Webservice - security error
Hi All,
We are receiving the security error provided below while invokingthe LegalReportingUnitService -http://Host:Port/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL using HTTP Analyzer (Jdeveloper) or SOAP UI.
Also we find that the web service is having OWSM Policies - Directly Attached Policy - oracle/wss11_saml_or_username_token_with_message_protection_service_policy
Please let us know what information has to be provided apart from username/password credentials to this webservice.
a. Error message while invoking the web service using ext port & SSL url :
https://xxxx-fin-ext.example.com:xxxxx/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL
Error Message: 401 Unauthorized.
Log details:
Response Header-----------------=_Part_9_498083750.1342417354448
Content-Type: application/xop+xml;charset=UTF-8;type="text/xml"
Content-Transfer-Encoding: 8bit
Content-ID: <a1759cc915eb4db6ab48a1b97d3f1386>
<?xml version="1.0" encoding="UTF-8" ?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/types/" xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"><env:Header><ns1:Security><ns1:UsernameToken><ns1:Username>Fusion</ns1:Username><ns1:Password>welcome</ns1:Password></ns1:UsernameToken></ns1:Security></env:Header><env:Body><ns2:createLegalReportingUnit><ns2:legalReportingUnit xmlns:ns2="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/types/"><ns3:PartyId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000002842377</ns3:PartyId><ns3:LegalEntityId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000002842369</ns3:LegalEntityId><ns3:GeographyId xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">300000000225396</ns3:GeographyId><ns3:Name xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">Test123</ns3:Name><ns3:MainEstablishmentFlag xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">Y</ns3:MainEstablishmentFlag><ns3:MainEffectiveFrom xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2011-07-03+05:30</ns3:MainEffectiveFrom><ns3:MainEffectiveTo xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:MainEffectiveTo><ns3:EffectiveFrom xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:EffectiveFrom><ns3:EffectiveTo xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">2012-07-16+05:30</ns3:EffectiveTo><ns3:ObjectVersionNumber xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/">1</ns3:ObjectVersionNumber><ns3:ActivityCode xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/><ns3:SubActivityCode xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/><ns3:TypeOfCompany xmlns:ns3="http://xmlns.oracle.com/apps/financials/legalEntity/legalEntities/legalReportingUnitService/"/></ns2:legalReportingUnit></ns2:createLegalReportingUnit></env:Body></env:Envelope>
------=_Part_9_498083750.1342417354448—
b. Error message while invoking this web service using int port –
http://xxx-fin-int.example.com:xxxx/finLeLegalEntitiesModel/LegalReportingUnitService?WSDL
Error Message: 500 Internal Server error.
Log details:
Response Header: ------=_Part_8_481967515.1342415673437
Content-Type: application/xop+xml;charset=UTF-8;type="text/xml"
Content-Transfer-Encoding: 8bit
Content-ID: <f4ef59739fc64cacb9829403d3a171d5>
<?xml version="1.0" encoding="UTF-8" ?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:ns0="http://schemas.oracle.com/owsm/policy-enforcement-2007-06"><faultcode>ns0:GenericFault</faultcode><faultstring>GenericFault : generic error</faultstring><faultactor></faultactor></env:Fault></env:Body></env:Envelope>
------=_Part_8_481967515.1342415673437—
Regards,
Ramesh
Hi, I am using Weblogic Oracle 12c and standalone server no clusters. I have a webservice configured which is working from the Weblogic, using DemoTrust.jks I just downloaded the SOAP-UI and having issues with this, I set up the aut Tab to use Global HTTP Settings for the authorization type and added a keystore which is pointing to the DemoTrust.jks.
When I run a test, I receive this error
Tue Jul 31 09:40:38 PDT 2012:DEBUG:<< "<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurity</faultcode><faultstring>Error on verifying message against security policy Error code:1000</faultstring></env:Fault></env:Body></env:Envelope>"
You wouldn't know what this is about, from what I am reading it seems I need to pass a policy to the server from the client but unsure what to configure.
If you have any insight I would appreciate it.
Similar Messages
-
Invalid security error when invoking secure webservice using SAML tokens
I have deployed a JAX-WS webservice using a stateless session bean to wl 10.3.2 that uses a custom policy. The service deploys fine, but weblogic returns an HTTP error 500 with a SOAP fault. The fault states wsse:InvalidSecurity. The webservice security policy reqires SAML holder of key assertions and attributes. I have tried everything from running weblogic with Metro 1.5 to configuring SAML Identity Asserter Providers, etc with no luck. I even tried using the built in SAML 2.0 assymetric holder of key policy. What am I doing wrong? The XML of interest is attached.
Thanks;
-Dave.
*[Sample message from client]*
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing">https://localhost:7002/NHINAdapterDocQuerySecured/AdapterDocQuerySecured</To>
<Action xmlns="http://www.w3.org/2005/08/addressing">urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:fec656f8-a2be-4129-8412-34d9453e7cb2</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
<wsu:Created>2010-02-24T21:38:56Z</wsu:Created>
<wsu:Expires>2010-02-24T21:43:56Z</wsu:Expires>
</wsu:Timestamp>
<saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="96cdfb70-91a3-4baf-9da1-3ff07d249926" IssueInstant="2010-02-24T21:38:56.671Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">UID=kskagerb*DoD</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml2:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZiqM1BAFp9F73hMHsNrc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</saml2:SubjectConfirmationData>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:AuthnStatement AuthnInstant="2009-04-16T13:15:39.000Z" SessionIndex="987">
<saml2:SubjectLocality Address="158.147.185.168" DNSName="cs.myharris.net"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Karl S Skagerberg</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">InternalTest2</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<saml2:AttributeValue>
<hl7:Role xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="307969004" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Public Health" xsi:type="hl7:CE"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<saml2:AttributeValue>
<hl7:PurposeForUse xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Use or disclosure of Psychotherapy Notes" xsi:type="hl7:CE"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">500000000^^^&1.1&ISO</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthzDecisionStatement Decision="Permit" Resource="https://158.147.185.168:8181/SamlReceiveService/SamlProcessWS">
<saml2:Action Namespace="urn:nhin:names:hl7:rbac:4.00:operation">EXECUTE</saml2:Action>
<saml2:Evidence>
<saml2:Assertion ID="40df7c0a-ff3e-4b26-baeb-f2910f6d05a9" IssueInstant="2009-04-16T13:10:39.093Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=Harris,O=HITS,L=Melbourne,ST=FL,C=US</saml2:Issuer>
<saml2:Conditions NotBefore="2009-04-16T13:10:39.093Z" NotOnOrAfter="2010-12-31T12:00:00.000Z"/>
<saml2:AttributeStatement>
<saml2:Attribute Name="AccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Ref-1234</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="InstanceAccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Instance-1</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2:Evidence>
</saml2:AuthzDecisionStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#96cdfb70-91a3-4baf-9da1-3ff07d249926">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>VnukKqb4Bt1KWDKfy8SDfk1Hp2s=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DUwjh/H3XSfUG250rTlLdihstDXY1+qkY9GaY81Iu7Ag4MgoGvGBrGjZOJ7YnssPdrqUGiURxf6k
IBH7vaeXk24XvXP3F85WP9nBm+2M4BvGTplgOmAo0yuwze+90FvwILzFNmmX/tvy3QKTDHlh1rEx
/Jqfm6q/56WW1suAbRY=</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l
0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZ
iqM1BAFp9F73hMHsNrc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</saml2:Assertion>
<ds:Signature xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" Id="_2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>oo99UrPhAcwla4Qbkdd9jAPn0cE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ds4vqts8uCdJcNGo0uTPzId5UBX+GVrdztQPv823c1Zy9ZZGSfQC/GsBPM/EMbFInDPFsyT4e1QYZMCzmqLYnifWHlDQJb7oMJBokafavAqZda1B55Zzh3TSm6BqKWtB/DX17d6rLx/HPiLNZ9qsBfuGn3aTlUCpNsYA8ObBtp8=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">96cdfb70-91a3-4baf-9da1-3ff07d249926</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body>
<ns3:AdhocQueryRequest xmlns:ns2="urn:gov:hhs:fha:nhinc:gateway:samltokendata" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns4="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns5="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0" maxResults="-1" startIndex="0" federated="false">
<ns3:ResponseOption returnComposedObjects="true" returnType="LeafClass"/>
<ns4:AdhocQuery home="urn:oid:2.16.840.1.113883.4.349" id="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d">
<ns4:Slot name="$XDSDocumentEntryStatus">
<ns4:ValueList>
<ns4:Value>('urn:oasis:names:tc:ebxml-regrep:StatusType:Approved')</ns4:Value>
</ns4:ValueList>
</ns4:Slot>
<ns4:Slot name="$XDSDocumentEntryPatientId">
<ns4:ValueList>
<ns4:Value>'1012581676V377802^^^&2.16.840.1.113883.4.349&ISO'</ns4:Value>
</ns4:ValueList>
</ns4:Slot>
</ns4:AdhocQuery>
</ns3:AdhocQueryRequest>
</S:Body>
</S:Envelope>
*[Response from server:]*
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>weblogic.xml.crypto.api.MarshalException: weblogic.xml.dom.marshal.MarshalException: Failed to unmarshal {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}SecurityTokenReference, no SecurityTokenReference factory found for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier ValueType: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
*[webservice WSDL]*
<?xml version="1.0" encoding="UTF-8"?>
<!--
Adapter Document Query WSDL
-->
<definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:tns="urn:gov:hhs:fha:nhinc:adapterdocquerysecured"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:query="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
xmlns:plnk="http://docs.oasis-open.org/wsbpel/2.0/plnktype"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsaws="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:vprop="http://docs.oasis-open.org/wsbpel/2.0/varprop"
xmlns:sxnmp="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/NMProperty"
name="AdapterDocQuerySecured"
targetNamespace="urn:gov:hhs:fha:nhinc:adapterdocquerysecured">
<documentation>Adapter Document Query</documentation>
<types>
<xsd:schema>
<xsd:import namespace="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
schemaLocation="../schemas/ebRS/query.xsd"/>
<xsd:import namespace="urn:gov:hhs:fha:nhinc:gateway:samltokendata"
schemaLocation="../schemas/nhinc/gateway/SamlTokenData.xsd"/>
</xsd:schema>
</types>
<message name="RespondingGateway_CrossGatewayQueryRequestMessage">
<part name="body"
element="query:AdhocQueryRequest"/>
</message>
<message name="RespondingGateway_CrossGatewayQueryResponseMessage">
<part name="body"
element="query:AdhocQueryResponse"/>
</message>
<portType name="AdapterDocQuerySecuredPortType">
<operation name="RespondingGateway_CrossGatewayQuery">
<input name="RespondingGateway_CrossGatewayQueryRequest"
message="tns:RespondingGateway_CrossGatewayQueryRequestMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage"/>
<output name="RespondingGateway_CrossGatewayQueryResponse"
message="tns:RespondingGateway_CrossGatewayQueryResponseMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryResponseMessage"/>
</operation>
</portType>
<binding name="AdapterDocQuerySecuredBindingSoap11" type="tns:AdapterDocQuerySecuredPortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_SoapPolicy"/>
<operation name="RespondingGateway_CrossGatewayQuery">
<soap:operation soapAction="urn:RespondingGateway_CrossGatewayQuery"/>
<input name="RespondingGateway_CrossGatewayQueryRequest">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Input_Policy"/>
</input>
<output name="RespondingGateway_CrossGatewayQueryResponse">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Output_Policy"/>
</output>
</operation>
</binding>
<service name="AdapterDocQuerySecured">
<port name="AdapterDocQuerySecuredPortSoap11"
binding="tns:AdapterDocQuerySecuredBindingSoap11">
<soap:address
location="https://localhost:7002/NHINAdapterDocQuerySecured" />
</port>
</service>
<!-- Define action property on each receiving message -->
<vprop:property name="action" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:action"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>action</vprop:query>
</vprop:propertyAlias>
<!-- Define resource property on each receiving message -->
<vprop:property name="resource" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:resource"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>resource</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseRoleCode property on each receiving message -->
<vprop:property name="purposeForUseRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseRoleCode</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseCodeSystem property on each receiving message -->
<vprop:property name="purposeForUseCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystem</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseCodeSystemName property on each receiving message -->
<vprop:property name="purposeForUseCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystemName</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseDisplayName property on each receiving message -->
<vprop:property name="purposeForUseDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseDisplayName</vprop:query>
</vprop:propertyAlias>
<!-- Define userFirstName property on each receiving message -->
<vprop:property name="userFirstName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userFirstName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userFirstName</vprop:query>
</vprop:propertyAlias>
<!-- Define userMiddleName property on each receiving message -->
<vprop:property name="userMiddleName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userMiddleName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userMiddleName</vprop:query>
</vprop:propertyAlias>
<!-- Define userLastName property on each receiving message -->
<vprop:property name="userLastName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userLastName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userLastName</vprop:query>
</vprop:propertyAlias>
<!-- Define userName property on each receiving message -->
<vprop:property name="userName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userName</vprop:query>
</vprop:propertyAlias>
<!-- Define userOrganization property on each receiving message -->
<vprop:property name="userOrganization" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userOrganization"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userOrganization</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCode property on each receiving message -->
<vprop:property name="userRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCode</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeSystem property on each receiving message -->
<vprop:property name="userRoleCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystem</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeSystemName property on each receiving message -->
<vprop:property name="userRoleCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystemName</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeDisplayName property on each receiving message -->
<vprop:property name="userRoleCodeDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeDisplayName</vprop:query>
</vprop:propertyAlias>
<!-- Define expirationDate property on each receiving message -->
<vprop:property name="expirationDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:expirationDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>expirationDate</vprop:query>
</vprop:propertyAlias>
<!-- Define signDate property on each receiving message -->
<vprop:property name="signDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:signDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>signDate</vprop:query>
</vprop:propertyAlias>
<!-- Define contentReference property on each receiving message -->
<vprop:property name="contentReference" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:contentReference"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>contentReference</vprop:query>
</vprop:propertyAlias>
<!-- Define content property on each receiving message -->
<vprop:property name="content" type="xsd:base64Binary"/>
<vprop:propertyAlias propertyName="tns:content"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>content</vprop:query>
</vprop:propertyAlias>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_SoapPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
<sc:KeyStore wspp:visibility="private"
aliasSelector="gov.hhs.fha.nhinc.callback.KeyStoreServerAliasSelector"
callbackHandler="gov.hhs.fha.nhinc.callback.KeyStoreCallbackHandler"/>
<sc:TrustStore wspp:visibility="private"
callbackHandler="gov.hhs.fha.nhinc.callback.TrustStoreCallbackHandler"/>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:RequireClientCertificate/>
</wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:SamlToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssSamlV20Token11/>
</wsp:Policy>
</sp:SamlToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<plnk:partnerLinkType name="AdapterDocQuerySecured">
<!-- A partner link type is automatically generated when a new port type is added.
Partner link types are used by BPEL processes. In a BPEL process, a partner
link represents the interaction between the BPEL process and a partner service.
Each partner link is associated with a partner link type. A partner link type
characterizes the conversational relationship between two services. The
partner link type can have one or two roles.-->
<plnk:role name="AdapterDocQuerySecuredPortTypeRole"
portType="tns:AdapterDocQuerySecuredPortType"/>
</plnk:partnerLinkType>
</definitions>
Edited by: dvazquez1027 on Feb 25, 2010 5:10 PM
Edited by: dvazquez1027 on Feb 25, 2010 5:22 PMHi
yes, I had the same issue and I found a solution.
You need to request a patch for BUG 9212862 (already corrected in WLS 10.3.3) and do the follwing:
javax.xml.ws.BindingProvider provider = (javax.xml.ws.BindingProvider)port;
java.util.Map context = provider.getRequestContext();
context.put(weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_PREFERENCE, weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_MSFT);
This will cause the SecurityMessageArchitect class of WLS to not send the SecurityTokenReference in the Soap security header.
Please note that is evidently a non-comformity to the specs of microsoft:
Please give a look at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf (8.3 Signing Tokens)
and also at:
http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
(3.4 Identifying and Referencing Security Tokens)
A SAML key identifier reference MUST be used for all (local and remote) references to SAML 1.1
assertions. [...]
All conformant implementations MUST be able to process SAML assertion references occurring in a
<wsse:Security> header or in a header element other than a signature to acquire the corresponding
assertion. A conformant implementation MUST be able to process any such reference independent of the
confirmation method of the referenced assertion.
It follows that the .NET 3.5 is a non conformat implementation: I would gladly know which is the position of Microsoft on that.
ciao
carlo -
Webservice call throws Channel.Security.Error
Hello all,
My flex app calls webservices hosted on the same server that
hosts the .swf file of the application. Running the app in flex
builder or on the same machine works perfectly all business logic
is called using webservices. When running the application on
another system however a Channel.Security.Error is thrown when
calling the first webservice with following detail shown in IE:
[FaultEvent fault=[RPC Fault faultString="Security error accessing
url" faultCode="Channel.Security.Error" faultDetail="Destination:
DefaultHTTP"] messageId="9C03B02E-1A3F-1F2B-1277-FD674AB4D188"
type="fault" bubbles=false cancelable=true eventPhase=2]
I started out discovering a world new to me, the world of
flash security settings:
http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html#policy _file
http://livedocs.adobe.com/flex/3/html/help.html?content=05B_Security_10.html
http://nederflash.nl/blog/voorbereiden-op-de-flash-player-9-april-2008-veiligheids-update
So I started out using a policy server (using the python
script that you can download in the first article link mentioned)
on the webservice server on port 843 that serves following file:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "
http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*"
headers="SOAPAction"/>
<allow-access-from domain="*"/>
</cross-domain-policy>
But apparently the flex app on the other machine never makes
a request to this policy server. In the end I also added an
crossdomain.xml file with the same contents by an apache http
server in the root directory. All this without success...and this
problem is driving me bananas.
We are using the latest version of the flash player: "You
have version 9,0,124,0 installed"
Since we have to put a version of this application into
production at the end of this week all help, suggestions and
remarks are really appreciated.
kind regards,
Geert Van LandeghemHi Rita,
I think I had a similar problem. Flex requires that the server on which the flex application is (swf file) must be the same as the one where the the wsdl is called from. In other words if the URL of your wsdl is "machine_name.sap.com", you must call the flex application from "machine_name.sap.com".
There are ways to circumvent this security check flex does apparently, but I was never able to make them work.
Regards,
Philon -
Security error accessing ur unable to load wsdl
HI
I am using a webservice(.net webservice) that is on my
localhost and using it in flex application that is also on my
system. Means both the webservice and flex application are on the
same system.
But when i gives the reference of the webservice using the
system ip and run the application by the flex builder it generates
the error as:
mx.messaging.messages::ErrorMessage)#0
body = (Object)#1
clientId = "DirectHTTPChannel0"
correlationId = "24CD6542-F141-1A05-BA35-00A108CB30A0"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#2
messageId = "CC123DF0-0E6C-05FF-7894-00A109676283"
rootCause = (flash.events::SecurityErrorEvent)#3
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#4
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#4
text = "Error #2170: Security sandbox violation:
http://localhost:3000/MYCIMS/flex_bin/Design.swf
cannot send HTTP headers to
http://myip/MyServer/AdminWS.asmx."
type = "securityError"
timestamp = 0
timeToLive = 0
I have put crossdomain.xml file in the root of the localhost
and made every changes possible in the crossdomain.xml file but the
application is not running.
Please somebody provide an effective solution, I have spend
lots of time to resolve the problem but its not being....
Thanks in advance
Gopi SainiHave you seen this blog
"Crossdomain.xml" in ABAP Web AS Server cache -
Security error accessing url (Unable to load WSDL)
Hi folks.
I have a Flex project that use a WCF webservice. In my localhost everything is allright, but I want to upload my flex project to a web host (http://www.dorj.ir) and upload my WCF webservice to a server that has a valid IP...
After going to http://www.dorj.ir, you can see this error
Security error accessing url
Unable to load WSDL. If currently online, please verify the URI and/or format of the WSDL (http://ip/service.svc?wsdl)
I put the crossdomain.xml file in the root of my server:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="http://www.dorj.ir" />
<allow-http-request-headers-from domain="http://www.dorj.ir" headers="SOAPAction"/>
</cross-domain-policy>
But I have the same error, yet...!
what should I do?!Have you seen this blog
"Crossdomain.xml" in ABAP Web AS Server cache -
Security Error when creating a web service with Flex
Hello comminuty.
I'm using Flex to create a standalone application and I have to use web services to retrieve data from SAP.
I used the bapi bapi_flight_getlist to create an associated WS that works fine (tested with the Eclipse's WS Explorer).
In Flex Builder, I use the following code to create my web service:
<mx:WebService
showBusyCursor="true"
id="service"
wsdl="{wsdl}"
result="resultCreateWSHandler(event);"
fault="faultCreateWSHandler(event);">
<mx:operation name="FlightGetList"
result="resultWSHandler(event)"
fault="faultWSHandler(event)"></mx:operation>
</mx:WebService>
And this is the error I'm getting:
(mx.messaging.messages::ErrorMessage)#0
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "E578ED8C-EF29-44E7-8D57-57B4DB6EB613"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#1
DSStatusCode = 0
messageId = "6E7AC45E-418D-90CD-96AD-57B52DB1DAF4"
rootCause = (flash.events::SecurityErrorEvent)#2
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#3
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#3
text = "Error #2048: Violation de la sécurité Sandbox : http://localhost:8300/ztest2/bin-debug/ztest2.swf ne peut pas charger de données à partir de http://XXXX:8006/sap/bc/srt/wsdl/bndg_DEB8A28C2E19EEF19C080050568D135B/wsdl11/allinone/ws_policy/document?sap-client=800."
type = "securityError"
timestamp = 0
timeToLive = 0
Translation: "Error #2048: Sandbox security violation: http:....swf cannot load data from http:...client=800"
Would any of you have an idea about what is causing this error??
Thanks for any help you can provide.
Regards,
C.Hi Cristina
Did your flex application worked. i am also having same problm. cant access the BAPI from standalone flex application.
Jay -
Security Error when trying to access web service
I have an app that connects over HTTPS to a web service on
our internal network. The interface to the web service was created
by using the WSDL Import function of the Flex IDE.
I can run the app and retrieve data without a problem when I
run from the debug-bin folder that the Flex IDE compiles to.
However, I cannot connect to the web service from anywhere else,
such as a different location on my own local drives, a network
drive, or another persons machine.
I've setup a local instance of Apache with mod_ssl so I could
host the app under an HTTPS connection itself, which the
documentation seemed to imply that would work. However, when I run
the app, I get:
[FaultEvent fault=[RPC Fault faultString="Security error
accessing url" faultCode="Channel.Security.Error"
faultDetail="Destination: DefaultHTTPS"] messageId=null
type="fault" bubbles=true cancelable=true eventPhase=2]
I am accessing the app by going to
https://mymachine.companydomain.com/myapp.html, and the web service
is being accessed through https://webservice.companydomain.com/.
Anybody have any thoughts on what I should be looking at?
I've been searching and trying things for a few days with no luck.
Any help would be appreciated. Thanks.The SSL handshake works differently to a browser as it is making the connections automatically.
The browser asks every time if you want to trust an expired certificate, and it also recommends not to. Its impractical to manually check every service call to say do you trust the certificate so the functionality doesn't exist. I doubt any integration product does this. Therefore there isn't a option to ignore the certificate if it has expired.
This makes sence as the certificate is untrustworthy. The whole idea around SSL is trusting the site you are communicating with, all parties need to be trusted. This stops hackers from replicating their site and intercepting data.
If the administrator of the remote site is not willing to renew the certificate, are they really interested in SSL. I suggest they expose a non SSL service.
cheers
James -
Hi guys.
Typically webservices are invoked across domains. Flash has defined certain policies which prevent crossdomain access. The only way to bypass this security feature is to put a crossdomain.xml file within the server root of the webservice provider i.e. in our case at http://abc.com. A sample example of crossdomain.xml is as below:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
If the crossdomain.xml is not added the developer will get “Security Error accessing URL” type of messages.
The above mentioned information should be enough for you to get your flex based WebService client up and running.
We are using axis2 to build webservices. We deployed the webservices under axis2 container under repository/srvices folder . But in Flex when we try to call the webservices we were getting the exception saying security error in accessing url. The solution is we need to put the crossdomain.xml o that it is loaded at runtime and allow us to access. In tomcat if we put the file under ROOT directory we could accss the file and we were able to access the webservices deployed under Tomcat. But I googled for Axis2 container and couldnt find any solution.
Please post the reply if anyone knows the solution to it.
Thanks
RajaHi. So, I did take a quick look at the Axis2 standalone server and didn't see any way to server up a file such as crossdomain.xml. It seems like it might be a useful enhancement to have the ability to serve up files even if this functionality was very simple/limited and nothing like a full blown http server.
I'd log an enhancement request against axis2 if this is something you'd like to have.
http://issues.apache.org/jira/browse/AXIS2
-Alex -
Deployment Error Channel.Security.Error
All,
I'm receiving the below error when trying to deploy my FLEX 2
page. Everything works fine when I run the page from within the
Flex Builder, but as soon as I move the files to within my Virtual
Directory and try to access the page through a web Broswer, it
fails. I'm using a Wrapper created by the Flex Builder, and even
created a crossdomain.xml file to access the WebServices. One thing
to note, the WebServices are on a different machine than what I'm
running the Flex page from.
quote:
[[RPC Fault faultString="Security error accessing url"
faultCode="Channel.Security.Error" faultDetail="Unable to load
WSDL. If currently online, please verify the URI and/or format of
the WSDL (
http://onyx/WebService1/Service1.asmx?wsdl)"
at mx.rpc.soap::WSDLParser/::dispatchFault()
at mx.rpc.soap::WSDLParser/
http://www.adobe.com/2006/flex/mx/internal::httpFaultHandler()
at
flash.events::EventDispatcher/flash.events:EventDispatcher::dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at mx.rpc::AbstractInvoker/
http://www.adobe.com/2006/flex/mx/internal::dispatchRpcEvent()
at mx.rpc::AbstractInvoker/
http://www.adobe.com/2006/flex/mx/internal::faultHandler()
at mx.rpc::Responder/fault()
at mx.rpc::AsyncRequest/fault()
at ::DirectHTTPMessageResponder/securityErrorHandler()
at
flash.events::EventDispatcher/flash.events:EventDispatcher::dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at
flash.net::URLLoader/flash.net:URLLoader::redirectEvent()]
Any thoughts on what could be causing this? I'm not using a
proxy, and I'm just trying to get a pretty basic page to work. Any
input would be appreciated.
Thanks,
-Ned kostIf the domain of the Flex2 app is different then the domain
of the WebService app you can get this error. You'll need a
crossdomain.xml file on the WebService domain's root folder giving
your Flex2 app permission to make the call. -
Hi!
I'm new on WS and I've got a security error when I try to invoke my WS
Error:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://oracle.e1.bssv.JP420000/types/">
<env:Body>
<env:Fault>
<faultcode>env:MustUnderstand</faultcode>
<faultstring>SOAP must understand error: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
Below you can see the security parameters:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:jpr="http://JP420000.bssv.e1.oracle">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>MYUSERNAME</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MYPASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<jpr:processSalesOrder>
<header>
<processing>
<processingVersion>MJD0001</processingVersion>
<actionType>A</actionType>
</processing>
<detail>
<quantityOrdered>1</quantityOrdered>
<product>
<item>
<itemId>1003399</itemId>
</item>
<configuration>
<segment>
<segmentNumber>110</segmentNumber>
<segmentValue>100</segmentValue>
</segment>
<businessUnit>10B02</businessUnit>
</configuration>
</product>
<userReservedData>
</userReservedData>
<processing>
<useConfigurationRule>1</useConfigurationRule>
<actionType>A</actionType>
</processing>
</detail>
<soldTo>
<customer>
<entityId>80000</entityId>
</customer>
</soldTo>
<shipTo>
<postalCode></postalCode>
<addressLine3></addressLine3>
<mailingName></mailingName>
<customer>
<entityId>103000</entityId>
</customer>
<countyCode></countyCode>
<addressLine4></addressLine4>
<countryCode></countryCode>
<addressLine2></addressLine2>
<stateCode></stateCode>
<city></city>
<addressLine1></addressLine1>
</shipTo>
</header>
</jpr:processSalesOrder>
</soapenv:Body>
</soapenv:Envelope>
Can someone help me and explain what's wrong?
Thanks in advance,
NiklasHi,
check out your oracle-webservice.xml. it must constains:
<runtime enabled="security">
<security>
<inbound>
<verify-username-token password-type="PLAINTEXT" require-nonce="false" require-created="false"/>
</inbound>
<outbound/>
</security>
</runtime>
If not, change the webservice properties (check security). Undeploy/reploy your web services and restart the oc4j group which the ws has been deploy.
Hope it helps,
Cyryl -
"Security error accessing url" - Accessing HTTP service running on another machine
Flex app is hosted as web service and is trying t access data
from HTTP Service
running on different machine. It throws following error
[RPC Fault faultString="Security error accessing url"
faultCode="Channel.Security.Error" faultDetail="Destination:
DefaultHTTP"]
at
mx.rpc::AbstractInvoker/
http://www.adobe.com/2006/flex/mx/internal::faultHandler
at mx.rpc::Responder/fault()
at mx.rpc::AsyncRequest/fault()
at ::DirectHTTPMessageResponder/securityErrorHandler()
at
flash.events::EventDispatcher/flash.events:EventDispatcher::dispatchEventFunctio
n()
at flash.events::EventDispatcher/dispatchEvent()
But when I run the HTTP Services (data provider) on same
machine application
works fine.
Already used crossdomain.xmlSorted the cross domain problem by using mx:Webservice rather
than an httpservice. -
BPEL to invoke a webservice secured by BASIC auth
Hi
I have been trying to write a simple BPEL process to invoke a remote webservice secured by basic authentication. I was able to build the BPEL process and then the composite application that I deployed successfully to glassfish, all within NetBeans IDE. As per the wiki notes: http://wiki.open-esb.java.net/Wiki.jsp?page=HTTPBasicAuthentication, I also added the Policy element to the wsdl for the service that I am trying to invoke as follows:
<wsdl:service name="PMSDatabase">
<wsdl:port name="PMSDatabaseSOAP11port_http" binding="ns2:PMSDatabaseSOAP11Binding">
<soap:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
</wsdl:port>
<wsdl:port name="PMSDatabaseSOAP12port_http" binding="ns2:PMSDatabaseSOAP12Binding">
<soap12:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
</wsdl:port>
<wsdl:port name="PMSDatabaseHttpport" binding="ns2:PMSDatabaseHttpBinding">
<http:address location="http://namadgi:9999/MessageCentre/services/PMSDatabase"/>
<wsp:PolicyReference URI="#HttpBasicAuthBindingBindingPolicy"/>
</wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="HttpBasicAuthBindingBindingRealmPolicy">
<mysp:MustSupportBasicAuthentication on="true">
<mysp:BasicAuthenticationDetail>
<mysp:WssTokenCompare/>
</mysp:BasicAuthenticationDetail>
</mysp:MustSupportBasicAuthentication>
<mysp:UsernameToken mysp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10>mcs_user</sp:WssUsernameToken10>
<sp:WssPassword>${pass_token}</sp:WssPassword>
</wsp:Policy>
</mysp:UsernameToken>
</wsp:Policy>When i try to run a testcase, the BPEL process fails during the invoke activity and I get the following error in the output:
<detailText>BPCOR-6135:A fault was not handled in the process scope; Fault Name is {http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling}systemFault; Fault Data is <?xml version="1.0" encoding="UTF-8"?><jbi:message xmlns:sxeh="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling" type="sxeh:faultMessage" version="1.0" xmlns:jbi="http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper"><jbi:part>HTTPBC-E00753: HTTP POST request failed, portType {http://service.messagecentre.dha.gov.au}PMSDatabaseHttpport
URL: http://namadgi:9999/MessageCentre/services/PMSDatabase/deletePMSVoidPeriod
QUERY:
PATH_INFO:
Exception detail: request requires HTTP authentication: User mcs_user not found in directory.</jbi:part></jbi:message>. Sending errors for the pending requests in the process scope before terminating the process instance
Caused by: BPCOR-6131:An Error status was received while doing an invoke (partnerLink=PartnerLink1, portType={http://service.messagecentre.dha.gov.au}PMSDatabasePortType, operation=deletePMSVoidPeriod)
BPCOR-6129:Line Number is 48
BPCOR-6130:Activity Name is Invoke1
Caused by: HTTPBC-E00753: HTTP POST request failed, portType {http://service.messagecentre.dha.gov.au}PMSDatabaseHttpport
URL: http://namadgi:9999/MessageCentre/services/PMSDatabase/deletePMSVoidPeriod
QUERY:
PATH_INFO:
Exception detail: request requires HTTP authentication: User mcs_user not found in directory.
Caused by: request requires HTTP authentication: User mcs_user not found in directory.</detailText>Where else do i need to configure the BASIC auth details to get this to work?Please post your request to [email protected] for quick response.
Error states "mcs_user" is invalid user. Please make sure that the user is valid. -
Flex encounters "Security error accessing url.Unable to load WSDL"
i have created a flex application which connects to SAP via web service.
when i try to run my flex application i encounter the following error.
"Security error accessing url.Unable to load WSDL"
i went through various posts relating a BSP application and crossdomain.xml
i have created the crossdomain.xml file in the application and
i tried those options and still not able to figure out the problem.
the security error is because of the absence of the crossdomain.xml file, and in which path should i be saving the file?
Kindly help me solve the problem.
Thanks in advance.Have you seen this blog
"Crossdomain.xml" in ABAP Web AS Server cache -
I keep receiving security errors when trying to open a pdf.
I keep receiving a security error when trying to run my javascript program, the function previously worked, but now creates an error after I entered the addWaterMark function. I have put my whole code below for my script.
The basic function is to load a text file into an array which has the path and file location, open the document, add a watermark, save the file, close the file, then repeat for the next array position.
I am using Acrobat Standard so I am unable to debug using the console, therefore I am struggling to understand what I am doing wrong. I will point out that I am not a fluent programmer, only have a basic knowledge of programming.
Code
app.addSubMenu(
cName:"Extras",
cParent:"Edit"
app.addMenuItem(
cName:"Import File",
cParent:"Extras",
cExec:"main()"
function main()
var fileCount = 0
var listOfFiles = []
listOfFiles = importData()
amountOfFiles = listOfFiles.length
for (var i =0; i<listOfFiles.length; i++) //calculates amount of entries in the array listOfFiles
newFile = openFile(listOfFiles[i]) //Opens current file
var d = app.activeDocs; //Gets current document title name
addWater(d[0]);
app.execMenuItem("Save");
for( var x in d ) d[x].closeDoc();
function addWater(myName)
{ app.alert("watermark",0);
myName.addWatermarkFromText(
cText: "OBSOLETE",
cFont: "Arial",
nFontSize:36,
aColor: color.red,
nOpacity: 0.5
//function SaveFile saves the current file but with an addition of WM to the filename
saveFile = app.trustedFunction(function(currentDoc, currentFileName)
{ app.alert("savefile",0);
app.beginPriv();
currentDoc.saveAs(currentFileName);
app.endPriv();
//function openFile which opens the file named in the variable currentFilename
openFile = app.trustedFunction(function(currentFileName)
{app.alert("openfile" + currentFileName,0);
app.beginPriv();
app.openDoc(currentFileName);
app.endPriv();
//importData function imports the paths and filenames contained in the list.txt located on the desktop
importData = app.trustedFunction(function()
{app.alert("import",0);
app.beginPriv();
cFilePath = "/C/Users/103019944/Desktop/File_List.txt";
var stmData = util.readFileIntoStream(cFilePath);
var cData = util.stringFromStream(stmData);
var cMsg = cData;
var fileArray = cMsg.split("\r\n");
for (var i =0; i<fileArray.length; i++)
return(fileArray);
app.endPriv();I have found the error, you are quite correct I had an extra letter in the filename, I thought I'd checked this but just shows that sattention to detail is the key.
The script works perfectly now, thanks you for your help, really appreciated.
Thanks again
Ben -
1st Issue. I am a new user and am fighting #2121, #2044 & #2048 Flash security errors in getting an MP3 player to work as I test the fla file in Flash CS4 on my local computer. The fla in Flash and swf in Dreamweaver calls mp3 files from our host server on the internet.
After reading various sparce posts and Adobe articles on this issue, I have added a crossdomain.xml file at our websites root (see file below) and added the code, flash.system.Security.allowDomain in line 1 of the action script of the flash fla to allow our site access (-see script below). These efforts have helped get the player to work better on our test site.
But, I am still getting the 2121 error within Flash CS4 as I debug the player or play the swf in live view within Dreamweaver. Playing the fla or swf will lock-up the Flash 10 player and crash the program. I am having the mp3 player access the mp3 files from our web site as I test the fla.
Here is the debug message I am getting:
Attemping to launch and connect to Player using URL C:\Web Site Files\Plank Productions afc\Plank Productions 2010\site\MP3_List_Player_AS3.swf [SWF] C:\Web Site Files\Plank Productions afc\Plank Productions 2010\site\MP3_List_Player_AS3.swf - 209827 bytes after decompression SecurityError: Error #2121: Security sandbox violation: Sound.id3: file:///C/Web%20Site%20Files/Plank%20Productions%20afc/Plank%20Productions%202010/site/MP3%5FList %5FPlayer%5FAS3.swf cannot access . This may be worked around by calling Security.allowDomain.
at flash.media::Sound/get id3()
at com.afcomponents.mp3player::MP3Player/get id3()
at com.afcomponents.mp3player::MP3Player/handleBuffe ring()
Here is the crossdomain xml code:
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0"?><!DOCTYPE cross-domain-policySYSTEM "http://www.macromedia.com/xml/dtds/cross-domain- policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.plankproductions.com" secure="false"/>
<allow-access-from domain="plankproductions.com" secure="false"/>
</cross-domain-policy>
Here is the AS3 in line 1 of the Fla file that I added:
flash.system.Security.allowDomain("www.plankproductions.com", "plankproductions.com");
2nd Issue. The online playback of the mp3 player will play about 4-7 mp3’s then lock-up in Internet Explorer 8 on a pc. I think that is related to flash security, not sure, I do not know how to debug the mp3 player on the web site.
http://plankproductions.com/pptemplate_afc_mp3.shtml
Questions.
-How can I resolve the error 2121?
-What as3 code do I need to target the local c drive to have security clearance and work properly, is this the problem?
-Why is the mp3 player locking up on the web page?
Thank you in advance for any help.
Operating System: Windows XP Professional, CS4 Web PremiumDo you have the standard or debug player installed? Such errors should not occur with the standard player.
See http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_Flash_Play er_version_type_and_capabilities__Flash_developers_only_
Maybe you are looking for
-
Two purchasing organisations for one user
Hi Experts, We are running SRM 4.0, extended classic scenario with a large international setup. I have an issue with purchaser that need to be able to shop for two different pur. orgs. in two different company codes (A & B). I have added both A & B i
-
Dynamic TaskFlow Gets Refreshed on Catching a Contextual Event
Hi, I am using Contextual events in my application. I have 2 task flows in my parent page. One TF is raising an event and the other is catching it. As my catching TF is a dynamic TF, I have specified the event map in it only. Everything is working as
-
If I copy and paste a block of these characters into TextEdit, I can see the correct verbage with links intact. Using OSX 10.6.8, all software updated. What's up with this? Still using mobileme, could it be related to that? This just started two days
-
Help, 27" iMac won't detect Epson projector
Hello, I'm trying to connect a 27" to Epson projector via Mini Display to VGA adapter connected through VGA cable to the projector (that works fine with other pc)...the iMac doesn't detect it.... Thanks
-
4 NEO2's and 4 USB 3/4 Failures
I've built 3 NEO2's so far and each one of them runs flawlessly but I continue to have a single problem with each one. I don't use floppy drives but instead 7:1 card readers. I've used 2 different kind, one from Inwin, and another that was a generic