Skip to Content
author's profile photo
Former Member

MessageSecurityException in SOAP Adapter using WebServiceSecurity

Hi all,

hopefully,someone can help me. In my scenario I send signed and encrypted messages via SOAP from XI to another one.

After testing, I get the following error:

SOAP: response message contains an error XIServer/UNKNOWN/RecoverableException - com.sap.aii.af.ra.ms.api.RecoverableException: java.security.PrivilegedActionException: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityException in Method: VerifyMessageLevelSecurity.run(). AccessControlException. Please check that your Code has the XiSecurityRuntimePermission.Context: com.sap.aii.af.security.impl.exception.MessageSecurityException: Exception in Method: verify( Message, byte[], CPALookupObject ). General exception, no further informations. Message: MessageSecurityContext in Method: verify( Message, byte[], CPALookupObject ). VerifyThread Message: VerifyException in Method: run(). Key: 0230; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: VerifyException in Method: run(). Key: 0230. To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: MessageSecurityContext in Method: verify( Message, byte[], CPALookupObject ). VerifyThread Message: VerifyException in Method: run(). Key: 0230; To-String: com.sap.aii.af.security.impl.exception.MessageSecurityException: VerifyException in Method: run(). Key: 0230. at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:919) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl3.process(ModuleLocalLocalObjectImpl3.java:103) at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:258) at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103) at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:167) at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:424) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241) at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at java.security.AccessController.doPrivileged(AccessController.java:207) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

I took a look in the XI Configuration Guide and found the chapter, that the WebServiceSecurity has to be enabled and in the Runtime-Workbench in the Component Monitoring the flag has to be green.

A few steps are given, to assign user roles.

My problem is,that I have a PI 7.10 and there is no guide for implementing in 7.10.

Does anybody know, what is the Expection caused and how to solve it?

Kind Regards

Christoph

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Oct 11, 2007 at 03:05 PM

    It is asking for "XiSecurityRuntimePermission" permission.

    Usually, you assign that for custom applications (beans, webdynpros etc) to access protected services (keystore for example).

    Check this: http://help.sap.com/saphelp_nw70/helpdata/en/43/a52f2e63161bbfe10000000a1553f7/frameset.htm

    It is strange that the soap adater doesnt have that by default.

    Anyway, you could try to assign this permission (as described in the document above) for the SoapAdapter bean (check the actual name of the bean in the module tab of the communication channel).

    Regards,

    Henrique.

    Add comment
    10|10000 characters needed characters exceeded