XI 3.0 Webservices and security

Similar Messages

• Web Service and security....

  Hi everyone,
  I wanted to know if someone suceeded to call a web service via a Java standalone class using a Deployable Proxy ?
  If yes, can someone gives me all the steps ?
  Thanks a lot for your help.
  NB : I succeeded calling a web service via Standalone Proxy. But I want to securize the call to the web service.
  I noticed that I cannot use SSL with Standalone Proxy.
  If I am missunderstanding something, please let me know.

  Hi David,
  Yes, you cannot use SSL with standalone proxy.
  you can use document security for deployable proxy as i suggested you before in you earlier posts.
  Follow these steps:
  1. Specify document security as authentication mechanism in web service configuration file.
  2. In security tab in this file, choose username+encryption for request and none for response.
  2. deploy your web service.
  3. Create deployable proxy for this web service.
  4. ensure security options for this proxy is also set to document authentication.
  5. Deploy this proxy on the server.
  6. Go to visual administrator and there check whether XMLEncryption certificate is available under WebserviceSecurity view. If not then create private and public key with name XMLEncryption and XMLEncryption-cert respectively.
  7. Assign this certificate to your webservice and proxy in the services, "Web services seurity".
  8. write code in Standalone java class to call your pproxy.
  Regards,
  Bhavik

• Web services and security

  hi, i've successfully programmed a labview webservice and its all working fine, but im using a computer with public IP, and i can access to this webservice just typing the adress like in the webservices examples. my question is how can i create an authentication in a way that only the person with credentials can access his service? There are an easy way to have variables connected directtly connected to vi to verify the users before using the service?

  Have a look at this document and post back if you still have questions after reading it:
  LabVIEW Web Services Security
  Adnan Zafar
  Certified LabVIEW Architect
  Coleman Technologies

• Jax RPC and security

  Hello
  i have a little question about the jax rpc and security stuff
  i have a webservice running
  once over http://localhost:8080/appl/service
  and over ssl too http://localhost:8443/appl/service
  i am starting the server and then the client is generating static stubs over the ...8080/appl/ws/service?WSDL
  is it possible to let the client application generate the stubs over the https port?
  or do i have to secure the files on port 8080 via authentication then let the ClientDeveloper download the wsdl-files and let him then create the stubs with a local copy of the wsdls?
  Any sugestions?
  Thx for any Ideas
  Michael / Adraw

  Michael / Adraw,
  Sorry for piggybacking on your request but I see you have your web service running on over SSL. When I tried that with the jwsdp 1.3 I am unable to browse pages over SSL with netscape and I can not connect with a client web services application (written in java).
  Are you able to do this with jwsdp 1.3??
  Brian Mason
  [email protected]

• RFC- WebServices with Security Features

  Hi
  I have to execute one scenario RFC - WebServices with security features. Kindly let me know where or how can I implement the secuirty features in this scenario. Any documentation/blog/ thread are welcome to undestand about implemeting the  secuirty features for this scenario.
  Regards
  Ramesh

  Hi Ramesh,
    Check this:
  http://help.sap.com/saphelp_nwpi71/helpdata/en/45/504971f7a708d2e10000000a11466f/frameset.htm
  http://help.sap.com/saphelp_nwpi71/helpdata/en/87/0827a8d6e04a2a8f822f9c51fa7ef2/frameset.htm
  and
  http://help.sap.com/saphelp_nwpi71/helpdata/en/37/1a9b6a338cca448508f3a48d2d1e2d/frameset.htm
  Regards,
  Ravi Kanth Talagana

• How to extract data via webservices and configure webservices in BI 7

  Hi to all,
  Can any body tell me How to extract data via webservices and configure webservices in BI 7.
  i have created a remote functionmodule which extract data from R/3 , now i want to upload data to BI 7 using that remote function module.
  i have use webservice (push) as adapter mode, as i want to connect function module with SOAP , via web services.
  please can any body tell how to do that.
  also how to configure the webserive , what is it .
  I SHALL BE THANKFULL TO YOU FOR THAT
  Regards
  Pavneet rana

  Hi,
  1. Using the function library (transaction SE37), call the Web service creation wizard.
  To do this, select the desired function module in the function library and choose Utilities ®Generate Web Service ® From the Function Module.
  2. Go through the following steps, shown in the wizard:
  a. Create a virtual interface.
  The virtual interface represents the interface between the Web Service and the outside.
  b. Choose the end point.
  The name of the function module that is to be offered as Web service is already entered here.
  c. Create the Web service definition.
  The Web service definition helps with assigning the Web service features, such as how security can be guaranteed in data transfer.
  d. Release the Web service.
  The wizard generates the object virtual interface and Web service definition in the object navigator.
  The function group that was generated when the XML DataSource was created is not transportable and is thus assigned to a local package. To prevent errors due to transports, make sure that the objects that were generated in the Web service creation wizard are assigned to a local non-transportable package.
  The Web service is released for the SOAP runtime.
  3. In the virtual interface for the import parameter DATASOURCE, define the name of the XML DataSource as the fixed value.
  A separate function group is generated for each XML DataSource. It makes sense to pre-assign the parameter DATASOURCE with the name of the XML DataSource in the virtual interface of the Web service for which the function group was generated.
  If you do not pre-assign the parameter, it will be necessary to transfer the data sent with the appropriate filled DataSource element, for example, by setting the value in the application that implements the Web service.
  a. In the object navigator, choose the name of the package in which the Web service was created and choose Enterprise Services ® Web Service Library ® Virtual Interfaces.
  b. Choose Change in the context menu for the virtual interface.
  c. For the virtual interface, remove the flags exposed and initial and enter the name of the XML DataSource in apostrophes, for example u20196ADATASOURCENAMEu2019.
  d. Activate the virtual interface.
  Regards,
  Marasa.

• How does Webservices and EJB's differ?

  I have to call some of the api's from the remote application.I just wanted to know which would be better approach to call those methods?Should i do with EJB or webservices?

  The main advantage of using webservices is to decouple the client and endpoint as much as
  possible. This gives you the flexibility of coding the client with a variety of technologies, not
  just Java. It is also a better choice if the client is being developed by either another organization
  or is running outside your firewall.
  However, with loose coupling comes some disadvantages. The development model is
  a bit more complex than using Remote EJB. It is also more difficult to portably
  support transaction and security propagation.
  --ken                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• [ANN] Online seminar - Web services management and security seminar

  Join us now (Thu 09:00am) for a live seminar about Web services management and security here:
  http://www.oracle.com/technology/tech/java/newsletter/seminars.html

  I have got the following error when i run the WebServicesAssembler.jar
  D:\Oracle\Oc4j\j2ee\home>java -jar d:/oracle/oc4j/webservices/lib/WebServicesAss
  embler.jar -config etc/config.xml
  Exception in thread "main" java.util.zip.ZipException: The system cannot find th
  e path specified
  at java.util.zip.ZipFile.open(Native Method)
  at java.util.zip.ZipFile.<init>(ZipFile.java:105)
  at java.util.jar.JarFile.<init>(JarFile.java:110)
  at java.util.jar.JarFile.<init>(JarFile.java:52)
  D:\Oracle\Oc4j\j2ee\home>java -jar WebServicesAssembler.jar -config etc/config.x
  ml
  Exception in thread "main" java.lang.InstantiationException: Unknown deployment
  tag in JMS Web Service Example: <option>
  at com.evermind.xml.XMLConfig.parseDeploymentMainNode(XMLConfig.java:293
  at oracle.j2ee.ws.tools.WsAssemblerConfig.parseDeploymentMainNode(WsAsse
  mblerConfig.java:68)
  at com.evermind.xml.XMLConfig.parseRootNode(XMLConfig.java:268)
  at com.evermind.xml.XMLConfig.init(XMLConfig.java:147)
  at com.evermind.xml.XMLConfig.init(XMLConfig.java:88)
  at oracle.j2ee.ws.tools.WsAssemblerConfig.init(WsAssemblerConfig.java:30
  at oracle.j2ee.ws.tools.WsAssembler.main(WsAssembler.java:17)

• Changes to trusted.conf and security.conf

  To allow external connections to our Apache server I am told we must configure the trusted.conf and security.conf files.
  Below are some examples in our trusted.conf file. We have an external user who wants to get acces but I am not sure what information I need to be gleaning from him: hostname? IP?. Below, in the examples, I see no ip addresses nor hostnames.
  And I am also not sure about how to configure / enter information in the security.conf file.
  Thanks.
  <Location ~ "/(oa_servlets|servlets|servlet|jsp|configurator|mobile|forms|discoverer4i|emailcenter|soap/servlet|webservices|
  dmsOACore|dmsDisco|dmsForms|pricing)/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml" >
  Order deny,allow
  Deny from all
  Allow from localhost
  Allow from %oacore_fwk_nodes%
  </Location>
  <Location ~ "/(oa_servlets|servlets|servlet|jsp|configurator|mobile|forms|discoverer4i|emailcenter|soap/servlet|webservices|
  dmsOACore|dmsDisco|dmsForms|pricing)/IsItWorking">
  Order deny,allow
  Deny from all
  Allow from localhost
  Allow from %oacore_fwk_nodes%
  </Location>

  Hi Dan,
  Is that it? Just list the IP address ? To allow a connection from 173.00.00.0 ip, all i need to include is this:
  Deny from all
  Allow from 173.00.00.0Correct.
  Also, what of the security.conf?A fully functioning configuration of security.conf is attached in the following document.
  Note: 287176.1 - DMZ Configuration with Oracle E-Business Suite 11i
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=287176.1
  Regards,
  Hussein

• I have forgotten my apple security questions, when I go to My Apple ID and click on password and security, there is no option to reset my security questions even though I have a rescue email adress, how do i reset my security question ?

  I have forgotten my security questions but when I click on My Apple ID and got to password and security, there is no option to rest my questions and/or send my self a rescue email, what do I do now ?

  You need to contact Apple. Click here, phone them, and ask for the Account Security team, or fill out and submit this form.
  (89174)

• Start up problems after Safari 3.1 and Security update

  Updated safari and security update last night.
  Safari downloaded and installed but there was an error downloading or installing the security update, I forgot.
  After I restarted everything booted up fine, but was stuck on "Starting Mac OS X" screen.
  Did a fsck and zap the pram, still stuck.
  Today I tried booting up in safe mode, stuck on the gray screen with the apple logo.
  Then I tried booting up from an external firewire dvd drive. Repaired permissions, repaired the disk, but it is still stuck on "Starting Mac OS X" screen. Help please...
  Thank you

  Ok i had a similar problem, with all the recent updates for Leopard, including the 10.5.2 combo update... the 12" PowerBook G4 kept getting stuck on the grey apple and spinning wheel... if it managed to get past this it would get stuck on the blue screen!!!
  The way i got around this, after trying all these other tips was: Archived & Installed 10.5; restarted, waited; downloaded 10.5.2 Combo update, installed; restarted, waited; waited; waited; after getting back to desktop, restarted, waited; then ran Software Update only installing one at a time, and after each install, restarted, waited; when all Software updates completed, proceeded with iLife updates etc... It took a while (still quicker than the 3 days of failed installs and updates) with a lot of waiting on the blue screen (5-20mins) but we got there in the end. Disks where checked with Leopard Disk Utility before and after, permissions where checked before and after completing all installs, also with a DW 4.1 optimization. Also note worthy is the RAM was upgraded from the initial 256Mb (!!!) with an extra Gb.

• Bursting with translation and security attributes?

  Hi folks,
  I've been lurking on the forum for a while and despite not always finding a solution, existing threads normally pointed me in the right direction - so thanks :)
  I'm working on EBS 11.5.10 with the latest Bi-Publisher 5.6.3 (5472959) and bursting (5968876) patches installed.
  I have successfully done the following individual AR Invoice Bi-Publisher tasks:
  1. translated an invoice RTF template by attaching an xliff file to the data definition,
  2. applied security attributes to the template to restrict updates on the resulting PDF,
  3. burst a custom AR invoice print and emailed the resultant pdf's.
  The PDF generated by the combined Invoice print correctly applies the translation and security attributes; however when I run the "XML Publisher Report Bursting Program" to the XML file the resultant burst PDF's do not apply the translation or security attributes. I assume this a limitation of bursting control files? If so, is this on the list of future enhancements to Bi-Publisher?
  Here's an example of my control file document entry, I have included locale and pdf-security entries - these don't cause an error but equally don't generate the desired result (p.s. I know I'm emailing on a PRI filter - it's just a test):
  <xapi:document output-type="pdf" delivery="att_email">
  <xapi:template type="rtf"
  location="/usr/tmp/xxxINVOICE3.rtf"
  locale="fr-US"
  pdf-security="true" pdf-encryption-level="1" pdf-permissions-password="xxxxxx"
  filter=".//G_INVOICE_HEADER[PRINTING_OPTION='PRI']" >
  </xapi:template>
  </xapi:document>
  Thanks
  Dave

  =================
  ==Properties Idea's
  =================
  You would have happened to try applying the security stuff in the application for your template? Try that and see if the pdf properties get set.
  If that doesn't work your left with two options:
  1. create a java concurrent program and set the properties manually.
  2. Log a tar.
  =================
  ==local idea's
  =================
  Are you sure you don't have to create template config for the locale? i suspect that's why it's not applying the xliff translation. Also, your NLS_LANG needs to be set to FRENCH for the approriate template to be applied. If your logged-in as english your french format template will not be applied, neither will the translation. As an example you can query vl table and you'll only get american (us) but if you alter your session you'll get the translation for that language when your query the table.
  location="xdo://xxxAR.xxx_XML_PRINT.fr.US"
  try it out and see if that works. Note: This will only work if your session NLS_LANG is set to FRENCH.

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• HT2534 My friend created me an itunes store account with his credit card , his credit card is about to expire and they are asking me to re-enter the credit card and security card number .... I don't have these numbers ... How can i create new itunes accou

  My friend created me an itunes store account with his credit card , his credit card is about to expire and they are asking me to re-enter the credit card and security card number .... I don't have these numbers ... How can i create new itunes account without credit card?????

  Why do you need to create a new account?
  Just change the payment method.
  http://support.apple.com/kb/ht1918

• I forgot the answers for the security questions and when I try to change them (My Apple ID - Manage your account - Password and Security) I'm asked to answer the exact questions I'm Trying to change because I don't remember the answers. How can I do it?

  I forgot the answers for the security questions and when I try to change them (My Apple ID -> Manage your account -> Password and Security) I'm asked to answer the exact questions I'm trying to change because I don't remember the answers. How can I do it?

  Can't you try the email option instead?