.wss.XWSSecurityException: Message does not conform to configured
  policy ( AuthenticationTokenPlicy(S) ): No Security Header found
  Apparently UTL_DBWS does not support calling WSS enabled services, although this doesn't appear to be an officially recognised position. Does anyone know if Oracle are planning to support this soon (if ever)? Looking at Re: Calling WS from PL/SQL using WS-security suggests that support has been considered before, but not yet realised.
  Thanks,
  Tom

  Having raised a Service Request with Oracle support on this, I got the following response from Oracle Development (On unpublished bug [8542959|https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=BUG&p_id=8542959]):
  Development has confirmed that WS-Security is not supported through UTL_DBWS. They have also acknowledged that this is not documented and they will change the official Oracle documentation will reflect this fact. From what is being stated, it would appear that there is no plan to support the use of WS-Security through UTL_DBWS in any release in the near future.
  So, in short, without developing your own home-grown SOAP request, there is no way to call a WSS enabled web service from within PL/SQL.
  -Tom

• Exception while accessing web service secure through web services Manager

  Hi All,
  I deployed sime Hello World web service on JWSDP1.6 and secure it through web service manager(gateway) using Certificate based security.But when I try to access this web service using JWSDP client,I got the following Error while monitoring the soap messages through TCP-Monitor:
  /////////////////////////////////Request///////////////////////////////////////////////////////////////
  POST /gateway/services/SID0003009 HTTP/1.1
  Content-Type: text/xml; charset=utf-8
  Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Content-Length: 5631
  SOAPAction: ""
  User-Agent: Java/1.5.0_05
  Host: ivy.cs.ucl.ac.uk:8082
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://hello.org/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <wsse:SecurityTokenReference>
  <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">eN9famBBWzHNUIwWRhMPktcM+VQ=</wsse:KeyIdentifier>
  </wsse:SecurityTokenReference>
  </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MHjtgA4wOtvI1B+SuRVEmD07yE+jl6axd4XbJ0nvQ3EzSuVVoST9vHzURh+B47yj41187s8T+yjt
  Bmpk9OB278Jghonkacv6r+q+LVlxRrQDudNGir7plzFeM6bUadMxf+FLgn5O0a44vU/tvy6V9+zi
  yqFdhTvS21No/aW62No=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#XWSSGID-1155126003241-1198323932"/></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-11551260018331598979688">MIIC3TCCAkagAwIBAgIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzEMMAoGA1UECBMD
  U0NBMQwwCgYDVQQKEwNTVU4xHjAcBgNVBAMTFWNlcnRpZmljYXRlLWF1dGhvcml0eTAeFw0wNjAz
  MTkxMzQ5MDJaFw0xNjAzMTYxMzQ5MDJaMEcxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAK
  BgNVBAoTA1NVTjEcMBoGA1UEAxMTeHdzLXNlY3VyaXR5LWNsaWVudDCBnzANBgkqhkiG9w0BAQEF
  AAOBjQAwgYkCgYEAzNDPKUz1MhUH1LsrLqXKxciOKSWeTrdoe/SVwe/4uy5eobAWSsSTposaOYFy
  uxf3cGCCIs7u0jMAXLQ9jzobDbt9XQ4tXPoBzKKzS+yU6hDk2TcOCkioeT9A9db5LF8yevhwXKB4
  AJ1Eh//Dp/djoonXCCxsxupQZp3ueRJrR98CAwEAAaOB1jCB0zAJBgNVHRMEAjAAMCwGCWCGSAGG
  +EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUECH05VC3/WGW
  H4AGD6tnH0h+kFUweQYDVR0jBHIwcIAUdry1wGRZ2fyJSKisVSxpMEmIiaahTaRLMEkxCzAJBgNV
  BAYTAlVTMQwwCgYDVQQIEwNTQ0ExDDAKBgNVBAoTA1NVTjEeMBwGA1UEAxMVY2VydGlmaWNhdGUt
  YXV0aG9yaXR5ggkA4HaEvd6hq8YwDQYJKoZIhvcNAQEEBQADgYEA0RhOk67pCrO6MgZZGqrmAMW6
  76fZowBxTKlFq88nrf8v1MUxV8H9wgbTDrwR0HtxY3TGpDFw2tNAww2pyDX/pQ2Wt46ichluGxjf
  aEV53loKTOM7syAmlicWqViGzBfgzriIl918TzFaX9BD/Y55bKZQk057maBCSkUuFfF453s=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse enc env ns0 xsd xsi"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#XWSSGID-1155126002593447652186"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>UJ1kuwI+WuF/RkrQpZrj1GvraLI=</ds:DigestValue></ds:Reference><ds:Reference URI="#XWSSGID-1155126002602761294100"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>sKG/z5OIGgqJ2nw7JtpXyJzr8pY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SBc65VTG1xpEkRUTz70H0fVGIgoBJ0QnNad0k07RMSfw4vG1WHJdt19R05pO2AvU5aoYuBSaguJe
  ZGEjmWzw8mnSWKBi+zeDMeJiwgqwW6HHHX9P7JDslxuTIqoJIVUbSjUTSVz6ww8siIK65quXdkMT
  ZzLfp7Cd0gBuA3EEZpg=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-11551260025411896275738">
  <wsse:Reference URI="#XWSSGID-11551260018331598979688" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
  </wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002602761294100"><wsu:Created>2006-08-09T12:20:02Z</wsu:Created><wsu:Expires>2006-08-09T12:20:07Z</wsu:Expires></wsu:Timestamp></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1155126002593447652186"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="XWSSGID-1155126003241-1198323932" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><xenc:CipherData><xenc:CipherValue>XNqEzHNp47ILtOagAUNCXYkxOCWv4CjHqmZ7j6VKN/NO96ce4BsNSL6lKzqa9dPxHB1sTVGZQ8KA
  COQ6DGwyWCP8ip+CU2hor3uUAml7nzHTx1LUw3Db+0p31VAT3EqKJA3aFy38GQrBTr9ojMOUA6tm
  Cj71yucN3UCKRUl3RpE8qU68y7AwNxPsyAZeSa2AVm2cmWvSDZlxgMsx+JCEZaf3+D0o1zMp0Fxb
  MSISPt/JrEolt1H5UM1AoFGU4QkckWrQNLPyEF9oxEgZ8oCE5U8v/YJwZIAHFrx67XfaLwQLjzXw
  VPigsH9gLkfbP2BU8Vp31GsPwBZtUeNz9S35+CZPD7EiqoAB1QuAxZkJV7n00VChYH+scT64tNja
  c81bcD8tf4sAr7toCMNDAU6+74+Qy0EyPqgwLtotDxErn4kF8e72cONMMQBQ91tQs+iI+D6C1I6+
  f9UiSfgtm/MTuKQK1CRqarEtI9N6lpqVH8k7ulUwH/jFstihxmhMJ3aZY+qQgSwSs3pwSSim+e18
  eR7dOEq4vG8ivKuGvTDO4sSV2RP/nL/3eXr0y7eM0kMFKwTUA4JqL4Y/l8Bo/rie/ZXkkbF6hwEu
  dX1QmB0gf5k=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>
  ////////////////////////////////Response///////////////////////////////////////////////////////////////
  HTTP/1.1 100 Continue
  Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
  Date: Wed, 09 Aug 2006 12:28:47 GMT
  HTTP/1.1 500 Internal Server Error
  Date: Wed, 09 Aug 2006 12:28:47 GMT
  Server: Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)
  Connection: Keep-Alive
  Keep-Alive: timeout=15, max=100
  Content-Type: text/xml
  Transfer-Encoding: chunked
  157
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
  0
  So basically, what I am doing here as follows:
  HelloClient(using JWSPD1.6)->gateway(web service manager for securing the web service using message level security through certificate )->helloservice(deployed using JWSDP1.6)
  I would appreciate if someone could tell me the cause of this errror.Thanks.
  Kashif

  time to look into the gateway logs as stated by the fault ..
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode><faultstring>Step execution failed with an exception</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
  looks like the cipher step might have failed

• Security in Web services

  I am new to web services so please pardon me if what I am asking is really dumb.....
  I have created a simple PL/SQL web service using JDeveloper that I have published to an installation of 9iAS. My client is calling this URL directly passing the parameters in the URL and getting the SOAP message back. Everything works great.
  Now I need to secure this somehow. This is an internal application, so I am not terribly concerned with security, but we do need something that will prevent somebody who stumbles across this URL to start using it.
  I have read a lot of documentation on securing web services, but it all seems to be around creating clients, but I don't want a client, I just want to be able to call the URL directly from external systems programmatically.
  One option is obviously to pass username / pw in as parameters and then validate this in PL/SQL, but this is obviously not very secure.
  Another things I was thinking was to use the owa_util.get_cgi_env('REMOTE_ADDR') inside by PL?SQL function to get the IP Address of the client calling and then validate this to make sure this client is allowed to access the web service. This function returns ORA-06502. Does anybody know anything about how to get the IP address of the client calling? I know there are ways to limit access to certain IP addresses on the web server level, but this server is used for other things so I don’t want to do that.
  Is there anything else I can do to secure a web service like this?
  Any help is appreciated.

  More reading and code sample (see end of this post) of what is coming and what is possible today:
  http://www.oracle.com/oramag/oracle/02-jul/index.html?o42special_web.html
  http://otn.oracle.com/oramag/webcolumns/2003/techarticles/smith_wss.html
  This article from Vipin Samar gives the state of WS-Security pretty accurately:
  http://otn.oracle.com/tech/webservices/standards/Samar_Security.htm
  Accompanying paper:
  http://otn.oracle.com/tech/webservices/pdf/33206.pdf
  And, this code sample/tutorial illustrates SSL with Web services:
  http://otn.oracle.com/sample_code/tutorials/wspki/toc.htm
  Mike.

• Secured Sybase Web Service with outside certificate authority

  Hello,
  I would like to use Secured Sybase Web Service with outside certificate authority, like Symantec. Could you let me know how I can create CSR for sending to Symantec? What other steps do I need to do?
  Thanks,
  Sudarat.

  Hello Jason,
  Thanks for your reply. The certificate authority require the CSR file before issue a signed certificate. If this is a signed certificate for IIS web server, I can create CSR from IIS. But I cannot use a signed certificate created from CSR of IIS with Sybase Web Service. The below steps are what I have tried.
  1. I use CreateCert.exe with /r parameter to create CSR and private key.
  2. I sent CSR to a certificate authority and they send back a signed certificate.
  3. I have to combine a signed certificate from #2 with private key created from #1. Then use that file to specify with -xs{https …when starting the service.
  Are the above steps what I have to do?  If so, do I need to redistribute createcert.exe to my customers who want to use my application and how? Why I cannot use the signed certificate created from CSR of IIS?
  Thanks,
  Sudarat.

• Error "Deserialisation failed" when trying to use BAPI via a web service

  I created a web service in BW with the help from the wizard WS_WZD_START. The web service contains
  (among others) the RFC BAPI_ODSO_READ_DATA_UC.
  The web service runs OK & can be used from the SAP Web Services Navigator.
  Now when i try to use the web service from Delphi i get
  an error: "Deserialisation failed" (SimpleTransformationFault) "ODSOBJECT erwartet".
  The ODSOBJECT parameter is there to be sure.
  I saw the same error before in this forum but found no real solution there. I am using BW 6.40 & SP 12.
  XML sent:
  <?xml version="1.0" encoding="UTF-8" ?>
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <SOAP-ENV:Header>
  <sapsess:Session xmlns:sapsess="http://www.sap.com/webas/630/soap/features/session/">
  <enableSession>true</enableSession></sapsess:Session></SOAP-ENV:Header>
  <SOAP-ENV:Body><ns1:BAPI_ODSO_READ_DATA_UC xmlns:ns1='urn:sap-com:document:sap:rfc:functions'>
  <DATALAYOUT></DATALAYOUT><INFOOBJECTLIST><item>
  <INFOOBJECT>/CIVGM/NUM</INFOOBJECT></item></INFOOBJECTLIST>
  <MAXROWS>2</MAXROWS><ODSOBJECT>/CIVGM/BPLO001</ODSOBJECT><ORDERBY></ORDERBY>
  <RESULTDATA></RESULTDATA><SELECTIONCRITERIA></SELECTIONCRITERIA><UNICODE>N</UNICODE>
  </ns1:BAPI_ODSO_READ_DATA_UC></SOAP-ENV:Body></SOAP-ENV:Envelope>
  Answer:
  <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  <soap-env:Body><soap-env:Fault><faultcode>soap-env:Client</faultcode>
  <faultstring xml:lang="en">Deserialisation failed</faultstring>
  <detail><n0:SimpleTransformationFault xmlns:n0="http://www.sap.com/transformation-templates">
  <MainName>/1BCDWB/WSS0050825153239449000</MainName>
  <ProgName>/1BCDWB/WSS0050825153239449000</ProgName>
  <Line>73 </Line>
  <Valid>X</Valid>
  <MatchFault>
  <DescriptionText>Element 'ODSOBJECT' erwartet</DescriptionText>
  <TokenType>S</TokenType>
  <TokenName>CODEPAGE</TokenName>
  <TokenNameSpace>urn:sap-com:document:sap:rfc:functions</TokenNameSpace>
  <TokenValue></TokenValue>
  </MatchFault><Caller>
  <Class>CL_SRG_RFC_PROXY_CONTEXT</Class>
  <Method>IF_SXML_PART~DECODE</Method>
  <Positions>1 </Positions>
  </Caller></n0:SimpleTransformationFault>
  </detail></soap-env:Fault>
  </soap-env:Body></soap-env:Envelope>
  The same error occurs when I take the exact XML that was sent from Web Services Navigator (the XML that worked) and send that from Delphi.
  What could be wrong?

  Hi Simon,
     Other thing you can do is compare the HTTP requests (including header) from both Delphi and XMLSPY. I suspect if the SOAP message is same in both case the difference might be in the header. But one thing is certain, WAS can not respond differently for same request, don't you think so ?
  Cheers,
  Sanjeev

• Migrating a Eclipse Project to JDeveloper and use it as a web service

  Hi Guys,
  I have a problem with migrating a Eclipse Project (EP) to JDeveloper. I know there are several threads about the problem out there but none of these fit my needs.
  So, here is the problem:
  I didn't had any problems migrating EPs to JDev in the past but this project is neither a .jar/.lib nor could I change it to one of those types. The project hase some additional filesto work. These files areare libs and owl-mappings for Jena/Pellet ( [http://jena.sourceforge.net/|http://jena.sourceforge.net/] ).
  My porblem is that I don't know who to migrate the project to JDev and then use it as a web service, while the file structure stays the same plus everything is uploaded to Oracle as a web service. Meaning everything has to be included in one java package. Or am i wrong?
  The file structure looks like this (from the EP):
  src\*.java
  owl\*.owl
  lib\*.lib
  location-mapping.n3
  expdt.props
  The Libraries aren't a problem. They are all .jar-files but could be easily included in the project (JDev) but I don't know how to handle the other files. Especially the much needed owl files :(
  Maybe I'm doing it all wrong. My Goal is to use the EP as a web servies for a business process to enforce rulings and obligations. I'm kinda stumped...
  Greetings,
  Sebastian

  Thank you very much, Shay. It helped regaining overview of the project files. Before all additional files were in the AppFolder.
  I got to a point where I (hopefully) only got a problem with the directory matching (which is needed by jena).
  Tanks again.
  Sebastian

• Help me!    How to use it as a web service from third party application?

  After using JDeveloper to develop BSSV object e.g. JP550010, how to use it as a web service from third party application?
  TKS！

  Obviously the OP is working on a project for the Bead Society of Southeastern Virginia http://www.bssv.org. Oh, wait, maybe he's researching the Blueberry Shoestring Plant Virus http://abbreviations.yourdictionary.com/bssv
  :D
  John

• Use of inheritance in web services

  Hi,
  I'm new to Flex development and have been developing a PPro extension which also uses a couple of web services to obtain information about the media and sequences.
  One of the web services I use gives me information about a project.  This project contans a list of clipmarks (sub-clips) that will become a sequence in PPro.  The problem is that the web service clipmark class is the superclass of either media_clipmark or audio_clipmark, and the items it puts in the list on the server side are of these subclass types.  So you get a list of say 3 media_clipmarks.
  BUT when then appear in the results in Flex they have been reduced to their common superclass clipmark and thus don't contain any of their specialised properties.  Is inheritance of server side class not supported by the proxy generator code in Flash Builder 4?  Is there any way to achieve the result I want - that is a list of clipmarks which are either media_clipmarks or audio_clipmarks and get the specialised properties as appropriate?
  I am assured that the server is correctly adding these to the project and I assume it is the declaration of the project as having List<clipmark> that is causing the problem.
  If this question has already been answered please point me to the relevant answer - couldn't find it by search.
  Thanks
  John

  You can't send the special charater as it is, replce them with their equivalent notation
  "&" with "&amp;"
  "<" with "&lt;"
  ">" with "&gt;"
  "\"" with "&quot;"
  "'" with "&apos;" etc
  Dinesh
  CRMIT

• Security of Web Services, Agents and Sequantial Calling of Web Services

  I want to ask about the secure invocation of web services and the role of agents.
  Suppose that I have greet() web service:
  public String greet() {
  String S1=sayHello(); // A web service, actually its proxy
  String S2=sayGoodMorning(); // A web service, actually its proxy
  return S1+" "+S2;
  It calls two other webservices and they return "HELLO" and "Good Morning". Also assume that I need to secure all my web services but I need these calls to work!
  I put an agent in front of those two web services and require them to check a SAML token. I also attach an agent to greet() to authenticate the inbound and sign and add SAML token for outbound.
  But I think these two calls fail because the SAML is not created on each call. (Is it?)
  How can I make those two calls, secure each web service and at the same time keep the security code out of business code, in other words keep my web service security agnostic?
  Thank you in advance.
  Best Regards
  Farbod

  Any Comments on this?

• What stub code does APEX uses when making a web service call ?

  What stub code does APEX uses when making a web service call (manual web service reference)
  I am using APEX (which was part of the 11g installation).

  Hi Steve,
  Some options for the same issue:
  web service time out
  How to check for Web Srvice Timeout in ABAP Proxy call
  Regards
  Vijaya

• Example using an SAP RFC (web service)

  Is there a good example out there for using an SAP RFC (web service) with Xcelsius 2008?  I cannot seem to get it to work.  I am trying to use the SAP sample RFC called BAPI_FLIGHT_GETLIST.  If someone can get an example to work using this BAPI, I would love to see it.
  Thanks,
  Kenneth

  hi sap guys.. can ne 1 send me the complete documents on tc- st01.. system trace...  i'll be thankful to you. Iam new to this forums can i dont know how  to posta  queston... just iam posting this queston in one of  the queston's reply. Please help me out abt TC- ST01 and how to post a queston in this forums..
    Thanks in Advance.
    Regards,
    Younus

• Sending Table data using  RFC as a Web services

  Hi guys,
    I want to send ztable data from CRM system using RFC as a web service , but i want to read records only for a particular date and time , so how can i go about this scenario.
  regards;Keith.

  Hi Keith,
  for that scenario you need two RFC adapter. Of course you can use as well proxies as dicussed before. Forget about webservices.
  You told me above that you have z-table? add a date/time field and if a set will be inserted fill those fields with sy-datum / sy-uzeit.
  Your CRM select can now easy select only the actual data.
  Because of performance i would recommed a asynchron scenario, for example:
  A ABAP programm is selecting the data and is calling a module like
  CALL function 'myFunction'
  DESTINATION 'mySM59'
  IN BACKGROUND TASK
  This function module is build anywhere and imported into Repository and is working a outbound interface. Inbound interface is a second function module, which is imported from R/3. The ABAP source code of that module put the data to SAP system.
  The CRM ABAP programm will be called periodicly by a job.
  But!! I dont know ur requirements. Unfortunately you are one of thesse persons, who are asking without giving details. I'm not the prophet...
  Regards,
  Udo

• Oracle script that was used to confirm the web services working????

  I am having major problems with the top 2 web servers and top 3 app servers, which would be the cluster facing our external customers. This is how our our web services are deployed. I used an oracle script that was used to confirm the web services worked when I installed this working with the oracle consultant taken from metalink. I simply edited it for our web services.
  Can’t deploy web services. Using a script. 2 work on 2 of the machines. Doesn't always work on third machines. Third web service doesn't work on any of the machines.
  Please help, Thank you

  Please can you provide more information, its really not much to work with when u just my web server is not working. any log files ...error messages ?