WEB WIDGETS SECURE?

Similar Messages

• How to make my Portal Web Service SECURED?

  Hi Experts,
  I created one portal Service and exposed it as Portal Web Service.
  Everything is working fine, as i deployed my Portal Web Service on to the SAP J2EE Engine ie SAP Server.
  I m able to access functions of Web Service from my StandAlone Java Application.
  but the problem is my Web Service is not SECURED.
  How can i make my Portal Web Service SECURED?
  Please help me out.
  Help will be appreciated and rewarded!!!!!

  user13046122 wrote:
  I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
  I now need to make SOAP Web Service calls - from an 8.1.7.4 database
  But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
  Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
  It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.

• Web service security with active directory

  Hi,
  i want to protect my webservice by using active directory for authentication.
  (i am using jdeveloper 10.1.3.1 and bundled OC4J)
  i follow the document web service developer guide (section External LDAP Security Providers) and set up the LDAP security provider...
  in the OC4J web admin security page...i have press the 'test ldap authorization'
  button to CONFIRM the ldap connection is correctly set.
  but when i call the web service, deployed in that OC4J container,
  operation fail with the following message :
  javax.xml.rpc.soap.SOAPFaultException: UnsupportedCallbackException: oracle.security.jazn.callback.IdentityCallback@19f410 not available to gather authentication information from the user
  at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
  at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
  at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
  at test.proxy.ws1.runtime.MyWebService1SoapHttp_Stub.getUserNameYY(MyWebService1SoapHttp_Stub.java:134)
  at test.proxy.ws1.MyWebService1SoapHttpPortClient.getUserNameYY(MyWebService1SoapHttpPortClient.java:50)
  at test.proxy.ws1.MyWebService1SoapHttpPortClient.main(MyWebService1SoapHttpPortClient.java:33)
  could anybody help me?
  thank you very much

  actually i use the default setting provided by oracle's configuration
  wizard for active directory
  User:
  LDAP User Name Attribute: sAMAccountName
  LDAP User Object Class : inetOrgPersion
  User Search Scope: subtree
  User Search Base: dc=xxx, dc=com
  Groups:
  LDAP Group Name Attribute: cn
  LDAP Group Object Class: group
  LDAP Group Member Attribute: member
  Group Search Scope: subtree
  Group Membership Search Scope: direct
  Group Search Base: dc=xxx, dc=com
  using the same user, user searchbase, i can search the AD using other
  tools.
  could anybody help me ?
  thank yous.

• Web Service Security Question

  I have created a web service in the NetWeaver portal using a Portal Service.  I have marked the service as requiring basic http authentication.  However, when I call the web service from the Enterprise Portal Web Services Checker in NWDS it just let's me supply the params of the web service and no authentication.  Any ideas?
  I also noticed that my web service does not appear under the Web Services Container or Web Services Security section in Visual Administrator.  Anybody have any idea why this is?
  Thanks in advance.
  Curtis

  Hi Curtis,
  My guess is that since you are logged into the Portal while calling this web service, it will use the current session cookie to authenticate automatically. I'm not sure on the second question, tried a restart?
  Regards,
  Raj

• Web Service Security with SAML - Invalid XML signature

  Hello together,
  we want to build a scenario where we want to use Web Service Security  with SAML.
  The scenario will be
  WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
  SAP PI release is 7.11 (SP Level 4)
  We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
  The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
  But we get following error at calling the CRM system when we want to communicate with SAML:
    <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
  Has somebody an idea of the possible reason for the error.
  Thanks in advance
  Stefan

  Error Messages in the Trace/Log Viewer:
  CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
  A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
  Invalid XML signature

• Web App Security Firewall Using Catalyst 6500 w/ CSM

  We are evaluating web application security firewalls. The other products can recognize application level attacks such as SQL insertion and deranged parameters. Some of my colleagues believe that the CSM (which we already have deployed) has these sorts of capabilities.
  While the CSM has some layer 7 capabilities, my read of the specs does not suggest that it is suited to this function.
  Anyone have experience or input?
  Thanks!

  The same as a SYN attack protection feature.
  That's all.
  It does not have content analysis for intrusion detection.
  Regards,
  Gilles.

• WEB WIDGET - HTML SNIPPET  how to post myspace music in iWeb

  i'm making a site for a band. i'm using the *web widget- html snippet* to insert the myspace player from a band. the bands site is http://www.myspace.com/mod39lone.
  this is the code i'm putting in :
  <embed src="http://lads.myspace.com/music/musicplayer.swf?n=aHR0cDovL211c2ljLm15c3BhY2 UuY29t&t=wz7NYVvdN1sD5sZn5jwqhteIJEBAWtU7cGxSvblOZr59VYuvhFOEuaUs29mG1lCNKsOUiB4 00Vl6iAOogScxHQ==&u=LTE=&a=0&d=MTc4MzA0MTgxXjExODc3NDE1MjU=" quality=high bgcolor=#FFFFFF width="450" height="345" name="mp3player" align=""type="application/x-shockwave-flash" FlashVars="culture=nl-NL"pluginspage="http://www.macromedia.com/go/getflashplay er"> </embed>
  when i'm editing iWeb, the player shows up and plays the music and everything is fine! but when i publish the site, it says "Movie not loaded" when you click on it.
  the site i'm currently working on is still being worked on, but i made an extra page to show whoever could help me. the link is:
  http://web.me.com/henreegee/IamTokyo/Blank.html

  That method can be done using iFrame code in an HTML snippet. You need to upload the Family Matters - Computer.m4v file to your server and link to it there via an HTML snippet and iFrame code. An example is in this demo page along with the code: QT movies via iFrame.
  There are other ways to add the movie (the full one Family Matters - Computer.m4v.
  One is to upload the file to your server and linking to it as shown in this demo page: Opening Item in a New, Precisely Sized Window.
  The method you posted is explained in this tutorial: Old Toad's Tutorial #18 - Adding Movie/Video File to iWeb Page via Export for Web in Quicktime Player. To see the edits click on the buttons in steps 5a and 5b.
  OT

• Details for 'Is Web service security available?'

  Hi i am working on scenario rfc to webservice.Its as secued webserivce i need to do ssl configuration.
  In component monitoring..for the integration engine its in yellow...
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client)
  can any one please help me out..
  Thanks
  sriram

  I have already installed certificates on the j2ee engine & i have given the paramaters for keystore entry & keystore value.Still i have the same error
  In component monitoring
  For integration engine
  Details for 'Is Web service security available?'
  Communication error Proxy calls on the sender or receiver side are not permitted on the IS (client) 
  In message monitoring
  Audit Log for Message: f614df00-e9e0-11da-95ef-0004ac577b32
  Time Stamp Status Description
  2006-05-22 15:18:58 Success The message was successfully received by the messaging system. Profile: XI URL: http://saptst01:51000/MessagingSystem/receive/AFW/XI
  2006-05-22 15:18:58 Success Using connection AFW. Trying to put the message into the request queue.
  2006-05-22 15:18:58 Success Message successfully put into the queue.
  2006-05-22 15:18:58 Success The message was successfully retrieved from the request queue.
  2006-05-22 15:18:58 Success The message status set to DLNG.
  2006-05-22 15:18:58 Success Delivering to channel: ZCH_VERISIGNPPGR
  2006-05-22 15:18:58 Success SOAP: request message entering the adapter
  2006-05-22 15:18:58 Success SOAP: call failed
  2006-05-22 15:18:58 Error SOAP: error occured: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter
  2006-05-22 15:18:58 Error Exception caught by adapter framework: Peer sent alert: Alert Fatal: illegal parameter
  Can any one please help me out.
  Thanks
  sriram

• Aperture (2.1.1.) - iWeb cannot find the Aperture Gallery in the web widget

  Hi all,
  I think this is not really related to MobileMe's current problems, as it shows alright on the web:
  If I publish a Web Album to MM (and I think it was the same issue with .Mac but am not sure), everythings working fine upload wise.
  Only if I want to include the Web Album in iWeb with the help of the Web-Widget tool, Aperture Web-Galleries do not show up.
  iPhoto works fine, what's published to MM there shows up on the iWeb widget menu (if not password protected)
  Does anyone experience the same? is that 'normal' or is there a work-around?
  Cheers
  Greg

  The workaround for this is to turn your Aperture galleries ( ie, albums) into iPhoto galleries, at least temporarily. You can do this online, once you are logged into your actual .me account (http://www.me.com/gallery/#home). Select an album, choose the Settings button at the top of the page ( a button with "light switches" graphic on it ), change the "Syncs with:" option to iPhoto and Ok. Then launch iWeb and you should find the gallery listed there. Once you publish the site, you should be ok to set the album settings back to Aperture. +(Haven't double checked this yet ...)+
  *Note 1:*
  If you don't see the Syncs with option, then hold down the 'shift' key when you click on the Settings.
  Then it will show.
  *Note 2:*
  Folks are confusing the web gallery albums that are showing up in the intra-app media browser (just images are accessed here) and the insert gallery menu item (entire gallery inserted). Easy mistake but they are different functions.

• Error when installing FlexSlider Web Widget

  I am the author of the Flexslider Web Widget. It seems there is an error in Windows  Dreamweaver CS5 and CS5.5 when installing the widget which some people have reported (Actually, only one person emailed me the actual error, everyone else just said it won't install and gave it a 1 rating). Now that I have the info as to what the error is for some people, I am hoping someone can give me some feedback to fix it!
  The error is:
  "While executing onLoad in InsertOAWidget.html, the following JavaScript erro(s) occurred:
  At line 2883 of file "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Configuration\Shared\OAWidget\OAWidgetManager.js": child.firstChild has no properties
  I have succesffully installed it on a Mac and PC in CS 5 , CS5.5 and CS6 as the only Widget so I can't find the issue in my case. A conflict? An error in code that only effects Windows? Any ideas out there?
  Thanks!
  Mike

  I was able to install the widget, but when I attempt to insert a Flexslider gallery into my Dreamweaver page I get the same error message that Mike typed out above. I am on a Mac, using Dreamweaver CS5. I would love some help, as this widget looks like a great layout.
  Deb

• Web Services Security Problem

  hi all,
  I am publishling the BC4J Component(Application module) as a webservice. The particular web service method will be as follows. The method is returning the element object.
  public Element getEmp(String searchString,String selectedItem, int pageNoInput)
  return (Element)hits.writeXML(1,Row.XML_OPT_LIMIT_RANGE);
  I am securing the web service by the instructions which are given in the following link
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
  Then i am creating the proxy client. when i run the proxy client it gives me the following exception
  javax.xml.rpc.soap.SOAPFaultException: SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
       at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:553)
       at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
       at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
       at aptuitclient.runtime.ReviewProtocolAppModuleServiceSoapHttp_Stub.getEmp(ReviewProtocolAppModuleServiceSoapHttp_Stub.java:91)
       at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.getEmp(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:58)
       at bc4jaswebservice.server.webservice.ReviewProtocolAppModuleServiceSoapHttpPortClient.main(ReviewProtocolAppModuleServiceSoapHttpPortClient.java:44)
  When i am removing the security for the web service it is giving the Element object.
  The Problem is when i am securing the web service it is giving the above said exception.
  Please help me regarding this... this is very urgent...
  rgds
  Parameswaran

  Hello,
  When you are using WS-Security you need to secure the client too. So in your case the client is the ADF Data Control.
  The way you should configure your data control is documented here:
  - Web Services Security and ADF Data Control
  Regards
  Tugdual Grall

• IWeb not showing .Mac web gallery albums in Web Widgets pull down menu

  I'm trying to update a webpage and insert a .Mac Web gallery album using the Web Widgets pull down menu. The problem is the menu isn't offering/showing ALL of my .Mac Web Gallery albums. It shows some and I can insert those, however, it isn't showing all of them. I've tried refreshing the list in iPhoto, but it still won't show in iWeb '08. I've even given it several days to refresh, but to no avail.
  Any suggestions?

  Nice, didn't think of that. I went into iPhoto and, in the Settings, changed it from being only viewable to restricted groups. I opened it up to "Everyone" and, back in iWeb, there it appeared in the Web Widget pull down menu. I then inserted the album and published the web page. I then went back to iPhoto re-instated the restrictions in the Advanced settings.
  Thanks.

• Web service security in PI

  Mine is PROXY to SOAP asynchronous.
  PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
  so that at receiver statem they can validate the user using these.
  When i am calling webservice from soapui with the header parameters
  Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>xxxxx</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
  <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
  <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  What configuration needs to be done in PI.

  I got this in Runtime work bench
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  - <SOAP:Header>
  - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
    <sap:MessageClass>ApplicationMessage</sap:MessageClass>
    <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
  - <sap:Sender>
    <sap:Party agency="" scheme="" />
    <sap:Service>test2310</sap:Service>
    </sap:Sender>
  - <sap:Receiver>
    <sap:Party agency="" scheme="" />
    <sap:Service>test_serivce</sap:Service>
    </sap:Receiver>
    <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
    </sap:Main>
  - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
    </sap:ReliableMessaging>
  - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:TraceLevel>Fatal</sap:TraceLevel>
    <sap:Logging>On</sap:Logging>
    </sap:Diagnostic>
  - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
  - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
    <sap:Engine type="BS">test_serivce</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
    <sap:Engine type="IS">is.68.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
    <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    </sap:Hop>
    </sap:HopList>
    </SOAP:Header>
  Edited by: Vamsi on Jul 15, 2009 7:06 PM

• Web Service Security using OpenSSO

  Hi,
  I have a question regarding the usage of the OpenSSO in order to secure web services.
  I have read the documentation and it states the OpenSSO enables web service security.
  However, in the docs the main scenario is where the WSC and WSP are protected by the agent.
  In my scenario, I would like to use agents only on the WSP side, but leave the implementation of the client side open to the partners. Partners will have the interface from the OpenSSO for the authentication and saml token retrieval. The client will have to create soap by itself. This is the case since the WSC are to be standalone applications on client computers.
  To set the actual question; what are web service interfaces that OpenSSO as a STS offers for authentication and saml token issuance. Is there same sort of a referential architecture for this case where only the STS and WSP can be configured and the WSC implementation of the WSS left to the partner. Any pointers and directions would be appreciated.
  Thanks!

  Hi
  Thanks for your reply
  I downloaded OC4J 10.1.2.0.2 and ran it as as a standalone server.
  I read the blog you linked and made the changes to the web.xml for the webservice. All of which I was able to do using the property palette in jdev 10.1.2.1.0.
  I deployed my webservice to my oc4j standalone server and it appeared as a new application. I editied the orion-web.xml for the new application manually.
  When I point my browser at the webservice I get the test page which allows me to pass parameters to the webserive. I invoke the webservice (which does a HTTP GET according to the test page) and the webservice runs. No user and password is needed though.
  What is the expected behaviour? I was hoping that the webservice wouldn't run until I supplied the admin user name and password
  paul

• Web Service security is not set up on this component

  Hi Friends,
  In RWB, when I click on component monitoring->Integration Engine, I got "Web Service security is not set up on this component"
  I want to send message using soap adapter by encrypting and signing it. for this purpose I need to configure the Web Service Security.
  Can someone please provide some documentation or link on how to set up this Web Service Security?
  thankx

  Hi,
  there is a chapter - Security Configuration at Message Level
  in XI config guide which specifies everything you need - this is what you need
  so I hope no further explanations are necessary
  Regards,
  Michal Krawczyk