Web services security

I want a JAX-Ws web service deployed in weblogic that does userid/password authentication. It would be nice if Oracle could provide a good working example of this.
I tried the following so far:
1. I tried on the web service samples: under wlserver_10.3/samples/server/examples/src/examples/webservices/security_jws. I built and deployed the service successfully to WSL 10.3.0. I used the test Java client and it seems to work. Then I tried connecting to the web service using SOAP UI client. SOAP UI was able to call the web service operation without being prompted for id or password.
2. I tried the steps under Security->Authentication->Basic Authentication section of this document:
http://e-docs.bea.com/workshop/docs81/doc/en/core/. I setup a security-constraint (to protect the web service url context), login-config, security-role and then in weblogic.xml I mapped the role to the 'users' role in weblogic server. It does not work. SOAP UI was able to invoke the operation without being prompted.
Another interesting thing I found was that on the client side if I use code like this:
BindingProvider bindingProvider = (BindingProvider) port;
Map<String, Object> reqContext = bindingProvider.getRequestContext();
reqContext.put(BindingProvider.USERNAME_PROPERTY, "weblogic");
reqContext.put(BindingProvider.PASSWORD_PROPERTY, "xxxxxx");
and supply the wrong password, client connection fails. However if I take out both user name and password properties, the client connection works!!!
Please provide good working example of some of these simple cases. May be on your new sample code website (www.samplecode.oracle.com). Thanks.

One item 1 in my post above, I was wrong about SOAP UI when connecting to the example in wlserver_10.3/samples/server/examples/src/examples/webservices/security_jws folder. A client connection from SOAP UI is indeed refused by the server due to lack of security headers. So that's good.
However, I changed the security_jws example ant build file and added the parameter type="JAXWS" to the jwsc task as well as clientgen task. I got the following error.
BUILD FAILED
C:\Oracle\Middleware\wlserver_10.3\samples\server\examples\src\examples\webservices\security_jws\build.xml:48: weblogic.
wsee.tools.WsBuildException: JWS Validation failed: [The WebLogic Server 9.x-style policy is not supported in JAX-WS web
services., The WebLogic Server 9.x-style policy is not supported in JAX-WS web services., The WebLogic Server 9.x-style
policy is not supported in JAX-WS web services., The annotation weblogic.jws.WLHttpTransport is not allowed on examples
.webservices.security_jws.SecureHelloWorldImpl because it is a JAX-WS type web service., The WebLogic Server 9.x-style p
olicy is not supported in JAX-WS web services., The WebLogic Server 9.x-style policy is not supported in JAX-WS web serv
ices., The WebLogic Server 9.x-style policy is not supported in JAX-WS web services., The annotation weblogic.jws.WLHttp
Transport is not allowed on examples.webservices.security_jws.SecureHelloWorldImpl because it is a JAX-WS type web servi
ce.]
Total time: 2 seconds
What is recommended way to do secure a jax-ws web service in Weblogic 10.3.0 or 10.3.1? Do these Weblogic versions support WSIT (https://wsit.dev.java.net/)? Please provide an example.

Similar Messages

  • How to make my Portal Web Service SECURED?

    Hi Experts,
    I created one portal Service and exposed it as Portal Web Service.
    Everything is working fine, as i deployed my Portal Web Service on to the SAP J2EE Engine ie SAP Server.
    I m able to access functions of Web Service from my StandAlone Java Application.
    but the problem is my Web Service is not SECURED.
    How can i make my Portal Web Service SECURED?
    Please help me out.
    Help will be appreciated and rewarded!!!!!

    user13046122 wrote:
    I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
    I now need to make SOAP Web Service calls - from an 8.1.7.4 database
    But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
    Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
    It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.

  • Web Service Security Question

    I have created a web service in the NetWeaver portal using a Portal Service.  I have marked the service as requiring basic http authentication.  However, when I call the web service from the Enterprise Portal Web Services Checker in NWDS it just let's me supply the params of the web service and no authentication.  Any ideas?
    I also noticed that my web service does not appear under the Web Services Container or Web Services Security section in Visual Administrator.  Anybody have any idea why this is?
    Thanks in advance.
    Curtis

    Hi Curtis,
    My guess is that since you are logged into the Portal while calling this web service, it will use the current session cookie to authenticate automatically. I'm not sure on the second question, tried a restart?
    Regards,
    Raj

  • Web Service Security with SAML - Invalid XML signature

    Hello together,
    we want to build a scenario where we want to use Web Service Security  with SAML.
    The scenario will be
    WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
    SAP PI release is 7.11 (SP Level 4)
    We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
    The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
    But we get following error at calling the CRM system when we want to communicate with SAML:
      <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
    Has somebody an idea of the possible reason for the error.
    Thanks in advance
    Stefan

    Error Messages in the Trace/Log Viewer:
    CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
    A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
    Invalid XML signature

  • Details for 'Is Web service security available?'

    Hi i am working on scenario rfc to webservice.Its as secued webserivce i need to do ssl configuration.
    In component monitoring..for the integration engine its in yellow...
    Details for 'Is Web service security available?'
    Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
    can any one please help me out..
    Thanks
    sriram

    I have already installed certificates on the j2ee engine & i have given the paramaters for keystore entry & keystore value.Still i have the same error
    In component monitoring
    For integration engine
    Details for 'Is Web service security available?'
    Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client) 
    In message monitoring
    Audit Log for Message: f614df00-e9e0-11da-95ef-0004ac577b32
    Time Stamp Status Description
    2006-05-22 15:18:58 Success The message was successfully received by the messaging system. Profile: XI URL: http://saptst01:51000/MessagingSystem/receive/AFW/XI
    2006-05-22 15:18:58 Success Using connection AFW. Trying to put the message into the request queue.
    2006-05-22 15:18:58 Success Message successfully put into the queue.
    2006-05-22 15:18:58 Success The message was successfully retrieved from the request queue.
    2006-05-22 15:18:58 Success The message status set to DLNG.
    2006-05-22 15:18:58 Success Delivering to channel: ZCH_VERISIGNPPGR
    2006-05-22 15:18:58 Success SOAP: request message entering the adapter
    2006-05-22 15:18:58 Success SOAP: call failed
    2006-05-22 15:18:58 Error SOAP: error occured: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter
    2006-05-22 15:18:58 Error Exception caught by adapter framework: Peer sent alert: Alert Fatal: illegal parameter
    Can any one please help me out.
    Thanks
    sriram

  • Web Services Security Problem

    hi all,
    I am publishling the BC4J Component(Application module) as a webservice. The particular web service method will be as follows. The method is returning the element object.
    public Element getEmp(String searchString,String selectedItem, int pageNoInput)
    return (Element)hits.writeXML(1,Row.XML_OPT_LIMIT_RANGE);
    I am securing the web service by the instructions which are given in the following link
    http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
    Then i am creating the proxy client. when i run the proxy client it gives me the following exception
    javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
         at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:553)
         at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
         at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
         at aptuitclient.runtime.ReviewProtocolAppModuleServiceSoapHttp_Stub.getEmp(ReviewProtocolAppModuleServiceSoapHttp_Stub.java:91)
         at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.getEmp(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:58)
         at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.main(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:44)
    When i am removing the security for the web service it is giving the Element object.
    The Problem is when i am securing the web service it is giving the above said exception.
    Please help me regarding this... this is very urgent...
    rgds
    Parameswaran

    Hello,
    When you are using WS-Security you need to secure the client too. So in your case the client is the ADF Data Control.
    The way you should configure your data control is documented here:
    - Web Services Security and ADF Data Control
    Regards
    Tugdual Grall

  • Web service security in PI

    Mine is PROXY to SOAP asynchronous.
    PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
    so that at receiver statem they can validate the user using these.
    When i am calling webservice from soapui with the header parameters
    Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>xxxxx</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
    <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
    <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    What configuration needs to be done in PI.

    I got this in Runtime work bench
    <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
    - <SOAP:Header>
    - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
      <sap:MessageClass>ApplicationMessage</sap:MessageClass>
      <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
      <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
      <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
    - <sap:Sender>
      <sap:Party agency="" scheme="" />
      <sap:Service>test2310</sap:Service>
      </sap:Sender>
    - <sap:Receiver>
      <sap:Party agency="" scheme="" />
      <sap:Service>test_serivce</sap:Service>
      </sap:Receiver>
      <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
      </sap:Main>
    - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
      <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
      </sap:ReliableMessaging>
    - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
      <sap:TraceLevel>Fatal</sap:TraceLevel>
      <sap:Logging>On</sap:Logging>
      </sap:Diagnostic>
    - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
      <sap:Engine type="BS">test_serivce</sap:Engine>
      <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
      <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
      <sap:Info>3.0</sap:Info>
      </sap:Hop>
    - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
      <sap:Engine type="IS">is.68.devai020</sap:Engine>
      <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
      <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
      <sap:Info>3.0</sap:Info>
      </sap:Hop>
    - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
      <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
      <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
      <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
      </sap:Hop>
      </sap:HopList>
      </SOAP:Header>
    Edited by: Vamsi on Jul 15, 2009 7:06 PM

  • Web Service Security using OpenSSO

    Hi,
    I have a question regarding the usage of the OpenSSO in order to secure web services.
    I have read the documentation and it states the OpenSSO enables web service security.
    However, in the docs the main scenario is where the WSC and WSP are protected by the agent.
    In my scenario, I would like to use agents only on the WSP side, but leave the implementation of the client side open to the partners. Partners will have the interface from the OpenSSO for the authentication and saml token retrieval. The client will have to create soap by itself. This is the case since the WSC are to be standalone applications on client computers.
    To set the actual question; what are web service interfaces that OpenSSO as a STS offers for authentication and saml token issuance. Is there same sort of a referential architecture for this case where only the STS and WSP can be configured and the WSC implementation of the WSS left to the partner. Any pointers and directions would be appreciated.
    Thanks!

    Hi
    Thanks for your reply
    I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
    I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
    I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
    When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
    What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
    paul

  • Web Service security is not set up on this component

    Hi Friends,
    In RWB, when I click on component monitoring->Integration Engine, I got "Web Service security is not set up on this component"
    I want to send message using soap adapter by encrypting and signing it. for this purpose I need to configure the Web Service Security.
    Can someone please provide some documentation or link on how to set up this Web Service Security?
    thankx

    Hi,
    there is a chapter - Security Configuration at Message Level
    in XI config guide which specifies everything you need - this is what you need
    so I hope no further explanations are necessary
    Regards,
    Michal Krawczyk

  • Is Web service security available?

    Dear Experts,
        In RWB, when i click on Integration Engine(in component monitoring) i get a yellow triangle next to it instead of green. Result of self test says that
    Is Web service security available?
    "Communication error Proxy calls are not permitted on sender or receiver side on the IS (client)".
    Can u guys tell me the reason behing this.
    Thanks & regards.

    Hi,
    Check if you have selected any security level for the WebService or may be it is across the firewall. Probably you need to install the related certificates and have to configure the SSL layer.
    refer
    You need to setup SSL layer for HTTPS endpoint.
    Possible HTTP security levels are (in ascending order):
    HTTP without SSL
    HTTP with SSL (= HTTPS), but without client authentication
    HTTP with SSL (= HTTPS) and with client authentication
    Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).
    http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
    General guide
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
    Message level security
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
    Thanks
    Swarup

  • Web Service Security not configured on this component.

    Hi Experts,
                           Before configuring the scenario, i went to RWB to check whether the comopnents are in active mode or not.
                                  Integration Engine XID 
                                  Business Process Engine XID 
                                  Mapping Runtime XID 
                                  Adapter Engine XID 
                                  Integration Engines
                          All components are in Green mode  Except Integration Engine, The Integration is in yellow mode
                           and shows the following details.
                         Details for 'Is Web service security available?'
                           Web Service Security not configured on this component.
    Can you give the solution for this.

    Hi,
                      1, While sending idoc from sapR/3 to PI , in r/3 sm58 shows the foll error:
    "No service for system SAPQA,client 200 in integration directory"*
                               Even the Bussiness sytem pointing R/3.
    From your initial post, it appears that you are using XID system and from above error, I believe you are trying to send the IDoc from QA system. R3 dev will communicate to PI dev, so verify the partner profile and ports in your IDoc Header settings.
                         2, When i execute the tcode sm58 in PI   it shows the following error:
                                   "Syntax error in program SAPLSXI_AC_CACHE _REFERESH"
    I am kinda confused how come sm58 tcode can show an error for this program, as sm58 is for checking the transactional RFCs and  SAPLSXI_AC_CACHE_REFERESH is for XI Cache refresh for Alert Category. Might be some one else can explain this.
                         3, WHEN I EXECUTE THE tcode SXI_CACHE
                                             Under the *STATUS OF RUNTIME CACHE
                                                           Unable to refresh cache contents
                                                           Error during last attempt toreferesh cache
                                                             (red colour triangle leading above both)
    Check this SAP Note 764176, might help in your situation.
    Worth reading - http://help.sap.com/saphelp_nw04/helpdata/en/0d/28e1c20a9d374cbb71875c5f89093b/frameset.htm
                        4, Still there is no messages in Message monitoring.
    Obviously because of error # 1, you are unable to send IDocs, how come you expect messages to reach PI ... strange, isn't it
    Hope this helps.
    Regards,
    Neetesh

  • RWB - Integration Engine self test - web service security and proxy

    Hi,
    I am working with a new installation of PI 7.0. In the runtime workbench, under self test for integration engine, there is this error/warning:
    ""Details for 'Is Web service security available?'
    Communication error: Proxy calls are not permitted on sender or receiver side on the IS (client)""
    What exactly is the problem? Is there any additional configuration needed within PI to use proxies? We do not have the cryptographic toolkit installed. Is that nesseccary to work with proxies? We have done several other scenarios with RFC, MAIL, HTTP, etc and they work fine. If anyone else had this problem and managed to fix it, please let me know..
    Thanks,
    Lasya

    You can ignore this error. It is  simply a warning that says message level security has not been configured. Without message security too, you can do proxy communication.
    But, if you want to configure messag level security, go through XI Config guide section 12.4.
    Message was edited by: Jay

  • SOAP Request with Web Service Security

    Hi masters of XI,
    the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
    I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
    <wsse:Security>
    <wsse:UsernameToken>
    <wsse:Username>XXXX</wsse:Username>
    <wsse:Password>XXXXXXXXX</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    How can we send UserNameToken's elements inside SOAP web service envelope
    signing with X.509 certificate also? There are any way to do it in the
    receiver agreement or receiver SOAP adapter?
    thanks.

    Hi,
    thank you very much for your answers.
    I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
    <wsse:Security>
    <wsse:UsernameToken>
    <wsse:Username>XXXX</wsse:Username>
    <wsse:Password>XXXXXXXXX</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
    This is my Request:
    <?xml version="1.0" encoding="utf-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
          <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
            <ds:SignedInfo>
              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
              <ds:Reference URI="#id-104309952">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
              </ds:Reference>
              <ds:Reference URI="#Timestamp-104310599">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
              </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-104377209">
              <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
                <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
              </wsse:SecurityTokenReference>
            </ds:KeyInfo>
          </ds:Signature>     
          <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
            <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
            <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
          </wsu:Timestamp>
        </wsse:Security>
      </soapenv:Header>
    And this is the request I need:
    <?xml version="1.0" encoding="utf-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
          <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
          <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
            <ds:SignedInfo>
              <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
              <ds:Reference URI="#id-104309952">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
              </ds:Reference>
              <ds:Reference URI="#Timestamp-104310599">
                <ds:Transforms>
                  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
              </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-104377209">
              <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
                <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
              </wsse:SecurityTokenReference>
            </ds:KeyInfo>
          </ds:Signature>
    <!-- THIS IS THE PART I NEED -->
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
            <wsse:Username>xxxxxxx</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
          </wsse:UsernameToken>
    <!--  -->
    <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
            <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
            <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
          </wsu:Timestamp>
        </wsse:Security>
      </soapenv:Header>

  • Cannot add web service security

    I use cxf to create web services and decide to use weblogic web service security policy.
    However, after deploying to weblogic 12c, I cannot see the security part in WSDL
    Where is wrong?
    import weblogic.jws.Policies;
    import weblogic.jws.Policy;
    @Component
    @WebService(name="appServiceSecurity",
              serviceName="appServiceSrcSecurity",
              targetNamespace="http://com.ws.su"               
    @Policies({
                   @Policy(uri="policy:Auth.xml", direction=Policy.Direction.inbound),
                   @Policy(uri="policy:Sign.xml"),
                   @Policy(uri="policy:Encrypt.xml")
    @SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
              use=SOAPBinding.Use.LITERAL,
              parameterStyle=SOAPBinding.ParameterStyle.WRAPPED
    public class AppServiceSecurity{
    ...............

    Thank you. But I still get error: java.lang.ClassCastException: weblogic.j2ee.descriptor.wl.WeblogicApplicationBeanImpl cannot be cast to weblogic.j2ee.descriptor.wl.WeblogicWebAppBean if I deploy this web application from a folder.
    I export this web application as a war file using MyEclipse. However, after deploying this war file to weblogic 12c, I get error:
    Root cause of ServletException.
    weblogic.servlet.jsp.CompilationException: Failed to compile JSP /BZWeb/index1.jsp
    index1.jsp:2:18: The include file was not found.
    <%@ include file="/common/taglibs.jsp"%>
    ^-------------------^
    index1.jsp:2:18: The include file was not found.
    <%@ include file="/common/taglibs.jsp"%>
    ^-------------------^
    However, taglibs.jsp is in the common folder.
    How to modify the context root?
    Thanks.

  • Java Web Services Security with 10.1.2.1

    I have developed a Java Web Service with J Developer 10.1.2.1 which was deployed onto Oracle 10.1.2.1 application server. Now I have to implement Security for this Web Service (similar to ws-security etc.,), how I can achieve Security with 10.1.2.1?
    J Developer 10.1.3.1 seems to have the feature to implement Web Service Security, but a Java Web Service developed using J Developer 10 .1.3.1 with security enabled cannot be deployed onto Oracle 10.1.2.1 application server.
    Please help as how I can implement Java Web Service Security with 10.1.2.1?
    Email: [email protected]
    Thanks for the help in advance.

    You can use Oracle Web Services Manager to virtualize the end point and still implement WS-Security.
    Thanks
    Ram

  • Visual Admin: error on loading service Web Services Security ?  HELP

    I wanted to consume a webservice to a remote R3 ECC 5 webservice with Visual Composer.
    I added a web service client for VComposer using visual admin as:
    Cluster->services->webServicesSecurity->
       SecurityConfiguration->WebServiceClients->DynamicWSProxies->New
    Added the remote host to R3 ECC5
         <b>http://<host>:8000/inspection.wsil</b>
    I keyed in the SID, client and language as per /people/community.user/blog/2007/04/04/consuming-webservice-in-visual-composer-1  .
    I changed the security authentication to Basic and keyed in right user and password,  saved the data.
    It worked fine.
    After I changed few values for SID, user, password on this properties, it gave me ERROR on loading service Web Services Security.
    Can you please help to reset and put back the old config.
    Thanks;

    Thanks, I restarted it after an hour, it is working fine.

Maybe you are looking for

  • Hp laserjet 3550 with Windows 7

    The printer has performed for a number of years with Window 7 until it was nesessary to go back to the original settings.  I have now installed all of the Windows Updates, but have not been able to reinstall the printer after many tries and following

  • Regarding data transfer from SAP system to XI

    Hi Experts, I have a program in which a file of type XSTRING is sent to SAP Business Connector through a Function module. Now we want that file to be transferred to third party system through XI as interface instead of SAP BC. Can anybody suggest wha

  • Background color on rollover

    Is it possible to change the background colour of cell within a table when you rollover with the mouse? If so, please could you advise how I go about doing it. Many thanks

  • How to run Applets on IE6.0 with jdk1.4.1 installation

    Hi All, I have IE6.0 on my machine. Without any jdk installations applets were working fine on IE6.0. Then I installed jdk1.4.1 on my machine and all the applets stopped working on IE6.0. I uninstalled jdk1.4.1 and then again installed jdk1.3.1 hopin

  • ORA-31001:Invalid resource handle or path name"/apps/batchadm/files/test.xm

    Hi, When i am trying to parse the xml document using XDB API. I passed the XML file path to the parse function and making use of that at below lines of code. xmlparser.setBaseDir(prsr, dir); xmlparser.parse (prsr, dir || '/' || file_in); In thsi scen