Professional Documents
Culture Documents
Web Services Developer S Guide Software Ag Documentation Web PDF
Web Services Developer S Guide Software Ag Documentation Web PDF
Version 8.0
December 2009
Copyright
& Docu-
ment ID
This document applies to webMethods Integration Server Version 8.0 and webMethods Developer Version 8.0 and to all subsequent releases.
Specifications contained herein are subject to change and these changes will be reported in subsequent release notes or new editions.
Copyright © 1998–2009 Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, United States of America, and/or
their licensors.
The name Software AG, webMethods, and all Software AG product names are either trademarks or registered trademarks of Software AG
and/or Software AG USA, Inc. and/or their licensors. Other company and product names mentioned herein may be trademarks of their
respective owners.
Use of this software is subject to adherence to Software AG’s licensing conditions and terms. These terms are part of the product
documentation, located at http://documentation.softwareag.com/legal/ and/or in the root installation directory of the licensed product(s).
This software may include portions of third-party products. For third-party copyright notices and license terms, please refer to "License
Texts, Copyright Notices and Disclaimers of Third Party Products." This document is part of the product documentation, located at
http://documentation.softwareag.com/legal/ and/or in the root installation directory of the licensed product(s).
1. Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
What Is a Web Service? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Using webMethods Software to Create, Publish, and Invoke Web Services . . . . . . . . . . . . 14
Using webMethods Software to Create Web Services . . . . . . . . . . . . . . . . . . . . . . . . . 14
Using webMethods Software to Publish Web Services to a UDDI Registry . . . . . . . . . 15
Using webMethods Software to Invoke Web Services . . . . . . . . . . . . . . . . . . . . . . . . . 15
What Are Web Service Descriptors and Connectors? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
What Is a WSDL Document? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Security for Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Backward Compatibility for Existing Web Service Connectors . . . . . . . . . . . . . . . . . . . . . . 17
9. WS-Security Facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Usage of WS-Security Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
The SOAP Message Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Securing Data at the Message Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Message Direction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Securing Web Service Providers and Consumers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Types of Message Authentication Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Message Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Signature Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Encryption Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Security Timestamps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Username and X.509 Certificate Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Token References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Policy Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Policy File Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Supplied Policy Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Certificate and Key Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Encrypting and Decrypting Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Signing and Verifying Signed Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Configuring the WS-Security Facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Step Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Specifying the WS-Security Policy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Assigning a Security Policy to a Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . 94
Passing Security Information into a WS Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Resolution Order of Certificates and Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Locating Certificates and Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Search Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Certificate Mapping and Usage Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Certificate Mapping: User Resolution Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Certificate Mapping: Usage Resolution Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
C. WS-Security: Detailed Usage and Resolution Order for Certificates and Keys . . . . . . 137
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Web Service Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Response (Outbound Security) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Request (Inbound Security) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Web Service Consumer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Response (Inbound Security) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Request (Outbound Security) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
This guide is for users who want to create Web services and incorporate Web services into
the integration solutions they develop. This guide explains how to generate Web service
description documents for webMethods services, how to publish services to a registry,
and how to use webMethods software to call Web services located on remote servers.
Note: This guide describes features and functionality that may or may not be available
with your licensed version of webMethods Integration Server. For information about
the licensed components for your installation, see the Settings > License page in the
webMethods Integration Server Administrator.
Terminology
The following terms are interchangeable:
IS document type and ESB document type
IS service and ESB service
Document Conventions
Convention Description
Bold Identifies elements on a user interface.
Narrow font Identifies storage locations for services on webMethods Integration
Server, using the convention folder.subfolder:service.
UPPERCASE Identifies keyboard keys. Keys you must press simultaneously are
joined with a plus sign (+).
Italic Identifies variables for which you must supply values specific to your
own situation or environment. Identifies new terms the first time they
occur in the text.
Monospace Identifies text you must type or messages displayed by the system.
font
{} Indicates a set of choices from which you must choose one. Type only
the information inside the curly braces. Do not type the { } symbols.
| Separates two mutually exclusive choices in a syntax line. Type one of
these choices. Do not type the | symbol.
Convention Description
[] Indicates one or more options. Type only the information inside the
square brackets. Do not type the [ ] symbols.
... Indicates that you can type multiple options of the same type. Type
only the information. Do not type the ellipsis (...).
Documentation Installation
You can download the product documentation using the Software AG Installer.
Depending on the release of the webMethods product suite, the location of the
downloaded documentation will be as shown in the table below.
Online Information
You can find additional information about Software AG products at the locations listed
below.
Note: The Empower Product Support Web site and the Software AG Documentation
Web site replace Software AG ServLine24 and webMethods Advantage.
With webMethods software, you can create Web services using programming languages
such as Java, C, or COM. You can also create Web services from existing back-end
systems, without producing custom code or reconfiguring the back-end systems, using
webMethods adapters.
and the provider of the Web service. It also specifies one or more network locations at
which a Web service can be invoked. In essence, the WSD represents an agreement
governing the mechanics of interacting with that service.
A provider Web service descriptor defines a Web service that is hosted on the Integration
Server, that is, a service “provided” to external users. A provider Web service
descriptor will expose one or more IS services as operations, which can be published to
a registry as a single Web service. External users can access the Web service through
the registry and invoke the IS services remotely.
A consumer Web service descriptor defines an external Web service, allowing Integration
Server to create a Web service connector (WSC) for each operation in the Web service.
The Web service connector(s) can be used in Developer just like any other IS flow
service; when a connector is invoked it calls a specific operation of a Web service.
Web service descriptors and connectors allow you to:
Expose one or more IS services as operations of a Web service.
Define and configure Web services. This includes settings used to generate a Web
Service Definition Language (WSDL) document for a provider Web service descriptor
and any information needed to process a SOAP request or response.
Provide a URL to easily acquire a WSDL document for an IS provider Web service
Define one or more “aliases” to be used with dynamic endpoint addressing for both
provider and consumer Web services. For a provider Web service descriptor, the alias
is used to populate the endpoint address of the Web service when generating the
WSDL. For a consumer Web service descriptor, the alias is used at runtime, when a
Web service connector is invoked, to determine the actual endpoint address of the
web service and/or to supply user credentials to be used with the request.
Use Document/Literal, RPC/Literal, and RPC/Encoded style SOAP messages.
Use either SOAP 1.1 or SOAP 1.2 protocols in Web service invocations.
Define and process SOAP headers and handle SOAP faults (for both provider and
consumer web services).
Use WS-Security to secure both provider and consumer Web services.
Method to use to access the Web service, including the protocol that the Web service
consumer must use to invoke the Web service and receive a response
Input parameters that the Web service consumer must supply to the Web service and
the output parameters that the Web service returns
For instructions on viewing a WSDL document, see “Viewing a WSDL Document for a
Web Service Descriptor” on page 47.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Creating a Service First Provider WSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Signature Requirements for Service First Provider Web Service Descriptors . . . . . . . . . . . . . . . 23
Introduction
A provider Web service descriptor is created from one or more IS services or from a single
WSDL document, and is designed to allow the IS services to be invoked as Web services
over a network. The provider Web service descriptor contains all the data required to
create a WSDL document for the IS Web service, as well as the data needed at run time to
process the request and response.
A service first provider WSD refers to provider WSDs created from an existing service on
Integration Server. In this case, you specify the protocol, binding style/use, and host
server when creating the WSD. The IS service becomes an operation in the provider
WSD. Integration Server uses the existing service signature as the input and output
messages for the operation. You can add operations and bindings to a service first
provider WSD.
For information about creating a WSDL first provider WSD, see “Creating a WSDL First
Provider Web Service Descriptor” on page 28.
The provider WSD can be published to a UDDI registry (or other publicly accessible
server) as a Web service, which can be invoked remotely by an external user. A Web
service provider can also distribute WSDL files directly to consumers. For more
information, see “Creating a Service First Provider WSD” and Chapter 11, “Publishing IS
Services to a UDDI Registry as a Web Service” on page 109.
End Point The address at which the Web service can be invoked:
To use a provider Web service endpoint alias to specify the
host and port, in the Alias list, select the provider Web service
endpoint alias.
To specify a host and port, in the Host field specify the host
name for the Integration Server on which the web service
resides. In the Port field, specify an active HTTP or HTTPS
listener port defined on the Integration Server specified in
the Host field.
Directive The SOAP processor used to process the SOAP messages
received by the operation in the provider WSD. The Directive
list displays all of the SOAP processors registered on the
Integration Server. The default processor is ws - Web Services
SOAP Processor.
SOAP Version Whether SOAP messages for this web service should use SOAP
1.1 or SOAP 1.2 message format.
Transport The transport protocol used to access the Web service. Select
HTTP or HTTPS.
Use and Style for The style/use for operations in the provider WSD. Select one of
Operations the following:
Document - Literal
RPC - Literal
RPC - Encoded
Target The URL that you want to use as the target namespace for the
Namespace provider WSD. In a WSDL document generated for this
provider WSD, the elements, attributes, and type definitions
will belong to this namespace.
11 Click Finish.
Notes:
If Developer cannot create or cannot completely generate a Web service descriptor,
Developer displays error messages or warning messages. For more information about
errors that can occur when generating descriptors, see Appendix E, “Web Service-
Related Errors and Warnings”.
You can edit WSD properties to indicate whether Integration Server enforces WS-I
Basic Profile 1.1 compliance, to change the target namespace, to enable SOAP
attachments, and to add SOAP headers to the pipeline. For more information about
editing Web service descriptor properties, see “Editing Web Service Descriptor
Properties” on page 39.
If you specify a transport, but do not specify a host, port, or endpoint alias,
Integration Server uses the primary port as the port in the endpoint URL. However, if
the selected transport and the protocol of the primary port do not match, Developer
displays the following warning when you save the provider WSD:
Selected transport protocol does not match that of the primary port on
Integration Server.
For example, if you specify a transport of HTTPS when creating the provider WSD,
but do not specify a host, port, or endpoint alias and the primary port is an HTTP
port, Developer displays the above message.
You must resolve this mismatch before making a WSDL document for this provider
WSD available to Web service consumers. Otherwise, the Web service clients will not
execute successfully.
You can specify that a custom RPC or SOAP processor handle SOAP messages
received by the provider WSD. If you select a custom processor, make sure that the
service(s) for which you are creating the provider WSD conform to the target service
requirements for the custom processor.
You can add edit the provider WSD by adding or removing operations. For more
information, see Chapter 6, “Working with Operations”.
You can add or remove binders to a service first provide WSD. For more information,
see Chapter 7, “Working with Binders”.
You can add service handlers to aWeb service descriptor. For more information about
adding handlers, see Chapter 8, “Working with Handlers”.
You can add header or fault elements to an operation in the WSD. For more
information, see “Adding a Header to an Operation” on page 55 or “Adding SOAP
Fault Processing to an Operation” on page 57.
Signature Restrictions
*body fields are not allowed at the top level
@attribute fields (fields starting with the “@” symbol) are not allowed at the top level
String table fields are not allowed
Signature Restrictions
* body fields are not allowed
@attribute fields are not allowed (fields starting with the “@” symbol
Top-level fields cannot be namespace qualified
Top-level field names cannot be in the format prefix:localName
Signature Restrictions
*body fields are not allowed at the top level
@attribute fields (fields starting with the “@” symbol) are not allowed at the top level
String table fields are not allowed
List fields (String List, Document List, Document Reference List, and Object List) are
not allowed at the top level
Duplicate field names (identically named fields) are not allowed at the top level
Top-level fields cannot be namespace qualified
Top-level field names cannot be in the format prefix:localName
3 On the Integration Server from which you will invoke the Web service, create a
consumer Web service descriptor from the WSDL of the provider Web service
descriptor.
</xsd:sequence>
<xsd:/complexType>
<xsd:complexType name=”ArrayOfstring”>
<xsd:sequence>
<xsd:element name=”ArrayOfstringItem” type=”xsd:string”
maxOccurs=”unbounded”/>
</xsd:sequence>
</xsd:complexType>
Important! Integration Server uses the new, simpler array format only when creating
WSDL documents for provider Web service descriptors created in Integration Server
8.0 or higher. WSDL documents for provider Web service descriptors created in
Integration Server 7.x will continue to use the array wrapping format. For more
information, see “Backward Compatibility for Web Service Descriptors Created in
Integration Server 7.x”, below.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Creating a WSDL First Provider Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Introduction
A provider Web service descriptor is created from one or more IS services or from a single
WSDL document, and is designed to allow the IS services to be invoked as Web services
over a network. The provider Web service descriptor contains all the data required to
create a WSDL document for the IS Web service, as well as the data needed at run time to
process the request and response.
A WSDL first provider WSD refers to a provider WSD created from an existing WSDL
document or from a Web service acquired from a UDDI registry. In this case Developer
uses the message and operation definitions from the WSDL to generate a “placeholder”
flow service for each operation encountered in the WSDL, along with IS document types
defining the input and output signature of the generated flow services. You can then
implement any required logic within the placeholder flow service. Note that you cannot
add operations and bindings to a WSDL first provider WSD.
For information about creating a service first provider WSD, see “Creating a Service First
Provider WSD” on page 20.
Important! Before making a WSDL document available for a WSDL first provider
WSD, the WSDL URL itself and any WSDL documents or schemas that are
imported or included in the WSDL must be made anonymously network
addressable. Otherwise, the files may not be addressable by a consumer.
Relative URIs are disallowed by the WS-I Basic Profile 1.1 Compliance standard. If
you indicate that Developer enforces WS-I compliance and the WSDL file uses
relative URIs in any of the XSD import or include statements, Developer will not
create the provider WSD.
To create a WSDL first provider WSD from a Web service in a UDDI registry,
Developer must be configured to connect to that UDDI registry. For more
information about connecting Developer to a UDDI registry, see“Connecting to a
UDDI Registry” on page 111.
5 Under Enforce WS-I Basic Profile 1.1 compliance do one of the following:
Select Yes if you want Developer to validate all the WSD objects and properties
against the WS-I requirements before creating the WSD.
Select No if you do not want Developer to enforce compliance for WS-I Basic
Profile 1.1.
6 Click Next.
7 In the Name field, specify a name for the provider WSD.
8 Next to Folder, select the folder in which you want to save the provider WSD. Click
Next.
9 If you specified WSDL URL in step 4, in the Enter a URL or select a local file field, do one of
the following:
Enter the URL for the WSDL document. The URL should begin with http:// or
https://
Click to navigate to and select a WSDL document on your local file system.
10 If you specified UDDI in step 4, select the Web service from the UDDI registry.
If Developer is not currently connected to a UDDI registry, the dialog box displays
the message “UDDI Registry Not Connected”.
11 Click Finish.
Notes:
Developer creates the provider WSD and saves it to the folder you specified.
Developer also creates with any supporting IS elements, such as flow services and IS
document types.
If Developer cannot create or cannot completely generate a provider WSD, Developer
displays error messages or warning messages. For more information about errors that
can occur when generating WSDs, see Appendix E, “Web Service-Related Errors and
Warnings”.
Integration Server does not support mixed use across bindings and operations. That
is, all bindings and operations in a provider WSD must specify the same use (Literal
or Encoded). Developer does not create a provider WSD if the WSDL document
contains mixed “use” values across the binders and operations.
You can edit WSD properties to indicate whether Integration Server enforces WS-I
Basic Profile 1.1 compliance, to enable SOAP attachments, and to add SOAP headers
to the pipeline. For more information about editing Web service descriptor properties,
see “Editing Web Service Descriptor Properties” on page 39.
Operations and binders cannot be added, edited, or removed from a WSDL first
provider WSD.
You can add service handlers to a WSDL first provider WSD. For more information
about adding handlers, see Chapter 8, “Working with Handlers”.
You can add header or fault elements to an operation in the WSD. See “Adding a
Header to an Operation” on page 55 or “Adding SOAP Fault Processing to an
Operation” on page 57.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Creating a Consumer Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Example Consumer Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Refreshing Web Service Connectors for a Consumer Web Service Descriptor . . . . . . . . . . . . . . 36
Invoking a Web Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Introduction
A consumer Web service descriptor (WSD) defines an external Web service. It contains all the
data from the WSDL document that defines the Web service, as well as data needed for
certain Integration Server run-time properties. Integration Server creates a Web service
connector (WSC) for each operation in the Web service. A WSC is a flow service with an
input and output signature that corresponds to the input and output messages of the
Web service operation. When Integration Server executes a Web service connector, the
Web service connector calls a specific operation of a Web service.
A consumer WSD is created from a Web service in a UDDI registry or from a WSDL
document.
5 Under Enforce WS-I Basic Profile 1.1 compliance do one of the following:
Select Yes if you want Developer to validate all the WSD objects and properties
against the WS-I requirements before creating the WSD.
Select No if you do not want Developer to enforce compliance for WS-I Basic
Profile 1.1.
6 Click Next.
7 In the Name field, specify a name for the provider WSD.
8 Next to Folder, select the folder in which you want to save the provider WSD. Click
Next.
9 If you specified WSDL URL in step 4, in the Enter a URL or select a local file field, do one of
the following:
Enter the URL for the WSDL document. The URL should begin with http:// or
https://.
Click to navigate to and select a WSDL document on your local file system.
10 If you specified UDDI in step 4, select the Web service from the UDDI registry.
If Developer is not currently connected to a UDDI registry, the dialog box displays
the message “UDDI Registry Not Connected”.
11 Click Finish.
Notes:
Developer creates the consumer WSD and saves it to the folder you specified.
Developer also creates with any supporting IS elements, such as Web service
connectors and IS document types and places them in the same folder. For more
information about what elements Integration Server creates, see “Supporting
Elements for a Consumer Web Service Descriptor” on page 34.
If Developer cannot create or cannot completely generate a consumer WSD,
Developer displays error messages or warning messages. For more information about
errors that can occur when generating WSDs, see Appendix E, “Web Service-Related
Errors and Warnings”.
Developer does not create a consumer WSD if the WSDL document contains mixed
“use” values across the binders and operations.
You can edit WSD properties to indicate whether Integration Server enforces WS-I
Basic Profile 1.1 compliance, to enable SOAP attachments, to add SOAP headers to
the pipeline, and to validate the SOAP response received by Web service connectors
in this consumer WSD. For more information about editing Web service descriptor
properties, see “Editing Web Service Descriptor Properties” on page 39.
Operations and binders cannot be added, edited, or removed from a consumer WSD.
You can add service handlers to a consumer WSD. For more information about
adding handlers, see Chapter 8, “Working with Handlers”.
You can add header or fault elements to an operation in the Web service descriptor.
See “Adding a Header to an Operation” on page 55 or “Adding SOAP Fault
Processing to an Operation” on page 57.
Developer inserts flow steps into the Web service connector by following an internal
template for inserting input data into the service request, sending the request, processing
the response, and adding service output values to the pipeline. The template that
Developer follows depends on the protocol specified in the WSDL document. The
following illustration shows the Web service connector generated for the Web service that
performs credit card authorization.
This SEQUENCE
corresponds to a binding for
the SOAP RPC protocol.
Note: The $default port corresponds to the first named <port> element in the WSDL
document.
Important! When refreshing a Web service connector, Integration Server deletes the
consumerWSDName_ folder and all elements contained in that folder and its
subfolders.
1 In the Navigation panel, open the consumer WSD for which you want to refresh Web
service connectors.
2 Click the operation editing area or the Binders tab.
3 Click or right-click and select Refresh Web Service Connectors. Integration Server
regenerates all Web service connectors in the consumer WSD, overwriting the existing
Web service connectors.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Changing the Target Namespace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Viewing the Namespaces Used within a WSDL Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Modifying WS-I Compliance for a Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Enabling MTOM/XOP Support for a Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Adding SOAP Headers to the Pipeline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Validating SOAP Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Viewing a WSDL Document for a Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Introduction
After you create a Web service descriptor, you can use properties to do the following
Change the target namespace used for components the WSDL document (for service
first provider WSD only)
Enable or disable enforcement of compliance with the WS-I Basic Profile 1.1
Allow SOAP attachments based on the MTOM/XOP specifications
Add the contents of SOAP headers to the pipeline
Validate the SOAP response received by a Web service connector in a consumer WSD
Set permissions for the WSD. For information about assigning permissions to an IS
element, see Developing Integration Solutions: webMethods Developer User’s Guide
1 In the Navigation panel, open and lock the service first provider WSD for which you
want to change the target namespace.
2 In the Property panel, in the Target namespace field, specify the URL that you want to
use as the target namespace for elements, attributes, and type definitions in the
WSDL generated for this provider WSD.
3 On the File menu, click Save.
1 In the Navigation panel, open the Web service descriptor for which you want to view
the list of XML namespaces.
2 In the Properties panel, click View in the Namespaces field.
The Namespaces dialog box appears displaying a list of XML namespaces used
within the WSDL document. This is an array of namespace prefixes and their
associated XML namespace names. This information is not editable.
3 Click OK to close the dialog box.
Note: The WS-I profile only address the SOAP 1.1 protocol. If the Web service
descriptor is using the SOAP 1.2 protocol, Developer will display an error message
when True is selected.
1 In the Navigation panel, open and lock the Web service descriptor for which you
want to change WS-I compliance enforcement.
2 On the Property panel, next to WS-I compliance, select True if you want Integration
Server to enforce WS_I Basic Profile 1.1 compliance. Otherwise, select False.
3 On the File menu, click Save.
1 In the Navigation panel, open and lock the Web service descriptor for which you
want to generate a WS-I Profile Compliance report.
1 In the Navigation panel, open the Web service descriptor for which you want to
enable or disable SOAP attachments.
2 On the Property panel, next to Attachment enabled, select True if you want to enable
SOAP attachments for the WSD. Otherwise, select False.
3 On the File menu, click Save.
Tip! By default, the public service pub.string:base64Encode inserts a new line after 76
characters of data. This is not the canonical lexical form expected by MTOM
implementations. If you use this public service rather than a custom service for
base64 encoding, you can use the optional input parameter useNewLine to remove the
line break and the optional input parameter encoding to change the encoding. The
default value for useNewLine is true, which keeps the line break at 76 characters. If
you do not specify the encoding, ASCII will be used.
If you use the public service pub.string:base64Decode for base64 decoding, you can use
the optional input parameter encoding to change the encoding. If you do not specify
the encoding, ASCII will be used.
1 In the Navigation panel, open the Web service descriptor for which you want to
enable or disable adding SOAP headers to the pipeline.
2 On the Property panel, next to Pipeline headers enabled, select True if you want to enable
SOAP attachments for the WSD. Otherwise, select False.
3 On the File menu, click Save.
The following table describes the contents of the soapHeaders document in the pipeline:
Key Description
Key Description
Integration Server creates a soapHeaders document that looks like the example and adds it
to the input pipeline of the IS service:
1 In the Navigation panel, open the consumer WSD for which you want to enable or
disable SOAP response validation.
2 On the Property panel, next to Validate SOAP response, select True if you want to
Integration Server to validate SOAP response messages received by Web service
connectors included with this consumer WSD. Otherwise, select False.
3 On the File menu, click Save.
For a WSDL first provider Web service descriptor, the WSDL document is the original
source WSDL with the addition of any headers or faults added to the provider Web
service descriptor. The displayed WSDL document also updates the location of the
operations to point to the endpoint service on Integration Server. The displayed
WSDL document reflects any changes made to the editable properties of the provider
Web service descriptor or its constituents, such as the use of a Web service endpoint
alias for the Port alias property. The displayed WSDL document contains all the
information a consumer needs to create a Web service client that invokes the
operations described in the WSDL.
Note: You can use the URL of the generated WSDL document to download the WSDL.
1 In the Navigation panel, open the Web service descriptorfor which you want to view
the WSDL document.
2 Click anywhere in the operation editing area to enable the operation toolbar.
3 Click on the operation toolbar. Developer locates the WSDL document for the
Web service descriptor and displays it using the system’s default browser.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Adding Operations to a Service First Provider Web Service Descriptor . . . . . . . . . . . . . . . . . . . 50
Using a 6.5 SOAP-MSG Style Service as an Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Deleting Operations from a Provider Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Adding a Header to an Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Adding SOAP Fault Processing to an Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Viewing Document Types for an Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Introduction
An operation is the WSDL element that exposes some functions of a Web service and
defines how data is passed back and forth. In a Web service descriptor, an operation
corresponds to a service on Integration Server.
Each operation contains a single request and a single response. Each request and
response contains a single, read-only body element and one or more header elements. A
response can also contain fault elements.
The body elements contain the application-defined XML data being exchanged in the
SOAP message:
In a service first provider WSD, the body elements represent the signature of the
service. The body element in the request contains the input properties. The body
element in the response contains the output properties.
In a WSDL first provider WSD or a consumer WSD, the input/output properties and
the body element are defined by the remote WSDL document. Neither the
input/output definitions nor the operations can be changed, added, or deleted.
A header element defines the format of the SOAP headers that may be present in a SOAP
message (request or response). Headers are optional and can be added to or deleted from
any Web service descriptor.
A fault element provides a definition for a SOAP fault (that is, the response returned to the
sender when an error occurs while processing the SOAP message). Fault elements are
optional and can be added to or deleted from any Web service descriptor.
1 In the Navigation panel, open and lock the service first provider WSD to which you
want to add an IS service as an operation.
2 Click (Add Operation) on the operations editing area toolbar. Or, right-click in the
operations editing area and select Add Operation.
3 In the Select one or more services to include in the Web service descriptor dialog box,
select one or more services and click Finish.
The specified operations are added to the provider WSD. The operations appear in
the operation editing area edit tree and are also added to each binder contained in the
provider WSD.
4 On the File menu, click Save.
Notes:
If a service signature does not meet the style/use signature requirements established
by the existing binder, Developer does not add the service as an operation.
If the operation already exists in the Web service descriptor, Developer adds it as a
copy and appends “_n” to its name, where n is an incremental number.
You can also add operations by selecting one or more services in the Navigator panel
and dragging them into the operation editing area.
You can also add an operation using the button on either the operation editing
area or on the Binders tab. The operation will be displayed in both areas of the editor.
1 In the Navigation panel, open and lock the provider WSD that contains the operation
you want to copy or move.
2 In the operations editing area, select one or more operations. Then select Cut or Copy
from either the right-click menu or the main Edit menu.
3 In the Navigation panel, open and lock the provider WSD into which you want to
paste the cut or copied operations (the target provider WSD).
4 In the operations editing area of the target WSD, right-click and select Paste. Or, on
the Edit menu, click Paste.
5 On the File menu, click Save.
Notes:
Developer adds the specified operations to the provider WSD. In addition to
displaying the operations in the operation editing area edit tree, Developer adds the
operations to all binders in the target Web service descriptor exactly as they existed in
the source Web service descriptor. The binder values for each individual binder apply
to the operations within the binders.
If the operation being added already exists in the provider WSD, Developer adds it as
a copy and appends “_n” to its name, where “n” is an incremental number.
To produce a meaningful signature for the operation in a WSDL document, you must
select an IS document type or an XML schema element declaration to represent the
input and output signatures. For information about changing the input or output
signature for an operation, a provider WSD, see“Modifying the Signature of a 6.5
SOAP-MSG Style Operation” on page 53.
If you use an IS document type for the input and/or output signature, the IS
document type must satisfy the service signature requirements for the SOAP-MSG
style as specified in theWeb Services Developer’s Guide version 6.5.
If you add any headers to the operation, any existing clients for the 6.5 service must
be modified to include the header in the SOAP request.
Any header handler processing that changes the SOAP message and occurs before
service invocation affects the SOAP message passed to the service. Note that 6.5
SOAP-MSG style services expect the SOAP message to be in a certain format.
Specifically, any changes to the SOAP body might affect the ability of the 6.5 SOAP-
MSG style service to process the request.
When a 6.5 SOAP-MSG style service is added as an operation, you can add fault
processing to the operation response. For fault processing to work, you need to
modify the 6.5 SOAP-MSG style service to detect a Fault condition, add Fault output
data to the pipeline, and drop the SOAP response message (soapResponseData object)
from the pipeline.
Services Developer’s Guide version 6.5. For more information about adding an IS 6.5
SOAP message service as an operation, see “Using a 6.5 SOAP-MSG Style Service as
an Operation” on page 52.
1 In the Navigation panel, open and lock the provider Web service descriptor
containing the operation whose signature you want to modify.
2 In the operation editing area, select and expand the operation whose signature you
want to modify.
3 Do one of the following:
Select... To...
Original IS Use the input or output signature from the originating IS service
service as the input or output signature. This is the default.
Existing external Use an element declaration from an XML schema definition as
XML schema the input or output signature.
Document type Use an IS document type as the input or output signature.
1 In the Navigation panel, open and lock the provider WSD that contains the operation
to delete.
2 In the operations editing area, select the operation to be deleted.
3 Click on the operations editing toolbar. Or right-click and select Delete. Developer
deletes the selected operation from the Web service descriptor.
4 Click OK.
5 On the File menu, click Save.
Notes:
Developer removes deleted operations from within all the binders in the provider
WSD.
If you delete an operation from within a binder, any other instances of that operation
in other binders remain in the Web service descriptor. (If an operation exists in only
one binder and is deleted from that binder, the operation is removed from the Web
service descriptor.) For more information, see “Deleting an Operation from a Binder”
on page 65.
WSDL First Provider WSD Add new headers to the request or the response
Delete any headers (the ones derived from the source
WSDL as well as any you have added)
Edit the headers you have added.
Edit the Must understand and Role properties for
headers derived from the source WSDL.
Service First Provider WSD Add new headers to the request or the response
Delete any headers
Edit any headers
1 In the Navigation panel, open and lock the Web service descriptor to which you want
to add a header.
2 In the operations editing area, expand the operation and the request or response to
which you want to add the header.
3 Select the header icon and click (Add Header or Fault) on the editor toolbar.
Because a header was selected when you clicked this button, the document selection
dialog box displays only those IS document types supported by the header handlers
listed in the Handler tab.
4 Select the IS document type to use as a header. Click OK.
5 On the File menu, click Save.
Important! When you add a header (or a fault) to a consumer Web service descriptor,
you must refresh the Web service connector(s). See “Refreshing Web Service
Connectors for a Consumer Web Service Descriptor” on page 36.
Keep the following points in mind when adding fault processing to an operation:
You can only add fault elements to a response, not to a request.
For existing Web service descriptors, the fault document must be an IS document
type.
When adding a fault element to a provider Web service descriptor, make sure that the
fault does not have the same name as any of the headers for that Web service
descriptor.
You can also add fault elements to an operation by dragging an IS document type
from the Navigation panel and dropping it onto the operation fault element.
1 In the Navigation panel, open and lock the Web service descriptor to which you want
to add a fault element.
2 In the operation editing area, expand the operation and the response to which you
want to add the fault element.
3 Select the Fault icon and click (Add Header or Fault button) on the editor toolbar.
Because a fault was selected when you clicked this button, Developer displays the
default document selector dialog.
4 Select the IS document type to use as the fault element. Click OK.
5 On the File menu, click Save.
Important! After you add a fault (or header) to a consumer Web service descriptor, you
must refresh Web service connector(s). See “Refreshing Web Service Connectors for a
Consumer Web Service Descriptor” on page 36.
1 In the Navigation panel, open the Web service descriptor for which you want to view
used IS document types.
2 Select the Document tab.
3 In the operation editing area, select and expand an operation. Then, select and
expand a request or response.
4 In the operation editing area, click a header, body, or fault element.
Developer displays the IS document types used by the element (if any) in the
Document tab.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Binders and Mixed Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Adding a Binder to a Service First Provider Web Service Descriptor . . . . . . . . . . . . . . . . . . . . . . 63
Deleting a Binder from a Service First Provider Web Service Descriptor . . . . . . . . . . . . . . . . . . 65
Deleting an Operation from a Binder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Modifying the SOAP Action for an Operation in a Binder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Assigning a Web Service Endpoint Alias to a Binder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Introduction
A binder is a webMethods term for a collection of related definitions and specifications for
a particular port. The binder is a container for the endpoint address, WSDL binding
element, transport protocol, and communication protocol information. Developer creates
at least one binder when it generates the Web service descriptor based on the data in the
WSDL or IS service. The Binders tab displays the binders defined for a Web service
descriptor.
You can add new binder definitions to a service first provider WSD. Binders cannot be
added to a WSDL first provider WSD or a consumer WSD.
You can define a separate binder for each combination of endpoint address and protocol
information that you want the service first provider WSD to support. The Web service
descriptor can contain any combination of RPC/Encoded, RPC/Literal, or
Document/Literal binders.
Note: If the WS-I compliance property is set to True, you can only create binders that
comply with the WS-I profile.
To edit and save an existing provider WSD with mixed binders, create separate provider
WSDs for each binder use. For example, if a provider WSD contains binder1 which
specifies a “use” of literal and binder2 which specifies a “use” of encoded, copy the
provider WSD. In the provider WSD copy, remove binder1. In the original provider
WSD, remove binder2. The provider Web service descriptors can then be saved.
1 In the Navigation panel, open and lock the provider WSD to which you want to add a
binder.
2 On the Binders tab, click on the Binder tab toolbar or right-click and select Add
Binder.
3 In the New Binder Options dialog box, specify the following information:
End Point The address at which the Web service can be invoked:
To use a provider Web service endpoint alias to specify the
host and port, in the Alias list, select the provider Web service
endpoint alias.
To specify a host and port, in the Host field specify the host
name for the Integration Server on which the web service
resides. In the Port field, specify an active HTTP or HTTPS
listener port defined on the Integration Server specified in
the Host field.
Directive The SOAP processor used to process the SOAP messages
received by the operation in the provider WSD. The Directive
list displays all of the SOAP processors registered on the
Integration Server. The default processor is ws - Web Services
SOAP Processor.
SOAP Version Whether SOAP messages for this web service should use SOAP
1.1 or SOAP 1.2 message format.
Transport The transport protocol used to access the Web service. Select
HTTP or HTTPS.
Use and Style for The style/use for operations in the provider WSD. Select one of
Operations the following:
Document - Literal
RPC - Literal
RPC - Encoded
4 Click OK. Developer adds the new binder to the Binder tab.
5 On the File menu, click Save.
Notes:
If the binder “use” does not match the “use” for the existing binder, Developer does
not save the binder. Instead, Developer displays the following message
[ISS.0085.9282] Bindings or operations with mixed "use" are not supported.
The new binder contains all the operations in the Web service descriptor.
To rename a binder, right-click the binder and select Rename.
If you specify a transport, but do not specify a host, port, or endpoint alias,
Integration Server uses the primary port as the port in the endpoint URL. However, if
the selected transport and the protocol of the primary port do not match, Developer
displays the following warning when you save the provider WSD:
Selected transport protocol does not match that of the primary port on
Integration Server.
For example, if you specify a transport of H TTPS when creating the provider WSD,
but do not specify a host, port, or endpoint alias and the primary port is an HTTP
port, Developer displays the above message.
You must resolve this mismatch before making a WSDL document for this provider
WSD available to Web service consumers. Otherwise, the Web service clients will not
execute successfully.
Keep the following points in mind when pasting in a binder from another provider WSD:
The endpoint, directive, WS-I, transport, and use-style values are the same as those in
the original (source) binder. You can modify these in the Properties panel.
All operations in the cut or copied binder are carried with it. If a pasted binder
contains an operation that is not already in the Web service descriptor, the operation
is added to the Web service descriptor.
1 In the Navigation panel, open and lock the service first provider WSD from which
you want to delete a binder.
2 On the Binders tab, select the binder to delete.
1 In the Navigation panel, open and lock the service first provider WSD.
2 On the Binders tab, expand the binder containing the operation to delete.
3 In the binder, select the operations you want to delete.
5 Click OK.
Developer deletes the selected operation from the binder.
6 On the File menu, click Save.
Notes:
If other binders in the provider WSD contain the operation, that operation remains in
the WSD.
If an operation only exists in one binder, deleting it from that binder removes it
entirely from the Web service descriptor.
If you delete an operation from the operation editing area, it is deleted entirely from
the WSD and from all the binders that exist for that WSD. For more information about
deleting operations, see “Deleting Operations from a Provider Web Service
Descriptor” on page 55.
To modify the SOAP Action property for an operation in a provider Web service descriptor
5 Click OK.
Developer applies the SOAP action change to the operation in this binder only.
6 On the File menu, click Save.
1 In the Navigation panel, open and lock the Web service descriptor to which you want
to associate the Web service endpoint alias.
2 On the Binders tab, select the binder to which you want to assign an endpoint alias.
3 In the Properties panel, next to the Port alias property, select the Web service endpoint
alias that you want to associate with the WSD. Developer lists only those endpoint
aliases of the same type as the WSD.
4 On the File menu, click Save.
Note: When the Port alias property is modified for a consumer Web service descriptor
and, the Web service descriptor is viewed as WSDL (the View WSDL button is clicked),
the generated WSDL does not reflect the change to the port alias. However, the new
value will be used at run-time.
How the Consumer Web Service Endpoint Alias Affects the Endpoint
URL
The host and/or port information provided in the consumer Web service endpoint alias
assigned to a binder determine the host:port portion of the endpoint URL. The following
table explains how Integration Server builds the endpoint URL at run time when host
and/or port are specified in the consumer Web service endpoint alias.
Note: If a value is specified for the _url input parameter for a Web service connector
the url value takes overrides the original URL from the WSDL. Additionally,
Integration Server ignores the host and port information provided in the consumer
Web service endpoint alias.
Step 1 If provider Web service endpoint alias is assigned to the binder, Integration
Server uses the host name and port from the provider web service endpoint
alias in the endpoint URL.
Step 2 If provider Web service endpoint alias is not provided, Integration Server
uses the host name and port from the value of the Port address property.
Step 3 If provider Web service endpoint alias is not provided and the Port address
property does not have a value, Integration Server uses the Integration
Server host name and primary port.
The following table describes how Integration Server determines the host and port
portions in the URL for the soap:address element for a binding:
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
About Request Handler Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
About Response Handler Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
About Fault Handler Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Setting Up a Header Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Example: Measuring Elapsed Time with a Consumer Handler . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Introduction
When working with Web services on Integration Server, the SOAP body portion of the
SOAP message contains the data representing the input and output signatures of the
underlying SOAP operation. In typical processing, Integration Server converts the SOAP
body between its XML representation in the SOAP message and the Document (IData)
representation used within Integration Server automatically.
In addition to the data contained in the SOAP body, a SOAP message might contain data
in the SOAP headers. The best way to access the SOAP headers is to use handlers. A
handler, sometimes called a header handler, provides access to the entire SOAP message.
Handlers can be used to perform various types of processing, including processing SOAP
headers, adding SOAP headers, removing SOAP headers, passing data from the header
to the endpoint service or vice versa.
In Integration Server, a handler is a set of up to three handler services. The handler can
contain one of each of the following handler services:
Request handler service
Response handler service
Fault handler service
Any IS service can be used as a handler service. However, handler services must use a
specific service signature. Integration Server defines the service handler signature in the
pub.handler.soap:handlerSpec specification. Integration Server also provides several services
that you can use when creating handler services. These services are located in the
pub.soap.handler folder in the WmPublic package.
When you register a handler, you name the handler, identify the services that function as
the request, response or fault handler services, and indicate whether the handler is for
use with providerWeb service descriptors or consumer Web service descriptors.
You can assign multiple handlers to a Web service descriptor. Developer displays the
handlers on the Handlers tab. The collection of handlers assigned to a Web service
descriptor is called a handler chain. For a consumer Web service descriptor, Integration
Server executes the handler chain for output SOAP requests and inbound SOAP
responses. For a provider Web service descriptor, Integration Server executes the handler
chain for inbound SOAP requests and outbound SOAP responses.
When executing the handler chain, Integration Server executes request handler services
by working through the handler chain from top to bottom. However, Integration Server
executes response handler services and fault handler services from bottom to top.
The order of handlers in the handler chain may be important, depending on what
processing the handlers are performing. For example, a WS-Security handler that is
performing encryption or digitally signing a request should generally be the final handler
in the list for a consumer, but the first handler in the list for a provider.
Adding a Handler
Use the following procedure to add a handler to a Web service descriptor.
1 In the Navigation panel, open and lock the Web service descriptor to which you want
to add handlers.
2 On the Handler tab, click on the toolbar. Or right-click and select Add Header Handler.
3 Select the registered handler that you want to add to the Web service descriptor.
4 On the File menu, click Save.
Once a handler is added to a Web service descriptor, you may optionally add any
headers associated with the handler to the request or response elements of operations
within the Web service descriptor.
Deleting a Handler
You can delete a handler from a Web service descriptor.
1 In the Navigation panel, open and lock the Web service descriptor to which you want
to add handlers.
2 Click the Handlers tab.
3 Select the handler that you want to delete.
1
Consumer handler
2
handleRequest
Web Service Web Service
Consumer 3
Provider
handleResponse
Step Description
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Usage of WS-Security Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
The SOAP Message Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Securing Data at the Message Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Message Direction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Securing Web Service Providers and Consumers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Types of Message Authentication Supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Message Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Policy Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Certificate and Key Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Configuring the WS-Security Facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Resolution Order of Certificates and Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Certificate Mapping and Usage Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Introduction
This chapter explains Integration Server’s WS-Security implementation. It describes basic
concepts needed to understand the facility, including the settings that comprise a policy,
the XML components, and how policy information is delivered via SOAP message
headers. The chapter also covers the information you need to know about key and
certificate usage, so that the keys, certificates, and trusted roots are correctly configured
for use with the facility.
The chapter details the steps needed to configure WS-Security for Web service providers
and consumers, including the creation, customizing, and selection of a policy file; and
passing security information to a Web services connector.
Lastly, the chapter describes how run-time resolution orders for certificates and keys
work, and how the WS-Security facility uses Integration Server certificate mappings.
The particular combination of these XML authentication components, and their attributes
and settings, constitutes a Web service’s security policy; the SOAP message header is the
“container” for this information.
Note: The security attributes you assign to a Web service with the Integration Server’s
WS-Security facility do not enable or enforce any of the transport-level security
measures provided by SSL and HTTP authentication.
Message Direction
When configuring message-level security for a Web service, messages must be
categorized as either inbound or outbound. This distinction is important, because
authorization properties can only be applied to messages flowing in one of these
directions.
The authorization properties of an outbound/inbound message pair often share a
dependency. For example, if an outbound message is signed by a Web service, the Web
service receiving the signed message must define the security parameters of an inbound
message so that it can address (for example, verify) signed messages.
Message direction is specified by XML components in the policy file: Rules for inbound
messages are specified within an <InboundSecurity> section, and rules for outbound
messages are specified within an <OutboundSecurity> section. Security elements
specifying username/password, signing, encryption, and all other properties, are
contained within these sections.
For more information and XML code examples specifying message direction, see
“InboundSecurity and OutboundSecurity Elements” on page 127.
1 2
Outbound Inbound
(consumer) (provider)
Step Description
When implementing WS-Security, you configure the security settings for a Web service
consumer or provider’s inbound and outbound messages. The following table lists
examples of typical security settings for a Web service consumer and provider.
A complete reference of the inbound and outbound security settings for consumers and
providers is available in Appendix B, “WS-Security Policy Reference”.
Note: The WS-Security facility does not support the use of password digests.
Since the credentials are in plain text, it is recommended that you provide additional
transport-level security such as SSL to secure the endpoints of the connection.
X.509 Signature Authentication. Allows the use of a private key from an X.509 standard
certificate to sign a document, thus authenticating the identity of the sender to the
receiver. The recipient verifies the signed messages through the matching public key.
Proprietary X.509 authentication. You can include an X.509 certificate or a reference to an
X.509 certificate as an authentication token in the message header, without any
signing or encryption. This combination of settings supports non-standard X.509
configurations.
Since no signing or encryption is used, you may need to provide additional transport-
level security such as SSL to secure the endpoints of the connection.
Signature Options
A signature is a means of authenticating a message so that the recipient is certain of the
sender’s identity and the integrity of the message content. Signing a message involves
encrypting a message digest with the sender’s private key. To verify a signed message,
the recipient uses the public key corresponding to the sender’s private key. Signature
attributes include the following:
Allow a signature with an expired certificate
Require the SOAP message body to be signed
Authenticate the message with the signing certificate
The following signature options are not supported by this implementation of WS-
Security:
Selecting the algorithm to use in creating the message digest
Selective or multiple signing of an outbound message
Encryption Options
The WS-Security implementation encrypts SOAP message bodies using the recipient’s
public key. The available encryption options include the following:
Select an encryption algorithm
Select a key wrapping algorithm
Require the SOAP body of inbound messages to be encrypted
The following encryption options are not supported by this implementation of WS-
Security:
The C14N canonicalization algorithm
Selective or multiple encryption of an outbound message
Encrypting outbound messages with a password
Security Timestamps
You can use a Timestamp element that specifies message expiration time, as well as the
precision of the time measurement. This element offers protection against replay attacks,
since inbound messages arriving after the expiration time can be invalidated.
Token References
You can specify handling of certificate information through direct or indirect references:
In a direct reference, the actual certificate, or a path to the URI specifying a remote
data source containing the token element, is embedded in the SOAP header.
In an indirect reference, a certificate property, such as the X.509 key identifier, is
embedded in the SOAP header. Using this property value, the recipient extracts the
property value from the message header and uses it to locate the certificate.
Policy Files
A policy file is equivalent to a complete XML Header component of a Web service
descriptor. During WS-Security configuration, a policy file is mapped to a Web service
descriptor file. Each time a message is sent or received by the Web service, the
authentication, signing, and encryption settings specified in the SOAP header are
enabled.
Prerequisites
Several prerequisites are necessary before beginning the WS-Security configuration
process:
Make sure that the following applications have been started and are running:
The Integration Server hosting the Web service for which you are configuring WS-
Security.
An instance of Developer.
Certificate files for the Web service provider or consumer must exist.
You will need to specify the locations of these certificate files during the configuration
process. The certificate files contain the signed certificate (or chain of certificates), and
the trusted authority directory contains the trusted roots of the certificate signing
authority. For more information, see “Certificate and Key Requirements” on page 92,
“Resolution Order of Certificates and Keys” on page 97 and “Certificate Mapping
and Usage Settings” on page 98.
Verify that the security policy you want to enforce is already specified in an XML
policy file.
Integration Server provides several “out-of-the-box” policies for coverage of typical
message-based security situations. In most cases, you will be able to use one of these
policy files as is.
If your security needs require the creation of a custom policy file, you can do so by
copying one of the supplied XML policy files and editing the copy. Make sure to give
the copied file a unique ID (see “Sample Policy File” on page 134 for more
information).
Step Summary
Following is a summary of the step sequence to follow when configuring WS-Security:
Title Description
“Specifying the WS-Security Verify the existence and location of the XML
Policy File” policy file.
“Assigning a Security Policy to a Using Developer, specify the XML policy file and
Web Service Descriptor” assign it to a Web service descriptor.
Title Description
Creating a Consumer Web Service Configure an endpoint alias for a consumer Web
Endpoint Alias service descriptor
- OR - - OR -
Creating a Provider Web Service Configure an endpoint alias for a provider Web
Endpoint Alias service descriptor
“Assigning a Web Service The set of properties associated with the alias
Endpoint Alias to a Binder” on must be linked to a Web services descriptor
page 67
“Passing Security Information into Note: This item is an alternate to WS endpoint
a WS Connector” alias configuration for the WSC.
1 In the Navigation panel, locate and open and lock the Web service descriptor for
which you want to configure the WS-Security policy.
2 In the Web service descriptor editor, on the Handlers tab, use one of the following
mechanisms for adding a header handler:
Click click on the toolbar. Or right-click and select Add Header Handler. A list of
available header handlers appears. Select WS Security Handler and click OK.
Right-click in the Handlers tab and click Add Header Handler on the pop-up menu.
A dialog box appears with a list of available header handlers. Select WS Security
Handler and click OK.
Cut or copy an existing WS-Security handler using Developer.
3 In the Properties panel, select the policy name that you want to associate with the
WS-Security handler.
Developer sets the value of the Effective policy name property to match the selected
policy name.
Note: Developer sets the value of the effective policy name to match policyName
the first time only that a policy name is specified. If you later change the policy
name, Developer does not automatically update the effective policy name. If you
want the effective policy name to match the new policy name, you must specify
the new policy in the Effective policy property.
Important! The order of handlers is important. For provider Web service descriptors, it
is recommended that the WS-Security handler be the first handler listed. For
consumer Web service descriptors, it is recommended that the WS-Security handler
be the last handler listed.
1 Start Developer.
2 Open and lock the service that invokes the WSC.
3 If the SOAP message request requires credentials for a UsernameToken, do the
following in the pipeline for the WSC:
a Map or set the value of auth/message/user to the user name used to authenticate
the consumer client on the Web services host.
b Map or set the value of auth/message/pass to the password used to authenticate
the consumer client on the Web services host.
4 If the SOAP message request needs to be signed, set the following fields in the WSC:
Note: The method you use to fetch these credentials depends upon their location at
your site. If they are stored in the file system, you can retrieve them using the
pub.file:getFile service. If they are stored in a special repository or a DBMS,
you may need a custom service for their retrieval.
5 If the SOAP message request requires encryption, set the following field:
Search Order
The search order for certificates and keys is different for Web service providers and
consumers.
For consumers, the search order is as follows:
1 Passed in through generated WSC (Web service connector)
2 Specified in the Web service’s endpoint alias
3 Specified in the Integration Server settings
4 From the WS-Security message header
If this Usage is requested... A mapping with the first of these Usage values is returned...
Verify Verify, VerifyAndEncrypt, SSL
Encrypt Encrypt, VerifyAndEncrypt, SSL
VerifyAndEncrypt VerifyAndEncrypt, SSL
MessageAuth MessageAuth, SSL
SSLAuth SSL
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Authentication and Authorization for Consumer Web Service Descriptors . . . . . . . . . . . . . . . . . 102
Authentication and Authorization for Provider Web Service Descriptors . . . . . . . . . . . . . . . . . . . 104
Introduction
At specific points in the execution of a Web service descriptor, Integration Server
performs authentication and authorization to verify that the user has permission to
execute the Web service descriptor or one of its associated services. For the Web service
descriptor and its associated services, this can include checking the execute ACL assigned
to the descriptor or service.
On the consumer and provider sides, Integration Server always performs ACL
checking for the Web service descriptor.
On the consumer side, Integration Server performs ACL checking for the Web service
connector if the connector is a top-level service (one that is invoked directly by a
user). If another service invokes the Web service connector, Integration Server
performs ACL checking only if the Enforce execute ACL option for the Web service
connector is set to Always.
Integration Server performs ACL checking for handler services, if the service has
permissions configured such that the Enforce execute ACL option is set to Always.
On the provider side, Integration Server performs ACL checking for handler services,
endpoint service, or any services called by the endpoint only if the service has
permissions configured such that the Enforce execute ACL option is set to Always.
Note: On the consumer side, Integration Server performs ACL checking with the
credentials used to connect to the Integration Server. The transport and message
credentials passed into the Web service connector or specified in the consumer web
service endpoint alias are used only when sending the SOAP request to the provider.
Step Description
1 Authorization check for the Web service connector.
Integration Server determines whether the user is authorized to invoke the Web
service connector by checking the user credentials against the execute ACL
assigned to the Web service connector.
If the Web service connector is the top-level service, Integration Server
performs ACL checking for the Web service connector.
If the Web service connector is not the top-level service, Integration Server
performs ACL checking for the Web service connector only if the Web
service connector permissions specify that the Enforce execute ACL option is
set to Always.
If access is denied, Integration Server does not continue to the next steps and
the Web service connector fails.
2 Authorization check for the consumer Web service descriptor.
Integration Server determines whether the user is authorized to access the Web
service descriptor by checking the user credentials against the execute ACL
assigned to the Web service descriptor.
If access is denied, Integration Server does not continue to the next steps and
the Web service connector fails.
3 Authorization check for all handler services.
Integration Server determines whether the user is authorized to access the
handler services by performing ACL checking. Integration Server checks the
execute ACL for a handler service only if the handler service permissions
specify that the Enforce execute ACL option is set to Always. Integration Server
does not consider handler services to be top-level services.
If access is denied to any of the handler services, Integration Server does not
continue to the next steps and the Web service connector fails.
Note: Note that Integration Server performs ACL checking for all request,
response, and fault handler service at this point in the process.
4 Request handler services execute.
Integration Server executes the request handler services in the handler chain.
For more information, see “About Request Handler Services” on page 73.
5 Send SOAP Request
Integration Server sends the SOAP request to the Web service provider.
6 Response handler services execute.
Integration Server receives the SOAP response and executes the response
handler services in the handler chain. For more information, see “About
Response Handler Services” on page 76.
Message-level credentials. The WS-Security credentials present inside the actual SOAP
message as contained within the WS -Security SOAP headers. The use of message-
level credentials for authorization purposes is only possible if the WS Security
handler is engaged for the Web service descriptor.
Effective user. The user identity that is currently being used for purposes of
authorization. The effective user identity begins as Anonymous and may be replaced
subsequently by a user identity from the transport-level credentials or the message-
level credentials.
Authentication. The act of validating a set of credentials to verify the identity of a user.
For example, authentication may involve checking the validity of a provided
userid/password combination or checking the validity of an X509 certificate or its
expiration. After the user is authenticated, the user identity becomes the “effective
user”.
Authorization. The act of determining whether a given user identity is allowed to access
a particular resource.
The following table summarizes the processing points at which Integration Server
performs authentication and authorization and indicates when Integration Server
executes the services used with a provider Web service descriptor.
Step Description
1 Transport-level authentication.
When Integration Server receives an inbound Web service request, the
transport mechanism authenticates the transport-level credentials.
If the transport-level credentials were supplied and successfully
authenticated, the user associated with the transport-level credentials
becomes the effective user. Processing continues to step 2, Authorization
check for all handler services.
If the transport-level credentials were supplied and are invalid, the
transport mechanism rejects the Web service request and no further
processing occurs.
If no transport-level credentials were provided, the effective user is set to
Anonymous and processing continues to step 2, Authorization check for all
handler services.
Step Description
2 Authorization check for all handler services.
Integration Server determines whether the user is authorized to access the
handler services by performing ACL checking. Integration Server performs
ACL checking for a handler service only if the handler service permissions
specify that the Enforce execute ACL option is set to Always. Integration Server
does not consider handler services to be top-level services.
Integration Server uses the credentials of the effective user when performing
ACL checking for handler services. If access is denied to any of the handler
services, Integration Server processing does not continue.
Note: Note that Integration Server performs ACL checking for all request,
response, and fault handler service at this point.
3 Request handler services execute.
Integration Server takes the SOAP request from the consumer and executes
the request handler services in the handler chain. For more information, see
“About Request Handler Services” on page 73.
If the WS Security handler is not engaged for the provider Web service
descriptor, processing continues with step 4, Authorization check for the provider
Web service descriptor.
If the WS Security handler is engaged for the provider Web service
descriptor, Integration Server authenticates the message-level credentials.
If authentication succeeds, Integration Server extracts the message-level
credentials. The user associated with the message-level credentials
becomes the effective user. Processing continues with step 4, Authorization
check for the provider Web service descriptor.
If authentication fails for the message-level credentials, Integration Server
rejects the request and processing skips to step 7, Response handler services
execute.
4 Authorization check for the provider Web service descriptor.
Integration Server determines whether the user is authorized to access the
Web service descriptor by checking the credentials of the effective user
against the execute ACL assigned to the Web service descriptor.
If access is granted, processing continues with step 5, Authorization check
for the endpoint service.
If access is denied, Integration Server adds a SOAPFault to the SOAP
response and skips to 7, Response handler services execute.
Step Description
5 Authorization check for the endpoint service.
Integration Server determines whether the user is authorized to access the
endpoint service by performing ACL checking.
Integration Server performs ACL checking for an endpoint service only when
the service permissions specify that the Enforce execute ACL option is set to
Always. Integration Server does not consider an endpoint service to be a top-
level service.
If Integration Server performs ACL checking for the endpoint service,
Integration Server uses the credentials of the effective user.
If access is granted, processing continues to step 6, Endpoint service
executes.
If access is denied, Integration Server adds a SOAPFault to the SOAP
response and skips to step 7, Response handler services execute.
6 Endpoint service executes.
Integration Server executes the endpoint service.
If service execution succeeds, Integration Server converts the response
from the endpoint service to a SOAP response and processing continues
to step 7, Response handler services execute.
If service execution fails, Integration Server converts the failure to a
SOAPFault and places it in the SOAP response. Processing continues to
step 7, Response handler services execute.
7 Response handler services execute.
Integration Server takes the SOAP response produced by the endpoint
service and begins to execute the response handler services in the handler
chain. For more information, see “About Response Handler Services” on
page 76.
Behavior Description
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
What Is a UDDI Registry? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Connecting to a UDDI Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Refreshing a UDDI Registry Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Disconnecting from a UDDI Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Viewing a UDDI Registry in Developer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Publishing a Service to the UDDI Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Removing a Service from UDDI Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Browsing for Web Services in UDDI Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Introduction
This chapter provides information about using webMethods Developer to connect to a
UDDI Registry and view or publish Web services.
Important! Developer only supports UDDI v3; it will not connect to a registry based on
earlier versions of UDDI.
Requirements
To use Developer to publish or browse Web services in a UDDI Registry, you must have
the following:
webMethods Developer 7.1
webMethods Integration Server 7.1
A valid UDDI v3 registry account, configured with the proper permissions to
perform UDDI activities
Note: You can only connect to one UDDI Registry at a time from Developer. To
connect to another UDDI Registry, you must first disconnect from the existing
session.
1 Start Developer.
2 Select Session > Open UDDI Registry session or click on the UDDI Registry tab.
3 In the Open UDDI Registry Session dialog box, complete the following fields as
appropriate:
To... Select...
Connect to the URL configured for browsing the UDDI Inquiry URL
registry. This field is mandatory.
Connect to the security URL for the UDDI registry. This field Security URL
can be mandatory or optional, depending on the registry.
Connect to the URL configured for publishing services to the Publish URL
UDDI registry. This field is optional.
Note: Developer saves URLs that were used previously for successful connections
and lists the one that provided the “last good connection” first.
When other users add or delete Web services Refresh the UDDI Registry as
from the UDDI Registry described below.
When Developer loses its connection to a UDDI Refresh the UDDI Registry as
Registry described below.
If the registry operates with some form of Refresh the UDDI Registry as
governance and a newly added Web service described below.
does not appear immediately
If you are alerted with a message stating that a Clear the filter, as described in
newly-created service does not meet with the “Clearing an Applied Filter” on
currently applied filter criteria page 119.
Select Session > Refresh UDDI Registry display or click on the UDDI Registry tab.
Select Session > Close UDDI Registry session or click on the UDDI Registry tab.
UDDI Registry
tab
Note: When you select a Web service in the UDDI Registry tab, the Properties panel
displays the properties of the Web service you selected, but the editor (the middle
area of the Developer window between the Navigation and the Properties panels)
does not change. It still displays details for the service selected in the Navigation
panel. This is because Web service details and logic for a UDDI Registry service
cannot be modified using Developer.
Note: Infravio X-Registry users can view only business services that
belong to them or to which they have been granted explicit “view”
permissions, unless the user has Administrator permissions. Business
services that do not belong to the user will be listed under the Unknown
Business entities for read-only purposes. This is a registry limitation and
applies to Infravio only.
A Web Service. A Web service is a service that uses specific XML- based
protocols and interface descriptions to communicate. It represents an
endpoint that hosts an actual service. Using Developer, you can create a
consumer Web service descriptor and connector(s) from a Web service
and then invoke the connector to run the Web service remotely. From an
existing IS service or WSDL, you can create a provider Web service
descriptor and publish it to a UDDI Registry, so that the IS service it
describes can be invoked by an external user.
Note: You cannot modify any of these elements (registry node, business entity, or Web
service) using Developer. The only way to manipulate the UDDI registry is by
registering new Web services, deleting existing registrations, and by using registered
Web services as the basis for generating an Integration Server Web service descriptor.
Property Description
Important! When you select a Web service in the UDDI Registry tab, the editor (the
middle area of the Developer window between the Navigation and Properties panels)
does not change. This is because a Web service’s details and logic cannot be modified
by Developer.
Tip! You can publish a service by creating a provider Web service descriptor for the
service and dragging it directly from the Navigation panel to the UDDI Registry tab.
The service will be published in the UDDI Registry with the following characteristics:
SOAP 1.1 as the protocol
SOAP Document/Literal as the style and use
http://host:port as the as the address of the web service
Tip! To automatically publish a service to a UDDI Registry, drag the provider Web
service descriptor for the IS service from the Navigation panel to your business entity
folder on the UDDI Registry.
1 If you have not already done so, create a provider Web service descriptor using the IS
service as an operation of the Web service (as described in “Creating a Service First
Provider WSD” on page 20).
2 From the UDDI Registry tab, connect to the UDDI Registry in which you want to
publish the Web service (as described in “Connecting to a UDDI Registry” on
page 111).
3 In the Navigation panel, select the provider Web service descriptor for the IS service
you want to publish and click Publish to UDDI Registry from the Tools menu (or from the
right-click menu). Developer opens the Select Business Entity dialog box.
4 Type a name and description for the service and select the business entity in which to
create the Web service.
Note: Infravio X-Registry users can view only business services that belong to
them or to which they have been granted explicit “view” permissions, unless the
user has Administrator permissions. Business services that do not belong to the
user will be listed under the Unknown Business entities for read-only purposes.
This is a registry limitation and applies to Infravio only.
Note: If Developer cannot display the service you just published in the UDDI
Registry tab because of the filter setting, it will display a message stating so. Clear
the filter by clicking on the UDDI Registry tab or by selecting Clear UDDI Filter
from the right-click menu.
Important! If you publish the same Web service descriptor to a registry twice (without
first deleting the original version), two Web services will exist with the same name in
the registry. However, the Service Key property values will be different for these two
services. If you cannot determine which version is the newest, delete both Web
services from the UDDI Registry tab and re-publish the new version.
1 Click on the UDDI Registry tab to connect to the UDDI Registry from which you
want to remove a service.
2 In the UDDI Registry tab, select the service you want to remove and click , or select
Delete Web Service from the right-click menu.
Note: You cannot delete a Web service from another business’ folder in the
registry. The Delete Web Service option will be disabled.
1 Click on the UDDI Registry tab, or put your cursor anywhere in the UDDI Registry
area and select Filter UDDI Registry display from the right-click menu.
2 In the Filter on field, type the text to use as the filter criteria.
The text is treated as a partial string. For example, if you enter “vic”, “victory” and
“services” will both fit the search criteria. The percent sign (%) can be used for an
approximate search within the text. For example, for “a%n”, “ain”, “Amazon”, and
“American” all fit the search criteria.
3 Under Text to match select the check boxes for Service name, Service description, or both
to specify which properties you want Developer to examine for the Filter on text
string.
4 Click Apply to apply the filter.
If you click Apply, the Filter UDDI Registry Display dialog box remains open. Click OK
if you want to apply the filter and close the Filter UDDI Registry Display dialog box.
Notes:
Developer continues to apply the specified filter until you explicitly clear the filter.
Developer saves the filter string across Developer and UDDI Registry sessions.
When the button on the UDDI Registry tab is active, it indicates that Developer is
using a filter to limit the displayed Web services.
If you publish a service that does not meet the criteria specified in the currently
applied filter, Developer does not display the newly published Web service in the
UDDI Registry tab.
Developer applies each filter that you create to the entire contents of the UDDI
Registry. For example, if you apply two filters in succession, Developer clears the first
filter before applying the second filter. Developer does not apply the second filter to
the results of the first filter.
To clear a filter
Click on the UDDI Registry tab, if it is enabled, or put your cursor anywhere in the
UDDI Registry area and select Clear UDDI Filter from the right-click menu.
Developer removes the filter and displays all the published Web services in the UDDI
Registry.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
WS-Security Key Resolution Order: Web Services Consumer . . . . . . . . . . . . . . . . . . . . . . . . . . 122
WS-Security Key Resolution Order: Web Services Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Introduction
This appendix describes the WS-Security facility’s key usage order when multiple private
or public keys are available to a Web service. The appendix lists the key usage order for
combinations of several parameters:
Consumers vs. provider
Request vs. response message
Security setting (sign, verify, encrypt, decrypt)
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Policy File Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Sample Policy File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
List of Supplied WS-Security Policy Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Introduction
This appendix contains reference information for WS-Security policy files. The appendix
describes the XML elements, attributes, and settings. A sample XML policy file
explaining commonly-used security components and attributes is provided. In addition,
the appendix lists the complete set of policy files included with Integration Server.
Element Description
<Policy> Specifies the policy namespace and the unique identifier of
the policy.
<SecurityPolicy> Contains the elements that describe a WS-Security policy.
<InboundSecurity> Indicates whether the security and authentication
-OR- information is for an inbound message or an outbound
<OutboundSecurity>
message from the Web service.
<Timestamp> Generates a timestamp that enforces message expiration.
<UsernameToken> Includes a WS-Security UsernameToken for authentication.
<Signature> Specifies use of a digital signature.
<Encryption> Specifies encryption of the SOAP message body.
<X509Authentication> Include a WS-Security X.509 Certificate token reference for
authentication.
Policy Element
The <Policy> element contains two attributes: the namespace for WS-Security policy files,
and an identifier for the policy specification. The identifier must be specified by the
policy file writer or author and must be unique.
Example:
<Policy xmlns=”http://www.webmethods.com/2007/07/policy”
Id=”Confidential File Policy A”>
SecurityPolicy Element
The <SecurityPolicy> element contains all of the elements that specify the policy’s
security settings.
Example:
<SecurityPolicy xmlns=”http://www.webmethods.com/2007/07/policy/security”>
<InboundSecurity>
. . .
</InboundSecurity>
<OutboundSecurity>
. . .
</OutboundSecurity>
Example:
<InboundSecurity>
. . .
<Signature
Usage=”Optional”
. . . />
<Encryption
Usage=”Required”
. . . />
. . .
</InboundSecurity>
Timestamp Element
The <Timestamp> element supplies settings to enforce message expiration.
Outbound Messages
For outbound messages, the presence of this element generates a timestamp with a
specified “time to live” value. You can increase the precision of the value by specifying
milliseconds.
The default value is 5 min (300 sec).
Example:
<Timestamp
TimeToLiveInSeconds=”300”
IncludeMilliseconds=”True”/>
Inbound Messages
By default, expired messages generate an exception. However, you can use a setting to
turn off message expiration.
Default: Expiration is enforced.
Example:
<Timestamp
EnforceExpiration=”False”/>
UsernameToken Element
For outbound messages, the <UsernameToken> element specifies whether or not to include
a WS-Security UsernameToken in the message header.
Outbound Messages
Password Type
The “PasswordType” attribute specifies the password form to use. Currently, the only
setting is “Text”, which specifies the use of plain or clear text. You do not have to specify
the “PasswordType” attribute to use a password with the UsernameToken.
Examples:
<UsernameToken
PasswordType=”Text”/>
Signature Element
Outbound Messages
Inclusion of this element causes the facility to sign the outbound SOAP message body.
Token Reference Type
The token reference type attribute indicates how the signed certificate will be included in
the message header:
Example:
<Signature
TokenReferenceType=”IssuerAndSerial”/>
Example:
<Signature
TokenReferenceType=”Direct”
IncludeCertPath=”True”/>
Inbound Messages
These settings indicate how to process signature information contained in the incoming
SOAP header.
Allow Expired Certificates
If this attribute is set to “False,” generates an exception when a signature is encountered
that was created with an invalid certificate (either expired or not yet valid). If this
attribute is set to “True,” message signatures created with an expired signing certificate
are allowed.
Default: False
Example:
<Signature
AllowExpiredCerts=”True”/>
Example:
<Signature
ValidateSigningCert=”True”/>
Example:
<Signature
AuthenticateWithSigningCert=”True”/>
Default: True
Example:
<Signature
RequireSignedBody=”False”/>
Encryption Element
Outbound Messages
Inclusion of this element causes the facility to encrypt the outbound message body.
Token Reference Type
The token reference type attribute indicates how the encrypted certificate will be
included in the message header.
Example:
<Encryption
TokenReferenceType=”Direct”/>
Encryption Algorithm
This setting specifies the algorithm to use for encrypting the message. The following table
lists the available algorithms.
Example:
<Encryption
EncryptionAlgorithm=”aes256”/>
Example:
<Encryption
KeyWrappingAlgorithm=”rsa15”/>
Inbound Messages
These settings indicate how to process encrypted information contained in the message
header.
Require Encrypted Body
When set to “True,” requires that the body of the SOAP message body be encrypted or an
exception is generated. The data is still decrypted when this attribute is set to “False”;
however, if the SOAP message body is not encrypted, no exception is generated.
Default: True
Example:
<Encryption
RequireSignedBody=”False”/>
Example:
<X509Authentication
TokenReferenceType=”Thumbprint”/>
Example:
<X509Authentication
TokenReferenceType=”Direct”
IncludeCertPath=”True”/>
Inbound Messages
These settings indicate how to process messages with a WS-Security X.509 token
reference in the message header.
Allow Expired Certificates
If this attribute is set to “False,” an exception is throw whenever a certificate is
encountered that is either expired or not yet currently valid. If this attribute is set to
“True,” the certificate’s expiration date is ignored.
Default: False
Example:
<X509Authentication
AllowExpiredCerts=”True”/>
Validate Certificates
Ensures that the X.509 certificate is signed by a trusted authority.
Default: False
Example:
<X509Authentication
ValidateCerts=”True”/>
The policy ID attribute highlighted in line 1 is required for every policy you use.
The policy specifies use of a WS-Security Username token. This means that a token
containing the user name and password for the Web service is included in the SOAP
header of an outbound message to identify the requesting service. The only available
attribute for the Username token is text, which means that the password will be sent
in plain text (digested passwords are not supported).
The policy specifies the use of a digital signature.
The settings for the <Signature> component in the outbound message section
indicate that the certificate to use for authentication is specified by a path location
contained in the message header (TokenReferenceType = “Direct”, and
IncludeCertPath=”True”).
The settings for the inbound message section indicate that a digital signature is
required on the body of incoming messages, that messages signed by an expired
certificate will not be accepted by this Web service, and that signatures will be
validated to make sure that they were signed by a trusted authority or CA.
The policy also includes a security timestamp component indicating that message
expiration will be enforced on incoming messages, and specifying that the expiration
time of outgoing message expiration is 300 ms. After 300 ms, messages sent from this
consumer can be invalidated by the recipient.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Web Service Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Web Service Consumer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Introduction
This appendix describes the WS-Security facility’s certificate and key usage resolution
order for policy assertions, attributes, and settings.
Note: The sections in this appendix refer to keystore and key aliases for the Signing
Key, the Decryption Key, and the SSL Key. You can configure these keystore and key
aliases on the Security > Certificates screen of the Integration Server Administrator.
Keep the following points in mind when using the JAX-RPC handler interface to write a
custom handler:
When a Web service descriptor is configured and multiple handlers are added, the
order of the execution of the handlers is the order they are defined in the Web service
descriptor. By default, this is the order in which they are added, but that order can be
modified when editing the Web service descriptor. Therefore, the order of the
handlers is very important.
If headers are defined within a WSDL file used to generate a Web service descriptor,
they are automatically added to the Web service descriptor and assigned to the
handler used to process the header to that Web service descriptor. If the WSDL used
to create the Web service descriptor does not contain header definitions, or if a
provider Web service descriptor is being created from exiting IS services instead of
WSDL, you must manually add headers after the Web service descriptor is created.
Message Display
When you create or execute a Web service descriptor, Developer displays a message that
indicates whether the process completed successfully.
If the process completed successfully but warnings occurred, Developer displays a
message to that effect. If the process did not complete successfully, Developer displays a
message that says errors occurred.
When you click Details on the message dialog box, Developer provides information
similar to the information in the message dialog box shown below.
WSDL elements
that caused the
error or warning.
Note: When generating a Web service descriptor, Developer might generate some of
the flow steps in the Web service descriptor or some of the supporting IS elements
(Web service connectors, IS document types, folders, or IS schemas) before it
encounters errors or warnings. The generated elements appear in the Navigation
panel.
Following are the error messages and warning messages that can occur when Developer,
Designer, or Integration Server creates or executes a consumer Web service descriptor, a
Web service connector, or a provider Web service descriptor.
[ISC.0077.9014] Document to XSD error: Field fieldName cannot be represented in XML Schema. The
field name does not conform to the XML NCName definition.
Cause: The Developer determined that the IS document type you are using to generate a
WSDL document contains field names that do not conform to the XML NCName
definition.
Response: To resolve this error, rename the fields to conform to the QName lexical rules
specified in http://www.w3.org/TR/REC-xml-names/#NT-QName and the XML
namespace and local naming conventions specified in http://www.w3.org/TR/REC-xml-
names/#NT-NCName.
ISC.0088.0028E Service handler <serviceHandler> could not be registered. A service handler by that
name already exists.
Cause: A service handler with the provided name already exists.
Response: Specify a unique name for the service handler.
ISC.0088.0034E Registered service handlers could not be listed. Missing required parameter
<parameter>
Cause: The list of registered service handlers could not be created because a required
input parameter was not provided.
Response: Provide the missing input parameter.
ISC.0088.0035E Service handler <serviceHandler> could not be found. Missing required parameter
<parameter>
Cause: Service handler could not be found because a required input parameter was not
provided.
Response: Provide the missing input parameter.
ISC.0088.0036E Service handler <serviceHandler> could not be found. Service handler is not
registered.
Cause: A service handler with the provided name does not exist.
Response: Register a service handler with the provided name or specify the name of an
existing registered service handler.
ISC.0088.9320 MTOM Attachments Processing Failed: Cannot convert SOAP Message to XOP
Package; “null” value for Web service descriptor
Cause: The Web service descriptor identified by the part of request URL (for provider) or
passed Web service descriptor name (for consumer) as parameter, does not exist.
Response: Correct the URL or correct the passed Web service descriptor name or create a
proper Web service descriptor.
ISC.0088.9321 MTOM Attachments Processing Failed: Cannot convert SOAP Message to XOP
Package; base64Binary encoded data is not in the Canonical Lexical form
Cause: Base64Binary encoded data is not in Canonical Lexical form; it contains line break
characters or tabs.
Response: Convert the Base64Binary data into Canonical Lexical form.
[ISC.0124.9001] Document to XSD warning: For interoperability reasons, the <any> type is not used in
SOAP RPC WSDL. Document {0} will be defined as closed in the XSD.
Cause: The IS document type you are using to generate a WSDL document contains
variables of type Document or Document list. These variables are open (that is, their Allow
unspecified fields property is set to True).
Response: To resolve this warning, set the Allow unspecified fields property in the Constraints
category of the Properties panel to False. Then, regenerate the WSDL document.
[ISC.0124.9002] Document to XSD error: Document {0} cannot be represented in XML Schema. This
document contains a *body field constrained by a simple type and fields that would be represented
as elements in the XSD. XSD could describe this document if the simple type constraint was removed
or the non-attribute fields were deleted.
Cause: The IS document type you are using to generate a WSDL document contains a
field named *body that is constrained by a simple type. The IS document type also
contains fields that are mapped as elements (not attributes) in the XSD. This combination
cannot be mapped in an XSD.
In a mixed content environment, the Integration Server can only map complex type
definitions of simple content (that is, an IS document type containing attributes and a
*body variable with or without a simple type constraint) or complex type definitions of
complex content (that is, an IS document type containing attributes and/or elements and
a *body variable that is not constrained).
Response: To resolve this error, do one of the following:
Remove the non-attribute fields.
Remove the *body variable’s simple type constraint. First, click the browse button next
to the Content type property on the variable’s Properties panel. Then, select No
Constraints Specified from the Content Type list on the resulting Properties dialog box.
[ISC.0124.9003] Document to XSD error: Referenced document type {0} does not exist.
Cause: The IS document type you are using to generate a WSDL document contains a
reference to a nonexistent document type.
Response: To resolve this error, restore the nonexistent document type or remove the
reference to it.
[ISC.0124.9004] Document to XSD error: Field {0} is a String table. String tables cannot be
represented in XML Schema.
Cause: The IS document type you are using to generate a WSDL document contains String
table fields. XML Schema does not support multi-dimensional arrays.
Response: To resolve this error, remove the String table field from the IS document type or
select a different IS document type.
[ISC.0124.9005] Document to XSD error: Field {0} cannot be represented in XML Schema. The field
name contains a prefix but an XML Namespace property is not assigned to the field.
Cause: The IS document type you are using to generate a WSDL document contains a top-
level field whose name includes a prefix (that is, the name is in the format
prefix:localName). However, this field is not associated with an XML namespace.
Response: To resolve this error, do one of the following:
Associate the field with an XML namespace. First, select the variable in Developer.
Then, type the namespace for the variable in the XML Namespace property in the
General category of the variable’s Properties panel.
Remove the prefix.
Important! Some protocols require the use of a prefix. Before removing the prefix,
check the service signature’s input and output requirements as documented for
each protocol in this guide.
[ISC.0124.9006] Document to XSD error: Field {0} cannot be represented in XML Schema. The field
name does not conform to the XML NCName definition.
Cause: The IS document type you are using to generate a WSDL document contains field
names that do not conform to the XML NCName definition.
Response: To resolve this error, rename the fields to conform to the QName lexical rules
specified in http://www.w3.org/TR/REC-xml-names/#NT-QName and the XML
namespace and local naming conventions specified in http://www.w3.org/TR/REC-xml-
names/#NT-NCName.
[ISC.0124.9007] Document to XSD error: Document {0} cannot be represented in XML Schema. The
document contains multiple *body fields.
Cause: The IS document type or XML Schema element declaration you are using to
generate a WSDL document contains more than one field named *body at the same level.
Response: To resolve this error, remove or rename the duplicate *body fields.
[ISC.0124.9008] Document to XSD error: Document {0} cannot be represented in XML Schema. The
document contains multiple attributes of the same name at the same level.
Cause: The IS document type or XML Schema element declaration you are using to
generate a WSDL document contains attributes at the same level with the same name.
Response: To resolve this error, remove or rename the duplicate attributes.
[ISC.0124.9009] Document to XSD error: Field <fieldName> cannot be represented in XML Schema.
Attributes cannot have dimension greater than 0.
Cause: The IS document type or XML Schema element declaration you are using to
generate a WSDL document contains array or table type attributes. XML Schema does
not support multi-dimensional attributes.
Response: To resolve this error, remove the attribute from the IS document type or
redefine its type to String.
[ISC.0124.9011] Document to XSD error: Simple type <simpleTypeName> does not exist.
Cause: The IS document type you are using to generate a WSDL document contains a
reference to a nonexistent simple type that has been applied to a variable as a content
type constraint.
Response: To resolve this error, do one of the following:
Restore the nonexistent simple type by generating a schema on the server that defines
the missing type. To do so, you can either create a schema from an XSD or enable or
import a package that contains a schema with the missing type.
Remove the reference to the missing type. First, click the browse button next to the
Content type property on the variable’s Properties panel. Then, select No Constraints
Specified from the Content Type list on the resulting Properties dialog box.
ISS.0085.9291 Binding with style="rpc" and use="encoded" is not supported for SOAP version 1.2.
Binding <binding> ignored.
Cause: Integration Server does not support RPC/Encoded for SOAP version 1.2.
Integration Server ignores bindings that specify this style/use.
Response: No action is required.
ISS.0088.9145 This SOAPEnvelope object does not contain a valid SOAPHeader object
Cause: An attempt was made to access the SOAPHeader object, but the SOAPEnvelope of
the SOAPMessage does not contain a SOAPHeader object.
Response: Add a SOAPHeader object to the SOAPEnvelope before accessing it.
ISS.0088.9147 This SOAPEnvelope object does not contain a valid SOAPBody object
Cause: An attempt was made to access the SOAPBody object, but the SOAPEnvelope of
the SOAPMessage does not contain a SOAPBody object.
Response: Add a SOAPBody object to the SOAPEnvelope before accessing it.
ISS.0088.9163 Could not retrieve WSDL for service <service>; WSD not found
Cause: An attempt to retrieve the WSDL for the specified service failed because the Web
service descriptor does not exist.
Response: Correct the name of the JAX-RPC handler and retry.
ISS.0088.9253 Could not add “Text” element to “Reason” element, locale is null
Cause: An attempt to add a Text element to the existing Reason element failed because the
locale was not specified.
Response: Specify the locale when adding the Text element.
ISS.0088.9322 MTOM Attachments Processing Failed: Cannot convert SOAP Message to XOP
Package; invalid SOAP Message
Cause: The SOAP Message is invalid; either it is not well formed or it does not contain
valid namespace declarations.
Response: Check the structure and content of the SOAP message.
ISS.0088.9323 MTOM Attachments Processing Failed: Cannot convert SOAP Message to XOP
Package; I/O Error occurred
Cause: Converting SOAP Message to XOP Package has been interrupted by another
thread.
Response: Retry the action that caused it.
ISS.0088.9324 MTOM Attachments Processing Failed: Cannot convert XOP Package to SOAP
Message; “Content-Id” header field is missing in some of the attachments
Cause: One or more attachments does not contain the “Content-Id” field. This field is
required to put the content of the attachment back into the SOAP message.
Response: Verify that the serialization of XOP Package to MIME stream had “Content-Id”
present in the corresponding MIME part.
ISS.0088.9325 MTOM Attachments Processing Failed: Cannot serialize the XOP Message; unable to
retrieve bytes from SOAP String using the SOAP Message Content Encoding
Cause: The conversion of SOAP String to byte array using the encoding specified for
SOAP message has failed.
Response: Correct the content encoding specified for the SOAP message.
ISS.0088.9326 MTOM Attachments Processing Failed: Cannot serialize the XOP Message; MIME
serialization has failed
Cause: Serialization of XOP Package to MIME Stream has failed.
Response: Verify the structure of SOAP Message is correct. Particularly the elements
which contains base64Binary data.
ISS.0088.9327 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
value of the “Content-Type” header of the MIME message is not equal to “multipart/related”
Cause: Value for the “Content-Type” header field of the MIME message is not equal to
“multipart/related”.
Response: Verify that you have passed the correct value for “Content-Type” while
serializing the MIME message.
ISS.0088.9328 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
value of the “type” parameter of the “Content-Type” header of the MIME message is not equal to
“application/xop+xml”
Cause: Value for the “type parameter” of the “Content-type” header field of the MIME
message is not equal to “application+xop+xml”.
Response: Verify that you have passed the correct value for “type” parameter while
serializing the MIME message.
ISS.0088.9329 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
value of the “start-info” parameter of the “Content-type” header of the MIME message is not equal to
“application/soap+xml”
Cause: Value for the “start-info” parameter of the “Content-Type” header field of the
MIME message is not equal to “application/soap+xml”
Response: Check if you have passed the correct value for “start-info” parameter while
serializing the MIME message otherwise pass the correct value for it.
ISS.0088.9330 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
“Content-Type” header of the Root MIME Part is invalid
Cause: Invalid content type for Root MIME part.
Response: Verify that you have passed the correct value for “Content-Type” header field
of the Root MIME Part while serializing the MIME message.
ISS.0088.9331 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
“Content-type” header of the Root MIME Part does not match with the “type” parameter of the MIME
message
Cause: The value of the “Content-Type” header of the Root MIME Part is not equal to the
value of the “type” parameter of the “Content-Type” header of the MIME message.
Response: Verify that you have passed the correct value for these field(s)/parameter(s)
while serializing the MIME message.
ISS.0088.9332 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
value of “type” parameter of the “Content-Type” header of the Root MIME Part does not match with
the value of the “start-info” parameter of the MIME message
Cause: The value of the “type” parameter of the “Content-Type” header of the Root
MIME Part is not equal to the value of the “start-info” parameter of the “Content-Type”
header of the MIME Message.
Response: Verify that you have passed the correct value for these field(s)/parameter(s)
while serializing the MIME.
ISS.0088.9333 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
SOAP Message in the Root MIME psrt is not of version 1.2
Cause: The version of the SOAP Message not equal to 1.2.
Response: Send the SOAP 1.2 message.
ISS.0088.9334 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
Root MIME Part contains invalid SOAP Message
Cause: The SOAP Message in the Root MIME Part is invalid; either it is not well formed or
it does not contain valid namespace declarations.
Response: Check the structure and content of the SOAP message in the Root MIME Part.
ISS.0088.9335 MTOM Attachments Processing Failed: Cannot de-serialize the input MIME Stream;
input stream is not a valid MIME stream
Cause: MIME Stream does not contain the valid data as per the MIME specifications.
Response: Verify that the MIME stream contains a valid MIME message.
ISS.0088.9356 One or more required Headers {0} are not present in the SOAP request
Cause: The SOAP request received by the provider does not contain one or more required
headers.
Response: Verify that the SOAP request contains valid versions of the required headers.
ISS.0088.9427 Service handler {0} could not be unregistered. A service handler by that name is not
registered.
Cause: A service handler with the provided name is not registered.
Response: Specify the name of a registered service handler.
ISS.0088.9428 Service handler {0} could not be found. A service handler by that name is not
registered.
Cause: The specified service handler could not be found because it is not registered.
Response: Provide the name of a registered service handler.
Response: Examine the handler services for errors and correct any errors that are found.
[ISS.0092.9002] Warning: Document does not contain service element, no ports were generated for
any Web service connector.
Cause: The WSDL document does not contain a <service> element, and therefore does
not contain any <port> elements. (A <service> element is a collection of <port> elements.)
Developer generates the Web service connector, but the Web service connector will not
specify any flow MAP steps for setting the port information. In the Web service
connector, the BRANCH on '/_port' step contains a child port MAP step for each unique
<port> associated with the <operation>. The BRANCH on '/_port' step will not contain
child port MAP steps. The Web service connector cannot execute successfully without
port information because the port information specifies the network address for invoking
the Web service.
Developer generates the Web service connector, but the Web service connector does not
contain a SEQUENCE step that corresponds to this binding. (In the Web service
connector, the BRANCH on '/binding' step contains a child SEQUENCE step for each
unique <binding> associated with an <operation>.)
[ISS.0092.9004] Error: SOAP binding does not contain transport value, binding was not created.
Cause: In the WSDL document, the <soap:binding> element contains a transport attribute
but no value is specified for it. The transport value indicates which transport of SOAP
the binding uses. It is required for a SOAP binding and its value must be
http://schemas.xmlsoap.org/soap/http.
Developer generates the Web service connector, but the Web service connector does not
contain a SEQUENCE step that corresponds to this binding. In the Web service
connector, the BRANCH on '/binding' step contains a child SEQUENCE step for each
unique <binding> associated with an <operation>.
[ISS.0092.9005] Error: SOAP binding has an unsupported transport value, binding was not created.
Cause: In the WSDL document, the transport attribute in the <soap:binding> element
specifies an unsupported SOAP transport. Developer can generate a binding for a SOAP
binding only if the transport value is http://schemas.xmlsoap.org/soap/http.
webMethods Developer generates the Web service connector, but the Web service
connector does not contain a SEQUENCE step that corresponds to this binding. In the
Web service connector, the BRANCH on '/binding' step contains a child SEQUENCE step
for each unique <binding> associated with an <operation>.
[ISS.0092.9006] Error: SOAP binding does not contain a transport attribute, binding was not created.
Cause: In the WSDL document, the <soap:binding> element does not contain a transport
attribute. The transport value indicates which transport of SOAP the binding uses. It is
required for a SOAP binding. The transport attribute value must be
http://schemas.xmlsoap.org/soap/http.
Developer generates the Web service connector, but the Web service connector does not
contain a SEQUENCE step that corresponds to this binding. In the Web service
connector, the BRANCH on '/binding' step contains a child SEQUENCE step for each
unique <binding> associated with an <operation>.
[ISS.0092.9007] Error: SOAP binding has an unrecognized style value, binding was not created.
Cause: In the WSDL document, the <soap:binding> element specifies a value other than
rpc or document for the style attribute.
Developer generates the Web service connector, but the Web service connector does not
contain a SEQUENCE step that corresponds to this binding. In the Web service
connector, the BRANCH on '/binding' step contains a child SEQUENCE step for each
unique <binding> associated with an <operation>.
[ISS.0092.9011] Error: Mime binding style is unsupported, binding was not created.
Cause: The WSDL document specifies a MIME binding style for the entire <binding>.
webMethods Developer only supports the MIME binding style to describe the inputs and
outputs of an HTTP binding. webMethods Developer cannot generate a binding when
the MIME binding style is specified outside of the HTTP binding context.
Developer generates the Web service connector, but the Web service connector does not
contain a SEQUENCE step that corresponds to this binding. (In the Web service
connector, the BRANCH on '/binding' step contains a child SEQUENCE step for each
unique <binding> associated with an <operation>.)
[ISS.0092.9013] Warning: The operation's binding does not have any ports, no ports were generated
for the Web service connector.
Cause: Developer cannot find a <port> element that corresponds to a particular <binding>
element. A <port> element specifies a network address or endpoint for a binding.
Developer generates the Web service connector, but does not generate any MAP steps for
setting the binding and address information. In a Web service connector, the BRANCH
on '/_port' step contains a child portName MAP step for each <port> associated with the
<operation>. When this warning occurs, the BRANCH on '/_port' step contains no child
portName MAP steps.
[ISS.0092.9014] Warning: The operation does not have any valid ports, no ports were generated for
the Web service connector.
Cause: The WSDL document does not contain any valid <port> elements for an
<operation>. The WSDL document might not contain any <port> elements or a <port>
element might reference a non-existent <binding> element. (A <binding> element
associates a protocol with an <operation>.)
Developer generates the Web service connector, but does not generate any portName
MAP steps for setting the binding and address information. In a Web service connector,
the BRANCH on '/_port' step contains a child portName MAP step for each <port>
associated with the <operation>. When this warning occurs, the BRANCH on '/_port' step
contains no child portName MAP steps.
[ISS.0092.9015] Warning: Port does not have a valid binding type, port was not generated.
Cause: The WSDL document contains a <port> element that does not contain the binding
attribute.
Developer generates the Web service connector, but does not generate a MAP step for
this port. In a Web service connector, the BRANCH on '/_port' step contains a child
portName MAP step for each <port> associated with the <operation>. The portName MAP
step sets the binding and address information for a port.
[ISS.0092.9016] Warning: Port does not have a location value, port was not generated.
Cause: Within the <port> element, the <address> element does not specify a value for the
location attribute. The location attribute specifies the network address or endpoint for
the service.
Developer generates a Web service connector, but without the network address,
webMethods Developer cannot generate a MAP step for this port. In a Web service
connector, the BRANCH on '/_port' step contains a child portName MAP step for each
<port> associated with the <operation>. The portName MAP step sets the binding and
address information for a port.
[ISS.0092.9017] Warning: Port does not have required address element, port was not generated.
Cause: The selected WSDL document does not contain an <address> element within the
specified <port> element. The <address> element carries an attribute that specifies the
location or network address for of the Web service.
Developer generates a Web service connector, but does not generate a MAP step for this
port. The portName MAP step sets the binding and address information for a port.
Without the <address> element, Developer cannot set the address information and
therefore cannot generate a MAP step.
[ISS.0092.9018] Warning: Port does not have required location attribute, port was not generated.
Cause: Within the <port> element, the <address> element does not carry the location
attribute. The location attribute specifies the network address for the service.
Developer generates a Web service connector, but does not generate a MAP step for this
port. The portName MAP step sets the binding and address information for a port.
Without the location attribute, Developer cannot set the address information, and
therefore cannot generate a MAP step.
[ISS.0092.9019] Warning: Port does not have a location value, port was not generated.
Cause: Within the <port> element, the <address> element does not specify a value for the
location attribute. The location attribute specifies the network address or endpoint for
the service.
Developer generates a Web service connector, but without the network address,
Developer cannot generate a MAP step for this port. The portName MAP step set the
binding and address information for a port. In a Web service connector, the BRANCH on
'/_port' step contains a child portName MAP step for each <port> associated with the
<operation>.
[ISS.0092.9020] Error: Operation is not referenced by any binding, Web service connector was not
created.
Cause: The WSDL document does not specify a <binding> element for the <operation>.
Each <operation> within a <portType> element needs to correspond to an <operation>
element within a <binding> element. Without a binding, the WSDL document does not
provide any information about how to invoke the Web service.
Developer does not generate a Web service connector for the <operation>.
[ISS.0092.9021] Error: Input and Output messages missing, invalid operation, Web service connector
was not created.
Cause: In the WSDL document, the <operation> element within a <portType> element
does not declare an input message or an output message. For Developer to generate a
Web service connector for the <operation>, the <operation> element must contain at least
one <input> element and at least one <output> element.
Developer does not generate a Web service connector for the <operation>.
[ISS.0092.9022] Error: Input message missing, Notification operations not supported. Web service
connector was not created.
Cause: In the WSDL document, the <operation> element does not declare an input
message, but it does declare an output message. In other words, the <operation> element
does not contain a child <input> element, but does contain a child <output> element. This
structure corresponds to the grammar for a notification operation. Developer does not
generate Web service connectors for notification operations.
[ISS.0092.9023] Error: Output message precedes Input message, Solicit Response operations not
supported. Web service connector was not created.
Cause: In the WSDL document, the <operation> element declares an <output> element
(output message) before the <input> element (input message). This describes a solicit-
response operation. Developer does not generate Web service connectors for solicit-
response operations.
[ISS.0092.9024] Error: HTTP binding has mime multipart Input. Multipart Input is not supported.
Binding was not generated.
Cause: The <binding> element specifies a multi-part MIME binding for the operation.
webMethods Developer does not support this type of binding.
Developer generates the Web service connector, but the Web service connector does not
contain a SEQUENCE step that corresponds to this binding. In the Web service
connector, the BRANCH on '/binding' step contains a child SEQUENCE step for each
unique binding associated with an operation.
[ISS.0092.9027] Error: HTTP Binding output mime parts are missing. Binding was not generated
completely.
Cause: The <binding> element specifies MIME binding for the output message, but the
output binding does not specify a message part for the <mime:content> element or the
output binding is missing <mime:part> elements.
Developer generates the Web service connector and generates a SEQUENCE step that
corresponds to this binding. (In the Web service connector, the BRANCH on '/binding'
step contains a child SEQUENCE step for each unique binding associated with an
operation.) However, Developer does not generate a complete binding because the
output binding in the WSDL document does not provide the part name information that
Developer needs to link the service results to variables in the pipeline. Specifically, the
Web service connector does not contain the BRANCH on '/numParts' step for this
binding.
[ISS.0092.9028] Error: HTTP Binding output mime part is missing its type. Binding was not generated
completely.
Cause: The <binding> element specifies MIME binding for the output message, but the
<mime:content> element for the output binding does not specify a value for the type
attribute. The type attribute specifies the MIME type.
Developer generates the Web service connector and generates a SEQUENCE step that
corresponds to this binding. (In the Web service connector, the BRANCH on '/binding'
step contains a child SEQUENCE step for each unique binding associated with an
operation.) However, Developer does not generate a complete binding because the
output binding in the WSDL document does not provide the part name information that
Developer needs to link the service results to variables in the pipeline. Specifically, in the
Web service connector, the BRANCH on '/loopCount' step does not have a child
SEQUENCE step for linking the output message part to the pipeline.
[ISS.0092.9029] Warning: Generated Document Type, {IS document type name}, already exists in
namespace.
The IS document type that Developer generated for the input or output message already
exists in the server namespace. Developer will not generate a duplicate IS document type.
[ISS.0092.9030] Error: Input does not have a valid message reference, Web service connector was not
created.
Cause: Within the <operation> element, the message attribute for the <input> element does
not reference a <message> element within the WSDL. Developer cannot find the message
specified by the message attribute, or the message attribute does not have a value.
Developer does not generate a Web service connector for the <operation>.
[ISS.0092.9031] Error: Output does not have a valid message reference, Web service connector was
not created.
Cause: Within the <operation> element, the message attribute for the <output> element
does not reference a <message> element within the WSDL. Developer cannot find the
message specified by the message attribute or the message attribute does not have a value.
Developer does not generate a Web service connector for the <operation>.
[ISS.0092.9032] Error: Invalid schema definition for Input signature. Web service connector was not
created.
Cause: The XML Schema definition that contains element declarations or type definitions
for the <part> elements in the input message is invalid. Alternatively, the XML Schema
definition does not contain the element declarations or type definitions referenced by the
<part> elements. Developer does not generate a Web service connector for the
<operation>.
[ISS.0092.9033] Error: Invalid schema definition for Output signature. Web service connector was not
created.
Cause: The XML Schema definition that contains element declarations or type definitions
for the <part> elements in the output message is invalid. Alternatively, the XML Schema
definition does not contain the element declarations or type definitions referenced by the
<part> elements. Developer does not generate a Web service connector for the
<operation>.
[ISS.0092.9034] Warning: Found port with an invalid binding reference, the port was not generated.
Cause: In the WSDL document, a <port> element contains a binding attribute that
references a <binding> that does not exist within the WSDL document. Developer cannot
find the <binding> element specified by the binding attribute.
Developer generates the Web service connector, but does not generate a MAP step for
this port. The portName MAP steps set the binding and address information for a port. In
a Web service connector, the BRANCH on '/_port' step contains a child portName MAP
step for each <port> associated with the <operation>.
[ISS.0092.9036] Error: Could not process document. Found binding with an invalid PortType
reference, no Web service connectors were created.
Cause: In a <binding> element, the type attribute specifies a <portType> that does not exist
in the WSDL document. Developer does not generate a Web service connector.
[ISS.0092.9037] Error: HTTP Binding input type could not be found. Binding was not generated.
Cause: Developer cannot determine the input MIME type for the HTTP binding.
Developer generates the Web service connector, but the Web service connector does not
contain a SEQUENCE step that corresponds to this binding. (In the Web service
connector, the BRANCH on '/binding' step contains a child SEQUENCE step for each
unique binding associated with an operation.)
[ISS.0092.9038] Error: Unknown binding style was found, binding was not created.
Cause: The <binding> element specifies a protocol other than SOAP, HTTP, or MIME.
Developer generates the Web service connector, but the Web service connector does not
contain a SEQUENCE step that corresponds to this binding. (In the Web service
connector, the BRANCH on '/binding' step contains a child SEQUENCE step for each
unique binding associated with an operation.)
[ISS.0092.9040] Error: PortType name is zero length, Web service connector was not created.
Cause: In the WSDL document, the <portType> element carries the name attribute, but the
name attribute does not have a value. Developer does not generate a Web service
connector.
[ISS.0092.9041] Error: Operation name is zero length, Web service connector was not created.
Cause: In the WSDL document, the <operation> element carries the name attribute, but
the name attribute does not have a value. Developer does not generate a Web service
connector.
[ISS.0092.9044] Error: Document does not contain any operations, no Web service descriptors were
created.
Cause: In the WSDL document, the <portType> element does not include an <operation>
element. For Developer to generate a consumer or provider Web service descriptor, the
WSDL must contain at least one <portType> element with a valid <operation> element.
For example, any bindings other than SOAP 1.1 or SOAP 1.2 (such as those containing
HTTP-POST and HTTP-GET protocols) are not supported and result in an invalid
operation.
[ITD.0031.0002] Exception occurred while adding a header element to the Web service descriptor.
Cause: An exception is thrown while validating a header added to the Web service
descriptor. Details of the cause and response will be found in the stack trace of the
exception thrown.
[ITD.0031.0003] Exception occurred while adding a fault element to the Web service descriptor.
Cause: An exception is thrown while validating a fault added to the Web service
descriptor. Details of the cause and response will be found in the stack trace of the
exception thrown.
[ITD.0031.0004] Exception occurred while adding a new Operation to the Web service descriptor.
Cause: An exception is thrown while adding a new operation to the Web service
descriptor. Details of the cause and response will be found in the stack trace of the
exception thrown.
[ITD.0031.0006] WS-I analysis for the Web service descriptor failed with an exception.
Cause: An exception is thrown while analyzing WS-I compliance for a Web service
descriptor. Possible causes are: an error in the WS-I analysis tool, an error in the browser,
or cannot launch the browser at all. Details of the cause and response will be found in the
stack trace of the exception thrown.
Response: Verify the default browser is working correctly.
[ITD.0031.0007] Web service descriptor is not WS-I compliant. Attempt to the save the Web service
descriptor ''{0}'' failed.
Cause: Developer attempted to save a Web service descriptor with WS-I compliance
turned on and the WSD fails the compliance test and Developer was unable to ask the
user to save it as a non- WS-I compliant Web service descriptor.
Response: Change the WS-I compliance property for the Web service descriptor to False, and
then save the Web service descriptor manually.
[ITD.0032.0001] Cannot open a new registry session. Please check the security URL, inquiry URL, and
credentials.
Response: Verify that the URLs and credentials are correct, and that the server is running.
[ITD.0032.0004] Attempt to apply the filter criteria for the registry failed with an exception.
Response: Verify that the Inquiry URL is correct, and that the registry server is running
and accessible.
[ITD.0032.0005] Attempt to publish the web service to the registry failed with an exception.
Response: Verify that the Publish URL is valid and that the registry service is running.
Contact your system administrator to verify that you have the appropriate permissions.
[ITD.0032.0006] Attempt to delete the web service from the registry failed with an exception.
Response: Verify that the Publish URL is correct, and that the registry server is running
and accessible. Refresh the current view to see if the Web service is present on the
registry.
[ITD.0032.0008] Exception thrown while retrieving the registry business entities. Please verify the
inquiry URL and the registry is accessible or reconnect if the auth token has expired.
Response: Verify that the inquiry URL is correct and that the registry server is running.
Refresh the UDDI Registry, then retry. Disconnect and re-connect to the registry server, if
necessary.
A documentation
authentication of messages 89 conventions used 9
B E
binders 62 elements, in a WSDL document 126
associate with an endpoint alias 67 encrypting messages 92
multiple 62 encryption 90
binding element Encryption element, in WSDL document 126
adding to a Web service descriptor 62 endpoint alias
associate with a binder 67
C
certificates 92 F
mapping and usage settings 98 filtering
resolution order 97 removing filters from UDDI registry 119
usage resolution order 138 Web services in a UDDI registry 118
configuring flow services
security 93 invoking a Web service connector 37
connecting to a UDDI registry 111
connectors folder, for consumer Web service H
descriptor 34 header handlers
consumer Web service descriptor 15 deleting 82
connectors 16 headers
description 32 deleting a handler 82
included policy files 135
invoking a connector 37 I
receiving security information for the connector icons, representing Web services 114
95 inbound messages 87
refreshing connectors 36 InboundSecurity element, in WSDL document 126
supporting elements 34 invoking a Web service connector 37
conventions used in this document 9 IS namespace
creating definition of 25
WSDL documents 116 local name 25
namespace name 25
D
decrypting messages 92 K
disconnecting key resolution order
from a UDDI registry 112 Web services consumer 122
docType folder Web services provider 123
for consumer Web service descriptor 34 keys 92
document types resolution order 97
viewing 58 usage order 122
usage resolution order 138
M S
message authentication 89 security
options 90 associate endpoint alias with a binder 67
message direction certificate requirements 92
consumers and providers 88 certificates
definition of 87 mapping and usage settings 98
messages related to Web services 150 usage resolution order 138
messages, signing and verifying 92 certificates and keys, resolution order 97
modifying configuring 93
signature type of an operation 53 decrypting messages 92
encrypting messages 92
O encryption options 90
operations keys
modifying the signature type of a provider Web public and private 92
service descriptor 53 requirements 92
viewing document types 58 usage order 122
outbound messages 87 usage resolution order 138
OutboundSecurity element, in WSDL document 126 message authentication 89
message consumers and providers 88
message direction 87
P
message level 87
Policy element, in WSDL document 126 pass information to a Web service connector 95
policy files 91 policy file elements 126
assign to Web service descriptor 94 policy file, assign to Web service descriptor 94
elements 126 policy file, sample 134
sample 134 policy file, specify 94
specify for WS-Security 94 policy files 91
supplied with Developer 135 policy files supplied with Developer 135
program code conventions in this document 9 signature options 90
provider Web service descriptor 15 signing and verifying messages 92
description 20, 28 Username tokens 91
included policy files 135 WS-Security facillity 86
modifying the signature type 53 X.509 Certificate tokens 91
publishing a Web service SecurityPolicy element, in WSDL document 126
requirements 110 shortcuts on the UDDI Registry tab 115
to a UDDI registry 116 Signature element, in WSDL document 126
signature security
R authentication 90
refreshing Web service connectors 36 timestamps 91
removing a Web service from a UDDI registry 117 signature type
reports modifying for a provider Web service descriptor
WS-I profile conformance 42 53
requests SOA (Services Oriented Architecture)
viewing document types 58 managing Web services in 110
requirements SOAP
for publishing a Web service 110 header handlers, deleting 82
responses message header 86
viewing document types 58 SOAP messages
authentication 89 W
authentication options 90 Web service connector 15, 16
consumers and providers 88 creating 32
inbound 87 invoking 37
outbound 87 receive security information 95
SOAP protocols refreshing 36
specifying for a Web service descriptor 62 Web service descriptor 15
assign security policy 94
T binders 62
timestamp element, in WSDL document 126 consumer 15, 32
timestamp security element 91 supporting elements 34
typographical conventions in this document 9 deleting a header handler 82
generation errors and warnings 150
U provider 15, 20, 28
UDDI registry refreshing connectors 36
clearing a filter 119 reporting WS-I profile conformance 42
closing a session 112 SOAP protocols 62
connecting to 111 specifying transport and communication protocol
creating a filter 118 62
creating a WSDL document 116 viewing document types 58
definition of 110 WSDL binding element 62
disconnecting from 112 WS-I compliance 41
displaying Web services 113 Web services
filtering 118 connecting to a UDDI registry 111
finding Web services in 118 connectors 16, 32
invoking a service 37 consumers 88
publishing a Web service 116 definition of 14, 114
refreshing 112 descriptors 15, 20, 28
removing a service 117 displaying in the UDDI Registry tab 113
requirements 110 filtering in UDDI registry 118
toolbar 115 finding in a UDDI registry 118
viewing in Developer 113 icons 114
Web service icons 114 invoking a connector 37
Web service properties 115 local name 25
UDDI Registry tab 113 managing in a network 110
icons 114 message authentication 89
shortcuts 115 message authentication options 90
Username tokens 91 messages related to 150
UsernameToken element, in WSDL document 126 namespaces, IS 25
providers 88
publishing to a UDDI registry 116
V
refreshing connectors for consumer Web service
viewing descriptors 36
document types for an operation 58 removing from a UDDI registry 117
UDDI registry in Developer 113 removing UDDI registry filter 119
Web service properties 115 SOA (Services Oriented Architecture) 110
viewing properties in a UDDI registry 115
WS-I profile conformance 42