Weblogic 8.1 Webservice Client Proxy Authentication not working - weblogic.developer.interest.webservices.general(Archived)

We have a desktop console based Weblogic webservices client application that uses client stubs to establish the connection and communicate with the server where the WSDL was hosted.
We are facing a problem in authenticating the Proxy user with valid credentials.
We are using the following code to set the system properties and Authenticator class to authenticate the proxy user.
//Code Segment #1
Code:
System.setProperty("http.proxyHost", proxyHost);System.setProperty("https.proxyHost", proxyHost);
System.setProperty("weblogic.webservice.transport.http.proxy.host",proxyHost);
System.setProperty("weblogic.webservice.transport.https.proxy.host",proxyHost);
System.setProperty("http.proxyPort", proxyPort);
System.setProperty("https.proxyPort", proxyPort);
System.setProperty("weblogic.webservice.transport.http.proxy.port",proxyPort);
System.setProperty("weblogic.webservice.transport.https.proxy.port",proxyPort);
//System.setProperty("http.proxyType", "basic");
//System.setProperty("https.proxyType", "basic");
//System.setProperty("http.proxy.auth.type" ,"ntlm"); //This is not showing any impact
System.setProperty("http.proxyUser", "bsil\\ashok.kumar");
System.setProperty("https.proxyUser", "bsil\\ashok.kumar");
System.setProperty("http.proxyPassword", " xyzddd");
System.setProperty("https.proxyPassword", "xyzddd");
Authenticator.setDefault(new MyAuthenticator());
//Inner class
public static class MyAuthenticator extends Authenticator {
protected PasswordAuthentication getPasswordAuthentication() {
String username = System.getProperty("http.proxyUser");
     String password = System.getProperty("http.proxyPassword");
     return new PasswordAuthentication(username, password.toCharArray());
}
}
We are using following code initialize the stubs (Which internally opens a connection to the given endpoint base URL)
//Code Segment #2
Code:
SessionService_Impl sessionService = new SessionService_Impl(getEndPointURL(SessionServicePort.class));
port = sessionService.getSessionServicePort();
return port;
Using above code it always throws the following exception:
Code:
weblogic.webservice.tools.wsdlp.WSDLParseException: Failed to retrieve WSDL from https://apiclienttest.intralinks.com:443/webservices51/SessionService?WSDL. Please check the URL and make sure that it is a valid XML file [java.io.IOException: Proxy authenticator  failed: java.lang.ClassNotFoundException: ]
if i replace the above code (Code Segment #2) to as bellow with Code Segment #3 then its working as expected. But we have been told that the Code Segment #2 is required as shwon above for the Weblogic ClientTimeout seconds feature so we cant replace the Code Segment #2 with Code Segment #3 since we don?t want to miss the ClientTimeout seconds feature for the application.
//Code Segment #3
Code:
SessionService_Impl sessionService = new SessionService_Impl();
          SessionServicePort sessionServicePort = sessionService.getSessionServicePort();
          ((SessionServicePort_Stub) sessionServicePort)._setProperty("javax.xml.rpc.service.endpoint.address", endPointBaseURL+"SessionService");
return sessionServicePort ;
why the Proxy authentication is failing with the Code Segment #2 and why it is passing in case of Code Segment #3
The endpoint base URL we are hitting is hosted on Weblogic server 9.0 (which is hosted at client side in US so it is behind our firewall).
Is some thing more do we need to do in Authenticator class???
Please help me if any one has worked on proxy server authenticator in java.

Related

Web Services interoperability issue (Weblogic and Apache)

Hi,
I am trying to test out the interoperability between Weblogic (WLS 6.1),
Apache SOAP 2.2 and IBM WSTK 2.4.
In the process, I have written a simple web service (ShipConsignment) which
as of now, just acts as a ping service.
It takes ShipConsignmentInfo (custom Java Object which complies to Java Bean
Standards) as input and returns the same object back.
This service is deployed on IBM's WSTK (using embedded websphere supplied).
I am trying to call this service using Apache, WSTK and Weblogic Web Server
Client API.
While I am able to successfully do this with Apache SOAP toolkit and WSTK
client, using Weblogic it fails.
Here is the sample client code that I am using:
try {
Properties h = new Properties();
h.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.soap.http.SoapInitialContext
Factory");
h.put("weblogic.soap.verbose", "true" );
Context context = new InitialContext(h);
WebServiceProxy proxy = (WebServiceProxy)context.lookup(/* WSDL URL */
WSDL_URL_WEBLOGIC);
System.out.println(proxy);
method = proxy.getMethod(METHOD);
ShipConsignmentInfo value = (ShipConsignmentInfo)(method.invoke(new
Object[]{new ShipConsignmentInfo()})); // Line 209
System.out.println("Successfully sent Shipping Info for : " + value);
} catch(Exception e) {
e.printStackTrace();
}
Here is the Exception I get:
java.lang.ClassCastException: weblogic.soap.xml.XMLObject
at
com.mindtree.webservicesdemo.shipping.ShipConsignmentClient.shipConsignmentW
eblogic(ShipConsignmentClient.java:209)
at
com.mindtree.webservicesdemo.shipping.ShipConsignmentClient.shipOrders(ShipC
onsignmentClient.java:166)
at
com.mindtree.webservicesdemo.shipping.ShipConsignmentClient.main(ShipConsign
mentClient.java:309)
Exception in thread "main"
com.mindtree.webservicesdemo.shipping.ShipConsignment
Exception: SOAPException (weblogic.soap.xml.XMLObject):
at
com.mindtree.webservicesdemo.shipping.ShipConsignmentClient.shipConsignmentW
eblogic(ShipConsignmentClient.java:217)
at
com.mindtree.webservicesdemo.shipping.ShipConsignmentClient.shipOrders(ShipC
onsignmentClient.java:166)
at
com.mindtree.webservicesdemo.shipping.ShipConsignmentClient.main(ShipConsign
mentClient.java:309)
From the stack trace it looks like the error happens when the return value
from the web service is being casted to ShipConsignmentInfo.
The "invoke" method seems to be returning an instance of
weblogic.soap.xml.XMLObject instead of ShipConsignmentInfo which is giving
the ClassCastException.
Can somebody throw some light on what is wrong ? Am I missing something here
?
There is no problem when the object is sent across, since the web service
(running on WSTK) has successfully received it.
Thanks in Advance,
Kishan

CLIENT-CERT - UserNameMapper problem

Hi,
I have a client, wich sends a soap-message, containing a username, to a
webservice, that responds with "hello, <username>". The communication
is over ssl. The webservice is running in a weblogic server 7.0 sp1.
I have 2-way ssl working. Now I'm trying to restrict access to the
web-service.
I changed the web.xml of the web-service to require BASIC as
auth-method. This works fine.
Then I changed BASIC to CLIENT-CERT in the web.xml.
I changed the active type of the defaultIdentityAsserter to X.509.
I implemented a UserNameMapper class, which prints data of the presented
certificate, and returns a username, that exists in the
embedded-ldap-realm of weblogic server, and that has the right to
execute the webservice (it works with BASIC auth).
I put the name of the UserNameMapper class in the
defaultIdentityAsserter, and I included it in my classpath.
The UserNameMapper is working, because the data of the certificate is
printed on stdout. But I get a 401 (Unauthorized)-error code when trying
to access the web-service.
Can someone give me a hint on what I'm mising?
Thanks,
Noella
************* code of UserNameMapper *********************
import java.security.cert.*;
public class VZNUserNameMapper implements
weblogic.security.providers.authentication.UserNameMapper{
public VZNUserNameMapper() {
}
public String mapCertificateToUserName(X509Certificate[] certs,
boolean ssl) {
System.out.println(certs[0].getSubjectDN().toString());
return "noella";
}
public String mapDistinguishedNameToUserName(byte[]
distinguishedName) {
return null;
}
}

Calling .NET NTLM webservice through Oracle Service Bus

Hi,
I need to call a .Net backend service using NTLM authentication through an Oracle Service Bus Business Service.
The issue is that there is no out-of-the-box support for NTLM in OSB.
If possible I would like to avoid calling a client to handle the request/response using eg. JCIFS, like stated earlier in this thread.
Is this possible?? And which steps are needed?
Thanks in advance....
P.s. the username and password are dynamic and should be pass-through from client to backend service. 
Raise a case with support for your issue. AFAIK, NLTM is still not supported. Get a formal confirmation from support.
Regards,
Anuj 
The OSB does not support NTLM authentication so you must create your own JAR file to do the authentication for you, add it as a resource in your OSB project, and then use a Proxy Service to do a Java Callout to your JAR file.
Your Java code can perform NTLM authentication via the following method:
private static void authenticate(final String username, final String password) {
Authenticator.setDefault(new Authenticator() {
#Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password.toCharArray());
}
});
}
You must also be careful not to use the default URL constructor! The JAR will work from the commandline, but once deployed to the OSB it will use the WLS HTTP handler bydefault and authentication will fail with an exception like this:
java.io.FileNotFoundException: Response: '401: Unauthorized' for url: 'http://your.domain.here/default.aspx' at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:474)...
So, instead of constructing your URL like this:
URL url = new URL(yourURL);
HttpURLConnection http = (HttpURLConnection) url.openConnection();
Try this instead:
URL url = new URL(null, yourURL, new sun.net.www.protocol.http.Handler());
HttpURLConnection http = (HttpURLConnection) url.openConnection(); 
Re: How to enable NTLM authentication in OSB???

Jdeveloper WS proxy error while invoking  web service deployed on weblogic

Hello experts, can you please help me. I have web service deployed on weblogic server.
I have not set any credential for this web service. I can test the service from SOAPUI without providing any credentials.
Then I generated WS proxy client using Jdeveloper. When I try to run the client, I do not know why I get security execption (shown below) eventhough I have not secured the web service deployed on weblogic server.
java.lang.SecurityException: keyStoreFilename is either null or empty string
     at weblogic.wsee.security.util.CertUtils.getCertificate(CertUtils.java:87)
     at pilot1.ContactWSPortTypePortClient.getBSTCredentialProvider(ContactWSPortTypePortClient.java:104)
     at pilot1.ContactWSPortTypePortClient.setPortCredentialProviderList(ContactWSPortTypePortClient.java:78)
     at pilot1.ContactWSPortTypePortClient.main(ContactWSPortTypePortClient.java:46)
Process exited with exit code 0.
Here is my client class :
public static void main(String[] args) {
try {
contactWSService = new ContactWSService();
ContactWSPortType contactWSPortType = contactWSService.getContactWSPortTypePort();
Map<String, Object> requestContext = ((BindingProvider) contactWSPortType).getRequestContext();
setPortCredentialProviderList(requestContext);
// Add your code to call the desired methods.
// QueryPageInputSecondPage qpisp= new QueryPageInputSecondPage(); //I have commented it in order to resolve security issue
System.out.println("Inside the client class");
} catch (Exception ex) {
ex.printStackTrace();
}
Inside the method setPortCredentialProviderList(), I have not provided any credentials, keystores etc. Because weblogic is not setup with SSL and also I have not set up any authorization or authentication for the web service. I do not know why I am able to test it through SOAPUI and why not using WS proxy.
Appreciate your quick response.
thanks a lot
jyothi

Basic authentication in client on WLS

Hello all,
I've been breaking my head over an issue with a webgui that I am creating with Java servlets involving a web service.
I am accessing this service using JAX-WS, but the issue is that the service requires basic authentication on both the WSDL and the methods. There are many resources online describing how you can solve this using a default authenticator and using Sun's http handler, but I cannot get it working on Weblogic Server 10.3.6.0.
If I create a unit test in my project with the mentioned solutions applied it runs like a charm, but as soon as I deploy it to WLS I get 401 unauthorized messages.
A small example:
Authenticator.setDefault(new Authenticator() {
     #Override
     protected PasswordAuthentication getPasswordAuthentication() {
     return new PasswordAuthentication(
          "username",
          "password".toCharArray());
     }
});
URL url = new URL(null, "http://myhost:5301/myservice?wsdl", new sun.net.www.protocol.http.Handler());
QName qname = new QName("http://myhost", "myservice", XMLConstants.DEFAULT_NS_PREFIX);
MyService service = new MyService(url, qname);
The 401 is thrown at the last line (creation of the service), which does not yet make an actual call. Most other solutions mention to add the username and password to the requestcontext, but that is only applicable after you create the service-object and get a port from it.
Does anybody have any idea?
Regards,
Ramon
Edited by: Ramon on 7-jun-2013 11:44

Categories

Resources