WS-Security Username
Hi, I used Web Service Manager to password protect a BPEL process. What I would like to do now is extract the username in my BPEL process into a variable. Is there a way to do that?
Regards,
Marinus Snyma
From the title of your posting I conclude that you are using WS-Security? In that case you probably have Web Server Manager configured to retrieve the credentials from the SOAP message itself? So I think the question you wanted to ask is how you can retrieve the credential from the SOAP message when it uses WS-Security, or more precisely from the authentication header. I'm not an expert on that, but I expect that you can access that in a similar way you can access other data from a SOAP header.
Jan Kettenis
Similar Messages
-
Web Service Security Username Token Issue
Hi,
I am trying to implement WS-Security (Username Token) on web services deployed on Weblogic Server 8.1 (sp4). The deployment works fine but whenever I try to invoke the service using auto generated client stub (created using clientgen) or weblogic server console (service test page) , I get the following error:
<Nov 8, 2006 12:01:46 PM GMT+05:30> <Info> <WebService> <BEA-220024> <Handler weblogic.webservice.core.handler.WSSEClientHandler threw an exception from its handleRequest method. The exception was:
java.lang.AssertionError: Bad password type: wsse:PasswordText.>
Failed to create web service client:java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace)
Detail:
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">java.lang.AssertionError: Bad password type: wsse:PasswordText
at weblogic.xml.security.wsse.v200207.UsernameTokenImpl.<init>(UsernameTokenImpl.java:64)
at weblogic.xml.security.wsse.v200207.SecurityElementFactoryImpl.createToken(SecurityElementFactoryImpl.java:59)
at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:300)
at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
at com.cts.sipservices.implementation.client.MrmPartyServiceImplementationPort_Stub.getParty(MrmPartyServiceImplementationPort_Stub.java:46)
at com.cts.sipservicesclient.client.SecureClient.<init>(SecureClient.java:76)
at com.cts.sipservicesclient.client.SecureClient.main(SecureClient.java:38)
</bea_fault:stacktrace>
</detail>; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace)
This is the ‘security’ tag of my ‘web-services.xml’:
<security>
<spec:SecuritySpec xmlns:spec="http://www.openuri.org/2002/11/wsse/spec"
Namespace="http://schemas.xmlsoap.org/ws/2002/07/secext"
Id="default-spec">
<spec:UsernameTokenSpec xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
PasswordType="wsse:PasswordText">
</spec:UsernameTokenSpec>
</spec:SecuritySpec>
</security>
ThanksApply these debug flags, to get some more debug information from WSSE server side processing following debug flags are helpful:
-Dweblogic.webservice.security.debug=true
-Dweblogic.webservice.security.verbose=true -
Consuming Web Service using WS-Security: USERNAME Token
Hi ABAP Experts,
we like to consume a self defined web service between to SAP systems (ECC6 701/006). Without any security settings the connection is successfully. But we like to setup a message security like USERNAME Token.
The wss profiles are already created by using TX: WSSPROFILE. Therefore we used the templates "SET_USERNAME" and "CHECK_USERNAME". The service user "DELAY_L<sid>" has been generated as well. The problem is in SOAMANAGER we can't find the related configuration (For Provider and Consumer) to set the parameters "PROFILE In" and "Profile Out" like it was in the obsolete TX "LPCONFIG".
Can anybody help me to find out how to configure USERNAME Token using SOAMANAGER.
Thank you very much in advance.
Kind regards
AxelHi,
The following articles would be helpful:
.net call WS-Security enabled web service (created in java)
http://stackoverflow.com/questions/2138129/net-call-ws-security-enabled-web-service-created-in-java
WS-Security Protocol with .NET – A Overview
http://www.c-sharpcorner.com/UploadFile/mahesha/WSSecurityProtocol11232005052243AM/WSSecurityProtocol.aspx
An introduction to Web Service Security using WSE - Part I
http://www.codeproject.com/Articles/7062/An-introduction-to-Web-Service-Security-using-WSE
As this question is not relate to SharePoint, I suggest you post it to a suitable Forum, you will get more help and confirmed answers from there.
Best Regards
Dennis Guo
TechNet Community Support -
WS-Security Username Token issue with soap receiver
Hi All,
I have Proxy to SOAP scenario. Receiver web service is expecting below message in the soap header for authentication purpose.
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password Type="PasswordText">Password< wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
User will trigger the message from ECC using some transaction. I need to pass this triggering person’s username and password to soap header dynamically. There are more than 2000 users in the system.
How can I retrieve this username and password and bind it to <wsse:Security> node?
Is it possible to achieve?
Please note: User’s details will not come in the message payload. I cannot user look up here.
Regards,
MuniAsked web service team to use one service account for authentication. Used this blog How to Configure AXIS Framework for Authentication Using the "wsse" Security Standard in SAP PI to configure axis framework. Now we are able to send message to web service.
Regards,
Muni. -
Web Service Security username token...
Hi All,
I am presently trying to build in security authentication into my web service using the username-token and the verify-username-token tokens.
My WS_stub.xml on the proxy side looks like the following:-
other tokens
<security>
<inbound/>
<outbound>
<username-token name="NAME" password="PASS" password-type="DIGEST" add-nonce="true" add-created="true"/>
</outbound>
</security>
other tokens
and my oracle-webservices.xml on hte web service side looks like the following:-
other tokens
<security>
<inbound>
<verify-username-token name="NAME" password="PASS" password-type="DIGEST"
require-nonce="true"
require-created="true"/>
</inbound>
<outbound/>
</security>
other tokens
I have set the javacache.xml for the embedded OC4J location as follows:-
</persistence>
<max-objects>1000</max-objects>
<max-size>48</max-size>
<clean-interval>60</clean-interval>
</cache-configuration>
When I run the web service followed by the proxy I get the following error at the proxy side.
javax.xml.rpc.soap.SOAPFaultException: Policy requires DIGEST passwords
at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:60)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:47)
Also it gives exceptions with repect to nonces such as "Policy requires nonce". Please could someone tell me how to setup an nonce in the xml files above and how to use nonce in web services?
Regards,
Lester.Hi All,
Presently I am trying to set the security for my web service and am receiving the following error when doing so at the proxy side:-
oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createSoapFaultException(InterceptorChainImpl.java:338)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleException(InterceptorChainImpl.java:256)
at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:128)
at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:699)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:62)
at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:49)
Process exited with exit code 0.
My WS_Stub.xml file under runtime of the proxy project looks as follows:-
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://trailerinfo/" localpart="TrailerWS"/>
<port-info>
<wsdl-port namespaceURI="http://trailerinfo/" localpart="TrailerWSSoapHttpPort"/>
<runtime enabled="security">
<security>
<key-store name="mytestkeystore" store-pass="mytestkeystore" path="C:\Temp\mytestkeystore.jks"/>
<signature-key key-pass="sampwd" alias="sam"/>
<encryption-key key-pass="davepwd" alias="dave"/>
<inbound>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key alias="dave"/>
<encryption-method>3DES</encryption-method>
<keytransport-method>RSA-1_5</keytransport-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
<operations>
<operation name='addtrailerinfo'>
<runtime>
<security>
<inbound/>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key alias="test"/>
<encryption-method>3DES</encryption-method>
<keytransport-method>RSA-1_5</keytransport-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
My oracle-webservices.xml file looks like the following:-
<oracle-webservices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/oracle-webservices-10_0.xsd">
<webservice-description name="TrailerWS">
<port-component name="TrailerWSSoapHttpPort">
<runtime enabled="security">
<security>
<key-store name="mytestkeystore" store-pass="mytestkeystore"
path="META-INF/mytestkeystore.jks"/>
<signature-key key-pass="sampwd" alias="sam"/>
<encryption-key key-pass="davepwd" alias="dave"/>
<inbound>
<verify-username-token password-type="PLAINTEXT"
require-nonce="false"
require-created="true"/>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key key-pass="" alias="dave"/>
<encryption-method>3DES</encryption-method>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
<operations>
<operation name="addtrailerinfo"
input="{http://trailerinfo/}addtrailerinfoElement">
<runtime>
<security>
<inbound>
<verify-username-token require-nonce="false"
require-created="true"
password-type="PLAINTEXT"/>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"
mode="CONTENT"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound/>
</security>
</runtime>
</operation>
</operations>
</port-component>
</webservice-description>
</oracle-webservices>
I checked this exception out at hte following link
http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html#keystore
which lists hte instructions to secure a web service. The trouble shooting section lists this exception and says it might be due to a timestamp created flag being set to false. However I have made sure that both the client and service side xml files above have this set to true and are matching.
However I am still not able to eliminate this error. Please could someone help me out? This is urgent.
Regards,
Lester. -
Getting the WS-Security username
Ok,
I have seen a lot of stuff posted which is quite old, and was wondering if anybody has a fairly simple method for retrieving the ws-security header details (only really user name).
I am using OWSM to authenticate and authorise which is fine and working well, but at certain points, I will wish to manually check groups in our AD against the user invoking the service.
The checking of the groups is fine, so everything is in place except the retrieval of the username value. Is this best done with custom xpath, header variables on the receive or another option.
Please help as I cannot imagine I am the first with a requirement to get the username of an authenticated user in a bpel process.
Regards
Rod
[EDIT] Just to be clear, I can get these details using the headers on the receive but it does seem convoluted for such a (what I would consider) fairly straioght forward activity.
Edited by: rodhiggins on 2/06/2013 18:46An update on this.
I have imported the ws-security and SAML schemas.
Read the security header into a variable made up from the Security element.
This is then accessible and works for both uername token and SAML.
I may write a custom xpath for simplicity later on, but for now, I will settle for this approach.
The final piece of the jigsaw is Direct Binding, trying to propogate identities through this. I have seen certain comments stating that this is possible, but if anybody knows how this can be done, or of any good links, let me know.
Cheers -
Dynamic Security username () problems
Hi,
I need some help with the following situation. I am trying to put into place asome sort of dynamic Security in my cube. With some help , I manage to get something working:
select [Measures].[Sales Net Amount] on columns,
NONEMPTY(
[Dim Restaurants].[Restaurant].[Restaurant].members,
([Measures].[count],
StrToMember("[Dim User].[User].&[2]")))
on rows
from [XYZ]
my problem is the minute I replace StrToMember("[Dim User].[User].&[2]"))) with
StrToMember("[Dim User].[User].&["+ username() +"]"))) I get no result at all , look like this function is non existant but everey blog/post I looked they keep using this function.
Something is missing qand I do not see it , I am using SSAS 2012 and quite new to all of thisThe username function returns a string in the form of "domain\user" so I highly doubt that you will ever get a value of "2" coming back.
If you run the following query you can see what this function returns in your environment
with member measures.UsrName as username()
select { measures.[UsrName] } on 0
FROM [XYZ]
You need to base your dynamic security on an attribute that has data in the same format that the username() function returns.
http://darren.gosbell.com - please mark correct answers -
Hi Experts,
Could please provide the details/links to do username token(WS-Security) using PI 7.1(PI 7.0 also fine)?
Regards
SaraSee this
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/51ef27f0-0b01-0010-b88b-af2343513226
For what purpose u need this? Could u please clarify?
Regards,
Prateek -
How to retrieve ADF security username in PL/SQL?
I would like to create a database trigger to log the change to a table and would like to catch the username logged in through ADF security setup.
How do I retrieve this user name (not the database username) in the trigger?
Thanks,
RichardRichard,
Welcome to OTN.
Always mention your jdev and clear usecase (recommended to read this announcement first : https://forums.oracle.com/forums/ann.jspa?annID=56).
What trigger do you mean? Logged in username for an adf app can be caught using #{securityContext.userName} groovy. You can use this to pass this wherever required. Set this to the place required accordingly, so that you can get it in the trigger.
-Arun -
Attach WS Security (Username Token) to web service
Dear All,
I would like to attach WS security from Weblogic Side. Please can you suggest for me a good tutorial.
ThanksYou can refer this article
web services security in weblogic -
WS-Security: Username Token and LDAP
Hi everyone,
I've read the CAPS System Administration documentation but I didn't manage to find out how (or if) it is possible to authenticate webservice users against an LDAP database. What configuration steps should be performed to enable this?
Also, how can I find out what roles an authenticated user has so that it becomes possible to control who has access to a predefined set of webservice methods?
Thanks in advance.
Regards,
CelsoYes, you can apply filters on the Providers configuration, also u can select the DN from where to feth the users, you can fetch users with special attributes.
Whole lot of things can be done, review the options under providers.
Let me know if you have any doubts.
HTH,
-Faisal
http://www.weblogic-wonders.com -
How to set userName from security context to Criteria in portlet
Hi,
From the portal application I have to get the logged in user and use the same user to filter the records in Portlet. I have to execute a view Criteria in portlet as a default method activity which takes logged in user as a input param.
Is this achievable? Please let me know.
Thanks in Advance
Morgan.
Edited by: Morgan Freeman on Aug 24, 2011 1:22 AMI have been doing some testing and there seems to be an issue with passing username to the portlet.
Normally things like security.userName or portletrequest.getRemoteUser() should all work and they do work in webcenter PS2 but since JSR 286 this does not seem to work anymore.... ALthough the documentation of oracle states that is works but it doesn't :)
A working workaround is to create a public render parameter (portlet parameter) and pass the username to that.
I'll see if there is a configuration that we need to make in order for this to work. -
Problem in calling a secured service from OSB
I am trying to call a CRMOD service which is secured (username token) from OSB.
Its giving me the below error
[WliSbTransports:381304]Exception in HttpOutboundMessageContext.RetrieveHttpResponseWork.run: java.net.SocketTimeoutException: Read timed out
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at weblogic.utils.io.ChunkedInputStream.read(ChunkedInputStream.java:159)
at java.io.InputStream.read(Unknown Source)
at com.certicom.tls.record.ReadHandler.readFragment(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.read(Unknown Source)
at com.certicom.io.InputSSLIOStreamWrapper.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at java.io.SequenceInputStream.read(Unknown Source)
at java.io.SequenceInputStream.read(Unknown Source)
at weblogic.net.http.MessageHeader.parseHeader(MessageHeader.java:151)
at weblogic.net.http.HttpClient.parseHTTP(HttpClient.java:468)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:377)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:965)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.getResponse(HttpOutboundMessageContext.java:668)
at com.bea.wli.sb.transports.http.wls.HttpOutboundMessageContextWls.access$100(HttpOutboundMessageContextWls.java:26)
at com.bea.wli.sb.transports.http.wls.HttpOutboundMessageContextWls$RetrieveHttpResponseWork.handleResponse(HttpOutboundMessageContextWls.java:96)
at weblogic.net.http.AsyncResponseHandler$MuxableSocketHTTPAsyncResponse$RunnableCallback.run(AsyncResponseHandler.java:531)
at weblogic.work.ContextWrap.run(ContextWrap.java:41)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)It is working fine with older version of OSB : 11gR1 (11.1.1.3.0)
Just now we have upgraded our OSB to 11gR1 (11.1.1.4.0) .
My system configuration is Windows 7 Proff 64 bit.
For the same kind of issue i have found a solution in the below thread.
Read time out when accessing .NET Web service from OSB 10.3 proxy
But there He mentioned like this : I had installed the x64 version of JRockit, but had not installed all the 64 bit components for WebLogic 10.3g.I was able to find the 64 bit IO dlls, and once installed, the errors no longer occurred.I am not sure about the mentioned *64Bit IO dlls*.
Any one Please help me to resolve the issue.
thanks in advance,
chandraYou need to download the 64bit version of weblogic installer and use a 64 bit jdk when installing weblogic. This will make sure the 64 bit ddl's are generated for you..The generated native libraries will be in Oracle_HOME/wls_103/server/native/<OS> folder.. You can check this directory whether 64 bit ddl's are available after you fix the problem.
-
OSB 10gR3 - Process WS-Security flag not working with PasswordDigest
Hi,
By Oracle documentation when you set the "process ws-security header" in security section of a proxy service, the proxy service act as an active intermediary and consume the ws-security header received in inbound messages. This feature works fine when you call the proxy service using WS-Security Username Token Profile PasswordText, but when you send Username Token with PasswordDigest I got the following error: +"weblogic.xml.crypto.wss.WSSecurityException: Unable to validate identity assertions"+
I am using SoapUi to call the proxy with passwordDigest, WSS-Password Type option set to PasswordDigest.
Proxy configured with:
General tab -> WSDL based proxy service, this wsdl doesn't have ws-policy definitions inside.
Transport tab -> Get all headers = Yes
HTTP Transport tab -> HTTPS Required = No / Authentication = Basic
Operation tab -> Enforce WS-I Compliance = not checked / Selection Algorithm = SOAP Body Type
Message Content tab -> default settings
Policy -> Added Auth.xml(predefined) policy to request policies.
Security tab -> Process WS-Security header = Yes / Custom Authentication settings = none
Error --->
+<01/12/2009 09h34min55s BRST> <Error> <OSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault, message-id: 6198860737666014185--de42214.12549f82d66.-7fdb, proxy: AlphaTests/MyProxy/Proxy/MyLogProxy, operation: null]+
--- Error message:
+<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurity</faultcode>*<faultstring>Unable to validate identity assertions.</faultstring>*</env:Fault></env:Body></env:Envelope>+
weblogic.xml.crypto.wss.WSSecurityException: Unable to validate identity assertions.
+ at weblogic.wsee.security.wss.SecurityPolicyValidator.processIdentity(SecurityPolicyValidator.java:133)+
+ at weblogic.wsee.security.wss.SecurityPolicyValidator.processInbound(SecurityPolicyValidator.java:77)+
+ at weblogic.wsee.security.WssServerPolicyHandler.processInbound(WssServerPolicyHandler.java:54)+
+ at weblogic.wsee.security.WssServerPolicyHandler.processRequest(WssServerPolicyHandler.java:30)+
+ at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)+
+ at com.bea.wli.sb.security.wss.WssInboundHandler.processRequest(WssInboundHandler.java:155)+
+ at com.bea.wli.sb.security.wss.WssHandlerImpl.doInboundRequest(WssHandlerImpl.java:201)+
+ at com.bea.wli.sb.context.BindingLayerImpl.addRequest(BindingLayerImpl.java:257)+
+ at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:66)+
+ at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:508)+
+ at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:506)+
+ at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)+
+ at weblogic.security.service.SecurityManager.runAs(Unknown Source)+
+ at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)+
+ at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:505)+
+ at com.bea.wli.sb.transports.TransportManagerImpl.receiveMessage(TransportManagerImpl.java:371)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper$1.run(HttpTransportServlet.java:279)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper$1.run(HttpTransportServlet.java:277)+
+ at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)+
+ at weblogic.security.service.SecurityManager.runAs(Unknown Source)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper.securedInvoke(HttpTransportServlet.java:276)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet$RequestHelper.service(HttpTransportServlet.java:237)+
+ at com.bea.wli.sb.transports.http.HttpTransportServlet.service(HttpTransportServlet.java:133)+
+ at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)+
+ at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)+
+ at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)+
+ at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)+
+ at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)+
+ at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)+
+ at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3498)+
+ at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)+
+ at weblogic.security.service.SecurityManager.runAs(Unknown Source)+
+ at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)+
+ at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)+
+ at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)+
+ at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)+
+ at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)+Eduardo,
Yes, but the flag "Process WS-Security header" needs to be set to 'No' and I included a delete node to remove the wsse:Security element from header. Attaching Auth.xml predefined policy to my request operation, causes OSB to include the policy directive in my WSDL, but the PasswordText(see below).
In Oracle security guide we have steps to configure PasswordDigest in the Oracle Service Bus Security Configuration using the WLS Console http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/model.html#wp1062542
My doubt is: Is this a bug? "Process WS-Security header" flag is supposed to work with PasswordDigest?
My WSDL with WS-Policy statements after Auth.xml policy was configured.
<?xml version="1.0" encoding="UTF-8"?>
<s2:definitions targetNamespace="http://alpha.tests.org" xmlns:s0="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:s1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:s2="http://schemas.xmlsoap.org/wsdl/" xmlns:s3="http://alpha.tests.org" xmlns:s4="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<s0:Policy s1:Id="encrypt-custom-body-element-and-username-token">
<wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy">
<wssp:SupportedTokens>
<wssp:SecurityToken TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
<wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
</wssp:SecurityToken>
</wssp:SupportedTokens>
</wssp:Identity>
</s0:Policy>
<wsp:UsingPolicy s2:Required="true"/>
<s2:types>
<xsd:schema elementFormDefault="qualified" targetNamespace="http://alpha.tests.org" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:impl="http://alpha.tests.org" xmlns:s0="http://schemas.xmlsoap.org/wsdl/" xmlns:s1="http://alpha.tests.org" xmlns:s2="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:element name="EchoRequest">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="send" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="EchoResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="response" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:schema>
</s2:types>
<s2:message name="echoRequest">
<s2:part element="s3:EchoRequest" name="echoPartReq"/>
</s2:message>
<s2:message name="echoResponse">
<s2:part element="s3:EchoResponse" name="echoPartResp"/>
</s2:message>
<s2:portType name="MyAlphaPort">
<s2:operation name="echo">
<s2:input message="s3:echoRequest" name="echoRequest"/>
<s2:output message="s3:echoResponse" name="echoResponse"/>
</s2:operation>
</s2:portType>
<s2:binding name="MyAlphaBinding" type="s3:MyAlphaPort">
<s4:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<s2:operation name="echo">
<s2:input name="echoRequest">
<s4:body use="literal"/>
<wsp:Policy>
<wsp:PolicyReference URI="#encrypt-custom-body-element-and-username-token"/>
</wsp:Policy>
</s2:input>
<s2:output name="echoResponse">
<s4:body use="literal"/>
</s2:output>
</s2:operation>
</s2:binding>
<s2:service name="MyAlphaBindingQSService">
<s2:port binding="s3:MyAlphaBinding" name="MyAlphaBindingQSPort">
<s4:address location="http://CLXSP0272:7001/MyAlphaService"/>
</s2:port>
</s2:service>
</s2:definitions> -
Is it possible to apply WS-Policy or encryption with Oracle BPEL without uing web services manager.
So if a BPEL process is exposed as a web service then how do I apply WS-Policy etc on that web services ?Hi.
I don't know anything about WS-Policy support in BPEL or WSM, but regarding WS-Security aspects like encryption/decryption, certificates, etc, I can tell you the following:
1 - If your BPEL Process needs to call a web service and pass WS-Security credentials through a partner link, I only know about (and it seems the only option) sending WS-Security username/password authentication
http://download-east.oracle.com/docs/cd/B31017_01/core.1013/b28764/owsm003.htm#sthref1082
Additional information found here:
http://download-east.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/security.htm#sthref10
For the other features like encryption and certificates, I have only used web services manager gateway so far.
2 - All Web Services exposed by your Oracle Application Server (be it a BPEL Process or any other web service) can have an interceptor configuration to validate certificates, apply decryption, etc, when a message arrives. You can verify this by going to your Application Server Control Console->Your OC4J->Web Services->Your Web Service->Administration->Security
3 - If you need to pass WS-Security information when calling your BPEL Processes from an application, you can protect your BPEL process as described in step 2, and then use JDeveloper to configure a web service proxy that encrypts or put certificates in your messages, also using an interceptor mechanism. After creating your web service proxy, right click it and Select the option "Secure Proxy" option.
Hope someone can give more information about WS-Security and WS-Policy.
Denis
Maybe you are looking for
-
Can i tunes combine previous acct to new acct,if the old acct password is lost?
-
ColorSync 72 DPI problem - Create Generic PDFX-3 (Flatten Transparency)
Hi, I tried to fix 72 DPI problem in native filter "Create Generic PDFX-3 Document" (ColorSync Utility Application). I made a copy of default filter and changed the +Flatten Transparency+ resolution to higher value 300 DPI. After ColorSync Utility re
-
WM: Pick HU (=SU) during TO confirmation
Hello, I have a question regarding TO confirmation. The requirement is to allow the fork lift driver to pick any HU(=SU) in the storage bin during TO confirmation. The storage BINs have put away strategy Bulk Storage. The system is Full WM u2013 HU m
-
SPLIT data-record AT delimiter into table-fieldname
Hi all, I have the following SPLIT statement. But unable to split into respective field in an internal table. I'm using the standard delimeter. Please help me how to create a file using the delimeter w_delimeter. When I create the file with separated
-
Problems with scaling in illustrator CS3.
Recently while working on a large file in Illustrator I've had a problem with scaling. Normally I scale with handles, and rarely with the input box. Now I can only scale with the input box. I have gone to preferences but that seems fine, (i think?).