WLS 10.3.3 - Web service - NTLM authentication
Hi,
We have generated web service proxy based on a wsld file for a .Net web service secured with NTLM authentication.
Running the code that connects to the web service from a java class main method works fine, but when running the same code from a web application deployed on weblogic server (we have tried both integrated and standalone) we get the following error: com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 401: Unauthorized.
Is there something that we should set in weblogic?
Regards,
Delia
Delia,
We had exactly the same issue and it took ages to resolve! Oracle didn't have a solution so I knuckled down and eventually worked out a solution...
When running your JAR under WLS you may have noticed that the exception looks like this:
java.io.FileNotFoundException: Response: '401: Unauthorized' for url: 'http://+your.domain.here+/default.aspx'
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:474)
Notice that it is not using the java.net.HttpURLConnection as you might have expected (and your Java code explicitly imports!), rather it employs weblogic.net.http.HttpURLConnection and there lies the rub.
As it turns out, it is easy to have your code force the use of the handler you desire.
Instead of:
HttpURLConnection http = (HttpURLConnection) new URL(+yourURL+).openConnection();
Use:
URL url = new URL(null, yourURL, new sun.net.www.protocol.http.Handler());
HttpURLConnection http = (HttpURLConnection) url.openConnection();
Regards,
Jerome
Similar Messages
-
How to use Axis to access a web service through Authentication proxy
Using axis access internat web service is success,but access a web service through Authentication proxy is failure.But other java classes connect through a proxy to the internet which works very well:
please help me ,thank you!!!
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import javax.xml.namespace.QName;
//this is my access webservice faliure codes
public class TestClient
public static void main(String [] args) {
try {
System.getProperties().setProperty("http.proxySet", "true");
System.getProperties().setProperty("http.proxyHost","proxy.com");
System.getProperties().setProperty("http.proxyPort", "8080");
System.getProperties().setProperty("http.proxyUser", "username");
System.getProperties().setProperty("http.proxyPassword","password");
String endpoint =
"http://nagoya.apache.org:5049/axis/services/echo";
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress( new java.net.URL(endpoint) );
call.setOperationName(new QName("http://soapinterop.org/", "echoString") );
String ret = (String) call.invoke( new Object[] { "Hello!" } );
System.out.println("Sent 'Hello!', got '" + ret + "'");
} catch (Exception e) {
System.err.println(e.toString());
}I get an "(407)Proxy authorization required" error?I am also looking for a solution. Does any one know how to do through code instead of jvm settings?
Thanks in advance! -
Issue with calling external web service with authentication details ...
Hi,
I am facing a deployment issue with Oracle ESB. I am trying to call an external Web Service with authentication from ESB SOAP Service. It is working fine with my local ESB version 10.1.3.3.0 Build PCBPEL_10.1.3.3.0_GENERIC_070615.0525; however it is getting an error at our development ESB version 10.1.3.3.1 Build PCBPEL_10.1.3.3.1_GENERIC_RELEASE.
I am getting following error.
An unhandled exception has been thrown in the ESB system. The exception reported is: "org.collaxa.thirdparty.apache.wsif.WSIFException: exception during SOAP invoke: Server was unable to process request. ---> Object reference not set to an instance of an object.; nested exception is: javax.xml.rpc.soap.SOAPFaultException: Server was unable to process request. ---> Object reference not set to an instance of an object. at com.collaxa.cube.ws.wsif.providers.oc4j.jaxrpc.WSIFOperation_JaxRpc.populateFaultMessage(WSIFOperation_JaxRpc.java:3086) at com.collaxa.cube.ws.wsif.providers.oc4j.jaxrpc.WSIFOperation_JaxRpc.invokeOperation(WSIFOperation_JaxRpc.java:1728) at com.collaxa.cube.ws.wsif.providers.oc4j.jaxrpc.WSIFOperation_JaxRpc.invokeRequestResponseOperation(WSIFOperation_JaxRpc.java:1473) at com.collaxa.cube.ws.wsif.providers.oc4j.jaxrpc.WSIFOperation_JaxRpc.executeRequestResponseOperation(WSIFOperation_JaxRpc.java:1196) at oracle.tip.esb.server.common.wsif.WSIFInvoker.executeOperation(WSIFInvoker.java:867) at oracle.tip.esb.server.common.wsif.WSIFInvoker.nextService(WSIFInvoker.java:770) at oracle.tip.esb.server.common.wsif.WSIFInvoker.nextService(WSIFInvoker.java:790) at oracle.tip.esb.server.service.impl.outadapter.OutboundAdapterService.nextService(OutboundAdapterService.java:208) at oracle.tip.esb.server.service.impl.outadapter.OutboundAdapterService.processBusinessEvent(OutboundAdapterService.java:127) at oracle.tip.esb.server.dispatch.InitialEventDispatcher.dispatchNonRoutingService(InitialEventDispatcher.java:118) at oracle.tip.esb.server.dispatch.InitialEventDispatcher.dispatch(InitialEventDispatcher.java:95) at oracle.tip.esb.server.dispatch.BusinessEvent.raise(BusinessEvent.java:1424) at oracle.tip.esb.utils.EventUtils.raiseBusinessEvent(EventUtils.java:112) at oracle.tip.esb.server.service.EsbRouterSubscription.onBusinessEvent(EsbRouterSubscription.java:307) at oracle.tip.esb.server.dispatch.EventDispatcher.executeSubscription(EventDispat
Could one of you please help me out to understand why it is happining.
Thanks in advance.
Jyotirmoy.Hi Mahesh,
One you are missing is authentication token or credentials.
Please refer to the following articles.
http://www.cleverworkarounds.com/2014/02/05/tips-for-using-spd-workflows-to-talk-to-3rd-party-web-services/
A Series of articles related to Web Service in SPD Workflow
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 1
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 2
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 3
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 4
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 5
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 6
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 7
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 8
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 9
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 10
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 11
Trials or tribulation?
Inside SharePoint 2013 workflows–Part 12
Please don't forget to mark it answered, if your problem resolved or helpful -
Hi!
We need to implement authentication using our own methods, and the authentication
information is provided to the web service implementation in a basic authentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles web services
in
wls 7.0.sp2, always attempts to perform authentication, if the header is present.
Is there any way to circumvent this, because we want to implement authentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for our own
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet, which
would
remove the basic authentication header, and put the authentication info in custom
headers, such as x-auth: <user:password>, or smthng similar, and after successful
authentication, make a call to bea's servlet weblogic.webservice.server.servlet.WebServiceServlet.
But still, I'd like to know if there is any way to tell bea's servlet to ignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni NykanenCurrently there is no option to turn off security check.
I think you can use a servlet filter mapped to the URL
of your service, instead of a proxy servlet?
Regards,
-manoj
http://manojc.com
"Toni Nykanen" <[email protected]> wrote in message
news:3ef1577b$[email protected]..
>
Hi!
We need to implement authentication using our own methods, and theauthentication
information is provided to the web service implementation in a basicauthentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
in
wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
Is there any way to circumvent this, because we want to implementauthentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for ourown
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet,which
would
remove the basic authentication header, and put the authentication info incustom
headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
>
But still, I'd like to know if there is any way to tell bea's servlet toignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen -
How to access SOAP web service with authentication, HTTP basic Authentication
Dear All
i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
http://forums.adobe.com/message/4262868
private function authAndSend(service:HTTPService):void
var encoder:Base64Encoder = new Base64Encoder();
encoder.insertNewLines = false; // see below for why you need to do this
encoder.encode("someusername:somepassword");
service.headers = {Authorization:"Basic " +encoder.toString()};
service.send();
Also i noticed in debug mode, always that WARNNING raised up
Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
any idea ?Hello,
I don't know if this could help.
Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well. -
Configuring WLS to invoke a web service on SSL
Hi,
It will be really helpful if I get some pointers on this. Stuck with this without any progress. I havent experimented too much working with Certificates and so on...
I have a web service on my WLS...This has to invoke an external web service (provided by a third party).
They have given me a url for WSDL.
.p12 certificate - privateKeyEntry
.cer certificate - trustCertEntry
In my browser(IE), to display the WSDL page, I had to import this .p12 certificate in the "Personal" tab and .cer certificate in the "Trusted Root Certification Authorities" tab. It works !! I can see the WSDL.
Now I have to do a equivalent setting in WLS so that my WS invokes the external WS. I can test this with the Weblogic Test Client for my WS.
This is what I thought I had to do.
Configure Custom Identity and Custom Trust in WLS.
Custom Identity - directly used the .p12 file and specified type as PCKS12 with a password. That seems OK.
Custom Trust - Since I didnt think I could use .cer file, I imported this certificate into .jks file using the below command
keytool -import -trustcacerts -alias mykey -keystore mytrust.jks -file TestRootCert.cer -keyalg RSA
configured this .jks file as a custom truststore.
In the SSL tab, specified the alias name that existed in the PrivateKeyEntry(.p12 file) assuming this is used to identify myself to the external WS.
Set -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true in the WLS startup file just to see some more additional info.
When I invoke the external WS using the WLS test client, this is how the output on console looks..(sorry, had to edit some stuff related to company names etc.)
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loading server SSL identity>
<Sep 16, 2010 5:35:02 PM CEST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias e74476a0b5a8cfce6e426c266aee9bbc_2d3fa38c-4f19-4115-b030-11acb1de5cd5 from the PKCS12 keystore file C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\TestPoints.p12.>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Loaded public identity certificate chain:>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Subject: [email protected], CN=Test , OU=Digital ID Class 1 - Microsoft Full Service, OU=Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."; Issuer: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Sep 16, 2010 5:35:02 PM CEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\ebmscert.jks.>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 1 trusted CAs from C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\ebmscert.jks>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<Sep 16, 2010 5:35:02 PM CEST> <Info> <WebLogicServer> <BEA-000307> <Exportable key maximum lifespan set to 500 uses.>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28972139>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <8413295 SSL3/TLS MAC>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <8413295 received HANDSHAKE>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 320858270326811821565694692014706744673
Issuer:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Subject:C=SE, ?=19587, ST=None, L=country, ?=Test Address, O=CompanyName Denmark-Norway-Sweden, OU=DK Wintel AS, OU=Hosted by Melbourne IT Corporate Brand Services, OU=Comodo PremiumSSL, CN=a.b.com
Not Valid Before:Thu Mar 19 01:00:00 CET 2009
Not Valid After:Sun Mar 20 00:59:59 CET 2011
Signature Algorithm:SHA1withRSA
>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 109339514828885055587748732527481675047
Issuer:C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Subject:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Not Valid Before:Tue Jun 07 10:09:10 CEST 2005
Not Valid After:Sat May 30 12:48:38 CEST 2020
Signature Algorithm:SHA1withRSA
>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 320858270326811821565694692014706744673
Issuer:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Subject:C=SE, ?=19587, ST=None, L=country, ?=Test Address, O=CompanyName Denmark-Norway-Sweden, OU=DK Wintel AS, OU=Hosted by Melbourne IT Corporate Brand Services, OU=Comodo PremiumSSL, CN=a.b.com
Not Valid Before:Thu Mar 19 01:00:00 CET 2009
Not Valid After:Sun Mar 20 00:59:59 CET 2011
Signature Algorithm:SHA1withRSA
>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 109339514828885055587748732527481675047
Issuer:C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Subject:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Not Valid Before:Tue Jun 07 10:09:10 CEST 2005
Not Valid After:Sat May 30 12:48:38 CEST 2020
Signature Algorithm:SHA1withRSA
>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Sep 16, 2010 5:35:02 PM CEST> <Warning> <Security> <BEA-090477> <Certificate chain received from a.b.com - 194.182.249.133 was not trusted causing SSL handshake failure.>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
If I understood rite, the external server is sending some certificates which is not there in the WLS trust store. Is this correct?
Also tried to get these certificates into the truststore using the InstallCert.java utility class, but then I get a 403:Forbidden.
So I have no clue at the moment. Basically, my WLS acts as a client to the external WS rite? so this is a one-way SSL. IS that correct?
Can you help with some pointers please?
best regards,
MuraliHi,
I just noticed this post and it seems that I had the same problem ( [see the relevant topic|http://forums.sun.com/thread.jspa?threadID=5378686] ) -- it is now answered.
Simply follow the instructions on [this page|http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1] - note that the answer was provided by Miroslav777.
Bye
Urbas -
How to set up User id and Password for Web services or authentication
Hi ,
I am new to web services . I have created a new Web service in SAP , and while creating Service defination , set the Authentication as LOW for server proxy .Then created End-point in SOAMANAGER with USREID/PWS requried .This WSDL i am planning to share with Third party to call from Java application.
But my web service checks for authorization which needs to be set up to allow the user id and pws .
So question is how do i pass my user id and pws as i do not see this WSDL with User id and pws option displayed for me when i test this using SOAP UI .I saw some of WSDL with tag "AuthHeader" with user id and pws tags in them .So how could i get them ?
Or requirement is that my Third party should be able to access my Web service in PRD and also be able to have authorization to auth object embedded in FM inside service defination .So how is this acheived ?
Thanks,
SitaramanHi,
After creation of WSDL , you will get URL lkie http://idessapdev.ad.infosys.com:8000/index.html.
For this URL your third party system need sto add id and pwd for accessing like http://idessapdev.ad.infosys.com:8000/index.html&userid = 111&pwd= wwgw.
this is not the exact syntax. you can check with your third party system for this URL.
Regards,
Lokeswari. -
Get or set security credentials for XML web service client authentication
Dear,
I wrote a custom asp.net web service that acts as a wrapper for the taxonomyclientservice.asmx in sharepoint 2010.
ON my local machine, the following code works:
using (Taxonomy.Taxonomywebservice TaxonomyClient = new COSMOS_Taxonomy.Taxonomywebservice())
TaxonomyClient.Credentials = new NetworkCredential("username", "pass", "domain");
TaxonomyClient.PreAuthenticate = true;
etc..
The authentication works when i provide the user credentials.
the problem is when i deploy the webservice to my production env. I dont know the owner of the metadata term store and its out of the question to get the username and password.
when i try to run this code on my local machine:
TaxonomyClient.Credentials = System.Net.CredentialCache.DefaultCredentials;
i get this error:
System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at COSMOS_TermSet.COSMOS_Taxonomy.Taxonomywebservice.GetTermSets(String sharedServiceIds, String termSetIds, Int32 lcid, String clientTimeStamps, String clientVersions, String& serverTermSetTimeStampXml)
at COSMOS_TermSet.CustomWebService.GetCountryTermSet()
How can i fix this.
Many thanks in advanceHi Roni,
Based on your description, the error occurred when using the DefaultCredential in the code.
I recommend to check if the “<identity impersonate="true"></identity>” is included in web.config file.
If not, add it to web.config file to see if the issue still occurs.
Best regards.
Thanks
Victoria Xia
TechNet Community Support -
Web service client authentication problem
I applied security role to deployed web services. When I use clientgen to generate client stub or using java client to get WSDL, I got authentication error asking for username and password.
This only happens when I use import in my WSDL file to import other schema files. I think the authentication process happened when retrieving wsdl file, but not import schema files.
Is this some kind of BEA bugs or known issue?
Any advice is appreciated.Yes, this is a problem. It should be fixed in upcoming release. The work around is embeding the schema to WSDL or run clientgen against a local copy.
-
EJB3 Web Service - basic authentication
I have a very simple EJB @WebService in an EJB jar and placed in an EAR. The web service has an @RolesAllowed annotation on a role called WSS_USER.
I have a weblogic-ejb-jar.xml file containing..
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-ejb-jar xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.bea.com/ns/weblogic/10.0" xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0 http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
<weblogic-enterprise-bean>
<ejb-name>TestWebServiceEJB</ejb-name>
<enable-call-by-reference>True</enable-call-by-reference>
</weblogic-enterprise-bean>
<security-role-assignment>
<role-name>WSS_USER</role-name>
<principal-name>WSS_USER</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>
I have created the correct WSS_USER principal within Weblogic.
If I test the web service using SoapUI I get:
<message>[EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=Test, module=Bedrock.server.services.local.jar, ejb=TestWebServiceEJB, method=test, methodInterface=ServiceEndpoint, signature={}.</message>
How do I get basic authentication working with this web service?
In glassfish I add the following into sun-ejb-jar.xml and it works fine:
<ejb>
<ejb-name>TestWebServiceEJB</ejb-name>
<webservice-endpoint>
<port-component-name>TestWebServiceEJB</port-component-name>
<endpoint-address-uri>ctx/TestWebServiceEJB</endpoint-address-uri>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</webservice-endpoint>
</ejb>
Is there an equivalent in weblogic?
Thanks,
MattI was hoping it could be achieved without weblogic specific annotations?
What I'm after is an example of a simple EJB3 web service in a jar, inside an ear, with no war file.
I'd then like BASIC authentication on that web service.
Something that can be dropped into any app server.
Matt -
Web Services with Authentication - User Name and Password.
How to create a web service and web service client where the need is to authenticate using SOAP Header based authentiacation. The authentication is to be based on UserName and Password in the SOAP Header.
Regards
Pramod.Dear Pierluigi Vernetto
What is meant when they say to include SOAPHeader with the parameters UserName, Password for Authentication. How this type of authentication is done.Can you please provide some code snipped to facilitate. I am new to the web services and did successfully a web service generation and client generation using WSDL.
WSDL Snippet :
- <wsdl:operation name="RegisterService">
<soap12:operation soapAction="http://www.abc.com/webservices/RegisterService" style="document" />
- <wsdl:input>
<soap12:body use="literal" />
<soap12:header message="tns:RegisterServiceAuthenticate_Info" part="Authenticate_Info" use="literal" />
</wsdl:input>
- <wsdl:output>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
- <wsdl:types>
- <s:schema elementFormDefault="qualified" targetNamespace="http://www.abc.com/webservices/">
- <s:element name="RegisterService">
- <s:complexType>
- <s:sequence>
- <s:element minOccurs="0" maxOccurs="1" name="InputText">
- <s:complexType>
- <s:sequence>
<s:any />
</s:sequence>
</s:complexType>
</s:element>
</s:sequence>
</s:complexType>
</s:element>
- <s:element name="RegisterServiceResponse">
- <s:complexType>
- <s:sequence>
- <s:element minOccurs="0" maxOccurs="1" name="RegisterServiceResult">
- <s:complexType>
- <s:sequence>
<s:any />
</s:sequence>
</s:complexType>
</s:element>
</s:sequence>
</s:complexType>
</s:element>
<s:element name="Authenticate_Info" type="tns:Authenticate_Info" />
- <s:complexType name="Authenticate_Info">
- <s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="UserName" type="s:string" />
<s:element minOccurs="0" maxOccurs="1" name="Password" type="s:string" />
</s:sequence>
<s:anyAttribute />
</s:complexType>
If i simply create the web service using the WSDL , will the Authenticate_Info will be taken care of.
What needs to be done for the Client side .jsp code and how this information of UserName and Password will be passed while making the call to the web service.
regards
Pramod. -
Web service basic authentication
I'm trying to setup a web service manually and I have the WSDL. I want to try to leverage the basic authentication option but the controls to activate this for the manual web service definition are disabled. Anyone have any idea why? Or better yet, how to enable them?
EarlThe username name bassword is for HTTP Basic Authentication. I am not sure that your Web service is requesting basic authentication. It looks like it is expecting credentials to be passed in the SOAP header.
If that is the case, the WSDL should describe what the parameters in the SOAP header should be. Can you post the WSDL? -
Oracle UCM - Web Services and Authentication
Hello all...
Easy question...
Can you call UCM Web Services anonymously? Basically with "guest" rights? If so, any examples how...? I'm using VB.NET
More complicated question and advice seeking...
I am trying to create an ASP.NET form that will send an email with a content item as an attachment. I was going to attempt to use the web services to get the document info and actual files, and then use ASP to fire off the email. The user will either be logged into our site with (ExtranetLook component) valid credentials, or be viewing the site as guest/anonymous. As far as I can figure, I can only call the web services if I have some kind of authentication... I cannot call it w/o any auth, and I cannot somehow pass in the currently logged in users authentication credentials to the service... I really need to know the username/password, or use Windows Authentication (which is not possible on this public site). Any suggestions for how I can get around this problem?
Thanks,
DaveNo resolution here... it seems if we want to do this, we need to create an admin web service account, but that takes the users security out of the picture and we don't want to do that. We're looking into some alternatives here, but I'm sure that's not going to help you. Sorry.
-
Issue in accessing Client Web Service 401 authentication error
Hi,
I have a requirement where i need to call a web service from SOA composite. When i deploy the service on SOA Server and try accessing it i get below error
**oracle.fabric.common.FabricException: Cannot read WSDL "{http://www.service-now.com}ServiceNow_u_incident" from Metadata Manager.: Error in getting XML input stream: https://XXXXXXX.service-now.com/incident.do?WSDL: Response: '401: Unauthorized' for url: 'https://XXXXXXXX.service-now.com/incicdent.do?WSDL'**
If i go from broweser and hit the url it asks for my ldap / windows credential.
My question is how to i pass these credentials from Composite.
sample service
https://demo.service-now.com/incident.do?WSDL
ShirishTo pass HTTP Basic Auth from an External Reference in a composite_
Set up in the EM
1. Create the credentials in the EM
- In the EM Weblogic Domain > right click the domain name
- Choose Security > Credentials
2. Create an oracle.wsm.security map
This is where the http token details are held
- If the oracle.wsm.security does not exist create one (Create Map)
- call it oracle.wsm.security
3. Create the Key
- Click create Key
- Enter the following values
Select Map -> oracle.wsm.security
Key -> Key name
Type -> Password
Username -> << basic auth username required >>
Password -> << basic auth password required >>
Description -> Clear text description
Note : Make the key name specific to the service you are accessing i.e. basic.credentials.sitea.demo
Secure the Reference Partner Link
In JDeveloper
Open the composite that needs securing
Right click on the external reference
Select Configure WS Policies
For Security, click the + button
Select the oracle/wss_http_token_client_policy entry
Select this and click the pencil button to edit the Override Value.
In the override value column (csf-key), enter the credential key name you wish to use. i.e. basic.credentials.sitea.demo
Deploy the service, and this will now be secured against the Basic Auth.
This does not address SSO / Windows AD integration from the client, this is where a Web Service is protected by basic auth. If you need to integrate with AD as SSO etc then you will need to configure Kerberos. That is a much bigger explaination that you will probably find on the Net.
Good luck
Edited by: rodhiggins on 28/05/2013 22:52 -
Calling external web service - Proxy Authentication error
Using Developer 10.1.3.3 and following OTN example http://www.oracle.com/technology/products/forms/htdocs/10gr2/howto/webservicefromforms/ws_10_1_3_from_forms.html.
I have followed the above example and am trying to test the SendServiceSoapClient.java in JDeveloper. The class compiles ok but when I run it I receive the following error in the log window :
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 407 Proxy Authentication Required
As I was able to create the proxy with no problems, the proxy settings in Tools->Preferences are valid. I don't understand at what point it is failing as I am able to access the wsdl in the example from JDeveloper. I have checked the system settings for the proxy (username/pwd/host etc) at run time and they are as expected.
Can anyone make any suggestions? I have had my user details checked on our proxy server and it is not blocked from performing any actions. Is the message indicating I am being blocked from accessing the service from the suppliers end?I have a solution for the problem I encountered.
My collegues who look after the proxy server and network first tried to bypass authentication for the web site www.esendex.com (where the service resides). The same error occurred when trying to call the service.
They then set up a route on the network to send the request straight to www.esendex.com and a rule on the firewall to allow the request 'out'. This has done the trick and the request passes through!
Unfortunately, I am not much clearer as to why our proxy server is configured to block this message type and how come it can't be changed! Hey ho, I have a solution for now!
Maybe you are looking for
-
B1ic - B1 8.81 PL01 500 error in Dashboard Widget
Hello all expert, In the B1 client, I see an error in opening the Dashboard Cockpit. I read all the troubleshoot guide and still cannot find a solution... Im using 8.81 PL01 and the Integration Component and using company database SBODemoSG. The B1iC
-
Need help pl/sql function body returning SQL query - Reports
I need help with Grouping by on a report that I developed in my application. I have posted my Code in Apex.oracle.com workspace : c a s e _ m a n a g e m e n t User Id : public Password : public I need help on Page 38 Reports. I get blank lines when
-
Host hangs during bootup after installing Hyper-V Role
My hyperv test box is a Dell Optiplex 980, i7, 8GB RAM. Due to small data partitions I had to rearrange the partitions on the disk. Before this the layout was like this: #1 primary WS2008R2SP1 #2 primary WS2012 RTM Build9200 #3 primary ext3, boot par
-
Bt Infinity 2, A loss of 10mbps
Over the last 3 days i've lost significant speed, I was reciving 23mpbs as a standard. I've tested via eithernet in safe mode iphone restarting box I've have also looked at netstat's and that looks fine so any ideas?? [URL=http://www.speedtest.net][I
-
User dictionary edit --- how to?
How do I edit my user dictionary on my iPhone? Mac?