Usernametoken security in weblogic 7.0 web services

Hi,
Can anybody tell me how to implement username token security in webservices developed on weblogic platform 7.0?
Thanks in advance
Shijo

          Try to refer to the documentation for
          Configuring Security in Web Applications at
          http://e-docs.bea.com/wls/docs70///webapp/security.html
          Does the weblogic.log file contain any error or warning
          messages corresponding to your problem ?
          If you have a test case to reproduce the problem, you
          can contact BEA support at [email protected]
          Thanks
          Developer Relations Engineer

Similar Messages

Adding security to my PL/SQL Web Service

Hi, I created a web service based on PL/SQL procedure using Jdeveloper, OC4J and now I would like to know all the options that exists for security (SSL, user/password, etc).... Is there any .pdf /whitepaper / Guide of security in Oracle Web services ?
Thanks...

Hi John,
For basic security (SSL and basic auth), you should look at the security guide for the container itself - see Security Guide.
For WSS [Web services Security], there is the Security Guide from the Oracle Application Server Documnetation Library.
Hope this helps,
-eric

NullPointerException in WebLogic while accessing web service from client

Hi all,
I have an SPML Web Service developed. The java class from WSDL was generated using wsdlc
<wsdlc srcWsdl="schema/oracle_ws_spmlv2.wsdl" destJwsDir="${classes.dir}" type="JAXWS" explode="true"/>
and then
<jwsc classpath="..." classpathref="wls.jars" srcdir="src/main" destdir="${classes.dir}" keepGenerated="yes">
<jws file="com/oracle/xmlns/idm/identity/webservice/spmlservice/SPMLService_SPMLServiceProviderSoapImpl.java" compiledWsdl="target/oracle_ws_spmlv2_wsdl.jar" type="JAXWS">
<WLHttpTransport contextPath="OIMSPMLWebService" serviceUri="${ear.deployed.name}" portName="SPMLServiceProviderSoap"/>
</jws>
</jwsc>
I have deployed the ear in WLS and generated the client classes.
<clientgen wsdl="http://${weblogic.host}:${weblogic.port}/OIMSPMLWebService/OIMspmlxsd?WSDL" destDir="${classes.dir}" type="JAXWS"/>
I run the client using java command from the terminal. First time, it runs fine. I get a valid response. But often, when I run it a second time, I get the following exception ... I need to undeploy and deploy the ear again. Any help will be appreciated!
Following error appears.
Error 500--Internal Server Error
java.lang.NullPointerException
at weblogic.wsee.jaxws.JAXWSDeployedServlet.init(JAXWSDeployedServlet.java:49)
at javax.servlet.GenericServlet.init(GenericServlet.java:241)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
at weblogic.servlet.internal.StubLifecycleHelper.(StubLifecycleHelper.java:48)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:521)
at weblogic.servlet.internal.ServletStubImpl.checkForReload(ServletStubImpl.java:452)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:232)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

As a workaround I can start the application in debug mode, log into the Weblogic console and stop then restart the deployment and this issue goes away, sort of a pain but it does work.

ColdFusion failed security in invoking a WebSphere web service

Hello,
I tried to call a web service hosted in a IBM WebSphere
server, but could not pass WebSphere's security framework. After
some talking with the guys in the WebSphere side, I'm not sure
whether this is possible in ColdFusion because they ask for a
<wsse:UsernameToken> in the SOAP envelope header. We did some
testing, and they confirmed that ColdFusion could talk to the web
service, by could not pass security validation. Would someone help
me here? Must it be done in Java?
Here is my calling syntax in ColdFusion:
<cfinvoke webservice="https://WebServiceURL?wsdl"
method="myMethod" username="myUserName" password="myPassword"
returnVariable="ReturnCode">
<cfinvokeargument name="ParaName"
value="ParameterValue">
</cfinvoke>
The web service is locked down, so the calling client must
issue a SOAP message containing VALID security extensions:
<soapenv:Envelope
xmlns:soapenv="
http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ws="
http://somedomain"
xmlns:wsse="
http://schemas.xmlsoap.org/ws/2002/07/secext">
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>myUserName</wsse:Username>
<wsse:Password>myPassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
... REMOVED as this depends on your individual SOAP service
</soapenv:Body>
</soapenv:Envelope>
The guys at WebSphere said that my ColdFusion SOAP call
probably did not have the envelope security header. IIs there a way
to capture the underlying actual SOAP call format? Here is the
error msg:
AxisFault
faultCode: {
http://schemas.xmlsoap.org/ws/2003/06/secext}FailedAuthentication
faultSubcode:
faultString: WSEC5075E: No security token found which
satisfies any one of AuthMethods.
faultActor:
faultNode:
faultDetail:
http://xml.apache.org/axis/}stackTrace:WSEC5075E:
No security token found which satisfies any one of AuthMethods.
at
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221)
at org.apache.axis
Larry

Sadly, byrning's reply ended with just "how to use CF with stupid WSSE security", which leads readers to wonder if he meant to share more. For instance, was that supposed to be a link to a blog entry?
I did some digging, and I found an old google cache of another version of this forum, and it showed that he had included the following code, which somehow never made it into the message here:
<cfset myUsername = "yourUsername" />
<cfset myPassword = "yourPassword" />
<cfset myDate = DateFormat(DateConvert("local2Utc", now()),
"yyyy-mm-ddThh:mm:ssZ")>
<cfset myNonce = createPIN(33)> 
<cfset myPasswordDigest = ToBase64(Hash(myNonce & myDate & myPassword ))>
<cfscript>
        myObj = createObject("webservice", "http://urltoYourService?wsdl");
        headerElement = createObject("java",
"org.apache.axis.message.SOAPHeaderElement");
        headerElement.init("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
ecurity-secext-1.0.xsd", "wsse:Security");
        headerElement.addChildElement("wsse:UsernameToken");
        headerElement.getFirstChild().addChildElement("wsse:Username").setValue(myUsern
ame);
        mypass = headerElement.getFirstChild().addChildElement("wsse:Password");
        mypass.setValue(myPasswordDigest);
        mypass.setAttribute("Type", "wsse:PasswordDigest");
        headerElement.getFirstChild().addChildElement("wsse:Nonce").setValue(
ToBase64(Hash(myNonce, "SHA")) );
        myCreated = headerElement.getFirstChild().addChildElement("wsu:Created");
        myCreated.setValue(myDate);
        myCreated.setAttribute("xmlns:wsu",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut....
xsd");
        headerElement.setMustUnderstand(1);
        headerElement.setActor("");
        myObj.setHeader(headerElement);
        result = myObj.methodtoCall(param1="yadda", param2="yadda")
</cfscript>

Security Error when creating a web service with Flex

Hello comminuty.
I'm using Flex to create a standalone application and I have to use web services to retrieve data from SAP.
I used the bapi bapi_flight_getlist to create an associated WS that works fine (tested with the Eclipse's WS Explorer).
In Flex Builder, I use the following code to create my web service:
     <mx:WebService
          showBusyCursor="true"
          id="service"
          wsdl="{wsdl}"
          result="resultCreateWSHandler(event);"
          fault="faultCreateWSHandler(event);">
            <mx:operation name="FlightGetList"
                 result="resultWSHandler(event)"
                 fault="faultWSHandler(event)"></mx:operation>
        </mx:WebService>
And this is the error I'm getting:
(mx.messaging.messages::ErrorMessage)#0
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "E578ED8C-EF29-44E7-8D57-57B4DB6EB613"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#1
    DSStatusCode = 0
messageId = "6E7AC45E-418D-90CD-96AD-57B52DB1DAF4"
rootCause = (flash.events::SecurityErrorEvent)#2
    bubbles = false
    cancelable = false
    currentTarget = (flash.net::URLLoader)#3
      bytesLoaded = 0
      bytesTotal = 0
      data = (null)
      dataFormat = "text"
    eventPhase = 2
    target = (flash.net::URLLoader)#3
    text = "Error #2048: Violation de la sécurité Sandbox : http://localhost:8300/ztest2/bin-debug/ztest2.swf ne peut pas charger de données à partir de http://XXXX:8006/sap/bc/srt/wsdl/bndg_DEB8A28C2E19EEF19C080050568D135B/wsdl11/allinone/ws_policy/document?sap-client=800."
    type = "securityError"
timestamp = 0
timeToLive = 0
Translation: "Error #2048: Sandbox security violation: http:....swf cannot load data from http:...client=800"
Would any of you have an idea about what is causing this error??
Thanks for any help you can provide.
Regards,
C.

Hi Cristina
Did your flex application worked. i am also having same problm. cant access the BAPI from standalone flex application.
Jay

Weblogic 10.3: web service client enable HTTP/HTTPS connection reuse?

hi all,
i am writing an client app to call a web service, through a client proxy generated by jdeveloper/weblogic.
My question is:
for the weblogic web service client proxy, is it possible to enable HTTP/HTTPS connection reuse/pooling?
i see there is many connection created when calling the web service (by command netstat)?
thank you.
lsp

anybody can help?
thanks

Urgent: Calling a WebLogic document type Web Service

We have created an one-way, document type web service that works fine with the
clientgen client. When sending the same SOAP message to the service from another
client, it fails with: javax.xml.soap.SOAPException: failed to receive message:
The other client recieves an HTTP 500.
The signature for the service method is:
public void getDiag(Diagnostic diag)
Diagnostic is a complex type generated by autotype from a schema.
The failing client builds the SOAP message and sends it to the WebLogic service
using HttpURLConnection with the request method set to POST and content-type to
text/xml.

Is there any error on the server?
Did the method on the end componet invoked?
If you are using WLS 8.1, its better to use SAAJ
instead of plain http url connection. Something like:
SOAPConnectionFactory factory =
SOAPConnectionFactory.newInstance();
SOAPConnection connection =
factory.createConnection();
SOAPMessage response =
connection.call( request, targetURL );
Here is a working example:
http://manojc.com/?sample23
RouterHandler.java
Regards,
-manoj
http://manojc.com
"Steve Watson" <[email protected]> wrote in message
news:3ec13eeb$[email protected]..
>
We have created an one-way, document type web service that works fine withthe
clientgen client. When sending the same SOAP message to the service fromanother
client, it fails with: javax.xml.soap.SOAPException: failed to receivemessage:
>
The other client recieves an HTTP 500.
The signature for the service method is:
public void getDiag(Diagnostic diag)
Diagnostic is a complex type generated by autotype from a schema.
The failing client builds the SOAP message and sends it to the WebLogicservice
using HttpURLConnection with the request method set to POST andcontent-type to
text/xml.

Weblogic 10.3 - web service - manual jdbc commit

Hi All,
I need a little help.
I have been made a web service with a web method. My business logic is very strange, and I have to make some jdbc commit manually in the web method. I try to call transaction.begin() and transaction.commit() but the weblogic throws an exception:
javax.transaction.NotSupportedException: Another transaction is associated with this thread. Existing transaction Name=[EJB ...
Could you tell me, how can I get the current transaction context and handle manually the jdbc commit?
_Here is part of my code:_
@WebService()
@Stateless()
public class MyWebService
     * Web service operation
    @WebMethod(operationName = "businessDataUpload")
    public String businessDataUpload(@WebParam(name = "businessData") String businessData)
        try
            javax.naming.Context ctx = new javax.naming.InitialContext();
            javax.transaction.UserTransaction transaction = (UserTransaction) ctx.lookup("javax.transaction.UserTransaction";);
            javax.sql.DataSource ds = (DataSource) ctx.lookup(JNDI_NAME);
            java.sql.Connection = ds.getConnection();
            *transaction.begin();*
            // jdbc code here
            transaction.commit();
catch (Exception ex)
// transaction rollback
transaction.rollback();
throw new RuntimeException(ex);
Please help me.
thx, SoMa
Edited by: user1130432 on May 27, 2011 9:16 AM

Hi SoMa,
Please try this:
@WebService()
@Stateless()
public class MyWebService
           * Web service operation
           @WebMethod(operationName = "businessDataUpload")
           public String businessDataUpload(@WebParam(name = "businessData") String businessData)
                                 try
                                            javax.naming.Context ctx = new javax.naming.InitialContext();
                                            javax.sql.DataSource ds = (DataSource) ctx.lookup(JNDI_NAME);
                                            java.sql.Connection con= ds.getConnection();
                                            con.setAutoCommit(false);                // By default on JDBC Connections the AutoCommit is TRUE //
                                            // jdbc code here
                                            con.commit();
                                 catch (Exception ex)
                                            // transaction rollback
                                            con.rollback();
                                            throw new RuntimeException(ex);
                      }Thanks
Ravish Mody

Injecting message security int Glassfish EJB3.0 Web Service Endpoint

I need to specify message security in sun-ejb-jar.xml descriptor. According to documentation: https://glassfish.dev.java.net/javaee5/webservices/dispatch_process.html#EJB
when EJB is deployed, ejb-jar.xml, webservices.xml, and sun-ejb-jar.xml get created. This works. The documentation goes on to say that if an ejb-jar.xml or sun-ejb-jar.xml file is provided in the EJB-JAR, they will be used as starting points when descriptors are generated. This does not seem to work.
I have tried to create descriptors by hand but was unsuccessful at this as well.
Is there a way to modify descriptors generated by the application server following a deploy with no descriptors), so that I can package them with my EJB-JAR? I tried and couln't get that to work.
Basically, I need to be able to add message-security-binding and auth realm configs to the sun-ejb-jar.xml, if that is at all possible. Thanks for any help anyone can give.
Frank

Well, I managed to get this to sort of work. I am able to deploy my EJB with only a sun-ejb-jar.xml descriptor. The glassfish container generates the webservices.xml and ejb-jar.xml, and updates the sun-ejb-jar.xml file passed in. I now am seeing a new problem.
Here are the scenarios:
1) Default security provider:
Request policy: auth-source="content" auth-recipient="after-content"
Client signs and then encrypts message, all works fine.
2) Specify provider and request protection in sun-ejb-jar.xml to be signature
Request policy: auth-source="content"
Client signs message
All works fine.
3) Specify provider and request protection in sun-ejb-jar.xml to be signature and encrypted. (Should be same as Scenario one).
Request policy: auth-source="content" auth-recipient="after-content"
Client signs and then encrypts message.
The server throws the following exception:
[#|2007-03-07T17:30:37.895-0700|SEVERE|sun-appserver-pe9.0|javax.enterprise.resource.webservices.jaxws.server.soapmd|_ThreadID=12;_ThreadName=httpWorkerThread-8080-1;_RequestID=eb686a92-f5a7-4a24-a83f-fbffeed3dd4d;|Error in decoding SOAP Message
Error in decoding SOAP Message
at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:89)
at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.toMessageInfo(SOAPMessageDispatcher.java:187)
at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher$SoapInvoker.invoke(SOAPMessageDispatcher.java:571)
at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:145)
at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:160)
at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:89)
at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:178)
at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:100)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
Caused by: javax.xml.ws.soap.SOAPFaultException: Cannot find the dispatch method
at com.sun.xml.ws.encoding.soap.SOAPDecoder.raiseFault(SOAPDecoder.java:674)
at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.decodeDispatchMethod(SOAPXMLDecoder.java:152)
at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBodyContent(SOAPDecoder.java:337)
at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBody(SOAPDecoder.java:327)
at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeEnvelope(SOAPDecoder.java:250)
at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:81)
... 29 more
Please note that the client is the same for Scenario 1 and 3, yet the outcome is greatly different.
Also, I did try manually change the generated descriptor, rather than passing in sun-ejb-jar.xml. This did not work either. same error.
Thanks for any help.
Message was edited by:
FrankF@Sun
Message was edited by:
FrankF@Sun

Securing MIME WS with Oracle Web Services Manager

I try to secure a simple WS with receives and returns MIME attachment(picture).
WSDL:
<definitions
name="MIMEWS"
targetNamespace="http://MIMEWS"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:tns="http://MIMEWS"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:types="http://MIMEWS/types"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
>
<message name="getPhotoRequest">
<part name="photo" type="xsd:hexBinary"/>
</message>
<message name="getPhotoResponse">
<part name="photoResponse" type="xsd:hexBinary"/>
</message>
<portType name="Photo">
<operation name="getPhoto">
<input message="tns:getPhotoRequest"/>
<output message="tns:getPhotoResponse"/>
</operation>
</portType>
<binding name="PhotoBinding" type="tns:Photo">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="getPhoto">
<input>
<mime:multipartRelated>
<mime:part>
<soap:body use="literal"/>
</mime:part>
<mime:part>
<mime:content part="photo" type="image/jpeg"/>
</mime:part>
</mime:multipartRelated>
</input>
<output>
<mime:multipartRelated>
<mime:part>
<soap:body use="literal"/>
</mime:part>
<mime:part>
<mime:content part="photoResponse" type="image/jpeg"/>
</mime:part>
</mime:multipartRelated>
</output>
</operation>
</binding>
<service name="PhotoService">
<port name="PhotoPort" binding="tns:PhotoBinding">
<soap:address location="http://localhost:8888/ws_security-AttachmentWS-context-root/PhotoPort"/>
</port>
</service>
</definitions>
The WS works fine, but if i register it with Gateway, i cant invoke it anymore.
I always get the following error:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">p:Client.GenericFault</faultcode>
<faultstring>Cannot Replace the To Soap Header</faultstring>
<detail/>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Can anyone help please?

Hi
I guess no one responded to this.
I now have this problem, but it is only recent..... It appears to be tied up with Enterprise Manager security (?).
Did you ever get a response ?

Unable to get requestor IP in weblogic 9.0 web service custom handler

We used to get HttpServletRequest Object from which we get requestor IP previously, This is code for that
if (context.containsProperty("HTTPRequest")) {
req = (HttpServletRequest) context.getProperty("HTTPRequest");
}else if( context.containsProperty("__BEA_PRIVATE_BINDING_PROP") ){
Object bindingObj = context.getProperty("__BEA_PRIVATE_BINDING_PROP");
if( bindingObj instanceof HttpServerBinding ){
HttpServerBinding binding = (HttpServerBinding) bindingObj;
req = binding.getRequest();
But now this has changed and we are unable to get "__BEA_PRIVATE_BINDING_PROP" either from mime headers OR from MessageContext
This is what we have used
MimeHeaders mimeheaders = soapMessage.getMimeHeaders();
MimeHeader mimeheader = null;
Iterator iter = mimeheaders.getAllHeaders();
while(iter.hasNext()) {
     mimeheader = (MimeHeader) iter.next();
     // loop through all the context properties
     Iterator props = context.getPropertyNames();
     while (props.hasNext()){
          String propName = (String) props.next();
Requiremnt is to identify the requestor IP. Any help in this would be greatly appreciated.
Thanks in Advance
Raghu.

hi:
I followed the instructions of the <b>weblogic test client</b>(http://dev2dev.bea.com/wlserver/wstestclient.html). put the wlstestclient.ear in /bea90/weblogic90/server/lib.
but http://host:port/wls_utc web page does not work.
the messages it shows is "The WebLogic Test Client is not currently installed on this server. For download and installation instructions please see Dev2Dev."
my OS is Redhat Enterprise 3.
please, appreciate to suggestion and documents, thanks.
Rick

How to compress SOAP response generated by weblogic 7.x web service??

can anybody tell me how to compresse SOAP response generated by weblogic webservice before sending it to client. i have my handler chain to process that response but how to compress that response .My webservice generates response that contains lots of XML data ~25 mb size . it's taking time to reach it to client for that i wanted to compress it . How to do that?can anybody help me?
Thanks........
Rahul

Answered on my own:
Just have to use
x_result = http_client->response->get_data( ).
instead of
x_result = http_client->response->to_xstring( ).
Just don't knwo why the filesize is wrong also - but I can work with this image!

Web services security

I want a JAX-Ws web service deployed in weblogic that does userid/password authentication. It would be nice if Oracle could provide a good working example of this.
I tried the following so far:
1. I tried on the web service samples: under wlserver_10.3/samples/server/examples/src/examples/webservices/security_jws. I built and deployed the service successfully to WSL 10.3.0. I used the test Java client and it seems to work. Then I tried connecting to the web service using SOAP UI client. SOAP UI was able to call the web service operation without being prompted for id or password.
2. I tried the steps under Security->Authentication->Basic Authentication section of this document:
http://e-docs.bea.com/workshop/docs81/doc/en/core/. I setup a security-constraint (to protect the web service url context), login-config, security-role and then in weblogic.xml I mapped the role to the 'users' role in weblogic server. It does not work. SOAP UI was able to invoke the operation without being prompted.
Another interesting thing I found was that on the client side if I use code like this:
BindingProvider bindingProvider = (BindingProvider) port;
Map<String, Object> reqContext = bindingProvider.getRequestContext();
reqContext.put(BindingProvider.USERNAME_PROPERTY, "weblogic");
reqContext.put(BindingProvider.PASSWORD_PROPERTY, "xxxxxx");
and supply the wrong password, client connection fails. However if I take out both user name and password properties, the client connection works!!!
Please provide good working example of some of these simple cases. May be on your new sample code website (www.samplecode.oracle.com). Thanks.

One item 1 in my post above, I was wrong about SOAP UI when connecting to the example in wlserver_10.3/samples/server/examples/src/examples/webservices/security_jws folder. A client connection from SOAP UI is indeed refused by the server due to lack of security headers. So that's good.
However, I changed the security_jws example ant build file and added the parameter type="JAXWS" to the jwsc task as well as clientgen task. I got the following error.
BUILD FAILED
C:\Oracle\Middleware\wlserver_10.3\samples\server\examples\src\examples\webservices\security_jws\build.xml:48: weblogic.
wsee.tools.WsBuildException: JWS Validation failed: [The WebLogic Server 9.x-style policy is not supported in JAX-WS web
services., The WebLogic Server 9.x-style policy is not supported in JAX-WS web services., The WebLogic Server 9.x-style
policy is not supported in JAX-WS web services., The annotation weblogic.jws.WLHttpTransport is not allowed on examples
.webservices.security_jws.SecureHelloWorldImpl because it is a JAX-WS type web service., The WebLogic Server 9.x-style p
olicy is not supported in JAX-WS web services., The WebLogic Server 9.x-style policy is not supported in JAX-WS web serv
ices., The WebLogic Server 9.x-style policy is not supported in JAX-WS web services., The annotation weblogic.jws.WLHttp
Transport is not allowed on examples.webservices.security_jws.SecureHelloWorldImpl because it is a JAX-WS type web servi
ce.]
Total time: 2 seconds
What is recommended way to do secure a jax-ws web service in Weblogic 10.3.0 or 10.3.1? Do these Weblogic versions support WSIT (https://wsit.dev.java.net/)? Please provide an example.

Urgent: Is it possible to deploy a web service EAR/JAR to a container other than WebLogic?

Hi,
Is it possible to deploy an EAR/JAR created using JwsCompile to any J2EE container?
Ideally, I would like to make use of the features that are only provided by WebLogic
Workshop, like State Management, Callbacks too. If possible, what are the steps
involved?
There is an example for interoperability included in the samples that demonstrates
the use of a WebLogic Workshop web service from an ASP.NET web service, participating
in a conversation and accepting a callback. Is it possible to do the same using
a normal C# windows or webforms app instead of using an ASP.NET web service? So,
I would like to access the WebLogic workshop generated web service with state
management and callbacks from a C# windows app.
Thanks in anticipation,
August

[att1.html]

Web Service and security....

Hi everyone,
I wanted to know if someone suceeded to call a web service via a Java standalone class using a Deployable Proxy ?
If yes, can someone gives me all the steps ?
Thanks a lot for your help.
NB : I succeeded calling a web service via Standalone Proxy. But I want to securize the call to the web service.
I noticed that I cannot use SSL with Standalone Proxy.
If I am missunderstanding something, please let me know.

Hi David,
Yes, you cannot use SSL with standalone proxy.
you can use document security for deployable proxy as i suggested you before in you earlier posts.
Follow these steps:
1. Specify document security as authentication mechanism in web service configuration file.
2. In security tab in this file, choose username+encryption for request and none for response.
2. deploy your web service.
3. Create deployable proxy for this web service.
4. ensure security options for this proxy is also set to document authentication.
5. Deploy this proxy on the server.
6. Go to visual administrator and there check whether XMLEncryption certificate is available under WebserviceSecurity view. If not then create private and public key with name XMLEncryption and XMLEncryption-cert respectively.
7. Assign this certificate to your webservice and proxy in the services, "Web services seurity".
8. write code in Standalone java class to call your pproxy.
Regards,
Bhavik

Usernametoken security in weblogic 7.0 web services

Similar Messages

Maybe you are looking for