Username and password token retrieval from SOAP web services

Similar Messages

• CallbackHandler  - username and password token

  Hi,
  I use a CallbackHandler and server_security_config.xml on the server to authenticate and authorize the user.
  I get the correct username and password token on the server and do my validation directly in:
  public class AuthenticationValidator implements PasswordValidationCallback.PasswordValidator
  public boolean validate(PasswordValidationCallback.Request request)
  throws PasswordValidationCallback.PasswordValidationException
  System.out.println("AuthenticationValidator public boolean validate");
  PasswordValidationCallback.PlainTextPasswordRequest req = (PasswordValidationCallback.PlainTextPasswordRequest) request;
  System.out.println("Username: " + req.getUsername());
  System.out.println("Passowrd: " + req.getPassword());
  // check with database!
  // return false; // not OK
  return true; // OK
  I don't want to use a JAAS Login module.
  The auth works fine.
  Now I have a big and a little problem.
  1.) I need the username (String username = req.getUsername();) from xwss in my service implementation class. But how can I transfer this value??
  I have a javax.security.auth.callback.CallbackHandler class and no Logicalhandler with a MessageContext object.
  2.) My second question:
  If the authentication fails AuthenticationValidator returns return false; and the client gets a SoapFault Exception. It is possible to catch this exception and throw a user defined exception?
  Please helped me, thanks!!
  Please see also here:
  https://xwss.dev.java.net/servlets/ReadMsg?list=users&msgNo=54
  Regards,
  Rocci

  Hi,
  thanks for your fast answer and sorry for my late answer.
  I tried it and now nothing is working any more.
  I get with the new libraries the following exception:
  22.06.2006 11:28:36 com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher receive
  SCHWERWIEGEND: java.lang.IllegalArgumentException: Illegal use of setScope() on non-existant property :javax.security.auth.Subject
  java.lang.RuntimeException: java.lang.IllegalArgumentException: Illegal use of setScope() on non-existant property :javax.security.auth.Subject
       at com.sun.xml.xwss.SystemHandlerDelegateImpl.processRequest(SystemHandlerDelegateImpl.java:274)
       at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:144)
       at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
       at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.handle(WSServletDelegate.java:333)
       at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:288)
       at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:77)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
  I have in my validator class:
  Subject subject = new Subject();
  subject.getPrincipals().add(new X500Principal("CN=" + userName));
  subject.getPrivateCredentials().add(password);
  and in my service implementation class:
  Object o = messageContext.get("javax.security.auth.Subject");
  With the old libs o was null. Now with the new libsI get ealier the above mentioned exception.
  Any further help would be very nice.
  Regards,
  Rocci

• Can not specify the SMTP server port, username and password for my SharePoint 2013 web application

  We have our SMTP server under port number 141 and we should add username and password. but inside SharePoint 2013, I can only define the SMTP server name , from email, reply-to . But there are not fields to define the port number , the username and password.
  So can anyone advice from where I can define the port number and other field settings for the SMTP server ?
  Thanks

  i am no sure about user name and password. i never saw that option.
  check this guide:
  http://blogs.technet.com/b/tirumals/archive/2012/03/17/step-by-step-configuration-of-outgoing-emails-from-sharepoint-to-microsoft-online.aspx
  http://blog.fpweb.net/configuring-an-smtp-server-for-sharepoint/#.UuANoxAo6M8
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog
  thanks for the reply, but in our case the SMTP is  a separate server , and to connect to it i need to define the ; server IP /Name , port number, username & password. but in SharePoint there is no option to define the port number , and the links you
  provide are regarding configuring SMTP server, while we already have an SMTP server but i need to connect SP with it . can you advice please?

• Render and Email SSRS reports via SOAP/Web Services

  Hi all
  Running SQL Server 2008 R2 RTM and wondering if the ReportExecution2005.asmx web service can be used to render AND email a report all within the web service (ie. Not wanting to render the report and then having to email it manually). Since RS has the capability
  to email via report manager schedule, wondering if this can be achieved programmatically.
  George

  Hi George,
  In Reporting Services, it supports us to use ReportExecution2005 web service to render a report as MHTML or other formats. And we can use ReportingService2010 web service to subscribe and delivery report. The Reporting Services Execution
  Web service allows developers to programmatically process and render reports from a report server.
  The ReportingService2010 Web service allows developers to programmatically create a subscription in the report server database.
  To process a specific report and render it in the specified format, we can use the “Render” method in the ReportExecutionService. To create a subscription, we can use “CreateSubscription” method in ReportingService2010.
  References:
  Report Server Web Service Methods
  ReportingService2010.CreateSubscription Method
  ReportExecutionService.Render Method
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Username and password validation on SOAP Web Service

  Hi,
  I'm pretty new to web services and c# .net framework.  
  I'm developing an app that uses a third party's API/ Web services. My first task is getting this log in(authentication) to working.
  Right now its nothing more than a simple Login form:
  The code behind the "Log In" button is so far:
  Here I've instantiated the SOAP web service that I'm using. And when I got to test/debug my form and type in my username and password and click the "Log In" button nothing happens..."of course" 
  So my question is, how could I validate whether the username and password were sent to the web service and whether the authentication is true or false?

  I'm trying to figure that part out...of how I can get it to return the bool. How can I check to see if it returns a bool?(because i'm not really sure if it does or doesn't just yet)
  I'm not expecting it to say "Hey you're logged in" because the actual application doesnt work that way. The actual desktop client will log you in with a (Domain Name\ Username) and windows authenticate
  that you're who you say you are, check the SQL Server and Database and Logs you in. 
  So im trying to figure out how I can manually set it up to where it let the user know that they have Logged in successfully.
  And you're saying that the code i have right now SHOULD log the users in correctly?  

• BPM Process As a Web-Service Username and Password

  Hi all,
  We have exposed a Process as a Web-Service WSDL to another system . We use Username Token Profile to enter the username and password to connect to the Web-Service..
  Now what we do is we have a role in our project and we create a dummy Web-Service user and add the role to that user and then use its password and username to call the Web-Service.
  Can we change this?
  Can we have a dummy username and password not associated with any role in BPM used in our Web-Service?

  Did you use PAPI code inside your web service or did u just use PAPI Web Services ( like did u just pressed the button Launch PAPI Web Services ) and it created the WSDL for you and u used it to create the client?
  I am using the latest version of OBPM..
  Oracle 10.3.10
  Can you let me know what do u mean by PAPI interface.. Is it the PAPI code of is the PAPI Web Service which is built by BPM automatically and could be used?
  Edited by: user8707382 on Sep 10, 2009 9:00 AM

• Copying files from local computer to a remote server which is not in Domain and with username and password?

  "I have one workstation with static IP, Wants to create batch file to log in to this,using user name and password, copy back up files from that workstation to my desktop with batch file, please help
  I am currently using batch file for back up for domain servers with robocopy commands in batch file  but one of the workstation is not in domain and has static ip , also it has username and password,
  Wants to create batch file on my desktop to log in this server---with username and password,, copy files from particular folder and paste it on my desktop in particular folder or auto create that folder,
  please help, "
  P Dave

  JRV,
  I can understand that, 1stly I am not a scripting guy, I know very very basic of this,
  2ndly, I need help , I am not asking anyone here to write code for me, I have already wrote that but its not doing which its suppose to do,
  check below screen shot, after running suggested script, it has mapped drive ,
  now I do not want to do that, I want just files to copy from that machine to my machine, and want script which I can run from any PC,
  Tried with UNC PATH as well, but not making any difference, its keep mapping that server drive to my computer
  P Dave
  JRV,
  I can understand that, 1stly I am not a scripting guy, I know very very basic of this,
  2ndly, I need help , I am not asking anyone here to write code for me, I have already wrote that but its not doing which its suppose to do,
  check below screen shot, after running suggested script, it has mapped drive ,
  now I do not want to do that, I want just files to copy from that machine to my machine, and want script which I can run from any PC,
  Tried with UNC PATH as well, but not making any difference, its keep mapping that server drive to my computer
  P Dave
  Bill - he still sees that "connection" although it isn't mapped it is attached temporarily.
  P - Log off and log back on and the attached connection will be gone.  It is temporary.   Again - knowing the basics of WIndows would let you know this.
  We have given you all of the answers that are possible.  There is no other way unless you have installed things like PowerShell and PowerShell remoting or an FTP server.
  If you do use a drive it can be just as easily deleted after you have finished the copy.
  Again: "NET USE /?" will tell you all of the options.
  Saying you know nothing is not an excuse for not thinking or looking more deeply into the suggestions made by those trying to help you.  This is not a MIcrosoft support forum or help desk.  It is a forum for admiinistrative scripting and assumes
  that those coming here are technically trained or experienced in the basics of Windows technology.
  ¯\_(ツ)_/¯

• JDev WS proxy not sending username and password

  Hi all, I've created a short web service which requires username authentication and testing it on the browser, the web service works fine.
  I then tried to create a web proxy (which is the new term for Web Service Stub in JDeveloper Studio Edition 10.1.3.0.4 right?) which calls this web service with username authentication.
  In the stub code, I added the following lines:
      public static void main(String[] args) {
          try {
              com.maxwell.secure.CreditServiceSoapHttpPortClient myPort = new com.maxwell.secure.CreditServiceSoapHttpPortClient();
              System.out.println("calling " + myPort.getEndpoint());
              // Add your own code here
              myPort.setUsername("tester");
              myPort.setPassword("***");
              myPort.getDetails("tester");
          } catch (Exception ex) {
              ex.printStackTrace();
      }where setUsername and setPassword are auto-generated by JDev.
  However, I still get the error:
        javax.xml.rpc.soap.SOAPFaultException: policy requires authentication tokenand when I turn on the HTTP analyser, I noticed that the stub didn't send the username and password along in its SOAP request
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ns0="http://secure.maxwell.com/">
     <env:Header>
        <wsse:Security
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1"/>
     </env:Header>
     <env:Body>
        <ns0:getDetails>
           <param0>tester</param0>
        </ns0:getDetails>
     </env:Body>
  </env:Envelope>Can anyone help?

  Hi,
  I can get username/pwd working in 2 ways.
  First option
  1. On the service, do not generate any of the security settings (ie do not use the Secure Web Service option)
  2. Deploy to OC4J
  3. Go in to security at application level and add your user
  4. Generate proxy (yes, the new name!)
  5. add the myPort.setUsername and setPassword code to your PortClient main method
  6. run proxy
  Second Option
  1. On the service, use the Secure Web Service wizard - check the Authenticate using Text Password but uncheck Integrity and Confidentiality Options (signing and encryption)
  2. Deploy to OC4J and add user as above
  3. Generate proxy
  4. Secure Proxy - check Use Username to Authenticate
  5. Uncheck Inbound and Outbound Integrity and Encrypt/Decrypt
  6. Add setUsername and setPassword as above
  7. Run
  With both of these I was able to call services. If you still have any problems, let me know and we'll try again
  rgds
  Susan
  JDeveloper Web Services PM

• Annoyed by OTN username and password prompting

  Sorry it's really starting to annoy me that I always have to enter my OTN username and password between every browser session. Why can it not use a cockie or whatever to keep me logged in at least for the day. Or better, let me save the password in my keychain so that I only have to press the "Sign In" button when the login appears.
  Firefox has a built in "save password" option, which will supply username and password when accessing a particular web page. It works with sites like ebay and many other common sites, but for some reason it does not work with OTN. When accessing OTN it never prompts me if I want Firefox to remember the password. I'm not using private browsing and have no site in the save password exception list.
  I found an add-on named "Saved Password Editor". It allows to manually add username and password entries associated with a web site. But since almost any software calls home today I rather not use any 3rd party tool to deal with security sensitive information. I checked the tool and it did not call home, but who knows what happens later.
  Any other ideas?
  FWIW: firefox - How does browser know when to prompt user to save password? - Stack Overflow
  Maybe the problem is simply because the login uses "ossusername" instead of "username" in the login form.

  So what is the message? I have no particular objection to any solution that fixes the issue, beside installing 3rd party browser extensions.
  How about the following? Checking https://login.oracle.com/mysso/signon.jsp on http://web-sniffer.net  shows:
  Set-Cookie:    ORA_UCM_VER=; domain=.oracle.com; expires=Thu, 01-Jan-1970 01:00:00 GMT; path=/
  Unfortunately I cannot set my system date prior to 1970 to see what happens, but would the cookie allow me to login without the need to specify my username and password again until the cookie expires? Would that be a feasible option instead of enabling form autocomplete?
  Speaking of which, the OTN forum defines "Cache-Control: private, no-cache, no-store, must-revalidate". This setting disables browser caching. I found the browser's back button very useful in the past to be able to get back the content of the forum editor, for instance, when some error occurred submitting the response or when I accidentally opened another web page. This used to work in the previous forum.
  The editor's new recovery function so far has been rather confusing or completely useless for me. It does not help after being logged out without notice. It actually just happened and I received an "unexpected error" while posting this response, loosing all text. (Un)fortunately I'm used to either copy and paste the content before submitting or use my own text editor. But cutting and pasting has become a different story now after the forum upgrade with the buggy editor.
  Meanwhile I understand that OTN cannot fix the problems with the forum software, but perhaps the login could be improved.

• HT4530 I just purchased an iMac and developed a user name and password.  I'm trying to install a program but can't because I forgot that information and didn't write it down.  How do I reissue a new username and password

  I just purchased an iMac and upon setting it up I initiated an username and a password.  Unfortunately I didn't write it down and now I'm trying to add software and the system won't let me because I forget that info.  How do I reissue a new usernam and password?

  Boot from your recovery partition by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the recovery desktop appears, select Utilities ▹ Terminal from the menu bar.
  In the Terminal window, enter “resetpassword” and press return. A Reset Password window opens.
  Select your boot volume if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Follow the prompts to reset the password.
  Select  ▹ Restart from the menu bar.
  You should now be able to log in with the new password, but you won't be able to unlock the Keychain. If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it. You’ll need to reset your keychain in the preferences of the Keychain Access application.

• Infopath 2013 SOAP Web Service Data Connection - Error: The file is not a valid XML file

  Here are the steps to replicate the issue I’m having when adding lists.asmx or any other SharePoint web service in InfoPath 2013. This web service opens fine in the browser from my desktop. My account is a farm administrator and is added to the
  web application’s User Policy.  I can use these services just fine using Nintex 2013 Workflow.
  Open InfoPath Designer 2013.
  Select Blank Form and click Design Form button.
  Click “Data” tab.
  Click “From Web Service” and select “From SOAP Web Service”
  Enter https://mysiteurl.com/_vti_bin/lists.asmx?WSDL for the web service definition.
  Click Next.
  Windows Security window pops up.
  Enter a credential. I tried both my account and the farm account. My account is a farm admin and is added to the web application’s User Policy with Full Control.
  Click OK. It prompts for credential multiple times.
  I get below this error messages: 
  Sorry, we couldn't open https://mysiteurl.com/_vti_bin/lists.asmx?WSDL
  InfoPath cannot find or cannot access the specified Web Service description.
  The file is not a valid XML file.
  Not enough storage is available to process this command.
  We have a project that is in need of these services using InfoPath so any help is greatly appreciated.

  Hi Brian_TX,
  For your issue, try to the following methods:
  Change your service binding in web.config to:binding="basicHttpBinding". It seems in VS it defaults to wsHttpBinding.
  Replace all instances of "parameters" from the web service wsdl with the name "parameter"
  There are some similar articles about the issue, you can have a look at them:
  http://www.infopathdev.com/forums/t/23239.aspx
  https://social.msdn.microsoft.com/Forums/office/en-US/621929c3-0335-40af-8332-5a0b430901ab/problems-with-infopath-web-service-connection?forum=sharepointcustomizationprevious
  https://social.msdn.microsoft.com/Forums/en-US/5fa5eca8-f8d7-4a2e-81ba-a3b4bdcfe5af/infopath-cannot-find-or-cannot-access-the-specified-web-service-description?forum=sharepointcustomizationlegacy
  Best Regards
  Lisa Chen
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• How-to access username and password protected Java EE Web services from ADF

  The title of this post is exactly the same as this article by Frank Nimphius:
  http://www.oracle.com/technology/products/jdev/howtos/1013/protectedws/access_protected_web_services_from_adf.htm
  The article addresses the problem of securing web services using usernames and passwords, when those web services are accessed through a proxy or a data control. In the examples, the user names and passwords are specified, whether in the code or the definition of data controls. (SKING/SKING).
  In a very common scenario, users login to reach a page, for example, A.jspx, which contains a button that calls a web service, for example displayDate. Suppose that user has logged in by username/pass of (AHUNOLD/AHUNOLD) and AHUNOLD has access to the service and the page. Is there any way to pass the logged in user name and password to the webservice ? Of course we can hard-code the username in the data control definition or proxy code, but this is just one of the thousands of users who have access to the service and the authentication is not dynamic this way.
  Hope my question is clear. Wishing you all a great Christmas.
  Farbod

  Hi Frank, and happy new year.
  Are you implying that it couldn't be done declaratively? What is your suggestion for this problem? You know the problem... As I described:
  - I need to secure my web services, so when exposed, no one from inside network or the internet, can access the web service without proper permission
  - The web services are shown as web controls on jspx pages. The user has logged in before reaching the page. It is irrelevant to ask him to enter user name and password again.
  - I have user names, passwords and roles in Oracle Internet Directory (Identity Management). It provides some APIs and I can retrieve the usernames and attempt logging in programmically. But how can I get username and password from the session in ADF application?
  I guess using SAML or certificate could be the solution, but I have a problem with SAML, described here:
  Re: Webservices Security, SAML, and Identity Management (OID)
  Best Regards,
  Farbod

• Retrieve username and password from Portal in external appl.

  Hi All,
  I have deployed an web application containing jsp into OC4J. I have registered this application as an external application in the portal. I need to capture the username and password required for the external application in the jsp (deployed as web application) after the external application has been authenticated by SSO server.
  Can i get it from the request or is ther any other way to capture the user credentials in the jsp of the external application?
  Thanks & Regards,
  SY

  Actually if the JSP is registered as an external Application then it is the JSP itself that is doing the
  authentication not the SSO server. The credentials are sent to the External Application either as HTTP
  header entries or on the URL depending on the type of method chosen to submit the request. In an external
  application the SSO server is effectively building the URL that would have come from the Login Page of the
  application.
  So in this case, if the application is being called as an external application, then they already have the
  username/password. Else it would not be an external application.

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill

• Avoid using Username and password in SOAP Envelope

  Hi Team
  I am working on calling the sercured web-service from PLSQL and able to call it successfully and get the response.
  In the SOAP envelope, I have header and body.
  Header contains the WS Security which includes username and password to authenticate the web-service and body contains the actual input pay load for service.
  Currently, header has username and password as 'hard-coded', is there a way to avoid the usage of username and password.
  We already tried to SIF for EBS methodology where in following steps are done:
  1) Create and event in EBS.
  2) Pass the event along with payload to SOA.
  3) SOA receives the event and triggers web-service and gets the response.
  4) Pass the response to EBS.
  This technique does avoid usage of username and password but takes 20 seconds to do the job. However, the appraoch above takes hardly 1 second.
  Please let me know in case any one has any idea on how to avoid credentials usage in SOAP envelope.
  Thanks
  Mirza Tanzeel

  How about doing away with that approach entirely?
  Password authentication requires one to keep a secret, secret. And that is the primary problem as how does one safely guard the secret, and manage the secret (by regularly changing)?
  Relying on secrets is a problem. I have never been a fan of password based security.
  Instead:
  a) use HTTPS to secure communication between sender and receiver
  b) use robust firewall rules to ensure that only sender is allowed to communicate with receiver
  c) implement sound network management and exception reporting (to detect and prevent violations on network infrastructure level)
  If you lack in the network infrastructure and administration areas, then:
  a) make the web service endpoint on server on localhost only (do not expose it to the outside world)
  b) establish a trusted ssh connection between sender and receiver using strongly encrypted RSA/DSA keys
  c) configure sender with a service that opens a reverse tunnel to target, exposing the web service as a local port on its localhost