Invoke a external secured web service (Amazon Web Service) through the HTTBC

> Hi all,
>
> I’am trying to consume a external WS (Amazon Web Service) through the
> HTTPBC. Since 15.08.09 Amazon accept only signed requests. When using
> SOAP-request with WS-Security, AWS expect SOAP-Header like this:
>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
> <SOAP-ENV:Header>
>   <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>
>   <wsse:BinarySecurityToken
>    
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>    
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>    
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
>     wsu:Id="CertId-1064304">
>         [Your base64 encoded X.509 certificate…]
>   </wsse:BinarySecurityToken>
>
>
>   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>     <ds:SignedInfo>
>     <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
>       <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
>
>      <ds:Reference URI="#id-17984263">
>         <ds:Transforms>
>           <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>         </ds:Transforms>
>         <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>         <ds:DigestValue>0pjZ1+TvgPf6uG7o+Yp3l2YdGZ4=</ds:DigestValue>
>      </ds:Reference>
>
>     <ds:Reference URI="#id-15778003">
>       <ds:Transforms>
>         <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>       </ds:Transforms>
>       <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>       <ds:DigestValue>HhRbxBBmc2OO348f8nLNZyo4AOM=</ds:DigestValue>
>     </ds:Reference>
>
>     </ds:SignedInfo>
>
>    
> <ds:SignatureValue>bmVx24Qom4kd9QQtclxWIlgLk4QsQBPaKESi79x479xgbO9PEStXMiHZuBAi9luuKdNTcfQ8UE/d
>      
> jjHKZKEQRCOlLVy0Dn5ZL1RlMHsv+OzJzzvIJFTq3LQKNrzJzsNe</ds:SignatureValue>
>
>     <ds:KeyInfo Id="KeyId-17007273">
>        <wsse:SecurityTokenReference
>        
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>         wsu:Id="STRId-22438818">
>         <wsse:Reference URI="#CertId-1064304"
>          
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
>         </wsse:Reference>
>       </wsse:SecurityTokenReference>
>     </ds:KeyInfo>
>
>   </ds:Signature>
>
>
>   <wsu:Timestamp
>    
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>     wsu:Id="id-17984263">
>     <wsu:Created>2006-06-09T10:57:35Z</wsu:Created>
>     <wsu:Expires>2006-06-09T11:02:35Z</wsu:Expires>
>   </wsu:Timestamp>
>
>   </wsse:Security>
> </SOAP-ENV:Header>
>
> http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?WSSecurity.html
> http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?WSSecurity.html 
>
> I import my certificate and private key issued by amazon in the
> GlassFish-KeyStore (keystore.jks). With this KeyStore i already could to
> consume the service with the SOAPUI successful. I tried to do the same with
> HTTBC but all my efforts filed. No matter how i configure the server and
> client Configuration on the service endpoint in the CASA-Editor, the
> security element of the SOAP-Header will never be send to the external
> service. I’am not sure whether this scenario is possible with GlasFish ESB v
> 2.1 that i using.
>
> I hope someone can tell me whether I trying to do something impossible or I
> do something wrong with the configurations on the HTTPBC.
>
>  

> Hi Sherry
>
> thank you very much for your prompt answer. What I’am tried to do all the
> time is option 2: To add the necessary policy elements to the configuration
> file (amazon.wsdl) of my composite application with the WS-Policy Attachment
> Editor. When I edit the “server configuration” on the amazon web service
> endpoint, the policy elements are added in the configuration file. The
> problem is that regardless how the server configuration is, the SOAP-Header
> of the request is always empty. I tried diverse server/ client
> configurations (mutual certificates security, message authentication over
> ssl, etc.) and I checked the signing option on the inuput message of the
> operation but all this without successes. The SOAP-Header of the request is
> always empty, how I see in the server.log.
>
> Best Regrads,
> perko
>
>
> SherryWeng wrote:
>  
>> Just confirmed the following with the Metro team:
>> Amazon service doesn't support policy in its wsdl, but there is an
>> example of how to enable the security programmatically on the client
>> side here:
>> https://jax-ws-commons.dev.java.net/source/browse/jax-ws-commons/trunk/ec2/src/main/java/com/sun/xml/ws/commons/EC2.java?rev=845&view=markup.
>> You'll need to use an EJB proxy to set things up for now.
>> Another option is to manually add the (required) policy into the compapp
>> configuration file, that is if you know what the Amazon service policy
>> looks like...
>>
>> HTH
>> --Sherry
>>
>> perko wrote:
>>    
>>> Hi all,
>>>
>>> I’am trying to consume a external WS (Amazon Web Service) through the
>>> HTTPBC. Since 15.08.09 Amazon accept only signed requests. When using
>>> SOAP-request with WS-Security, AWS expect SOAP-Header like this:
>>>
>>> <SOAP-ENV:Envelope
>>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
>>> <SOAP-ENV:Header>
>>>   <wsse:Security
>>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>>>
>>>   <wsse:BinarySecurityToken
>>>    
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>>    
>>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>>>    
>>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
>>>     wsu:Id="CertId-1064304">
>>>         [Your base64 encoded X.509 certificate…]
>>>   </wsse:BinarySecurityToken>
>>>
>>>
>>>   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>>>     <ds:SignedInfo>
>>>     <ds:CanonicalizationMethod
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
>>>       <ds:SignatureMethod
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
>>>
>>>      <ds:Reference URI="#id-17984263">
>>>         <ds:Transforms>
>>>           <ds:Transform
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>>>         </ds:Transforms>
>>>         <ds:DigestMethod
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>>>         <ds:DigestValue>0pjZ1+TvgPf6uG7o+Yp3l2YdGZ4=</ds:DigestValue>
>>>      </ds:Reference>
>>>
>>>     <ds:Reference URI="#id-15778003">
>>>       <ds:Transforms>
>>>         <ds:Transform
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>>>       </ds:Transforms>
>>>       <ds:DigestMethod
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>>>       <ds:DigestValue>HhRbxBBmc2OO348f8nLNZyo4AOM=</ds:DigestValue>
>>>     </ds:Reference>
>>>
>>>     </ds:SignedInfo>
>>>
>>>    
>>> <ds:SignatureValue>bmVx24Qom4kd9QQtclxWIlgLk4QsQBPaKESi79x479xgbO9PEStXMiHZuBAi9luuKdNTcfQ8UE/d
>>>      
>>> jjHKZKEQRCOlLVy0Dn5ZL1RlMHsv+OzJzzvIJFTq3LQKNrzJzsNe</ds:SignatureValue>
>>>
>>>     <ds:KeyInfo Id="KeyId-17007273">
>>>        <wsse:SecurityTokenReference
>>>        
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>>         wsu:Id="STRId-22438818">
>>>         <wsse:Reference URI="#CertId-1064304"
>>>          
>>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
>>>         </wsse:Reference>
>>>       </wsse:SecurityTokenReference>
>>>     </ds:KeyInfo>
>>>
>>>   </ds:Signature>
>>>
>>>
>>>   <wsu:Timestamp
>>>    
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>>     wsu:Id="id-17984263">
>>>     <wsu:Created>2006-06-09T10:57:35Z</wsu:Created>
>>>     <wsu:Expires>2006-06-09T11:02:35Z</wsu:Expires>
>>>   </wsu:Timestamp>
>>>
>>>   </wsse:Security>
>>> </SOAP-ENV:Header>
>>>
>>> http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?WSSecurity.html
>>> http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?WSSecurity.html 
>>>
>>> I import my certificate and private key issued by amazon in the
>>> GlassFish-KeyStore (keystore.jks). With this KeyStore i already could to
>>> consume the service with the SOAPUI successful. I tried to do the same
>>> with
>>> HTTBC but all my efforts filed. No matter how i configure the server and
>>> client Configuration on the service endpoint in the CASA-Editor, the
>>> security element of the SOAP-Header will never be send to the external
>>> service. I’am not sure whether this scenario is possible with GlasFish
>>> ESB v
>>> 2.1 that i using.
>>>
>>> I hope someone can tell me whether I trying to do something impossible or
>>> I
>>> do something wrong with the configurations on the HTTPBC.
>>>
>>>  
>>>      
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>>
>>    
>
>  

> Hi Sherry
>
> when I edit the Server Configuration with the WS-Policy Attachment Editor it
> creates the policy tags and it adds them to the AWSECommerceService.wsdl
> file in the Process Files folder.  It looks like this:
>
> <binding name="AWSECommerceServiceBinding"
> type="tns:AWSECommerceServicePortType">
>         <wsp:PolicyReference URI="#AWSECommerceServiceBindingPolicy"/>
>         <soap:binding style="document"
> transport="http://schemas.xmlsoap.org/soap/http"/>
> <operation name="Help">
>    <soap:operation soapAction="http://soap.amazon.com/Help"/>
>    <input>
> <soap:body use="literal"/>
>    </input>
>    <output>
> <soap:body use="literal"/>
>    </output>
> </operation>
> <operation name="ItemSearch">
>    <soap:operation soapAction="http://soap.amazon.com/ItemSearch"/>
>    <input>
> <soap:body use="literal"/>
>    </input>
>    <output>
> <soap:body use="literal"/>
>    </output>
> </operation>
> …
>     <service name="AWSECommerceService">
> <port name="AWSECommerceServicePort"
> binding="tns:AWSECommerceServiceBinding">
>    <soap:address
> location="https://ecs.amazonaws.com/onca/soap?Service=AWSECommerceServiceCommerceService"/>
> </port>
>     </service>
>     <wsp:Policy wsu:Id="AWSECommerceServiceBindingPolicy">
>         <wsp:ExactlyOne>
>             <wsp:All>
>                 <sc1:KeyStore wspp:visibility="private" storepass="changeit"
> type="JKS"
> location="D:\GlassFishESBv21\glassfish\domains\domain1\config\keystore.jks"
> alias="importkey" keypass="changeit"/>
>                 <sc1:TrustStore wspp:visibility="private"
> storepass="changeit" type="JKS"
> location="D:\GlassFishESBv21\glassfish\domains\domain1\config\cacerts.jks"/>
>                 <sp:SymmetricBinding>
>                     <wsp:Policy>
>                         <sp:ProtectionToken>
>                             <wsp:Policy>
>                                 <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
>                                     <wsp:Policy>
>                                         <sp:WssX509V3Token10/>
>                                         <sp:RequireIssuerSerialReference/>
>                                     </wsp:Policy>
>                                 </sp:X509Token>
>                             </wsp:Policy>
>                         </sp:ProtectionToken>
>                         <sp:Layout>
>                             <wsp:Policy>
>                                 <sp:Lax/>
>                             </wsp:Policy>
>                         </sp:Layout>
>                         <sp:IncludeTimestamp/>
>                         <sp:OnlySignEntireHeadersAndBody/>
>                         <sp:AlgorithmSuite>
>                             <wsp:Policy>
>                                 <sp:Basic128/>
>                             </wsp:Policy>
>                         </sp:AlgorithmSuite>
>                     </wsp:Policy>
>                 </sp:SymmetricBinding>
>                 <sp:Wss11>
>                     <wsp:Policy>
>                         <sp:MustSupportRefIssuerSerial/>
>                         <sp:MustSupportRefThumbprint/>
>                         <sp:MustSupportRefEncryptedKey/>
>                     </wsp:Policy>
>                 </sp:Wss11>
>                 <sp:EndorsingSupportingTokens>
>                     <wsp:Policy>
>                         <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>                             <wsp:Policy>
>                                 <sp:WssX509V3Token10/>
>                             </wsp:Policy>
>                         </sp:X509Token>
>                     </wsp:Policy>
>                 </sp:EndorsingSupportingTokens>
>             </wsp:All>
>         </wsp:ExactlyOne>
>     </wsp:Policy>
> </definitions>
>
> The wsit-client.xml looks like this:
>
> <?xml version="1.0" encoding="UTF-8"?>
>  <definitions
>  xmlns="http://schemas.xmlsoap.org/wsdl/"
>  xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
>  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="mainclientconfig"
>  >
>     <import location="AWSECommerceService.xml"
> namespace="http://webservices.amazon.com/AWSECommerceService/2009-10-01"/>
> </definitions>
>
> And the imported AWSECommerceService.xml file has following binding and
> policy tags
>
> <binding name="AWSECommerceServiceBinding"
> type="tns:AWSECommerceServicePortType">
>         <wsp:PolicyReference URI="#AWSECommerceServiceBindingPolicy"/>
>         <soap:binding style="document"
> transport="http://schemas.xmlsoap.org/soap/http"/>
> <operation name="Help">
>    <soap:operation soapAction="http://soap.amazon.com/Help"/>
>    <input>
> <soap:body use="literal"/>
>    </input>
>    <output>
> <soap:body use="literal"/>
>    </output>
> </operation>
> <operation name="ItemSearch">
>    <soap:operation soapAction="http://soap.amazon.com/ItemSearch"/>
>    <input>
> <soap:body use="literal"/>
>    </input>
>    <output>
> <soap:body use="literal"/>
>    </output>
> </operation>
>
> </binding>
>     <service name="AWSECommerceService">
> <port name="AWSECommerceServicePort"
> binding="tns:AWSECommerceServiceBinding">
>    <soap:address
> location="https://ecs.amazonaws.com/onca/soap?Service=AWSECommerceServiceCommerceService"/>
> </port>
>     </service>
>     <wsp:Policy wsu:Id="AWSECommerceServiceBindingPolicy">
>         <wsp:ExactlyOne>
>             <wsp:All>
>                 <sc1:KeyStore wspp:visibility="private" storepass="changeit"
> type="JKS"
> location="D:\GlassFishESBv21\glassfish\domains\domain1\config\keystore.jks"
> alias="importkey" keypass="changeit"/>
>                 <sc1:TrustStore wspp:visibility="private"
> storepass="changeit" type="JKS"
> location="D:\GlassFishESBv21\glassfish\domains\domain1\config\cacerts.jks"/>
>               </wsp:All>
>         </wsp:ExactlyOne>
>     </wsp:Policy>
> </definitions>
>
>
>
> The problem is that the expected Security Tags does not appear in the
> SOAP-Header of my Request and that is the reason for the server response:
> “400 Bad Request”
>
> You can see in the server.log that the SOAP-Header is empty.
>
>
> Normalized message content:
> <?xml version="1.0" encoding="UTF-8" standalone="no"?><jbi:message
> xmlns:msgns="http://webservices.amazon.com/AWSECommerceService/2009-10-01"
> type="msgns:ItemSearchRequestMsg" version="1.0"
> xmlns:jbi="http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper"><jbi:part><ItemSearch
> xmlns="http://webservices.amazon.com/AWSECommerceService/2009-10-01"><msgns:AWSAccessKeyId>XXXXXXXXXXX</msgns:AWSAccessKeyId><msgns:Request><msgns:ItemPage>1</msgns:ItemPage><msgns:MerchantId>Amazon</msgns:MerchantId><msgns:Power>keywords:
> Harry
> Potter</msgns:Power><msgns:ResponseGroup>Images</msgns:ResponseGroup><msgns:ResponseGroup>Large</msgns:ResponseGroup><msgns:SearchIndex>Books</msgns:SearchIndex></msgns:Request></ItemSearch></jbi:part></jbi:message>
> Normalized message to denormalize:
> <?xml version="1.0" encoding="UTF-8" standalone="no"?><jbi:message
> xmlns:msgns="http://webservices.amazon.com/AWSECommerceService/2009-10-01"
> type="msgns:ItemSearchRequestMsg" version="1.0"
> xmlns:jbi="http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper"><jbi:part><ItemSearch
> xmlns="http://webservices.amazon.com/AWSECommerceService/2009-10-01"><msgns:AWSAccessKeyId>XXXXXXXXXXX</msgns:AWSAccessKeyId><msgns:Request><msgns:ItemPage>1</msgns:ItemPage><msgns:MerchantId>Amazon</msgns:MerchantId><msgns:Power>keywords:
> Harry
> Potter</msgns:Power><msgns:ResponseGroup>Images</msgns:ResponseGroup><msgns:ResponseGroup>Large</msgns:ResponseGroup><msgns:SearchIndex>Books</msgns:SearchIndex></msgns:Request></ItemSearch></jbi:part></jbi:message>
> JBI message namespaces:
> {xmlns:msgns=http://webservices.amazon.com/AWSECommerceService/2009-10-01
> }
> JBI part 'body' namespaces:
> {}
> Denormalized SOAP envelope:
> <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
> <SOAP-ENV:Header/> <SOAP-ENV:Body><ItemSearch
> xmlns:msgns="http://webservices.amazon.com/AWSECommerceService/2009-10-01"
> xmlns="http://webservices.amazon.com/AWSECommerceService/2009-10-01"><msgns:AWSAccessKeyId>XXXXXXXXXXXXXX</msgns:AWSAccessKeyId><msgns:Request><msgns:ItemPage>1</msgns:ItemPage><msgns:MerchantId>Amazon</msgns:MerchantId><msgns:Power>keywords:
> Harry
> Potter</msgns:Power><msgns:ResponseGroup>Images</msgns:ResponseGroup><msgns:ResponseGroup>Large</msgns:ResponseGroup><msgns:SearchIndex>Books</msgns:SearchIndex></msgns:Request></ItemSearch></SOAP-ENV:Body></SOAP-ENV:Envelope>
> Sending SOAP envelope:
> <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
> <SOAP-ENV:Header/> <SOAP-ENV:Body><ItemSearch
> xmlns:msgns="http://webservices.amazon.com/AWSECommerceService/2009-10-01"
> xmlns="http://webservices.amazon.com/AWSECommerceService/2009-10-01"><msgns:AWSAccessKeyId>XXXXXXXXXXXXXX</msgns:AWSAccessKeyId><msgns:Request><msgns:ItemPage>1</msgns:ItemPage><msgns:MerchantId>Amazon</msgns:MerchantId><msgns:Power>keywords:
> Harry
> Potter</msgns:Power><msgns:ResponseGroup>Images</msgns:ResponseGroup><msgns:ResponseGroup>Large</msgns:ResponseGroup><msgns:SearchIndex>Books</msgns:SearchIndex></msgns:Request></ItemSearch></SOAP-ENV:Body></SOAP-ENV:Envelope>
> Invoking an external web service using URL:
> https://ecs.amazonaws.com/onca/soap?Service=AWSECommerceService
> %% No cached client session
> *** ClientHello, TLSv1
> RandomCookie:  
> GMT: 1240441669
> bytes = {
> 206
> …
> ***
> HTTPBC-OutboundReceiver-3, WRITE: TLSv1 Handshake, length = 73
> HTTPBC-OutboundReceiver-3, WRITE: SSLv2 client hello message, length = 98
> HTTPBC-OutboundReceiver-3, READ: TLSv1 Handshake, length = 74
> *** ServerHello, TLSv1
> RandomCookie:  
> GMT: 1240441680
> bytes = {
> 79
> …
> ***
> %% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
> ** SSL_RSA_WITH_RC4_128_MD5
> HTTPBC-OutboundReceiver-3, READ: TLSv1 Handshake, length = 2471
> *** Certificate chain
> chain [0] = [
> [
>   Version: V3
>   Subject: CN=ecs.amazonaws.com, O=Amazon.com Inc., L=Seattle,
> ST=Washington, C=US
>   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
> …
> ***
> Found trusted certificate:
> HTTPBC-OutboundReceiver-3, READ: TLSv1 Handshake, length = 4
> *** ServerHelloDone
> *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> HTTPBC-OutboundReceiver-3, WRITE: TLSv1 Handshake, length = 134
> HTTPBC-OutboundReceiver-3, WRITE: TLSv1 Change Cipher Spec, length = 1
> *** Finished
> verify_data:  {
> …
> ***
> HTTPBC-OutboundReceiver-3, WRITE: TLSv1 Handshake, length = 32
> HTTPBC-OutboundReceiver-3, READ: TLSv1 Change Cipher Spec, length = 1
> HTTPBC-OutboundReceiver-3, READ: TLSv1 Handshake, length = 32
> *** Finished
> verify_data:  {
> …
> ***
> %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
> HTTPBC-OutboundReceiver-3, WRITE: TLSv1 Application Data, length = 374
> HTTPBC-OutboundReceiver-3, WRITE: TLSv1 Application Data, length = 7602
> HTTPBC-OutboundReceiver-3, READ: TLSv1 Application Data, length = 915
> HTTPBC-E00759: An exception occured while processing a reply message. The
> server sent HTTP status code 400: Bad Request
> com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status
> code 400: Bad Request
>         at
> com.sun.xml.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:232)
>         at
> com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:151)
>         at
> com.sun.xml.wss.jaxws.impl.SecurityClientPipe.process(SecurityClientPipe.java:208)
>         at
> com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
>         at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
>         at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
>         at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
>         at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
>         at com.sun.xml.ws.client.Stub.process(Stub.java:248)
>         at
> com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:180)
>         at
> com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:206)
>         at
> com.sun.jbi.httpsoapbc.OutboundMessageProcessor.outboundCall(OutboundMessageProcessor.java:1108)
>         at
> com.sun.jbi.httpsoapbc.OutboundMessageProcessor.dispatch(OutboundMessageProcessor.java:1139)
>         at
> com.sun.jbi.httpsoapbc.OutboundMessageProcessor.processRequestReplyOutbound(OutboundMessageProcessor.java:667)
>         at
> com.sun.jbi.httpsoapbc.OutboundMessageProcessor.processMessage(OutboundMessageProcessor.java:249)
>         at com.sun.jbi.httpsoapbc.OutboundAction.run(OutboundAction.java:63)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
>         at java.lang.Thread.run(Thread.java:619)
> Processing completed for message exchange
> 142763973851105-45282-134765772176560235
> BPJBI-6001: Sending ERROR status (Service Name =
> {http://enterprise.netbeans.org/bpel/OnlineItemSearch/OnlineItemSearch}OnlineItemSearchLink,
> Endpoint Name = serviceProvider_myRole, Operation Name =
> {http://j2ee.netbeans.org/wsdl/OnlineItemSearch/OnlineItemSearch}OnlineItemSearchOperation,
> Message Exchange Id = 142763973851105-45282-134765772175780233)
>  Error properties
>   com.sun.jbi.crl.faultcode = Server
>   com.sun.jbi.crl.faultstring = BPCOR-6135: A fault was not handled in the
> process scope; Fault Name is
> {http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling}systemFault;
> Fault Data is <?xml version="1.0" encoding="UTF-8"?><jbi:message
> xmlns:sxeh="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/ErrorHandling"
> type="sxeh:faultMessage" version="1.0"
> xmlns:jbi="http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper"><jbi:part>The
> server sent HTTP status code 400: Bad Request</jbi:part></jbi:message>.
> Sending errors for the pending requests in the process scope before
> terminating the process instance
>   com.sun.jbi.crl.faultactor = sun-bpel-engine
>
>
>
> I tried to paste the policy tag from AWSECommerceService.wsdl  in the
> AWSECommerceService.xml that is imported in the wsit-client.xml but it
> doesn’t change anything. The SOAP-Header is always empty.
>
> thank you very much for your patience
> Regards
> perko
>