Web Service Sender security

Hello All,
We are integrating our POS (CLASS) application to PSCD... We are using standard SAP XI scenario..
Webservice to PI to ERP (proxy).
In POS client is using VB code to connect PI via web-service..
Sender webservice set basic authentication (User-ID/password)..
This user ID and password were stored in CLASS database, unfortunately password is NOT encrypted in CLASS data base..
Our internal audit was not happy password being not encrypted in CLASS database..
MY question is:
Is there any other way can we invoke this sender webservice with out user ID and password being stored in CLASS database.
I am using cash-point external cash-desk..
THanks
John
Edited by: JOHN YAJJALA on May 11, 2011 7:50 PM
Edited by: JOHN YAJJALA on May 11, 2011 3:16 PM

>Is there any other way can we invoke this sender webservice with out user ID and password being stored in CLASS database.
one way is using certificate authentication. This way you dont need passing user and password. Search SDN for the client certificate authentication. Basicallly the external system share their trust certificate with PI. Talk to Basis team about this.

Similar Messages

SAML2.0 for web services - sender-vouches scenario

We would like to configure this scenario using SAML2.0 assertion tickets. We are on ECC 6 EhP6.
Configuration in SAML2 has been completed - no WS security policy has been configured in order to support the sender-vouches scenario.
WSS_SETUP has run to use SAML.
When configuring the web services we are using https for transport and SAML for authentication - the wsdl generated in this case references SAML1.1 and as result we get an error of Wrong token type received. Endpoint expects SAML 1.1 token.
The question is: can SAML2.0 be used for sender-vouches scenarios or not?
Any input or help would be greatly appreciated.
Thank you,
Miklos

Hi Miklos,
Yes you can use SAML2.0 for Sendor-vouches scenarios.
Please see the below link for configuration process:
http://help.sap.com/saphelp_nw73/helpdata/en/b5/014086933d4576bba1b4c7e9533f4b/content.htm
I hope it will be helpful for you.
Regards,
Gourav
Message was edited by: Gourav Kumar Jena

Web service send help

I have a problem that I hope has a simple answer, but I
cannot for the life of me figure it out, hopefully someone out
there can help me!
I am accessing the following section of a wsdl:
<s:element name="Login">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="sUserName"
type="s:string"/>
<s:element minOccurs="0" maxOccurs="1"
name="sUserPassword" type="s:string"/>
<s:element minOccurs="1" maxOccurs="1"
name="enIdentifier" type="tns:EnLoginIdentifiers"/>
</s:sequence>
</s:complexType>
</s:element>
<s:simpleType name="EnLoginIdentifiers">
<s:restriction base="s:string">
<s:enumeration value="User"/>
<s:enumeration value="Manager"/>
</s:restriction>
</s:simpleType>
So I make the call with:
myWS.Login("userIDgoeshere","passwordgoeshere", ???)
I am at a loss for what to put for ???, if it were a complex
data type, I could use a dto to send the correct value over, but
with this setup I am stumped. (And no, I can't just change the
WSDL, it's out of my hands, unfortunately)
If anyone could give an example how to make this work I would
be very grateful, and if there is any other information I can give
to clarify my issue, please let me know!
Thanks in advance for any help!

We need observe the security classification of the service, if it isnt a risk maybe you dont need authentication.
However if security is needed, you can user a rule like that: With your service is a process service you should use authentication and authorization, but with your web service is a simple search (small granularity) you can attribute the rights to the web server (consumer) using a certified (x-509 for example).

Secured web service for secured AM method

Hello,
I need to invoke method of secured Application Module (jbo.security.enforce = Must) from secured web service.
I have a simple java class with Configuration.createRootApplicationModule ... and a web service built for this java class.
I found I have to authentificate users twice. First time when invoking web service (this is ok) and second time when creating application module instance.
The problem is I can get name of user logged in web service but I cannot get his password. So I cannot login to application module with the same user.
How can I force adf business components to use user authentificated in web service to use him/her as adf bc user?
Rado

Hi Mayank,
Chapter 7, Custom Serialization of Java Value Types, of the Web services developer guide may be a good place to get started.
All the best,
-Eric

Web Service and security....

Hi everyone,
I wanted to know if someone suceeded to call a web service via a Java standalone class using a Deployable Proxy ?
If yes, can someone gives me all the steps ?
Thanks a lot for your help.
NB : I succeeded calling a web service via Standalone Proxy. But I want to securize the call to the web service.
I noticed that I cannot use SSL with Standalone Proxy.
If I am missunderstanding something, please let me know.

Hi David,
Yes, you cannot use SSL with standalone proxy.
you can use document security for deployable proxy as i suggested you before in you earlier posts.
Follow these steps:
1. Specify document security as authentication mechanism in web service configuration file.
2. In security tab in this file, choose username+encryption for request and none for response.
2. deploy your web service.
3. Create deployable proxy for this web service.
4. ensure security options for this proxy is also set to document authentication.
5. Deploy this proxy on the server.
6. Go to visual administrator and there check whether XMLEncryption certificate is available under WebserviceSecurity view. If not then create private and public key with name XMLEncryption and XMLEncryption-cert respectively.
7. Assign this certificate to your webservice and proxy in the services, "Web services seurity".
8. write code in Standalone java class to call your pproxy.
Regards,
Bhavik

Wcf web service send port retry?

We are contacting external wcf web services. We don't control these services and they could be returning an exception for a short while (which is "ok"), so we need to retry for a given period of time, without suspending the orchestration/sendport.
It used to be simple with web services (.asmx) since the send port would handle the retries as soon as an exception was returned from the web services. With wcf services and the soap fault, it is much more cumbersome.
I know how to do it from an orchestration, but it does add a lot of clutter (have an extra "initialization" construct block so visual studio shuts up about the uninitialized message coming back from the wcf service, define documentspecnames in
our case, define xpath expressions for the fault and the expected response, have a loop, a delay, more variables/expressions, scope, exception block, etc. etc.) for such a simple requirement. We need to contact a couple of wcf services in an orchestration
and the handling of the retries makes it quite large and unfriendly (and this is mostly the retry logic for these wcf services).
So, is there any way to have the send port adapter handle the retries when receiving an exception from a wcf service like it used to be with regular web services?

Thanks for you answer, yes I understand that the SOAP fault is just another message and that I need to act accordingly in the orchestration. I'm not refuting that, I'm just looking for a better solution than the one I have now (which seems overly complicated
to me).
I have to specify the documentspecname because we use the built-in xmlreceive pipeline and the type of the exception that the wcf services return is standardized in our organisation... so there are many copies of the schema of this exception deployed on
the servers. I need to specify the schema of the exception coming from my wcf reference in my assembly otherwise I get the "I can't find the right schema blabla" exception.
Of course, if I can stop using the XMLReceive pipeline, I wouldn't have to specify the documentspecname... I'll have to research in detail what this pipeline is doing and see if I can replicate it's functionality, with the addition of the check for the error
in the returned message.
I just want to be sure before proceeding... If I raise an exception in a custom pipeline, the send port retry configuration would apply?

Web Service Issue - Security or Coding problem? *HELP*

Hello all - I am stuck on a particular problem, which I've posted under flash player but also will post here in the event that it's my issue, and not a security/player issue.
I have built a video player in Flash/ AS3 which communicates with WSDL web services using the as3webservice code package from wellconsidered. The player makes a call at startup to check a user's progress in a series of videos, and updates that progress by talking to the web service as the videos are played back.
Tested locally, it works flawlessly. As soon as the player is uploaded, however, the web service' hangs' - so no fault is produced, but it seems to just never connect. This is presumably because the SWF is on one server, the web service on another. I've tried uploading it to two different servers, both different than the web service server. I'm trying to avoid moving the web service to the same server that hosts the SWF.
I've tried adding a crossdomain.xml file to the root and subdirectories of the server that hosts the web service:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="master-only"/>
    <allow-access-from domain="*"/>
    <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
I've also tried playing with the SWF publishing options (Local Access only vs. Network only options), but no solution seems to help. I know it's not just the web service i"m using, because public web services (such as the ones found on webservicex.net) don't connect either.
I'm at the end of my rope, and am wondering if this is a Flash Player security issue, or something I need to reconsider from my side (such as using a different web services package).I am wondering if a crossdomain.xml does not help, what other possible areas do I need to look at? If there is an article someone could point me to, or a simliar situation they've been in, i'm iopen to all suggestions.
Thanks so much...fg

You can generally check what the player is doing from the browser by using firefox with the firebug plugin. For example you can see the crossdomain permission requests or other urlrequests and responses. This is a useful way to debug as it sometimes shows issues or at the very least means you can eliminate one potential cause of the issue if there are no obvious problems there.
If you don't have firefox/firebug, then (if you can) post a url with the swf in it that exhibits the error and I or someone else can check it for you and report back.

Web services and security

hi, i've successfully programmed a labview webservice and its all working fine, but im using a computer with public IP, and i can access to this webservice just typing the adress like in the webservices examples. my question is how can i create an authentication in a way that only the person with credentials can access his service? There are an easy way to have variables connected directtly connected to vi to verify the users before using the service?

Have a look at this document and post back if you still have questions after reading it:
LabVIEW Web Services Security
Adnan Zafar
Certified LabVIEW Architect
Coleman Technologies

Define Web Service - Send Asynchronous Message

Hi All,
I have to send an asynchronous message from a java web application to XI. For this I tried to used the Define Web Service option in XI. However the documentation says that this tool can be used only for Synchronous interfaces. Is this the case even now? What would be an alternate approach to accomplish this?
Thanks,
Sandeep

Hi,
As explained above , no need to have the webservice only in the case of Sync communication , you can also achieve this by way of generating the WSDL from ID -- tools and added the Quality of service = EO.
Please see the below links to get more details
ThirdPart(WebService) <=> XI <=> SAP(Async)
Check this SAP Help-
http://help.sap.com/saphelp_nw2004s/helpdata/en/48/d5a1fe5f317a4e8e35801ed2c88246/frameset.htm
Async web service.
Communication between SAP System & Webservice Using Proxies - /people/siva.maranani/blog/2005/05/23/communication-between-sap-system-webservice-using-proxies
Also see the below links about webservices
/people/shabarish.vijayakumar/blog/2006/03/23/rfc--xi--webservice--a-complete-walkthrough-part-1
/people/shabarish.vijayakumar/blog/2006/03/28/rfc--xi--webservice--a-complete-walkthrough-part-2
/people/siva.maranani/blog/2005/09/03/invoke-webservices-using-sapxi
/people/siva.maranani/blog/2005/03/01/testing-xi-exposed-web-services
/people/michal.krawczyk2/blog/2005/03/29/configuring-the-sender-rfc-adapter--step-by-step
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2131 [original link is broken] [original link is broken] [original link is broken] [original link is broken]
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/336365d3-0401-0010-9884-a651295aeaa9
Regards
Chilla..
<i>Points rewarded if it is helpful..</i>

Web service sends multiple requests after flash upgrade

I have a Xcelsius engage 2008 SP3 FP2 and i just found out that my dashboard send multiple reqests to web service and this will render my dashboard useless. This is a major bug, is there any solution? Service methods will get around 2-20 request and the dashboard will not be usable any more. Triggers are correct and will not trigger web service unless button is clicked.

Dear Expert,
Tcode RZ10
set the parameter rdisp/gui_auto_logout = 30M in all Instance profiles / orwhat ever time limit u want to specify.
See that this parameter is set on each server.
And you can make it a default.
Regards,
Shankar K B
Edited by: Shankar.kb on Feb 19, 2012 2:25 AM

Invoke Web Services - Send empty SOAP package

We have a SOAP interface that we have consumed through a service layer for 5+ years.
There are many functions available from this endpoint.
Example, one is called Ping and requires no additional parameters. We can send this via Orchestrator with no issues and we get a response.
However all other functions have param requirements such as a set name or authentication data.
Orchestrator has no issue pulling the Format Hint. Ive attached wireshark and fiddler and all calls get sent by Orchestrator with empty packages, all parms get stripped.
We can use SOAP runner and have no issues sending these commands.
Thoughts?
Designer: 7.2.84.0
Orchestrator Management Servers:
NAME: 7.2.84.0
Libraries:
Compression-6-4109999.op4caw: 7.2.84.0
Compression-6-4109999.op4saw: 7.2.84.0
Database-14-40801.op4caw: 7.2.84.0
Database-14-40801.Op4saw: 7.2.84.0
DataMapper-689-5000001.op4caw: 7.2.84.0
DataMapper-689-5000001.op4saw: 7.2.84.0
DateTime-1-5000001.op4saw: 7.2.84.0
Email-2-40803.op4saw: 7.2.84.0
Email-2-4109999.op4caw: 7.2.84.0
Encryption-628-5000001.op4caw: 7.2.84.0
Encryption-628-5000001.op4saw: 7.2.84.0
EncryptionDomainLibResources.dll: 7.2.84.0
FileAndFolderFOCommon.dll: 7.2.84.0
FileList-38-40801.op4cbw: 7.2.84.0
FileManagement-4-40802.op4caw: 7.2.84.0
FileManagement-4-40802.op4saw: 7.2.84.0
FileManagementClientExtension.dll: 7.2.84.0
FileManagementDomain.dll: 7.2.84.0
FileManagementResource.dll: 7.2.84.0
FileManagementServerExtension.dll: 7.2.84.0
FileMonitorClientExtension.dll: 7.2.84.0
FileMonitorDomain.dll: 7.2.84.0
FileMonitorServerExtension.dll: 7.2.84.0
FolderMonitorClientExtension.dll: 7.2.84.0
FolderMonitorDomain.dll: 7.2.84.0
FolderMonitorServerExtension.dll: 7.2.84.0
FormatDateTimeClientExtension.dll: 7.2.84.0
FormatDateTimeDomainLibResources.dll: 7.2.84.0
FormatDateTimeServerExtension.dll: 7.2.84.0
Internet-13-40801.op4caw: 7.2.84.0
Internet-13-4109999.op4saw: 7.2.84.0
jf.SCOrch.Integration.DataManipulation.DataManipulationImages.dll: 1.0.0.0
jf.SCOrch.Integration.SharePoint.ActivityImages.dll: 1.0.0.0
Kelverion.IntegrationPack.RunbookManagement.Images.dll: 1.0.0.1
Kelverion.IntegrationPack.SqlServer.Images.dll: 2.0.0.0
ManageTextFileClientExtension.dll: 7.2.84.0
ManageTextFileDomain.dll: 7.2.84.0
ManageTextFileServerExtension.dll: 7.2.84.0
Microsoft.EnterpriseManagement.Core.dll: 7.5.3046.0
Microsoft.SystemCenter.Orchestrator.ActiveDirectoryIP.Images.dll: 7.2.43.0
Microsoft.SystemCenter.Orchestrator.Integration.SCCM2012.ClientExtension.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.SCCM2012.Domain.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.SCCM2012.ServerExtension.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.SCOM2012.ClientExtension.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.SCOM2012.Domain.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.SCOM2012.ServerExtension.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.SCSM2012.ClientExtension.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.SCSM2012.Domain.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.SCSM2012.ServerExtension.dll: 7.2.56.0
Microsoft.SystemCenter.Orchestrator.Integration.Toolkit.IP.ClientExtension.2.dll: 7.2.7.0
Microsoft.SystemCenter.Orchestrator.Integration.Toolkit.IP.ClientExtension.dll: 7.0.359.0
Microsoft.SystemCenter.Orchestrator.Integration.Toolkit.IP.ServerExtension.2.dll: 7.2.7.0
Microsoft.SystemCenter.Orchestrator.Integration.Toolkit.IP.ServerExtension.dll: 7.0.359.0
Microsoft.SystemCenter.Orchestrator.Integration.Toolkit.Wizard.Images.dll: 7.2.7.0
MpCore4LibResources.dll: 7.2.84.0
MpCoreLibResources.dll: 7.2.84.0
NetBrowser-40-40801.op4cbw: 7.2.84.0
NetUseObjectsClientExtension.dll: 7.2.84.0
NetUseObjectsServerExtension.dll: 7.2.84.0
Network-24-407.op4caw: 7.2.84.0
Network-24-40801.op4saw: 7.2.84.0
ObjectResources.dll: 7.2.84.0
OpCoreLibResources.dll: 7.2.84.0
OpToolsLibResources.dll: 7.2.84.0
ProcessBrowser-69-40801.op4cbw: 7.2.84.0
PS_Tools.dll: 1.0.0.19
QueryXmlClientExtension.dll: 7.2.84.0
QueryXmlServerExtension.dll: 7.2.84.0
RandomStringClientExtension.dll: 7.2.84.0
RandomStringDomainLibResources.dll: 7.2.84.0
RandomStringServerExtension.dll: 7.2.84.0
RASPhoneBook-56-40801.op4sbw: 7.2.84.0
RASPhoneBrowser-56-40801.op4cbw: 7.2.84.0
RunScriptClientExtension.dll: 7.2.84.0
RunScriptDomain.dll: 7.2.84.0
RunScriptServerExtension.dll: 7.2.84.0
Schedule-1-40801.op4caw: 7.2.84.0
SnmpClient-119-4109999.op4caw: 7.2.84.0
SNMPClientExtension.dll: 7.2.84.0
SnmpDomainLibResources.dll: 7.2.84.0
SnmpService-119-4109999.op4saw: 7.2.84.0
SSHClient-117-4109999.op4caw: 7.2.84.0
SSHService-117-4109999.op4saw: 7.2.84.0
StandardObjects.dll: 7.2.84.0
SystemCenter.IntegrationPack.ExchangeAdmin.Images.dll: 7.2.51.0
SystemCenter.IntegrationPack.ExchangeUser.Images.dll: 7.2.49.0
SystemCenter.IntegrationPack.Ftp.Images.dll: 7.2.47.0
SystemCenter.IntegrationPack.SharePoint.Images.dll: 7.2.52.0
SystemUtilities-16-40801.op4caw: 7.2.84.0
SystemUtilities-16-40802.op4saw: 7.2.84.0
TextFile-15-40801.op4caw: 7.2.84.0
TextFile-15-40801.op4saw: 7.2.84.0
WebServiceChannelLibResources.dll: 7.2.84.0
WebServicesBase.dll: 7.2.84.0
WebServicesClientExtension.dll: 7.2.84.0
WebServicesProxy.dll: 7.2.84.0
WebServicesServerExtension.dll: 7.2.84.0
WindowsUtilities-21-40801.op4caw: 7.2.84.0
WindowsUtilities-21-40801.op4saw: 7.2.84.0
Wmi-8-40802.op4caw: 7.2.84.0
Wmi-8-40809.op4saw: 7.2.84.0
XsltTransformClientExtension.dll: 7.2.84.0
XsltTransformServerExtension.dll: 7.2.84.0
Moved On

I've noticed the same behaviour.
When I call a webservice using the "Invoke Web Services"-activity using only the elements of the xml e.g. <object>somevalue</object> the xml that gets sent is complete and consumed by the webservice.
However when I call another method that requires attributes (e.g. <object name="something">somevalue</object>) the attributes (name="something") gets stripped from the xml causing the webservice to bounce my call as certain
(mandatory) parameters are missing.
I've confirmed this through Wireshark.
I'm possitive my XML payload is correct as this works through both SOAPUI and Powershell.
(not intending to hijack the question, mainly confirming the behaviour and providing and additional use case)

Web Services, WS-Security and WebServices Assembler

Two questions about WebServices and jDev 10.1.2
1 - What underlying technologies is WebServcies Assembler using to generate WS code? Axis? Suns' WS developer kit? Other?
2 - We need to utilize WS security and 509 certs to secure some web services, can WSA handle this? If so, what's the general recommeneded approach? If not, any other recommendations?
_mike

1 - What underlying technologies is WebServcies Assembler using to generate
WS code? Axis? Suns' WS developer kit? Other?A. JDev uses its own stack to generate this code
2 - We need to utilize WS security and 509 certs to secure some web services,
can WSA handle this? If so, what's the general recommeneded approach? If
not, any other recommendations?A. Web Service Security is supported in 10.1.3

Web Services Sending Large Size Attachments - INTEROPERABILITY

Hi
I am really interested with Streaming attachments in OC4J.
But I assume it is not interoperable.
When I try to use Streaming for my Web Service, i get an error message that my JAX-RPC handler cannot unmarhall the WS operation (I know weird error).
So it seems that if I want to use Streaming - I have to forget about JAX-RPC handlers (for example logging handler)
Additionally when you open WSDL (of WS + Streaming) file you will see that there is a xml part which is not a WS-I standard:
<sa:stream-attachments xmlns:sa="http://oracle.com/schemas/webservices/streaming-attachments" name="attachments"/>
- and using wsi-test-tools you will get a failure message that it is not
a part of standard namespace: http://schemas.xmlsoap.org/wsdl/soap/
So i guess that client of a Web Service with Streaming must be a JAVA client - and additionally with a usage of oracle WS jar libraries.
So there is a question now, how to enable in OC4J sending big attachments with Interoperability.
I think using AXIS2 module is not an answer, as it also uses JAX-RPC approach based on DOM xml parsers, which means loading whole attachments into memory (no matter if its MTOM, SwA or Base64Encoding).
My question is: IS THERE ANY WAY TO SEND LARGE ATTACHMENTS IN OC4J WITH FULL INTEROPERABILITY (maybe some chunk options)?
Thanks a lot for any answer
Jerzy

I don't know of any way to do this from within Mail.app -- the Rules by default only are applied to incoming email & there is no way I know of to apply them to a new message you are composing.
One (non-automatic) workaround you might find useful is to right or control click on any attachment not shown as an icon in your message & select "View as icon." This will at least show you the size of the attachment.

Web Service: Sender Channel with JAVA client (Apache Axis)

Hello to all,
I am trying to connect an Axis-based Java client to XI via the SOAP adapter.
When connecting, the client receives the error message "Unauthorised" - it seems as if it cannot handle the basic HTTP authentication.
Can I easily disable this authentication mode in XI (or better: in this adapter)?
Or does anybody know how to implement the authentication in the Axis framework?
Many thanks and best regards,
Carsten

Carsten,
AFAIK, you must provide the credntials to access the service on XI. Follow the section <b>Call configuration</b> on this link
http://ws.apache.org/axis/java/client-side-axis.html.
you basically need to properties with the Call method as explained in the link.

Client app to consume web service with security

I need to write a simple client to access a WS.
Things I can not do
Modify the server
Add external jars
The client will be part of a command line call and will run as a stand alone.
I've been searching all day and have found hundreds of vague, overly complex examples, mostly based on SOAPHandler (which tells me I need to install server components which I cannot do)
I grasp the general requirements but am having difficulty figuring out how to add the security elements to the header.
What do I need to do to add the username and password tokens to the header?
This is where I am so far.
package findingLetter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPBodyElement;
import javax.xml.soap.SOAPConnection;
import javax.xml.soap.SOAPConnectionFactory;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
public class getPOC {
    public getPOC() {
        super();
    public List<String> lookup(String lenderid, String url, String user, String pw) throws SOAPException {
        List<String> contactInfo = new ArrayList<String>();
        SOAPMessage message = MessageFactory.newInstance().createMessage();
        SOAPHeader header = message.getSOAPHeader();
        header.detachNode();
        SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
        envelope.setAttribute("namespace","http://www.siebel.com/xml/FHA%20Lender%20Summary%20Request%20IO");
        SOAPBody body = message.getSOAPBody();
        QName bodyName = new QName("LenderSummaryRequestIo");
        SOAPBodyElement bodyElement = body.addBodyElement(bodyName);
        SOAPElement symbol = bodyElement.addChildElement("Institution");
        symbol.addTextNode(lenderid);
        SOAPConnection connection = SOAPConnectionFactory.newInstance().createConnection();
        SOAPMessage response = connection.call(message, url);
        connection.close();
                SOAPBody responseBody = response.getSOAPBody();
                SOAPBodyElement responseElement = (SOAPBodyElement)responseBody.getChildElements().next();
                SOAPElement returnElement = (SOAPElement)responseElement.getChildElements().next();
                if(responseBody.getFault()!=null){
                    System.out.println(returnElement.getValue()+" "+responseBody.getFault().getFaultString());
                } else {
                    System.out.println(returnElement.getValue());
                try {
                    System.out.println(getXmlFromSOAPMessage(message));
                    System.out.println(getXmlFromSOAPMessage(response));
                } catch (IOException e) {
                    e.printStackTrace();
        return contactInfo;
    private static String getXmlFromSOAPMessage(SOAPMessage msg) throws SOAPException, IOException {
        ByteArrayOutputStream byteArrayOS = new ByteArrayOutputStream();
        msg.writeTo(byteArrayOS);
        return new String(byteArrayOS.toByteArray());

Below is the code to add security header.
public List<String> lookup(String lenderid, String url, String user, String pw) throws SOAPException {
      SOAPHeader header = message.getSOAPHeader();
           if (header == null) {
                 header = envelope.addHeader();
            SOAPElement headerElement = createSecurityHeader(uName, pWord);
            soapHeader.addChildElement(headerElement);.................
private static SOAPElement createSecurityHeader(String uName,String pWord) throws SOAPException {
       SOAPElement UsernameToken = null;
       SOAPFactory sFactory = SOAPFactory.newInstance();
       UsernameToken = sFactory.createElement("wsse:UsernameToken", "", WS);
       SOAPElement Username = sFactory.createElement("wsse:Username","", WS);
       Username.setValue(uName);
       UsernameToken.addChildElement(Username);
       SOAPElement Password = sFactory.createElement("wsse:Password","",WS);
       Password.setValue(pWord);
       QName qname = new QName("","Type");
       Password.addAttribute(qname,"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
       UsernameToken.addChildElement(Password);
       SOAPElement wsseSecurity = sFactory.createElement("wsse:Security","",WS);
       wsseSecurity.addChildElement(UsernameToken);
      return wsseSecurity;

Web Service Sender security

Similar Messages

Maybe you are looking for