Show TOC Anfang des Inhaltsbereichs

Hintergrunddokumentation Web Service Authentication Authorization Deployment Problems Dokument im Navigationsbaum lokalisieren

Problem Description

The following problems can occur:

·        Deployment problems

·        Authentication problems

·        Authorization problems

Scenario Type:

Error analysis

NetWeaver Component:

J2EE (Web Service)

Validity:

J2EE version >= 6.30

Decision Roadmap

Prerequisites

-

Main Tools

Log Viewer or Visual Administrator

Analysis

Deployment problems

·        Technical Background:

During deployment, configuration data is taken from the ws-deployment-descriptor.xml and stored in the configuration manager under /webservices (service Configuration Adapter). During the call of the web services, the configuration data is looked up.

Diese Grafik wird im zugehörigen Text erklärt

·        Solution:

Problems of this kind should not appear anymore after SP4. When they appear, it is due to lock timeouts. Change the property locking.timeout of Service Web Service Security (tc~sec~wssec~service) to a higher value (default 30000 = 30 seconds).

 

·        Symptom:

Error while processing document security. The error was class com.sap.engine.frame.core.configuration.NameNotFoundException. A configuration with the path webservices/proxies/sap.com/WSSEC_PROXIES/com.sap.security.core.ws.proxies.wss.Wss*doc_basicPort_Rpc/authenticate/wss does not exist.

Date : 02/27/2004

Time : 16:15:59:876

Message ID : 000BCD719CC1003C00000032000010A00003D456FA2FC96F

Severity : Error

Location : com.sap.security.core.client.ws.DeployableSecurityProtocol.handleRequest

Source Name : /System/Security/WS/SecurityProtocol

Thread : SAPEngine_Application_Thread[impl:3]_18

Message : Error while processing document security. The error was class com.sap.engine.frame.core.configuration.NameNotFoundException A configuration with the path "webservices/proxies/sap.com/WSSEC_PROXIES/com.sap.security.core.ws.proxies.wss.Wss*doc_basicPort_Rpc/authenticate/wss" does not exist..

Datasource : 22418350:./log/system/security.log

Application : sap.com/WSSEC_CLIENT_EAR

Argument Objs :

Arguments : class com.sap.engine.frame.core.configuration.NameNotFoundException,A configuration with the path "webservices/proxies/sap.com/WSSEC_PROXIES/com.sap.security.core.ws.proxies.wss.Wss*doc_basicPort_Rpc/authenticate/wss" does not exist.,

Dsr Component : P111854_D11_22418350

Dsr Transaction : 2db34230693711d88e6c000bcd719cc1

Dsr User : Administrator

Indent : 0

Level : 0

Message Code : _DeployableSecurityProtocol0800

Message Type : 1

Relatives :

Resource Bundlename : com.sap.security.core.client.ws.DeployableSecurityProtocolMessage

Session : 126

Source :

Thread :

Transaction :

User : Administrator

·        Analysis / solution:

Redeploy the application

Authentication problems

·        Symptom:

HTTP 401 / Invalid credentials

·        Analysis:

Authentication was not accepted, or user is not in group Everyone

·        Solution:

Check for output in the security log, test login using /wsnavigator

Authorization problems

·        Symptom:

The client gets the error message Authorization failed for the specified security roles. For details see log entry 000BCD719CC1004C000000C2000010A00003D45747B8E725

SOAP message:

HTTP/1.1 500 Internal Server Error Connection: close Set-Cookie: JSESSIONID=(J2EE22418300)ID22418350DB2006953124854834067End; Version=1; Path=/ Set-Cookie: sapj2ee_Stocks*sso=22418350; Version=1; Path=/ Server: SAP J2EE Engine/6.30 Content-Type: text/xml Date: Fri, 27 Feb 2004 15:37:40 GMT

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >

   <SOAP-ENV:Body>

      <SOAP-ENV:Fault>

         <faultcode>SOAP-ENV:Server</faultcode>

         <faultstring>Authorization failed for the specified security roles. For details see log entry 000BCD719CC1004C000000C2000010A00003D45747B8E725.</faultstring>

         <detail>

            <ns1:com.sap.engine.interfaces.webservices.runtime.ProtocolException xmlns:ns1='http://sap-j2ee-engine/error'>Authorization failed for the specified security roles. For details see log entry 000BCD719CC1004C000000C2000010A00003D45747B8E725.</ns1:com.sap.engine.interfaces.webservices.runtime.ProtocolException>

         </detail>

      </SOAP-ENV:Fault>

   </SOAP-ENV:Body></SOAP-ENV:Envelope>

·        Analysis:

The user is not member of one of the required J2EE security roles.

·        Solution:

Take the ID of the log entry, open the security log in the Log Viewer and search for the log entry. This will lead to an message of severity Warning like:

Calling operation getQuote of component sap.com/WSSEC_SERVER_EAR*WSSEC_TEST_Assembly.jar for principal Administrator denied (roles: [StockGuests, StockCustomers]).

The message contains the user in combination with the component and the required security roles that are needed to successfully authorize the request. In the Security Service look for the security roles of the component and check the user assignment.

If no roles were assigned (roles: []), no authorization is possible and the assignment must be changed in the IDE.

 

·        Symptom:

The server responds with HTTP 503

·        Analysis / solution:

The web service is not started. Check in the list of  deployed web services if the application has been started (deploy service, wsnavigator).

Additional Information

StrukturlinkError When Requesting a Web Service

Log-On Failed

 

Ende des Inhaltsbereichs