WSS Username token on AS ABAP

Daer Security experts,
we are on ECC 6.0 (Netweaver 7.0 SP10 , SAP_ABA: SAPKA70010 and SAP_BASIS:SAPKB70010) with only stack ABAP. We want to implement a web service with username Token security. Is it possible with our release and support packages level? If not from which support packages level is it possible or is it mandatory the java stack?
Have you some documentation to implement it?
Thank you in forward
Cheers
Bob

Hi Bob,
it should be working but you can't use digest for your password. So you will have to call it over SSL. Check [this thread|Username Token with digest password on AS ABAP; for more info. You need to set message level authentication for your web service. It's level low or medium.
Cheers

Similar Messages

How to set WS Username token programmatically in java?

Hi,
Jdev Version: 11.1.1.4.0.
I have created a webservice proxy using Jdev from a wsdl.
I need to invoke a service from the client. But for this I need to set the username token in SOAP header to access the service.
The username token is not exposed or generated in the client.
When I run it from SOAP ui, I manually enetered,
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-7" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>1234</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">1111111111</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">XXXXXXXXXXXXXXXXXXXXXXXXXXX</wsse:Nonce>
<wsu:Created>2012-03-02T23:41:44.511Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
Without the username token I cannot invoke the service from my client code.
How do I add the username token to the generated clients in ADF?
Thanks in advance!!

I tried it by setting the credentials in requestContext and got the error:
Exception in thread "main" javax.xml.ws.WebServiceException: No Content-type in the header!
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:268)
     at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124)
     at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:121)
     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
     at com.sun.xml.ws.client.Stub.process(Stub.java:272)
     at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
     at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
     at $Proxy35.ping(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
     at $Proxy36.ping(Unknown Source)
Is there something else I need to do?
Thanks!
Edited by: 953940 on Oct 11, 2012 7:34 AM

Problems with JAX-WS when using security (e.g. username token profile)

Hello,
I am deploying a web service on weblogic 11g (10.3.1) with this policy:
@Policy(uri = "policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",attachToWsdl=true)
I have another web application as client which is using a JAX-WS SOAP handler to communicate with web service
and everything works fine when my client is deployed on tomcat 6 (JRE 6) (anthentication goes through)
The handleMessage() method of my handler is posted here :
     public boolean handleMessage(SOAPMessageContext context) {
     m_logger.debug("UserNameTokenHandler handleMessage() called");
     Boolean outboundProperty = (Boolean) context.get (MessageContext.MESSAGE_OUTBOUND_PROPERTY);
     SOAPMessage message =context.getMessage();
if (outboundProperty.booleanValue()) {
     m_logger.debug("\n (client protocol handler) Outbound message:");
try {
     SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
     SOAPHeader header = envelope.getHeader();
     if (header == null ) {
          header = envelope.addHeader();
     SOAPElement security = header.addChildElement("Security", "wsse", WSSE_NAMESPACE);
     SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
     usernameToken.addAttribute(new QName("xmlns:wsu"), WSU_NAMESPACE);
     SOAPElement username = usernameToken.addChildElement("Username", "wsse");
     username.addTextNode(user);
     SOAPElement password = usernameToken.addChildElement("Password", "wsse");
     password.addTextNode(pass);
     } catch (Exception e) {
          m_logger.error("Failed to add username token profile security", e);
} else {
     m_logger.debug("\n (client protocol handler) Inbound message:");
return true;
but when I deploy the same client on weblogic server it fails to communicate with my web service with this error:
javax.xml.ws.soap.SOAPFaultException: Unable to add security token for identity, token uri =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
I noticed Weblogic has some packages to handle security like:
weblogic.wsee.security.unt.ClientUNTCredentialProvider
weblogic.xml.crypto.wss.provider.CredentialProvider
weblogic.xml.crypto.wss.WSSecurityContext
So I added another mechanism using weblogic package to add username password to SOAP header
Map<String, Object> request = ((BindingProvider) proxy).getRequestContext();
          if (connectInfo.get("username") != null && connectInfo.get("password") != null) {
          List<CredentialProvider> credProviders = new ArrayList<CredentialProvider>();
          //client side UsernameToken credential provider
          CredentialProvider cp = new ClientUNTCredentialProvider((String)connectInfo.get("username"),
                    (String)connectInfo.get("password"));
          credProviders.add(cp);
          request.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
This seems to be ok but only for weblogic.
I don't want to have one client for deploying on weblogic and another one for JAX-WS
I suppose weblogic follows the standard and should support the original approach.
Is this an incompatibly issue or am i missing something

In one of WLP Pageflows, I invoke a SOA BPEL WebService that needs Security Header like the way you have. I have my own Handler class and I call the below private method in handleMessage(...) and so far it is working fine. Security Header is adding fine.
One difference I could see in your method and my method is when we create SOAPElement for "Security" Tag, at the time of creation itself, I pass the third argument also that is the namespace. I remember vaguely, when I used code like yours, like first instantiate with only 2 args. Then set the namespace. It did not work. So I used the API, that takes the namespace as third argument.
So try something like below. This is a working code snipped deployed on WLP 10.3 (WLP is on top of WLS 10.3).
Thanks
Ravi Jegga
     private void setSOAPSecurityHeader(SOAPEnvelope soapEnvelope) throws Exception {
          try {
               //soapEnvelope.addNamespaceDeclaration("soap", "http://schemas.xmlsoap.org/soap/envelope/");
               soapEnvelope.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
               SOAPHeader header = soapEnvelope.addHeader();
               String namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
               SOAPElement securityElement = header.addHeaderElement(soapEnvelope.createName("Security", "wsse", namespace));
               securityElement.addNamespaceDeclaration("", namespace);
               //securityElement.addNamespaceDeclaration("env", "http://schemas.xmlsoap.org/soap/envelope/");
               SOAPElement usernameTokenElement = securityElement.addChildElement(soapEnvelope.createName("UsernameToken", "wsse", namespace));
               usernameTokenElement.addNamespaceDeclaration("", namespace);
               SOAPElement usernameElement = usernameTokenElement.addChildElement(soapEnvelope.createName("Username"));
               SOAPElement passwordElement = usernameTokenElement.addChildElement(soapEnvelope.createName("Password"));
               // For Testing Purposes only hardcoded this username and password values. Later on this may be set dynamically
               usernameElement.setValue("xxxxxxx");
               passwordElement.setValue("yyyyyyy");
               //SOAPBody soapBody = soapEnvelope.getBody();
               //SOAPHeader soapHeader = soapEnvelope.getHeader();
          } catch (Exception e) {
               // Handle This error in the main method that is calling this private method. So just return the Exception as it is...
               throw e;
     }

Problem configuring Username token profile on ALSB

Hi All !!
First of all, thanks for your support!!
I'm facing a problem configuring an active intermediary Proxy service with username token profile. This proxy service has a security policy referencing Auth.xml file to implement Username token profile. That proxy calls a business service which calls a web service.
On test page, username and password is requested (already created in the security domain), then an error is returned "Unable to add security token for identity".
Below you can find the Invocation Trace:
Invocation Trace
(receiving request)
Initial Message Context
added $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<per:getPersona xmlns:per="http://com/indra/persona">
<per:nombre>string</per:nombre>
<per:apellidos>string</per:apellidos>
</per:getPersona>
</soapenv:Body>
added $header
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
added $inbound
<con:endpoint name="ProxyService$PruebaWSsecurity$PersonaProxy92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>/PersonaProxy92</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
*<con:security>*
*<con:transportClient>*
*<con:username><anonymous></con:username>*
*</con:transportClient>*
*<con:messageLevelClient>*
*<con:username>securityUser</con:username>*
*<con:principals>*
*<con:group>Administrators</con:group>*
*<con:group>IntegrationAdministrators</con:group>*
*</con:principals>*
*</con:messageLevelClient>*
*</con:security>* </con:endpoint>
added $messageID
2741921765813726088-1b0fcf1c.12204e4868c.-8f3
RouteNode1
Routed Service
Route to: "PersonaBusiness92"
$outbound:
<con:endpoint name="BusinessService$PruebaWSsecurity$PersonaBusiness92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
</con:request>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
$body (request):
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<per:getPersona xmlns:per="http://com/indra/persona">
<per:nombre>string</per:nombre>
<per:apellidos>string</per:apellidos>
</per:getPersona>
</soapenv:Body>
$header (request):
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
$attachments (request):
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
Message Context Changes
added $outbound
<con:endpoint name="BusinessService$PruebaWSsecurity$PersonaBusiness92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>http://esmadaix01:9103/WSPersona/Persona</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<tran:user-header name="SOAPAction" value=""""/>
<tran:user-header name="X-Powered-By" value="Servlet/2.4 JSP/2.0"/>
<http:Content-Type>text/xml; charset="utf-8"</http:Content-Type>
<http:Date>Mon, 22 Jun 2009 10:34:18 GMT</http:Date>
<http:Transfer-Encoding>chunked</http:Transfer-Encoding>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
<tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">OK</tran:response-message>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
<http:http-response-code>200</http:http-response-code>
</con:response>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
changed $header
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>
changed $inbound
<con:endpoint name="ProxyService$PruebaWSsecurity$PersonaProxy92" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>getPersona</con:operation>
</con:service>
<con:transport>
<con:uri>/PersonaProxy92</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>securityUser</con:username>
<con:principals>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
changed $attachments
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
changed $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<m:getPersonaResponse xmlns:m="http://com/indra/persona">
<persona>
<correo>[email protected]</correo>
<telefono>91546789</telefono>
</persona>
</m:getPersonaResponse>
</soapenv:Body>
System Error Handler
$fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
*<con:reason>*
*A web service security fault occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Unable to add security token for identity]*
*</con:reason>*
<con:details>
<err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">soapenv:Server</err:faultcode>
<err:faultstring>
Unable to add security token for identity
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>

We have the same problem.
Have you the reposne?
Request Document
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
<soapenv:Body>
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="unt_ZqnW7MTAb7P77cPL" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>weblogic10</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">??????????????</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soapenv:Body>
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
</soapenv:Envelope>
Response Document
The invocation resulted in an error: .
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>
Unable to add security token for identity
</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
Response Metadata
<con:metadata xmlns:con="http://www.bea.com/wli/sb/test/config">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">1</tran:response-code>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:metadata>
Invocation Trace
(receiving request)
Initial Message Context
added $body
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
added $header
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
added $inbound
<con:endpoint name="ProxyService$ctxweb$t17i_wss-1" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>/ctxweb/t17i_wss_1</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>weblogic10</con:username>
<con:principals>
<con:group>AdminChannelUsers</con:group>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
added $messageID
6412299231164769748--466a8253.12535a4d4fe.-7f29
RouteTo_NORA-bs
Routed Service
Route to: "NORA-bs"
$outbound:
<con:endpoint name="BusinessService$business$NORA-bs" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
</con:request>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
$body (request):
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<t17:pais_getByDesc xmlns:t17="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<t17:value>bul</t17:value>
<t17:responseWithParents>false</t17:responseWithParents>
</t17:pais_getByDesc>
</soapenv:Body>
$header (request):
<soapenv:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
</soapenv:Header>
$attachments (request):
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
Message Context Changes
added $outbound
<con:endpoint name="BusinessService$business$NORA-bs" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>
http://www.integracion.jakina.ejiedes.net/t17iApiWSWar/t17iApiWS
</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<tran:user-header name="Set-Cookie" value="JSESSIONID=Q02mLVvKw8hRcvYm7nwmyJyCQHC2FJknpGbltNPnsqp2gstzHy0M!-1566668667!734317392; path=/"/>
<http:Connection>close</http:Connection>
<http:Content-Length>666</http:Content-Length>
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:Date>Tue, 01 Dec 2009 14:59:22 GMT</http:Date>
<http:Server>
Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7a
</http:Server>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
<tran:response-message xmlns:tran="http://www.bea.com/wli/sb/transports">OK</tran:response-message>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
<http:http-response-code>200</http:http-response-code>
</con:response>
</con:transport>
<con:security>
<con:doOutboundWss>false</con:doOutboundWss>
</con:security>
</con:endpoint>
changed $body
<env:Body xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<m:pais_getByDescResponse xmlns:m="http://www.ejie.es/webServiceEJB/t17iApiWSWar">
<n1:result xsi:type="n2:ArrayOfPais" xmlns:n1="http://www.ejie.es/webServiceEJB/t17iApiWSWar" xmlns:n2="java:t17i.vo">
<n2:Pais xsi:type="n2:Pais">
<n2:descripcionOficial>Bulgaria</n2:descripcionOficial>
<n2:id>104</n2:id>
</n2:Pais>
</n1:result>
</m:pais_getByDescResponse>
</env:Body>
changed $attachments
<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
changed $inbound
<con:endpoint name="ProxyService$ctxweb$t17i_wss-1" xmlns:con="http://www.bea.com/wli/sb/context">
<con:service>
<con:operation>pais_getByDesc</con:operation>
</con:service>
<con:transport>
<con:uri>/ctxweb/t17i_wss_1</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
<http:SOAPAction>""</http:SOAPAction>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username><anonymous></con:username>
</con:transportClient>
<con:messageLevelClient>
<con:username>weblogic10</con:username>
<con:principals>
<con:group>AdminChannelUsers</con:group>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:messageLevelClient>
</con:security>
</con:endpoint>
changed $header
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>
System Error Handler
$fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
<con:reason>
A web service security fault occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Unable to add security token for identity]
</con:reason>
<con:details>
<err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">soapenv:Server</err:faultcode>
<err:faultstring>
Unable to add security token for identity
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>

P6WS "WSS header is missing from request. Can't do username token authentication."

I am getting the error "WSS header is missing from request. Can't do username token authentication." when trying to connect with SOAP and use Token Auth. I can get Cookies to work just fine, but i need to be able to connect to both.
testWebReference.Login clientLogin = new testWebReference.Login();
testWebReference.LoginResponse clResponse = new testWebReference.LoginResponse();
testWebReference.AuthenticationService authClient = new AuthenticationService();
clientLogin.UserName = paUsername.Text;
clientLogin.Password = paPassword.Text;
clientLogin.DatabaseInstanceId = Int32.Parse(paDBI.Text);
clientLogin.DatabaseInstanceIdSpecified = true;
AuthenticationService service = new AuthenticationService();
service.Url = proxy;
service.SoapVersion = System.Web.Services.Protocols.SoapProtocolVersion.Soap11;
service.Login(clientLogin);

I uploaded an example of usertoken on My Oracle Support community.
TestUserToken.zip
V/r,
Gene

Consuming Web Service using WS-Security: USERNAME Token

Hi ABAP Experts,
we like to consume a self defined web service between to SAP systems (ECC6 701/006). Without any security settings the connection is successfully. But we like to setup a message security like USERNAME Token.
The wss profiles are already created by using TX: WSSPROFILE. Therefore we used the templates "SET_USERNAME" and "CHECK_USERNAME". The service user "DELAY_L<sid>" has been generated as well. The problem is in SOAMANAGER we can't find the related configuration (For Provider and Consumer) to set the parameters "PROFILE In" and "Profile Out" like it was in the obsolete TX "LPCONFIG".
Can anybody help me to find out how to configure USERNAME Token using SOAMANAGER.
Thank you very much in advance.
Kind regards
Axel

Hi,
The following articles would be helpful:
.net call WS-Security enabled web service (created in java)
http://stackoverflow.com/questions/2138129/net-call-ws-security-enabled-web-service-created-in-java
WS-Security Protocol with .NET – A Overview
http://www.c-sharpcorner.com/UploadFile/mahesha/WSSecurityProtocol11232005052243AM/WSSecurityProtocol.aspx
An introduction to Web Service Security using WSE - Part I
http://www.codeproject.com/Articles/7062/An-introduction-to-Web-Service-Security-using-WSE
As this question is not relate to SharePoint, I suggest you post it to a suitable Forum, you will get more help and confirmed answers from there.
Best Regards
Dennis Guo
TechNet Community Support

Username token in SOAP message

Dear PI experts.
I am using SAP PI 7.1 and having a scenario where a message is sent from SAP (ECC 6.0) using Abap Proxy via PI to Java legacy system with Receiver SOAP Adapter.
I am supposed to send username token in the SOAP header. I have browsed quite an amount of SAP's Web service security material, but not yet been able to implement this behaviour. Mostly these documents are handling webservice scenarios between Abap systems using WS-RM.
Could you please advise me to right track.
Thank you, Jukka.

Hi,
you can use Principal Propagation to propagate your user from R/3 to PI to your target application.....you will have to ask your basis guys to enable Principal Propagation in your XI system by making your r/3 system and XI system as trusted systems to eachother.
Regards,
Rajeev Gupta

URGENT ::: How to add UserName Token to SOAP Message Header.

Hi,
I created a webservice client using CLIENTGEN utility of weblogic from the WSDL file. When I am trying to call a webservice which is hosted on TOMCAT server, I am getting the following exception::
5/12/2008 06:09:02 com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Sending Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://settlementService.au.db.com/types">
<env:Body>
<env:Fault>
<faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:FailedAuthentication</faultcode>
<faultstring>Message does not conform to configured policy [ AuthenticationTokenPolicy ]: No Security Header found</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
==== Sending Message End ====
The webservice ic configured as secured webservice, there is some certificate file which was provided to me from client. Useing java KEYTOOL command I have created the keystore from that certificate and configure it in the weblogic server console.
Issue is the SOAP message header is blank I need to add the USERNAME TOken profile to this header, in order to access this webservice. The current CLIENT code snippet is shown below:
          try{
               String WSDLUrl = "https://shappzu2.au.db.com:8297/settlementService-ws/settlementService?WSDL";
               String wsUserName = "tracer-us";
               String wsPassword = "R0na!do#11";
               InputStream[] policies = new InputStream[]{Client.class.getResourceAsStream("/wl-unt-policy.xml")};
               SettlementService_Impl settlementServiceObj = new SettlementService_Impl(WSDLUrl);
               SettlementServiceFacade port = settlementServiceObj.getSettlementServiceFacadePort(policies, policies);
               List credProviders = new ArrayList();
               CredentialProvider cp = new ClientUNTCredentialProvider(wsUserName.getBytes(), wsPassword.getBytes());
          credProviders.add(cp);
          Stub stub = (Stub)port;
          // Set stub property to point to list of credential providers
          stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
               if(sharesXMLString != null && sharesXMLString.length() > 0) {
                    port.loadEquityTrade(sharesXMLString);
          }catch(Exception e){
               //throw new SystemException(e.getMessage());
               e.printStackTrace();
Can any one help me in this?

1) Use something like TCPmon https://tcpmon.dev.java.net/ or verbose logging to see the actual message content on the wire that the client is sending
2) Inside the WLS samples there is a UNT sample in the INSTALL_DIR/wlserver_10.0(or equivalent)/samples/server/examples/src/examples/webservices/security_jws
If that works correctly and puts the UNT in the header, then I would compare that code with yours.

Add username token to SOAP Service in ESB

I know how to add the username token to a partnerlink in a bpel process but how can I configure the same soap headers in a SOAP Service in ESB?
Another question about the configuration of a bpel process when invoking a secure web service: I need to add 3 parameters to the partnerlink to be able to send the username/password credentials to the service but this isn't very flexible.
How can you configure to use file authentication or ldap authentication when invoking the secure web service?

Hi.
I found some info related to passing username token in ESB.
You go to ESB home page:
http://www.oracle.com/technology/products/integration/esb/index.html
and download esb samples:
http://www.oracle.com/technology/products/integration/esb/files/esbsamples.zip
There you'll find a SOAP Headers project (under OTN Samples) which has an example of how to pass WS-Security usename credentials.
Here is a sample, in a XSLT:
<xsl:variable name="setUsername"
select="ehdr:setOutboundHeader('/wsse1:Security/wsse1:UsernameToken/wsse1:Username','oc4jadmin','wsse1=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd;')"/>
<xsl:variable name="setPassword"
select="ehdr:setOutboundHeader('/wsse1:Security/wsse1:UsernameToken/wsse1:Password','welcome1','wsse1=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd;')"/>
<xsl:template match="/">
<ns1:ReceiveCustElement>
<ns1:customer>
<xsl:value-of select="/inp1:InputElement/InputString"/>
</ns1:customer>
</ns1:ReceiveCustElement>
</xsl:template>
</xsl:stylesheet>
Denis

Enable userName Token profile in Java client policy file

My stand-alone java client invokes a .Net web service which implements wse 3.0. userName Token. However, when I ran my client program with the policy file which I converted from .Net config policy. I got errors. How could I make this right?
[java] java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] FaultString [Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.] FaultActor [http://192.168.254.102/TestImageserver2007/DLImageService.asmx]No Detail; nested exception is:
[java]      javax.xml.rpc.soap.SOAPFaultException: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.
[java] fetchMostRecent() Failed...
[java]      at digimarc.foto.webservice.clientstub.ImageServiceSoap_Stub.imagingFolioFetchMostRecent(ImageServiceSoap_Stub.java:137)
[java]      at digimarc.foto.webservice.Client.main(Client.java:40)
[java] Caused by: javax.xml.rpc.soap.SOAPFaultException: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.
[java]      at weblogic.wsee.codec.soap11.SoapCodec.decodeFault(SoapCodec.java:311)
[java]      at weblogic.wsee.ws.dispatch.client.CodecHandler.decodeFault(CodecHandler.java:114)
[java]      at weblogic.wsee.ws.dispatch.client.CodecHandler.decode(CodecHandler.java:99)
[java]      at weblogic.wsee.ws.dispatch.client.CodecHandler.handleFault(CodecHandler.java:87)
[java]      at weblogic.wsee.handler.HandlerIterator.handleFault(HandlerIterator.java:248)
[java]      at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.java:218)
[java]      at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(ClientDispatcher.java:159)
[java]      at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:114)
[java]      at weblogic.wsee.ws.WsStub.invoke(WsStub.java:89)
[java]      at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:331)
[java]      at digimarc.foto.webservice.clientstub.ImageServiceSoap_Stub.imagingFolioFetchMostRecent(ImageServiceSoap_Stub.java:132)
Policy file used:
<?xml version="1.0" ?>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wssp="http://www.bea.com/wls90/security/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">

<wssp:Security>
<wssp:userNameToken>
<wssp:userName>weblogic</wssp:userName>
<wssp:password type="TEXT">weblogic</wssp:password>
</wssp:userNameToken>
</wssp:Security>
</wsp:Policy>
.Net config policy file:
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<extensions>
<extension name="kerberosSecurity" type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="kerberos" type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="usernameOverTransportSecurity" type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="AuthorizationPolicy">
<kerberosSecurity establishSecurityContext="false" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false" ttlInSeconds="300">
<token>
<kerberos targetPrincipal="host/nbcis1" impersonationLevel="Identification" />
</token>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
<policy name="InteropPolicy">
<usernameOverTransportSecurity />
<requireActionHeader />
</policy>
<policy name="NamePolicy">
<usernameOverTransportSecurity >
<clientToken>
<username username="nbdls\joejoe" password="ImAGe!" />
</clientToken>
</usernameOverTransportSecurity>
<requireActionHeader />
</policy>
</policies>

Thanks Carlo for the suggestion. That helps to overcome my huge hurdle. The username and password were sent successfully in the SOAP header to .Net web service.
However, there is still some errors on the java client side. I am getting:
[java] java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] FaultString [Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.] FaultActor [http://192.168.254.102/TestImageserver2007/DLImageService.asmx]No Detail; nested exception is:
[java]      javax.xml.rpc.soap.SOAPFaultException: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.
[java]      at digimarc.foto.webservice.clientstub.ImageServiceSoap_Stub.imagingFolioFetchMostRecent(ImageServiceSoap_Stub.java:137)
[java]      at digimarc.foto.webservice.Client.main(Client.java:58)
[java] Caused by: javax.xml.rpc.soap.SOAPFaultException: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message.
[java]      at weblogic.wsee.codec.soap11.SoapCodec.decodeFault(SoapCodec.java:311)
[java]      at weblogic.wsee.ws.dispatch.client.CodecHandler.decodeFault(CodecHandler.java:114)
[java]      at weblogic.wsee.ws.dispatch.client.CodecHandler.decode(CodecHandler.java:99)
[java]      at weblogic.wsee.ws.dispatch.client.CodecHandler.handleFault(CodecHandler.java:87)
[java]      at weblogic.wsee.handler.HandlerIterator.handleFault(HandlerIterator.java:248)
[java]      at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.java:218)
[java]      at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(ClientDispatcher.java:159)
[java]      at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:114)
[java]      at weblogic.wsee.ws.WsStub.invoke(WsStub.java:89)
[java]      at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:331)
[java]      at digimarc.foto.webservice.clientstub.ImageServiceSoap_Stub.imagingFolioFetchMostRecent(ImageServiceSoap_Stub.java:132)
[java]      ... 1 more
The statement:
"Action for ultimate recipient is required but not present in message". What is missing?
This is what I have in my java client:
FileInputStream [] inbound_policy_array = new FileInputStream[1];
inbound_policy_array[0] = new FileInputStream("Auth.xml");
FileInputStream [] outbound_policy_array = new FileInputStream[1];
outbound_policy_array[0] = new FileInputStream("Auth.xml");
//create service and port
ImageService imageService = new ImageService_Impl(args[0]);
//specify an array of policy files for the request and response of a
//particular operation
ImageServiceSoap array_of_policy_port = imageService.getImageServiceSoap("ImagingFolioFetchMostRecent", inbound_policy_array, outbound_policy_array);
//create credential provider and set it to the Stub
List credProviders = new ArrayList();
//client side UsernameToken credential provider
CredentialProvider cp = new ClientUNTCredentialProvider("nsbbdl\\joejoe", "ImAGes!");
credProviders.add(cp);
Stub stub = (Stub)array_of_policy_port;
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
try {
ApplicantDataFolio adf = array_of_policy_port.imagingFolioFetchMostRecent("1001917");
} catch (Throwable e) {
}

Unable to call Web Service with Username Token

-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I posted this in the JDeveloper forum but got no response.
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I have JDeveloper 10g release 3.
I created a regular Java application. Added a Web service proxy with no special mappings or anything. Right clicked on the proxy and said "Secure Proxy". I only used basic plain text username token. Added a method to my class that call instantiates a client, and called the operation.
However when I run this I get the following error message.
SEVERE: No username found
Error::oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: No username found
The Web Service Security Proxy Wizard created an xml in my src file, that I updated to put the username and password of the web service. Below is the xml file.
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1"/>
<port-info>
<wsdl-port namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1Soap"/>
<runtime enabled="security">
<security>
<inbound/>
<outbound>
<username-token name="myusername" password="xxxxx" password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
</outbound>
</security>
</runtime>
<operations>
<operation name='TryMe'>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
And this configuration file is processed in the stub file.
setupConfig("project2/runtime/Service1Soap_Stub.xml");
What am I doing wrong. I cannot find any documentation on the secure web service client wizard and it's generated code.
Thanks, MIke L.

Mike,
I updated the 3 xml files with the name and password and I get a different error now ...
WARNING: Unable to connect to URL: https://dssd001.ca.boeing.com:443/bartinterface/SOAP/resSetup.cgi due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
I am using the simple text based username auth, but jdev for some reason still goes and looks for the x509 cert? How did you get yours to work?
Thanks
Sriram

R/3- PI- webservice. Pass userid/password for Username Token from R/3

Hello,
We (SAP R/3) need to call Webservices from third party for which we are using SAP-PI system as the Middleware.
The Password and ID for USERNAME TOKEN to be passed in the SOAP Header request needs to be sent through RFC in SAP R/3.
The requirement is that SAP-PI should use this ID/password and prepare the USername Token in the SOAP Request header for the Webservice Call.
Note: PI has AXIS framework installed on it.
Can you please suggest as to what should be done? Request you to please provide the Custom Code / Detailed configuration etc. that is required to be done at the PI end.
Note: I have searched the Forum but couldn't find anything a detailed information.
Thanks & Regards,
Abhishek Jolly

XSLT-Mapping looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="xml" indent="yes"/>
<xsl:template match="/">
   <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsh="http://something/wsh">
     <soapenv:Header>
       <wsh:Context>
       <SessionId>
         <xsl:value-of select="/*[local-name()
=MySoapFunction]/Parameters/Parameters
[Scope[text()='XI'] and Name[text()='SessionID']]/Value"/>
      </SessionId>
     </wsh:Context>
    </soapenv:Header>
    <soapenv:Body>
     <wsh:MySoapFunction>
      <xsl:if test="count(./*[local-name()=MySoapFunction]/Parameters/Parameters)>1">
       <Parameters>
         <xsl:for-each select="./*[local-name()=MySoapFunction]/Parameters/Parameters">
           <xsl:if test="Scope!='XI'">
             <Parameters>
               <Scope><xsl:value-of select="Scope"/></Scope>
               <Name><xsl:value-of select="Name"/></Name>
               <Value><xsl:value-of select="Value"/></Value>
              </Parameters>
             </xsl:if>
           </xsl:for-each>
          </Parameters>
         </xsl:if>
       </wsh:MySoapFunction>
      </soapenv:Body>
</soapenv:Envelope>
I save XSLT to file.
Input message that creates in XI and live only in BPM:
<?xml version="1.0" encoding="UTF-8"?>
<ns0:MySoapFunction xmlns:ns0="http://something/wsh">
    <Parameters>
        <Parameters>
            <Scope>XI</Scope>
            <Name>SessionID</Name>
            <Value>0123456789</Value>
            </Parameters>
        <Parameters>
            <Scope>otherScope</Scope>
            <Name>someParam</Name>
            <Value>someValue</Value>
         </Parameters>
    </Parameters>
</ns0:MySoapFunction>
In BPM's SendStep this message is used.
2) Create ZIP archive with this XSLT file (one archive can contains many XSLT programs). And Import ZIP it into XI. You can see this in Imported Archive and list of filenames of Archived Program in XI.

Pass Username token in Web Service Client

I am totally new to Java....I work primarily with .Net. I am trying to send a Username token to a web service. I looked at the examples...can't get them to run.
My question is, without using config files, can I specify username token in the class. You can do this in .Net.
I am working with .NetBeans IDE 5.0.

I looked at this example....didn't get to far because I couldn't setup the samples.
http://java.sun.com/webservices/docs/1.6/tutorial/doc/XWS-SecuritySamples5.html#wp569635
Here is the guide I followed to setup the samples.
http://java.sun.com/webservices/docs/1.6/tutorial/doc/XWS-SecuritySamples2.html
I didn't do the part about the keystore. I got stuck on the "Setting Build Properties", and I don't know how to run the samples.
Are you saying there is no way of creating a java application, creating the web service client with JWSDP 2.0 and then modifying either the generated code or my main.class to set the username and token properties?
Thanks, Mike L.

Web Service Security Username Token Issue

Hi,
I am trying to implement WS-Security (Username Token) on web services deployed on Weblogic Server 8.1 (sp4). The deployment works fine but whenever I try to invoke the service using auto generated client stub (created using clientgen) or weblogic server console (service test page) , I get the following error:
<Nov 8, 2006 12:01:46 PM GMT+05:30> <Info> <WebService> <BEA-220024> <Handler weblogic.webservice.core.handler.WSSEClientHandler threw an exception from its handleRequest method. The exception was:
java.lang.AssertionError: Bad password type: wsse:PasswordText.>
Failed to create web service client:java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace)
Detail:
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">java.lang.AssertionError: Bad password type: wsse:PasswordText
at weblogic.xml.security.wsse.v200207.UsernameTokenImpl.<init>(UsernameTokenImpl.java:64)
at weblogic.xml.security.wsse.v200207.SecurityElementFactoryImpl.createToken(SecurityElementFactoryImpl.java:59)
at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:300)
at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:100)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:443)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
at com.cts.sipservices.implementation.client.MrmPartyServiceImplementationPort_Stub.getParty(MrmPartyServiceImplementationPort_Stub.java:46)
at com.cts.sipservicesclient.client.SecureClient.<init>(SecureClient.java:76)
at com.cts.sipservicesclient.client.SecureClient.main(SecureClient.java:38)
</bea_fault:stacktrace>
</detail>; nested exception is:
javax.xml.rpc.soap.SOAPFaultException: Exception during processing: java.lang.AssertionError: Bad password type: wsse:PasswordText (see Fault Detail for stacktrace)
This is the â€˜securityâ€™ tag of my â€˜web-services.xmlâ€™:
<security>
<spec:SecuritySpec xmlns:spec="http://www.openuri.org/2002/11/wsse/spec"
Namespace="http://schemas.xmlsoap.org/ws/2002/07/secext"
Id="default-spec">
<spec:UsernameTokenSpec xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
PasswordType="wsse:PasswordText">
</spec:UsernameTokenSpec>
</spec:SecuritySpec>
</security>
Thanks

Apply these debug flags, to get some more debug information from WSSE server side processing following debug flags are helpful:
-Dweblogic.webservice.security.debug=true
-Dweblogic.webservice.security.verbose=true

Web Service Security username token...

Hi All,
I am presently trying to build in security authentication into my web service using the username-token and the verify-username-token tokens.
My WS_stub.xml on the proxy side looks like the following:-
other tokens
<security>
<inbound/>
<outbound>
<username-token name="NAME" password="PASS" password-type="DIGEST" add-nonce="true" add-created="true"/>
</outbound>
</security>
other tokens
and my oracle-webservices.xml on hte web service side looks like the following:-
other tokens
<security>
<inbound>
<verify-username-token name="NAME" password="PASS" password-type="DIGEST"
require-nonce="true"
require-created="true"/>
</inbound>
<outbound/>
</security>
other tokens
I have set the javacache.xml for the embedded OC4J location as follows:-
</persistence>
<max-objects>1000</max-objects>
<max-size>48</max-size>
<clean-interval>60</clean-interval>
</cache-configuration>
When I run the web service followed by the proxy I get the following error at the proxy side.
javax.xml.rpc.soap.SOAPFaultException: Policy requires DIGEST passwords
     at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
     at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
     at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
     at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
     at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:60)
     at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:47)
Also it gives exceptions with repect to nonces such as "Policy requires nonce". Please could someone tell me how to setup an nonce in the xml files above and how to use nonce in web services?
Regards,
Lester.

Hi All,
Presently I am trying to set the security for my web service and am receiving the following error when doing so at the proxy side:-
oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException
     at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.createSoapFaultException(InterceptorChainImpl.java:338)
     at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleException(InterceptorChainImpl.java:256)
     at oracle.j2ee.ws.common.mgmt.runtime.InterceptorChainImpl.handleRequest(InterceptorChainImpl.java:128)
     at oracle.j2ee.ws.common.mgmt.runtime.AbstractInterceptorPipeline.handleRequest(AbstractInterceptorPipeline.java:87)
     at oracle.j2ee.ws.client.StubBase._preRequestSendingHook(StubBase.java:699)
     at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:147)
     at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
     at com.airliquide.smartcyl.runtime.TrailerWSSoapHttp_Stub.addtrailerinfo(TrailerWSSoapHttp_Stub.java:76)
     at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.addtrailerinfo(TrailerWSSoapHttpPortClient.java:62)
     at com.airliquide.smartcyl.TrailerWSSoapHttpPortClient.main(TrailerWSSoapHttpPortClient.java:49)
Process exited with exit code 0.
My WS_Stub.xml file under runtime of the proxy project looks as follows:-
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://trailerinfo/" localpart="TrailerWS"/>
<port-info>
<wsdl-port namespaceURI="http://trailerinfo/" localpart="TrailerWSSoapHttpPort"/>
<runtime enabled="security">
<security>
<key-store name="mytestkeystore" store-pass="mytestkeystore" path="C:\Temp\mytestkeystore.jks"/>
<signature-key key-pass="sampwd" alias="sam"/>
<encryption-key key-pass="davepwd" alias="dave"/>
<inbound>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key alias="dave"/>
<encryption-method>3DES</encryption-method>
<keytransport-method>RSA-1_5</keytransport-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
<operations>
<operation name='addtrailerinfo'>
<runtime>
<security>
<inbound/>
<outbound>
<username-token password-type="PLAINTEXT" add-nonce="false" add-created="true"/>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key alias="test"/>
<encryption-method>3DES</encryption-method>
<keytransport-method>RSA-1_5</keytransport-method>
<tbe-elements>
<tbe-element local-part="Body" name-space="http://schemas.xmlsoap.org/soap/envelope/" mode="CONTENT"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
My oracle-webservices.xml file looks like the following:-
<oracle-webservices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/oracle-webservices-10_0.xsd">
<webservice-description name="TrailerWS">
<port-component name="TrailerWSSoapHttpPort">
<runtime enabled="security">
<security>
<key-store name="mytestkeystore" store-pass="mytestkeystore"
path="META-INF/mytestkeystore.jks"/>
<signature-key key-pass="sampwd" alias="sam"/>
<encryption-key key-pass="davepwd" alias="dave"/>
<inbound>
<verify-username-token password-type="PLAINTEXT"
require-nonce="false"
require-created="true"/>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound>
<signature>
<signature-method>RSA-SHA1</signature-method>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<add-timestamp created="true" expiry="28800"/>
</signature>
<encrypt>
<recipient-key key-pass="" alias="dave"/>
<encryption-method>3DES</encryption-method>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbe-elements>
</encrypt>
</outbound>
</security>
</runtime>
<operations>
<operation name="addtrailerinfo"
input="{http://trailerinfo/}addtrailerinfoElement">
<runtime>
<security>
<inbound>
<verify-username-token require-nonce="false"
require-created="true"
password-type="PLAINTEXT"/>
<verify-signature>
<signature-methods>
<signature-method>DSA-SHA1</signature-method>
<signature-method>RSA-MD5</signature-method>
<signature-method>RSA-SHA1</signature-method>
</signature-methods>
<tbs-elements>
<tbs-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
</tbs-elements>
<verify-timestamp created="true" expiry="28800"/>
</verify-signature>
<decrypt>
<encryption-methods>
<encryption-method>AES-128</encryption-method>
<encryption-method>AES-256</encryption-method>
<encryption-method>3DES</encryption-method>
</encryption-methods>
<tbe-elements>
<tbe-element local-part="Body"
name-space="http://schemas.xmlsoap.org/soap/envelope/"
mode="CONTENT"/>
</tbe-elements>
</decrypt>
</inbound>
<outbound/>
</security>
</runtime>
</operation>
</operations>
</port-component>
</webservice-description>
</oracle-webservices>
I checked this exception out at hte following link
http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html#keystore
which lists hte instructions to secure a web service. The trouble shooting section lists this exception and says it might be due to a timestamp created flag being set to false. However I have made sure that both the client and service side xml files above have this set to true and are matching.
However I am still not able to eliminate this error. Please could someone help me out? This is urgent.
Regards,
Lester.

WSS Username token on AS ABAP

Similar Messages

Maybe you are looking for