Working with Web Service Security

Similar Messages

• Error while deploying when working with web service

  Hi friends,
  I am working with web service. When i try to run the build.xml, I'm receiving an error as follows:
  *[javac] D:\MyWorkspace\MyProjectWeb\Javasource\aaa\bbb\ccc\ws\endpoint\ListenerServiceEndpoint.java:27: package org.springframework.ws.server.endpoint does not exist
  [javac] import org.springframework.ws.server.endpoint.AbstractDomPayloadEndpoint;
  [javac] ^ *
  Could anyone please help me in getting this solved??
  Thanks in Advance,
  Robis

  Pretty self-explanatory - the Spring framework jars are missing from the classpath used in compilation.
  If you don't have them, get them from www.springframework.org.

• [OSB Kernel:398133]The service is based on WSDL with Web Services Security

  Team,
  I need to use the wsdl given by external client. When I create a osb business service, I am receiving the below error.
  OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.     ...
  WSDL:
  http://personator.melissadata.net/v3/SOAP/ContactVerify
  We don't have OWSM set up. Is there any workaround that I can use to connect to this service for OSB?

  As a workaround, you can try to remove the Policy definition and reference from the copy you will import in OSB.
  I would recommend to add OWSM to your domain. It's a straight forward process.
  Regards,
  Fabio.

• SOAP Request with Web Service Security

  Hi masters of XI,
  the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
  I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  How can we send UserNameToken's elements inside SOAP web service envelope
  signing with X.509 certificate also? There are any way to do it in the
  receiver agreement or receiver SOAP adapter?
  thanks.

  Hi,
  thank you very much for your answers.
  I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
  This is my Request:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>     
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>
  And this is the request I need:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>
  <!-- THIS IS THE PART I NEED -->
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
          <wsse:Username>xxxxxxx</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
        </wsse:UsernameToken>
  <!--  -->
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>

• Issue with Web Service Security

  Dear Forum Members and Readers,
  I am a beginner to Web Services, and facing an issue with WS-Security.
  My issue seemingly is quite specific to my projects though, It will be great if you can provide me your views.
  Context Description:
  I am developing a Java Web Service application that is deployed on JBoss Application Server.
  This application will communicate with two other applications those are not deployed in same JBoss Application Server.
  These 2 applications are third party applications, one is C++ based web services and other is Java based web services.
  My application gives a call to Third Party Application1 and receives the response back form it. It then passes this received response to Third Party Application 2.
  Issue Description:
  I now need to enable https paradigm among these 3 applications. (I need to implement web service security model here)
  I started with looking in to JBoss specific WS-Security but found it not suitable in my case, as it requires to configure both the client and server. I have the control over my application but not on other 2 third party applications.
  To this extent, I am unable to identify a solution that can address my issue.
  Can anybody please provide me with initial thoughts or any reference material that might help me to give this a start.
  Any clue will be highly appreciated!
  Thanks in advance
  Mukul

  mukul.object wrote:
  Actually, my SOAP messages contains some critical information that needs to be encrypted.You think that its critical information however your third party doesn't. If they would have had same thought they would have enabled the security. As I said earlier, you will have to discuss this with them.
  Another solution (however I don't know the viability in your case) could be to deploy one component before each third party service. Your web service will call this new component (Which is installed in their environment i.e. local to third party web service) and new component will forward the request to third party service. Now you can apply security/encryption/decryption between your web service and your component.
  I have had a look in to XMLEncrytion using that I can encrypt my SOAP messages but I wonder how would other tools decrypt that.My above comments answers this.
  Is there anyway I can encrypt my SOAP messages (without having to customize third party tools) in this scenario ??My above comments answers this.

• JDeveloper is becoming too slow when you work with web services

  Hi,
  I am trying to write some web services code but after generating the Java classes from the WSDL the IDE becomes extremely slow.
  I need to wait 5-10 seconds each time while writing a word in Java editor. I tried to disable auto suggest and all the fancy things like that but could not make it faster.
  Any suggestions ?
  I am using JDeveloper 11g r1p1.
  Thanks

  Hi,
  I don't have any backing bean for this project. I am implementing a web service by using a WSDL. I guess the problem is JDeveloper can't handle having so many Java files .
  When I generate the Java classes from the WSDL I end up having hundreds of Java classes and some are a little long. Looks like it is the same behavior that you mentioned about having big backing bean classes..
  For now I am using IntelliJ Idea for editing the Java code and I use JDeveloper for running only. Idea doesn't bother having that many Java files and works as it supposed to work.
  Thanks

• Please help with web services (JSR 172)

  Hello!
  I'm in need of some help. I've only worked with web services some few weeks. I have two web services that I want to access from J2ME.
  Both works nice in regular Java (J2SE). I use axis so with the help of WSDL2Java I got a working client.
  One of them has four operations
      public boolean tryToLoginUser( String username, String password ) {}   
      public boolean tryToLogOffUser( String username, String password ){}
      public boolean createUserAccount( String username, String password ){ }
      public boolean removeUserAccount( String username, String password ){ } The problem is when I want to use Sun's Wireless Toolkit 2.2 and create stubs that way with the Stub Generator. It complains with this
  warning: Operation tryToLoginUser is of the wrong encoding SOAP style/use (rpc/encoded).  Document/literal only.  Skipping generation of operation.
  warning: Operation tryToLogOffUser is of the wrong encoding SOAP style/use (rpc/encoded).  Document/literal only.  Skipping generation of operation.
  warning: Operation createUserAccount is of the wrong encoding SOAP style/use (rpc/encoded).  Document/literal only.  Skipping generation of operation.
  warning: Operation removeUserAccount is of the wrong encoding SOAP style/use (rpc/encoded).  Document/literal only.  Skipping generation of operation.What I can tell is I need to put this in my axis deployment descriptor
  <service name="UserWebService" provider="java:RPC" style="document" use="literal">instead of this:
  <service name="UserWebService" provider="java:RPC">This wont work. It don't work with HTTP GET I get this error
    <?xml version="1.0" encoding="UTF-8" ?>
  - <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  - <soapenv:Body>
  - <soapenv:Fault>
    <faultcode>soapenv:Server.userException</faultcode>
    <faultstring>org.xml.sax.SAXException: SimpleDeserializer encountered a child element, which is NOT expected, in something it was trying to deserialize.</faultstring>
  - <detail>
    <ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">slukare</ns1:hostname>
    </detail>
    </soapenv:Fault>
    </soapenv:Body>
    </soapenv:Envelope>I doesn�t work with WSDL2Java and when I run Sun's Wireless Toolkit 2.2 to generate stub it complains with
  warning: ignoring operation "tryToLoginUser": more than one part in input message
  warning: ignoring operation "tryToLogOffUser": more than one part in input message
  warning: ignoring operation "createUserAccount": more than one part in input message
  warning: ignoring operation "removeUserAccount": more than one part in input message
  warning: Port "UserWebService" does not contain any usable operationsDoes this mean I can only use one parameter for input in an operation when I use style="document" use="literal" ??
  I understood it that way, so I created a new web service that takes username and password in one String.
  The new web service has four operations
      public boolean tryToLoginUser( String usernameAndPassword ) {}   
      public boolean tryToLogOffUser( String usernameAndPassword ){}
      public boolean createUserAccount( String usernameAndPassword ){ }
      public boolean removeUserAccount( String usernameAndPassword ){ }The problem is that I get this error when running HTTP GET.
    <?xml version="1.0" encoding="UTF-8" ?>
  - <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  - <soapenv:Body>
  - <soapenv:Fault>
    <faultcode>soapenv:Server.userException</faultcode>
    <faultstring>org.xml.sax.SAXException: SimpleDeserializer encountered a child element, which is NOT expected, in something it was trying to deserialize.</faultstring>
  - <detail>
    <ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">slukare</ns1:hostname>
    </detail>
    </soapenv:Fault>
    </soapenv:Body>
    </soapenv:Envelope>If I get a WSDL2Java client it works (!) if I manually changes the parameter names. I have four operations which all takes
  String usernameAndPassword
  in one String since I can only use one parameter with style="document" use="literal"
  The WSDL2Java automatically set the parameter names to
  usernameAndPassword
  usernameAndPassword1
  usernameAndPassword2
  usernameAndPassword3
  for the different operations. If I manually changes them to all have the name
  usernameAndPassword
  it works. Why doesn�t it work without manual changes? I haven�t tested the code from Sun�s Wireless Toolkit 2.2 Stub Generator yet, but that at least doesn�t give any errors .
  My other web service doesn�t work either if I set style="document" use="literal".
  This web service returns my own classes I have written. It works as I said previously in J2SE with WSDL2Java, but not with style="document" use="literal�. When I set this my byte[] which is returned is null when using the client from WSDL2Java, this wasn�t the case without style="document" use="literal�.
  I also get an error in Sun�s Wireless Toolkit 2.2 that byte[] is not recoigniced. This wasn�t the case with axis WSDL2Java.
  If I put this inside the axis deployment descriptor
  <deployment xmlns="http://xml.apache.org/axis/wsdd/"
           xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
         <service xmlns:j2melab2="urn:businessobject.j2melab2"
                   name="RecipeWebService" provider="java:RPC" style="document" use="literal">
            <parameter name="scope" value="session"/>
            <parameter name="className" value="j2melab2.webservices.RecipeWebService"/>
            <parameter name="allowedMethods" value="*"/>
                  <typeMapping qname="j2melab2:ArrayOfString"
                               type="java:java.lang.String[]"
                               serializer="org.apache.axis.encoding.ser.ArraySerializerFactory"
                               deserializer="org.apache.axis.encoding.ser.ArrayDeserializerFactory"
                               encodingStyle="http://schemas.xmlsoap.org/soap/encoding"/>
                  <beanMapping qname="j2melab2:Recipe" languageSpecificType="java:j2melab2.businessobject.Recipe"/>         
                  <beanMapping qname="j2melab2:Ingredient" languageSpecificType="java:j2melab2.businessobject.Ingredient"/>         
                  <typeMapping qname="j2melab2:ArrayofIngredient"
                               type="java:j2melab2.businessobject.Ingredient[]"
                               serializer="org.apache.axis.encoding.ser.ArraySerializerFactory"
                               deserializer="org.apache.axis.encoding.ser.ArrayDeserializerFactory"
                               encodingStyle="http://schemas.xmlsoap.org/soap/encoding"/>
                  <typeMapping qname="j2melab2:ArrayOfByte"
                               type="byte[]"
                               serializer="org.apache.axis.encoding.ser.ArraySerializerFactory"
                               deserializer="org.apache.axis.encoding.ser.ArrayDeserializerFactory"
                               encodingStyle="http://schemas.xmlsoap.org/soap/encoding"/>                            
       </service>
  </deployment>instead of this
  <deployment xmlns="http://xml.apache.org/axis/wsdd/"
           xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
         <service xmlns:j2melab2="urn:businessobject.j2melab2"
                   name="RecipeWebService" provider="java:RPC">
            <parameter name="scope" value="session"/>
            <parameter name="className" value="j2melab2.webservices.RecipeWebService"/>
            <parameter name="allowedMethods" value="*"/>
                  <typeMapping qname="j2melab2:ArrayOfString"
                               type="java:java.lang.String[]"
                               serializer="org.apache.axis.encoding.ser.ArraySerializerFactory"
                               deserializer="org.apache.axis.encoding.ser.ArrayDeserializerFactory"
                               encodingStyle="http://schemas.xmlsoap.org/soap/encoding"/>
                  <beanMapping qname="j2melab2:Recipe" languageSpecificType="java:j2melab2.businessobject.Recipe"/>         
                  <beanMapping qname="j2melab2:Ingredient" languageSpecificType="java:j2melab2.businessobject.Ingredient"/>         
                  <typeMapping qname="j2melab2:ArrayofIngredient"
                               type="java:j2melab2.businessobject.Ingredient[]"
                               serializer="org.apache.axis.encoding.ser.ArraySerializerFactory"
                               deserializer="org.apache.axis.encoding.ser.ArrayDeserializerFactory"
                               encodingStyle="http://schemas.xmlsoap.org/soap/encoding"/>
       </service>
  </deployment>axis WSDL2Java won�t work anymore. And Sun�s Wireless Toolkit doesn�t work either with this. How can I get this to work with Sun�s Wireless Toolkit 2.2?
  So my questions are:
  Do I really need style=�document� use=�literal� for J2ME?
  Can I only have one parameter as input when I use style=�document� use=�literal� ?
  Why do I need to manally change the parameter names?
  How can I make Sun�s Wireless Toolkit 2.2 understand byte[] ?
  Many thanks for help :) (I have to present a solution in 1 � week to my J2ME teacher L).

  hi,
  i was wandering if you manage to successfully generate the stubs through the wireless toolkit at the end? i am currently having similar problem (i.e., trying to generate stub files based on wsdl from axis)? it seems that the WTK can only handle document/literal format, and so i change the wsdl to that. however, now it complains that it can't handle more than one input part in the message, (which is similar to the problem you had). so did you manage to find a solution to that, or J2ME simply does not support more than one arguement as the input?
  thanks in advance,
  lee

• Web Service Security with SAML - Invalid XML signature

  Hello together,
  we want to build a scenario where we want to use Web Service Security  with SAML.
  The scenario will be
  WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
  SAP PI release is 7.11 (SP Level 4)
  We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
  The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
  But we get following error at calling the CRM system when we want to communicate with SAML:
    <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
  Has somebody an idea of the possible reason for the error.
  Thanks in advance
  Stefan

  Error Messages in the Trace/Log Viewer:
  CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
  A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
  Invalid XML signature

• Java Web Services Security with 10.1.2.1

  I have developed a Java Web Service with J Developer 10.1.2.1 which was deployed onto Oracle 10.1.2.1 application server. Now I have to implement Security for this Web Service (similar to ws-security etc.,), how I can achieve Security with 10.1.2.1?
  J Developer 10.1.3.1 seems to have the feature to implement Web Service Security, but a Java Web Service developed using J Developer 10 .1.3.1 with security enabled cannot be deployed onto Oracle 10.1.2.1 application server.
  Please help as how I can implement Java Web Service Security with 10.1.2.1?
  Email: [email protected]
  Thanks for the help in advance.

  You can use Oracle Web Services Manager to virtualize the end point and still implement WS-Security.
  Thanks
  Ram

• Security with Web Service calling some EJBs

  Hi everybody,
  I have implemented some web services residing in a war file deployed on my Tomcat. The web services module is a client to some EJBs deployed on my JBoss. I need to log the user in my realm on each WS request and log the user out before the WS response.
  I have implemented security on web applications with JBoss and used JAAS realms succesfully but what do I do in this case with Web Services? I mean the requests are stateless. If I use the org.jboss.security.ClientLoginModule
  won't this override the credentials of another user who is already logged in the realm?
  I have also implemented a standalone application which spawns a thread for each user request and I am wondering about the same thing. This application is a service listening for some kind of messages; on a message the application should log the user in the realm before calling an EJB and log the user after the request is completed. So it's more or less the same situation as above.
  Is this possible? I mean logging many users in the same realm in one non-web application?
  Any ideas?
  Thank you in advance!!!
  thoism

  requests are stateless, just as are requests to webapps.
  Which is hardly surprising as a web services stack is typically implemented as a web application.
  If you could log in only a single user at the same time to an EJB application, it would be rather pointless to have the application as a distributed multiuser system :)
  What you might check is whether you're allowed to log in the same user several times, if I remember correctly this can be limited in the EJB module deployment descriptors.

• Web service security in PI

  Mine is PROXY to SOAP asynchronous.
  PI consumes the service, my requirement is when PI calls the service I need to pass web service security in SOAP header.
  so that at receiver statem they can validate the user using these.
  When i am calling webservice from soapui with the header parameters
  Username , Password and Password Type - PasswordText , it is able to get results. The soapui tool automatically adds the following in the soap header -
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-9368150" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>xxxxx</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxxxx</wsse:Password>
  <wsse:Nonce>aOA1P6t2hJPRyuraQ/IliQ==</wsse:Nonce>
  <wsu:Created>2009-07-10T14:58:33.781Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  What configuration needs to be done in PI.

  I got this in Runtime work bench
  <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  - <SOAP:Header>
  - <sap:Main xmlns:sap="http://sap.com/xi/XI/Message/30" versionMajor="3" versionMinor="0" SOAP:mustUnderstand="1" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
    <sap:MessageClass>ApplicationMessage</sap:MessageClass>
    <sap:ProcessingMode>asynchronous</sap:ProcessingMode>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:TimeSent>2009-07-15T15:46:10Z</sap:TimeSent>
  - <sap:Sender>
    <sap:Party agency="" scheme="" />
    <sap:Service>test2310</sap:Service>
    </sap:Sender>
  - <sap:Receiver>
    <sap:Party agency="" scheme="" />
    <sap:Service>test_serivce</sap:Service>
    </sap:Receiver>
    <sap:Interface namespace="urn:Publish">msgIF_publish_I_Async</sap:Interface>
    </sap:Main>
  - <sap:ReliableMessaging xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:QualityOfService>ExactlyOnce</sap:QualityOfService>
    </sap:ReliableMessaging>
  - <sap:Diagnostic xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
    <sap:TraceLevel>Fatal</sap:TraceLevel>
    <sap:Logging>On</sap:Logging>
    </sap:Diagnostic>
  - <sap:HopList xmlns:sap="http://sap.com/xi/XI/Message/30" SOAP:mustUnderstand="1">
  - <sap:Hop timeStamp="2009-07-15T15:46:10Z" wasRead="false">
    <sap:Engine type="BS">test_serivce</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:11Z" wasRead="false">
    <sap:Engine type="IS">is.68.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XI</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    <sap:Info>3.0</sap:Info>
    </sap:Hop>
  - <sap:Hop timeStamp="2009-07-15T15:46:12Z" wasRead="false">
    <sap:Engine type="AE">af.dxi.devai020</sap:Engine>
    <sap:Adapter namespace="http://sap.com/xi/XI/System">XIRA</sap:Adapter>
    <sap:MessageId>4a3a1651-b19b-0199-e100-8000aa064690</sap:MessageId>
    </sap:Hop>
    </sap:HopList>
    </SOAP:Header>
  Edited by: Vamsi on Jul 15, 2009 7:06 PM

• RWB - Integration Engine self test - web service security and proxy

  Hi,
  I am working with a new installation of PI 7.0. In the runtime workbench, under self test for integration engine, there is this error/warning:
  ""Details for 'Is Web service security available?'
  Communication error: Proxy calls are not permitted on sender or receiver side on the IS (client)""
  What exactly is the problem? Is there any additional configuration needed within PI to use proxies? We do not have the cryptographic toolkit installed. Is that nesseccary to work with proxies? We have done several other scenarios with RFC, MAIL, HTTP, etc and they work fine. If anyone else had this problem and managed to fix it, please let me know..
  Thanks,
  Lasya

  You can ignore this error. It is  simply a warning that says message level security has not been configured. Without message security too, you can do proxy communication.
  But, if you want to configure messag level security, go through XI Config guide section 12.4.
  Message was edited by: Jay

• Visual Admin: error on loading service Web Services Security ?  HELP

  I wanted to consume a webservice to a remote R3 ECC 5 webservice with Visual Composer.
  I added a web service client for VComposer using visual admin as:
  Cluster->services->webServicesSecurity->
     SecurityConfiguration->WebServiceClients->DynamicWSProxies->New
  Added the remote host to R3 ECC5
       <b>http://<host>:8000/inspection.wsil</b>
  I keyed in the SID, client and language as per /people/community.user/blog/2007/04/04/consuming-webservice-in-visual-composer-1  .
  I changed the security authentication to Basic and keyed in right user and password,  saved the data.
  It worked fine.
  After I changed few values for SID, user, password on this properties, it gave me ERROR on loading service Web Services Security.
  Can you please help to reset and put back the old config.
  Thanks;

  Thanks, I restarted it after an hour, it is working fine.

• Log4j.jar issue under Web Service Security Module

  I am running into an issue with log4j.jar for WebLogic OES PDP. there is a custom appender class that extends org.apache.log4j.AppenderSkeleton, if we packed into one jar file under \bea\ales32-ssm\webservice-ssm\lib\log4j.jar everthing is fine. if we split this class with another jar file(sth like patch.jar) and add a entry in the config file WLESws.wrapper.conf under bea\ales32-ssm\webservice-ssm\instance\WSSM\config and it failed with this error,
  but an error is
  generated when starting the WSSM(Web Service Security Module):
  log4j:ERROR A "com.foo.AuditJMSQueueAppender" object is not assignable to a "org.apache.log4j.Appender" variable.
  log4j:ERROR The class "org.apache.log4j.Appender" was loaded by
  log4j:ERROR [com.bea.security.providers.utils.InverseURLClassLoader@5f7d3f] whereas object of type
  log4j:ERROR "com.foo.AuditJMSQueueAppender" was loaded by [sun.misc.Launcher$AppClassLoader@a18aa2].
  log4j:ERROR Could not instantiate appender named "JMS_AUDIT".
  130
  ARME is started now
  Rendering object type: AuditAtzEvent
  I have tried add java option:log4j.ignoreTCL=true. in this WLESws.wrapper.conf file, but does not work.
  How to resolve this issue, Thanks for your help!

  hi
  Can anyone help with this...

• How to make my Portal Web Service SECURED?

  Hi Experts,
  I created one portal Service and exposed it as Portal Web Service.
  Everything is working fine, as i deployed my Portal Web Service on to the SAP J2EE Engine ie SAP Server.
  I m able to access functions of Web Service from my StandAlone Java Application.
  but the problem is my Web Service is not SECURED.
  How can i make my Portal Web Service SECURED?
  Please help me out.
  Help will be appreciated and rewarded!!!!!

  user13046122 wrote:
  I have an old pl/sql "helper" package, originally written to make SOAP Web Service calls from the database - it uses UTL_HTTP to invoke the target services.
  I now need to make SOAP Web Service calls - from an 8.1.7.4 database
  But the version of UTL_HTTP inside 8.1.7.4 does not contain the functions needed in the helper package
  Can anybody suggest a means of making SOAP Web Service calls from an 8.1.7.4 database ?I think you'll be very lucky to find anyone here who still has access to a version of Oracle that is that old.... I mean... that's like what? 15 years old at least? I'm surprised you've still got hardware that can run that.
  It would probably help if you could post what code you've got and explain which function(s) it's complaining about, as I doubt people will want to guess.