Web Service security with Apache Axis. 403 forbidden error

Hello.
I have to invoke a Web Service method via https. To achieve that, I have correctly added the server certificate to my truststore.
When I invoke the method, I obtain this error:
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (403)Forbidden
This is because the server requests me for a client certificate.
I have the certificate, but I don't know how to use it in the java client.
Does anybody know how to do that? Any kind of help will be very useful.
Thank you very much in advance.
NOTE: If I write the url of the web service in a web browser, the server requests me for a client cert. When I chose the appropiate certficate, the web browser shows me this message from the web service: "Hello, this is a Web Service"

Finally my problem has been solved.
I added the necesary properties to the system and everything went well.
This is the code:
String trustStore = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
String keyStore = System.getProperty("java.home") + "/lib/security/keystorePKCS12".replace('/', File.separatorChar);
String tspasswd = "myTrustStorePassword";
String kspasswd = "myKeyStorePassword";
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", tspasswd );
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", kspasswd );It's necesary to say that my keystore is PKCS12 type, and it stores only one pkcs certificate.
Note that is also posible to set these system properties in the Tomcat start script.

Similar Messages

  • Web Service Security with SAML - Invalid XML signature

    Hello together,
    we want to build a scenario where we want to use Web Service Security  with SAML.
    The scenario will be
    WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
    SAP PI release is 7.11 (SP Level 4)
    We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
    The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
    But we get following error at calling the CRM system when we want to communicate with SAML:
      <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
    Has somebody an idea of the possible reason for the error.
    Thanks in advance
    Stefan

    Error Messages in the Trace/Log Viewer:
    CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
    A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
    Invalid XML signature

  • Java Web Services Security with 10.1.2.1

    I have developed a Java Web Service with J Developer 10.1.2.1 which was deployed onto Oracle 10.1.2.1 application server. Now I have to implement Security for this Web Service (similar to ws-security etc.,), how I can achieve Security with 10.1.2.1?
    J Developer 10.1.3.1 seems to have the feature to implement Web Service Security, but a Java Web Service developed using J Developer 10 .1.3.1 with security enabled cannot be deployed onto Oracle 10.1.2.1 application server.
    Please help as how I can implement Java Web Service Security with 10.1.2.1?
    Email: [email protected]
    Thanks for the help in advance.

    You can use Oracle Web Services Manager to virtualize the end point and still implement WS-Security.
    Thanks
    Ram

  • Sync Web Service - BPM with 2 sync proxy calls error.

    Hi.
    Have a sync web service going into a BPM.
    In the BPM there ar 2 sync calls towards a system making a credit check.
    The answer is responded to the web service.
    In our QA system the solution works perfect.
    I transported the solution to production and when I test the web service call towards I get the following error.
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    - <!--  Call Adapter
      -->
    - <SAP:Error SOAP:mustUnderstand="1" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
      <SAP:Category>XIServer</SAP:Category>
      <SAP:Code area="INTERNAL">PL_TIMEOUT</SAP:Code>
      <SAP:P1 />
      <SAP:P2 />
      <SAP:P3 />
      <SAP:P4 />
      <SAP:AdditionalText />
      <SAP:Stack>Timeout condition of pipeline reached</SAP:Stack>
      <SAP:Retry>M</SAP:Retry>
      </SAP:Error>
    Does anybody have an idea why I get the error.
    When I check my config everything looks the same.
    Looks like we never send the first sync call to the proxy when I check in SXMB_MONI and the BPM gets terminated.
    We have just migrated the solution from XI 3.0 to PI 7.11.
    BR
    Kalle

    Hi.
    How will that help if we do not send the message.
    When I check the graphics in SXMB_MONI the error occours befor we send the first message with proxy.
    Also extend ASYNC timeout?
    We are using sync communication.
    BR
    Kalle

  • Web service security with active directory

    Hi,
    i want to protect my webservice by using active directory for authentication.
    (i am using jdeveloper 10.1.3.1 and bundled OC4J)
    i follow the document web service developer guide (section External LDAP Security Providers) and set up the LDAP security provider...
    in the OC4J web admin security page...i have press the 'test ldap authorization'
    button to CONFIRM the ldap connection is correctly set.
    but when i call the web service, deployed in that OC4J container,
    operation fail with the following message :
    javax.xml.rpc.soap.SOAPFaultException: UnsupportedCallbackException: oracle.security.jazn.callback.IdentityCallback@19f410 not available to gather authentication information from the user
    at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
    at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
    at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
    at test.proxy.ws1.runtime.MyWebService1SoapHttp_Stub.getUserNameYY(MyWebService1SoapHttp_Stub.java:134)
    at test.proxy.ws1.MyWebService1SoapHttpPortClient.getUserNameYY(MyWebService1SoapHttpPortClient.java:50)
    at test.proxy.ws1.MyWebService1SoapHttpPortClient.main(MyWebService1SoapHttpPortClient.java:33)
    could anybody help me?
    thank you very much

    actually i use the default setting provided by oracle's configuration
    wizard for active directory
    User:
    LDAP User Name Attribute: sAMAccountName
    LDAP User Object Class : inetOrgPersion
    User Search Scope: subtree
    User Search Base: dc=xxx, dc=com
    Groups:
    LDAP Group Name Attribute: cn
    LDAP Group Object Class: group
    LDAP Group Member Attribute: member
    Group Search Scope: subtree
    Group Membership Search Scope: direct
    Group Search Base: dc=xxx, dc=com
    using the same user, user searchbase, i can search the AD using other
    tools.
    could anybody help me ?
    thank yous.

  • Web service security with mutiple certificates

    Is it possible to secure a web service on OC4J such that multiple clients can securely access the same web service. I have been trying to send messages to the same web service end point using multiple signature keys. The problem that I am getting is that if I do not use the signature key specified within OC4J to sign the message I am receiving the following error "javax.xml.rpc.soap.SOAPFaultException: Chain does not terminate with a trusted CA". Note all the certificates are present in the configure OC4J keystore.
    Can anyone point me in the direction of some documentation on how to configure a web service to be securely accessed by multiple clients (certificates)
    Cheers
    Neil

    Here is an example where we have two keystores, Bob and Alice.
    Bob's Keystore:
    Entry Alias: alice (Trusted Certificate) >>> No password
    Entry Alias: bob (Key Pair + CA Certs) >>> password welcome1
    Alice's Keystore:
    Entry Alias: bob (Trusted Certificate) >>> No password
    Entry Alias: Alice (Key Pair + CA Certs) >>> password welcome1
    In our scheme each party on the end of the message exchange have two key-pairs one for signature and one of encryption:
    In the Oracle Web Service.xml you should see something to the effect:
    <key-store name="mykeystore" store-pass="welcome1"
    path="META-INF/bob.jks"/>
    <signature-key key-pass="welcome1" alias="bob"/>
    <encryption-key key-pass="welcome1" alias="bob"/>
    Later in this XML, you would see the encrypt element, here we let it know to use alice for XML Encryption:
    <encrypt>
    <recipient-key alias="alice"/>
    <encryption-method>AES-128</encryption-method>
    <tbe-elements>
    <tbe-element local-part="Body"
    name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
    </tbe-elements>
    </encrypt>
    The default behavior is to only work with one client. If you need to work with multiple, then we have a means here:
    http://download-west.oracle.com/docs/cd/B31017_01/web.1013/b28976/adminasc.htm#BABFFICH

  • Web Services with Apache Axis plugin Weblogic

    Hi,
    I am a newbie to Web Services & Apache Axis. I have plugged in Apache Axis with
    Weblogic 6.1. I wanted to know whether an architecture of the following is possible.
    Web Services published on Apache Axis wrapped on SessionBeans on Weblogic 6.1.
    Also can I get some docs, samples that can help me.
    Any help is appreciated.
    Meghna

    Hi Meghna,
    hmmm...if you are going to start off with webservices, why not go with
    the very best available: WLS 8.1 has:
    - much better schema coverage,
    - rpc, doc-literal and doc-literal-wrapped style
    - async client
    - jms transport
    - security and RM
    - many new ant tasks
    See the full list: http://edocs.bea.com/wls/docs81/webservices.html
    All the features...plus outstanding performance and our award winning
    support.
    Bruce
    Meghna Sinha wrote:
    >
    Hi,
    I am a newbie to Web Services & Apache Axis. I have plugged in Apache Axis with
    Weblogic 6.1. I wanted to know whether an architecture of the following is possible.
    Web Services published on Apache Axis wrapped on SessionBeans on Weblogic 6.1.
    Also can I get some docs, samples that can help me.
    Any help is appreciated.
    Meghna

  • Is JAX-RPC compatible with Apache Axis?

    We are starting a new project, and our design goal is to develop server-side API that is the exposed via Web Services. The goal is to have them run within the Sun Reference Implementation, and within Apache Axis.
    My question is, if we develop to the JAX-RPC Specification, with occasional SAAJ calls for attachment processing, will our Web Services run within Apache Axis? In other words, it Apache Axis JAX-RPC and SAAJ-compatible?

    It seems that the way they handle Attachments is different. Apache Axis seems to have its own way of handling Attachments, even though it is possible that they also support the standard JAX-RPC way.
    Generally speaking, I am not very happy with how JAX-RPC handles attachments, but this is a different subject.

  • Working with Web Service Security

    Hi... forum
    I really need your help.
    I created a web service client. with JDEV 10.1.3, when i crearted a function call i got this error
    javax.xml.rpc.soap.SOAPFaultException: SoapException
    at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:540)
    at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
    at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
    at com.ws.runtime.POSSoap_Stub.comprar(POSSoap_Stub.java:659)
    at com.ws.POSSoapClient.comprar(POSSoapClient.java:55)
    at com.ws.POSSoapClient.main(POSSoapClient.java:40)
    I debug the application and then get down in this line:
    send((String) getProperty(ENDPOINT_ADDRESS_PROPERTY), _state);
    i also using web Secure Proxy
    and i have another methor called ping and this work fine, but one method that needs webservice security doesn´t work.
    some body has work with Webservice Security ?
    How can i view the message that is sending ?
    i don´t know what´s happenning ?
    Can help me, please?
    thnks
    Josue

    HI Frank, thank you for your help...
    I run the HTTP analyzer and see the error.. the usernametoken doesn´t was put it...
    My proxy i put it like secure proxy and i check the option username token. but the service. doesn´t put me this tag.
    this the message send it.
    <?xml version = '1.0' encoding = 'UTF-8'?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:schemas-orbitel-com-co:pos">
    <env:Body>
    <ns0:SolicitudCompra>
    <ns0:IdTransaccion>123</ns0:IdTransaccion>
    <ns0:TipoTarjeta>Orbitel Europa</ns0:TipoTarjeta>
    <ns0:Localizacion>Colombia</ns0:Localizacion>
    <ns0:Valor>0</ns0:Valor>
    <ns0:ZonaHoraria>0</ns0:ZonaHoraria>
    </ns0:SolicitudCompra>
    </env:Body>
    </env:Envelope>
    And the error message is..:
    <soap:Fault>
    <faultcode>soap:Server</faultcode>
    <faultstring>SoapException</faultstring>
    <faultactor>urn:schemas-orbitel-com-co:pos</faultactor>
    <detail>
    <Error xmlns="urn:schemas-orbitel-com-co:pos">
    <Codigo>POS006</Codigo>
    <Descripcion>El UsernameToken no fue suministrado</Descripcion>
    </Error>
    </detail>
    </soap:Fault>
    Frank, what can i do. to put the usernametoken into the send message.. ?
    thnks four your help...
    thnks.
    Joshua

  • SOAP Request with Web Service Security

    Hi masters of XI,
    the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
    I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
    <wsse:Security>
    <wsse:UsernameToken>
    <wsse:Username>XXXX</wsse:Username>
    <wsse:Password>XXXXXXXXX</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    How can we send UserNameToken's elements inside SOAP web service envelope
    signing with X.509 certificate also? There are any way to do it in the
    receiver agreement or receiver SOAP adapter?
    thanks.

    Hi,
    thank you very much for your answers.
    I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
    <wsse:Security>
    <wsse:UsernameToken>
    <wsse:Username>XXXX</wsse:Username>
    <wsse:Password>XXXXXXXXX</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
    This is my Request:
    <?xml version="1.0" encoding="utf-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
          <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
            <ds:SignedInfo>
              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
              <ds:Reference URI="#id-104309952">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
              </ds:Reference>
              <ds:Reference URI="#Timestamp-104310599">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
              </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-104377209">
              <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
                <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
              </wsse:SecurityTokenReference>
            </ds:KeyInfo>
          </ds:Signature>     
          <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
            <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
            <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
          </wsu:Timestamp>
        </wsse:Security>
      </soapenv:Header>
    And this is the request I need:
    <?xml version="1.0" encoding="utf-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
          <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
            <ds:SignedInfo>
              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
              <ds:Reference URI="#id-104309952">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
              </ds:Reference>
              <ds:Reference URI="#Timestamp-104310599">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
              </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-104377209">
              <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
                <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
              </wsse:SecurityTokenReference>
            </ds:KeyInfo>
          </ds:Signature>
    <!-- THIS IS THE PART I NEED -->
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
            <wsse:Username>xxxxxxx</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
          </wsse:UsernameToken>
    <!--  -->
    <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
            <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
            <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
          </wsu:Timestamp>
        </wsse:Security>
      </soapenv:Header>

  • Issue with Web Service Security

    Dear Forum Members and Readers,
    I am a beginner to Web Services, and facing an issue with WS-Security.
    My issue seemingly is quite specific to my projects though, It will be great if you can provide me your views.
    Context Description:
    I am developing a Java Web Service application that is deployed on JBoss Application Server.
    This application will communicate with two other applications those are not deployed in same JBoss Application Server.
    These 2 applications are third party applications, one is C++ based web services and other is Java based web services.
    My application gives a call to Third Party Application1 and receives the response back form it. It then passes this received response to Third Party Application 2.
    Issue Description:
    I now need to enable https paradigm among these 3 applications. (I need to implement web service security model here)
    I started with looking in to JBoss specific WS-Security but found it not suitable in my case, as it requires to configure both the client and server. I have the control over my application but not on other 2 third party applications.
    To this extent, I am unable to identify a solution that can address my issue.
    Can anybody please provide me with initial thoughts or any reference material that might help me to give this a start.
    Any clue will be highly appreciated!
    Thanks in advance
    Mukul

    mukul.object wrote:
    Actually, my SOAP messages contains some critical information that needs to be encrypted.You think that its critical information however your third party doesn't. If they would have had same thought they would have enabled the security. As I said earlier, you will have to discuss this with them.
    Another solution (however I don't know the viability in your case) could be to deploy one component before each third party service. Your web service will call this new component (Which is installed in their environment i.e. local to third party web service) and new component will forward the request to third party service. Now you can apply security/encryption/decryption between your web service and your component.
    I have had a look in to XMLEncrytion using that I can encrypt my SOAP messages but I wonder how would other tools decrypt that.My above comments answers this.
    Is there anyway I can encrypt my SOAP messages (without having to customize third party tools) in this scenario ??My above comments answers this.

  • [OSB Kernel:398133]The service is based on WSDL with Web Services Security

    Team,
    I need to use the wsdl given by external client. When I create a osb business service, I am receiving the below error.
    OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.     ...
    WSDL:
    http://personator.melissadata.net/v3/SOAP/ContactVerify
    We don't have OWSM set up. Is there any workaround that I can use to connect to this service for OSB?

    As a workaround, you can try to remove the Policy definition and reference from the copy you will import in OSB.
    I would recommend to add OWSM to your domain. It's a straight forward process.
    Regards,
    Fabio.

  • Log4j.jar issue under Web Service Security Module

    I am running into an issue with log4j.jar for WebLogic OES PDP. there is a custom appender class that extends org.apache.log4j.AppenderSkeleton, if we packed into one jar file under \bea\ales32-ssm\webservice-ssm\lib\log4j.jar everthing is fine. if we split this class with another jar file(sth like patch.jar) and add a entry in the config file WLESws.wrapper.conf under bea\ales32-ssm\webservice-ssm\instance\WSSM\config and it failed with this error,
    but an error is
    generated when starting the WSSM(Web Service Security Module):
    log4j:ERROR A "com.foo.AuditJMSQueueAppender" object is not assignable to a "org.apache.log4j.Appender" variable.
    log4j:ERROR The class "org.apache.log4j.Appender" was loaded by
    log4j:ERROR [com.bea.security.providers.utils.InverseURLClassLoader@5f7d3f] whereas object of type
    log4j:ERROR "com.foo.AuditJMSQueueAppender" was loaded by [sun.misc.Launcher$AppClassLoader@a18aa2].
    log4j:ERROR Could not instantiate appender named "JMS_AUDIT".
    130
    ARME is started now
    Rendering object type: AuditAtzEvent
    I have tried add java option:log4j.ignoreTCL=true. in this WLESws.wrapper.conf file, but does not work.
    How to resolve this issue, Thanks for your help!

    hi
    Can anyone help with this...

  • Weblogic app server wsdl web service call with SSL Validation error = 16

    Weblogic app server wsdl web service call with SSL Validation error = 16
    I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
    Cannot complete the certificate chain: No trusted cert found
    Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
    Validation error = 16
    From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
    Here is how I load trustStore and keyStore in my java program:
         System.setProperty("javax.net.ssl.trustStore",”cacerts”);
         System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
         System.setProperty("javax.net.ssl.trustStoreType","JKS");
    System.setProperty("javax.net.ssl.keyStoreType","JKS");
    System.setProperty("javax.net.ssl.keyStore", keyStoreName);
         System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd);      System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
    Here is how I create cacerts using verisign hierarchy certs (in this order)
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
    Because my program is a weblogic app server, when I start the program, I have java command line options set as:
    -Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
    -Dweblogic.security.SSL.ignoreHostnameVerification=true
    -Dweblogic.security.SSL.enforceConstraints=strong
    That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
    In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
    I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
    1.     Do I create “cacerts” the correct order with right keeltool options?
    2.     Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
    3.     Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
    4.     Do I need to put the “cacerts” to some specific weblogic directory?
    ---------------------------------wsdl file
    <wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
         <wsp:Policy wsu:Id="TokenServices_policy">
              <wsp:ExactlyOne>
                   <wsp:All>
                        <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                             <wsp:Policy>
                                  <sp:TransportToken>
                                       <wsp:Policy>
                                            <sp:HttpsToken RequireClientCertificate="true"/>
                                       </wsp:Policy>
                                  </sp:TransportToken>
                                  <sp:AlgorithmSuite>
                                       <wsp:Policy>
                                            <sp:Basic256/>
                                       </wsp:Policy>
                                  </sp:AlgorithmSuite>
                                  <sp:Layout>
                                       <wsp:Policy>
                                            <sp:Strict/>
                                       </wsp:Policy>
                                  </sp:Layout>
                             </wsp:Policy>
                        </sp:TransportBinding>
                        <wsaw:UsingAddressing/>
                   </wsp:All>
              </wsp:ExactlyOne>
         </wsp:Policy>
         <wsdl:types>
              <xsd:schema targetNamespace="http://tempuri.org/Imports">
                   <xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
                   <xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
              </xsd:schema>
         </wsdl:types>
         <wsdl:message name="ITokenServices_GetUserToken_InputMessage">
              <wsdl:part name="parameters" element="tns:GetUserToken"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
              <wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
              <wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
              <wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
         </wsdl:message>
         <wsdl:portType name="ITokenServices">
              <wsdl:operation name="GetUserToken">
                   <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
                   <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
              </wsdl:operation>
              <wsdl:operation name="GetSSOUserToken">
                   <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
                   <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
              </wsdl:operation>
         </wsdl:portType>
         <wsdl:binding name="TokenServices" type="tns:ITokenServices">
              <wsp:PolicyReference URI="#TokenServices_policy"/>
              <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
              <wsdl:operation name="GetUserToken">
                   <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
                   <wsdl:input>
                        <soap12:body use="literal"/>
                   </wsdl:input>
                   <wsdl:output>
                        <soap12:body use="literal"/>
                   </wsdl:output>
              </wsdl:operation>
              <wsdl:operation name="GetSSOUserToken">
                   <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
                   <wsdl:input>
                        <soap12:body use="literal"/>
                   </wsdl:input>
                   <wsdl:output>
                        <soap12:body use="literal"/>
                   </wsdl:output>
              </wsdl:operation>
         </wsdl:binding>
         <wsdl:service name="TokenServices">
              <wsdl:port name="TokenServices" binding="tns:TokenServices">
                   <soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
                   <wsa10:EndpointReference>
                        <wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
                   </wsa10:EndpointReference>
              </wsdl:port>
         </wsdl:service>
    </wsdl:definitions>
    ----------------------------------application log
    adding as trusted cert:
    Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
    Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
    adding as trusted cert:
    Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
    Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
    adding as trusted cert:
    Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
    Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
         at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
         at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
         at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
         at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
         at javax.xml.ws.Service.<init>(Service.java:56)
         at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
         at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
         at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
         at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
         at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
         at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
         at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
         at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
         at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
         at javax.xml.ws.Service.<init>(Service.java:56)
         at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
         at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
         at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
         at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
         at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>

    I received a workaround by an internal message.
    The how to guide is :
    -Download the wsdl file (with bindings, not the one from ESR)
    -Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
    -Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
    -Create a new logicial destination that point to the wsdl file modified
    -Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
    Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.

  • What is a 403 Forbidden error message which I get on firefox, safari and chrome. I don't know if it is the website or something with my mac though everything else works fine.

    When trying to log in to crossstitch.com I get this message:
    You don't have permission to access /index.php on this server.
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
    Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.crossstitchforum.com Port 80
    I googled the error message and don't really understand what it means.
    I don't know if it is the website or something else. I am not sure where to check and I don't know how to get in touch with the webmaster. If anyone can help I would appreciate it.

    If it is a Firefox add-on, you may be able to disable or remove it here:
    new Firefox button > Add-ons > Extensions
    or
    classic Tools menu > Add-ons > Extensions

Maybe you are looking for

  • Payment Term - Cash Discount

    All, I think that I have an easy question, but just wanted claridifcation.. I need to create a new payment term with a simple cash discount - just 2% if paid in full within 30 days and if not, no cash discount. Also, this is just for purchasing vendo

  • Alert for AS2 Error on send

    Hi, We would like to setup some alerts for SAP outbound messages via AS2. When the Message is not able to be delivered to the customer we do get an "error on send" message in Seeburger Message Monitor. and the channel fails in the comm channel monito

  • How to redirect the page to home after alert message in APEX

    Hi All, I have 4 tab and home page APEX report in that home page I have organization to select as parameter for all the page which is mandatory column so without select the organization in home page I can move to other 4 page but some time users dire

  • MRP Settings - Minimum Lot size / Saftey stock /Lot Size

    Hi I am confused about some of the settings , We set M1(Monthly lot size ) and PD MRP type settings, We maintained the Minimum lot size as 2500 lb and the safety stock as 300. I tested by changing the Parameters , I am confused. Please clarify me Did

  • Can I tranfer my photoshop cs5 extended from pc to Mac?

    I would lime to know can I tranfer photoshop cs5 extended from my old pc to my new MacBook?