Hi,

I will check it and tell you if it answers my problem.

If it acts like the WS security of .Net so it is the solution.

I will update you in few days (I do not forget the points).

Thanks.

Hi,

I read the doc you posted.

Here is what I am trying to do :

I created a simple web service.

I want to securise it.

This is the code :

try {

HelloWorldWebService2Impl service2 = new HelloWorldWebService2Impl();

Remote remote = service2.getLogicalPort(HelloWorldWebService2ViDocument.class);

HelloWorldWebService2ViDocument helloWS = (HelloWorldWebService2ViDocument)remote;

BaseGeneratedStub stub = (BaseGeneratedStub)remote;

SecurityProtocol securityProtocol =(SecurityProtocol)stub._getGlobalProtocols().getProtocol("SecurityProtocol");

AuthenticationContext authenticationContext= securityProtocol.getAuthenticationContext();

authenticationContext.setUsername("myUser");

authenticationContext.setPassword("myPassword");

System.out.println(helloWS.sayHelloWorld("Mister John"));

} catch(Exception e) {

e.printStackTrace();

}

Is it OK ? Did I miss something ?

I put a wrong password and it still success to call the web service.

When it will work with simple authentication, I would like to use digital signature to secure my web service.

Thanks a lot.

Hi David,

If the call to your ws is still working if you put in a wrong password, it seems you ws does not require authentication. You may want to check it using the wsnavigator. If you call it via the wsnavigator, are you asked for username/password?

Concerning document security with XML signatures: document security can only be applied on deployable proxies. For standalone proxies pieces of the infrastructure like the keystore service is missing.

Do you have the possibility using a deployable proxies?

Regards,

Martijn

Hi Martijn,

If I try to execute the ws with the wsnavigator, there are no username a nd password required.

I will configure the ws to use basic authentication.

I do not success calling a deployable proxy.

I try it many ways but without success.

If you can help me with this issue it would be really good.

I read that tere is a way to secure with digital signature a standalone proxy : please look at http://help.sap.com/saphelp_nw04/helpdata/en/ab/c955e2e2d24a888127f211f2d5043f/frameset.htm

Thanks for the clarifications.

Message was edited by: David Fryda

Hi David,

In what problems are you running with deployable proxies?

From where do you intend to call a deployable proxy?

Regards,

Martijn

Hi Martijn,

I deploy the Deployable Proxy on the J2ee engine server.

I create on my localhost a simple Java client (not a servlet).

I try to lookup to the proxy but it fails.

By the way, are you sure that you cannot call a proxy stanadlone with digital signature as security ?

Thanks

Hi David,

the link you mentioned describes the security protocol for standalone proxies. That one only supports transport security (SSL, username/password etc.).

For deployable proxies, security is configured in the IDE/Visual Administrator.

Deployable proxies can only be called from a Java class running on the application server. How do you call the simple Java class on the app server?

Regards,

Martijn

Hi,

Another good check is to directly do test the lookup using telnet:

On windows, open a console and type:

telet <host> <http-port>+8

(i.e. telnet localhost 50008)

Login: Administrator
Password:
>jump 0
You jumped on node 25793750.
>add naming
>lookup /wsclients/proxies/sap.com/

You can also see the name in the JNDI service in the Visual Administrator.

Regards,

Martijn

Hi Martinj,

I did not success to do what you've told me about the

lookup /wsclients/proxies/sap.com/.

It says : Can't find command 'lookup'.

Here is what I try to code .

try {

Properties props = new Properties();

props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sap.engine.services.jndi.InitialContextFactoryImpl" );

props.put(Context.PROVIDER_URL,"server:50004");

props.put(Context.SECURITY_PRINCIPAL, "myUser");

props.put(Context.SECURITY_CREDENTIALS, "myPassword");

InitialContext ic = new InitialContext(props);

NamingEnumeration enum = ic.list("sap.com");

while(enum.hasMore()) {

NameClassPair pair = (NameClassPair)enum.next();

System.out.println(">> " + pair.getName());

}

ic.close();

} catch(Exception e) {

e.printStackTrace();

}

System.out.println("END");

I do get a list containing the EAR files that I deployed for the EJBs. But I do not sea the Deplyable Proxy.

How is it ?

Finally, are you certain about the fact that I cannot call a stanalone proxy with digital signature ?

Thanks.

Message was edited by: David Fryda

Hi David,

Did you enter the commands:

1) jump 0

2) add naming

Concerning your code example: I'm a bit irritated because you give username and password to obtain the initialcontext?

Normally when running inside the server, you only need to write Context ctx = new InitialContext();

Note: Deployable proxies are only callable from Java components running on the server (i.e. Servlet, EJB, Web Dynpro application, Web Service or any Java class called from one of the above).

Best Regards,

Martijn

Hi Bhavik,

The name of my proxy is SampleWSProxy_PRX.

The name of its package is : samplews.proxy

If I write :

Object ob = ic.lookup("/wsclients/proxies/sap.com/SampleWSProxy_PRX/samplews.proxy"), I get an Exception :

com.sap.engine.services.jndi.persistent.exceptions.NameNotFoundException: Object not found in lookup of samplews.proxy.

IfI write :

Object ob = ic.lookup("/wsclients/proxies/sap.com/SampleWSProxy_PRX");

I do not get any Exception.

Why can I see the deplyable proxy when I code the following :

NamingEnumeration enum = ic.list("sap.com");

while(enum.hasMore()) {

NameClassPair pair = (NameClassPair)enum.next();

System.out.println(">> " + pair.getName());

}

Thanks for your help.

Hi Bhavik,

I did try to list what is under wsclients...but without success. Here is the exception I got : com.sap.engine.services.jndi.persistent.exceptions.NotContextException: list operation failed; webservices either is not a context, or is a foreign context.

I am trying to access the proxy from a Standalone Java class that is not on the same machine than the J2EE engine server.

About the vVisual admistrator, I do not have access to it....no privileges given from the IT team. Is there another way to be sure of the path ?

Thanks a lot.

Hi Bhavik,

I try to list the wsclients like I listed the sap.com.

I only got an Excpetion.

I think I should first see it listed and after I should try calling it...So how is it that I cannot liste wsclients ?

Thanks !

Sorry...I juste do the following and I got the liste of the proxies :

NamingEnumeration enum = ic.list("wsclients/proxies/sap.com/");

Checking the lookup now...

Message was edited by: David Fryda

Hi Bhavik,

Sorry...the lookup doesn't work.

Here is what I wrote :

ic.lookup("wsclients/proxies/sap.com/SampleWSProxy_Project/com.merkava.proxy.SampleWSProxy");

Here is the exception :

com.sap.engine.services.jndi.persistent.exceptions.NameNotFoundException: Object not found in lookup of com.merkava.proxy.SampleWSProxy.

By the way, I do not use ejb20.jar file...I use the p4.jar file.

The following doesn't return me an exception :

ic.lookup("wsclients/proxies/sap.com/SampleWSProxy_Project");

Is it ok ?

Message was edited by: David Fryda

Hi Bhavik,

I get this :

com.sap.engine.services.jndi.persistent.exceptions.NameNotFoundException: Object not found in lookup of com.merkava.proxy.SampleWSProxy.

If I do :

Object ob = ic.lookup("/wsclients/proxies/sap.com/SampleWSProxy_Project");

There are no exception....

Is there something that is not configured ?

Thanks.

All I am trying to do is to call a web service with digital signature...

Can I do it with standalone proxy ?

Thanks

Hi David,

Digital signatures are only available for deployable proxies as outside the J2EE engine the infrastructure like keystore is not available. But if I understood your answer correctly, you are not running on the engine, but in a different JVM on the same machine.

In that case deployable proxies are not usable.

Regards,

Martijn de Boer

Hi Martinj,

I am running my standalone Java standalone class on a <b>different</b> machine than the J2EE Server.

So, you are telling me that there is no way to securise the web service with digital signature ????

Thanks.

Hi,

For standalone proxies you only have the choice to use transport security, WS Security is not supported for standalone proxies.

In case you want to use certificates, I'd recommend SSL with client certificates for authentication.

This is supported on standalone proxies.

Best Regards,

Martijn

Hi everyone,

1) Can someone finally tell me how to securise my standalone proxy and with which security ?

Everyone seems to tell something else about it.

2) About the Pdeployable proxy, is it or is it not possible to call it from a java standalone class ?

Thanks everyone.