0 Replies Latest reply: Oct 23, 2012 6:57 AM by 969915 RSS

    Deployment of web service that calls another web service and uses xml sgntr

    969915
      My goal was to make a web service that calls another web service using Soap (SAAJ). User calls my web service and sends XML file (string) which I sign and then send to target web service. Target web service replies with a signed XML whose signature I have to verify in my web service and if everything is well send that reply back to my user. Target web service also requires that I use HTTPS/one way ssl handshake.

      Below is the code I wrote and everything worked when I tested it as a regular program. After that I made slight changes and tried to test it as a web service using Eclipse and local Tomcat server and it also worked - I could call methods using WSDL and got results as expected. Here's the problem - I have to deploy my web service on standalone Weblogic (10.3.6) server and it just doesn't work anymore. I followed tutorials for creating web service in JDeveloper and I've deployed it to(both integrated and standalone) server but method calls don't work properly. I suspect the problem is somewhere in Weblogic security and the way it uses certificates, I've added keystore I have to use for ssl handshake to Weblogic keystore configuration but it didn't help.
      @WebService
      public class Test {
      
      // Keystore containing multiple certificates I am using to sign xml which I send to target web service
      private static final String KEY_STORE_TYPE = "JKS";
      private static final String KEY_STORE_FILE = "C:\\Certificates\\mycert.jks";
      private static final String KEY_STORE_PASS = "mypass";
      
      // Keystore which I use to validate the signed message I receive from target web service
      private static final String TARGET_KEY_STORE_TYPE = "JKS";
      private static final String TARGET_KEY_STORE_FILE = "C:\\Certificates\\othercert.jks";
      private static final String TARGET_KEY_STORE_PASS = "otherpass";
      private static final String TARGET_KEY_ALIAS = "othercert";
      
      // Keystore which I use for one way ssl handshake when connecting to target web service
      private static final String TRUSTED_STORE_TYPE = "JKS";
      private static final String TRUSTED_STORE_FILE = "C:\\Certificates\\truststore.jks";
      private static final String TRUSTED_STORE_PASS = "trustpass";
      
      // Target web service which I'm connecting to
      private static final String SERVICE_URL = "https://service.i-am.using:1111/AnotherWebService";
      
      // Attribute used in signing xml
      private static final String ID = "testId";
      
      // Method which user calls to sign and send his message to target web service which returns signed reply with data. Since there are multiple certificates (for multiple users) in keystore user must supply certificate alias and password
      @WebMethod
      public String getData(String user_message, String alias, String passwd) {
          String reply = "Unexpected error";
          SOAPMessage message = null;
          try {
              message = createSoapMessage(user_message);
              message = signMessage(message, alias, passwd);
              message = sendSoapMessage(message);
              Boolean value = false;
              value = verifyMessage(message);
              if (value == false) throw new Exception ("Message received from target web service is not correctly signed!");
              reply = stringFromSoap(message);
          } catch (Exception e) {
                  reply = "Error! "+e.toString();
          }
          return reply;
      }
      
      // Method for testing whether target web service is available
      @WebMethod
      public String testResponse(){
          String reply = "Unexpected error";
          SOAPMessage response = null;
          try {
              response = createEchoMessage();
              // THIS CALL DOESN'T WORK WHEN EVEN WHEN I ADD KEYSTORE TO WEBLOGIC KEYSTORE CONFIGURATION
              response = sendSoapMessage(response);
              reply = stringFromSoap(response);
          } catch (Exception e) {
              reply = "Error! "+e.toString();
          }
          return reply;
      }
      
      // Method for creating Soap message used in testResponse method. Implementation is not important, here it is only as a signature.
      private SOAPMessage createEchoMessage();
      
      // Method for creating Soap message from string. Implementation is not important, here it is only as a signature.
      private SOAPMessage createSoapMessage(String input_msg);
      
      // Method for creating string from Soap message. Implementation is not important, here it is only as a signature.
      private String stringFromSoap(SOAPMessage message);
      
      // Method that sends Soap message to target server and receives reply
      private SOAPMessage sendSoapMessage(SOAPMessage message) throws Exception {
      
          // Key used for one way ssl
          KeyStore keyStore = KeyStore.getInstance(TRUSTED_STORE_TYPE);
          keyStore.load(
              new FileInputStream(TRUSTED_STORE_FILE),  
              TRUSTED_STORE_PASS.toCharArray()
          );
      
          TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
          tmf.init(keyStore);
      
          SSLContext sslctx = SSLContext.getInstance("SSL");
          sslctx.init(null, tmf.getTrustManagers(), null);
      
          HttpsURLConnection.setDefaultSSLSocketFactory(sslctx.getSocketFactory());
      
          SOAPConnectionFactory sfc = SOAPConnectionFactory.newInstance();
          SOAPConnection connection = sfc.createConnection();
      
          SOAPMessage response = null;
      
          try{
              URL endpoint =
                        new URL(new URL(SERVICE_URL),
                                "",
                                new URLStreamHandler() {
                                  @Override
                                  protected URLConnection openConnection(URL url) {
                                      URLConnection dummy = null;
                                      try{
                                          URL target = new URL(url.toString());
                                          URLConnection connection = target.openConnection();
                                          // Timeout settings
                                          connection.setConnectTimeout(1000); // 1 sec
                                          connection.setReadTimeout(5000); // 5 sec
                                          return(connection);
                                      }
                                      catch (Exception e){
                                          return dummy;
                                      }
                                  }
                                });
              response = connection.call(message, endpoint);
          }
          catch (Exception e){
              throw e;
          }
          connection.close();
          return response;
      }
      
      // Method for signing xml
      @SuppressWarnings({ "unchecked", "rawtypes", "serial" })
      private static SOAPMessage signMessage(SOAPMessage message, String alias, String passwd) throws Exception {
      
          // Read SOAP message
          SOAPMessage doc = message;
          SOAPPart soapPart = doc.getSOAPPart();
      
          // Find id for signing
          Node nodeToSign = null;
          Node sigParent = null;
          String referenceURI = null;
          XPathExpression expr = null; 
          NodeList nodes;
          List transforms = null;
      
          XPathFactory factory = XPathFactory.newInstance();
          XPath xpath = factory.newXPath();
      
          expr = xpath.compile(
                  String.format("//*[@Id='%s']", ID)
              );
              nodes = (NodeList) expr.evaluate(soapPart, XPathConstants.NODESET);
              if (nodes.getLength() == 0) {
                  throw new Exception("No node with id: " + ID);
              }
      
          nodeToSign = nodes.item(0);
          sigParent = nodeToSign;
          referenceURI = "#" + ID;
      
      
          // Prepare signature
          String providerName = System.getProperty(
                  "jsr105Provider", 
                  "org.jcp.xml.dsig.internal.dom.XMLDSigRI"
                  );
      
          final XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance(
                              "DOM",
                              (Provider) Class.forName(providerName).newInstance()
                           );
      
          // Transformations used for signing
          transforms = new ArrayList<Transform>(){{
              add(sigFactory.newTransform(
                      Transform.ENVELOPED, 
                      (TransformParameterSpec) null )
      
              );
              add(sigFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (TransformParameterSpec) null
              )
              );
          }};
      
          // Get key for signing
          KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
          keyStore.load(
              new FileInputStream(KEY_STORE_FILE),  
              KEY_STORE_PASS.toCharArray()
          );
      
          PrivateKey privateKey = (PrivateKey) keyStore.getKey(
                          alias,
                          passwd.toCharArray()
                      );
      
          X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
      
          // Create a reference to enveloped document
          Reference ref = sigFactory.newReference(
                  referenceURI,
                  sigFactory.newDigestMethod(DigestMethod.SHA1, null),
                  transforms,
                  null, 
                  null
                  );
      
          // Create SignedInfo
          SignedInfo signedInfo = sigFactory.newSignedInfo(
                          sigFactory.newCanonicalizationMethod(
                          CanonicalizationMethod.EXCLUSIVE, 
                          (C14NMethodParameterSpec) null
                          ), 
                          sigFactory.newSignatureMethod(
                          SignatureMethod.RSA_SHA1, 
                          null
                          ),
                          Collections.singletonList(ref)
                      );
      
          // Create KeyInfo
          KeyInfoFactory keyinfoFactory = sigFactory.getKeyInfoFactory(); 
      
          X509IssuerSerial issuer= keyinfoFactory.newX509IssuerSerial(cert.getIssuerX500Principal().getName(), cert.getSerialNumber());
      
          List x509Content = new ArrayList();
          x509Content.add(cert);
          x509Content.add(cert.getSubjectX500Principal().getName());
          x509Content.add(issuer);
          X509Data xd = keyinfoFactory.newX509Data(x509Content);
          KeyInfo keyInfo = keyinfoFactory.newKeyInfo(Collections.singletonList(xd));
      
          // Create DOMSignContext
          DOMSignContext dsc = new DOMSignContext(
                       privateKey, 
                       sigParent
                       );
                  System.out.println(dsc.toString());
      
          // Create XMLSignature
          XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyInfo);
      
          // Generate and sign - THIS IS WHERE THE PROGRAM FAILS WHEN I CONVERT IT TO WEBLOGIC WEBSERVICE
          signature.sign(dsc);
      
          // Save changes on Soap message
          doc.saveChanges();
      
          return doc;
      }
      
      // Method used to verify message received from targer server
      private Boolean verifyMessage(SOAPMessage message) throws Exception{
      
          Boolean verified = false;
      
          // Create xml from Soap message
          SOAPMessage msg = message;
          ByteArrayOutputStream out = new ByteArrayOutputStream();
          msg.writeTo(out);
      
          XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
      
          DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
          dbf.setNamespaceAware(true);
          Document doc = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(out.toByteArray()));
      
          // Check whether Signature element exists in XML message
          NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS,"Signature");
          if (nl.getLength() == 0) {
              throw new Exception("Signature element doesn't exist!");
          }
      
          // Get key which will be used for verification
          KeyStore keyStore = KeyStore.getInstance(TARGET_KEY_STORE_TYPE);
          keyStore.load(
              new FileInputStream(TARGET_KEY_STORE_FILE),  
              TARGET_KEY_STORE_PASS.toCharArray()
          );
      
          X509Certificate cert = (X509Certificate) keyStore.getCertificate(TARGET_KEY_ALIAS);
          PublicKey publicKey = cert.getPublicKey();
      
          // Create validation context and signature
          DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
          XMLSignature signature = fac.unmarshalXMLSignature(valContext);
      
          // Check whether the document is properly signed
          verified = signature.validate(valContext);
      
          return verified;
      }
      }
      This is the error I get when calling testResponse method:
      com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl:com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
      After I added keystore to Weblogic keystore configuration error message changed to:
      <S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope">
      <S:Body>
          <S:Fault>
              <S:Code>
                  <S:Value>S:Receiver</S:Value>
              </S:Code>
              <S:Reason>
                  <S:Text xml:lang="en">502 HTTP Analyzer Bad Gateway Connection refused: connect</S:Text>
              </S:Reason>
              <S:Detail>
                  <ns2:exception xmlns:ns2="http://jax-ws.dev.java.net/"
                      class="java.net.ConnectException" note="An exception occured while connecting to https://localhost:7202/test/TestPort.">
                      <message>Connection refused: connect</message>
                      <ns2:stackTrace>
                          <ns2:frame class="java.net.PlainSocketImpl"
                              file="PlainSocketImpl.java" line="-2" method="socketConnect"/>
                          <ns2:frame class="java.net.PlainSocketImpl"
                              file="PlainSocketImpl.java" line="351" method="doConnect"/>
                          <ns2:frame class="java.net.PlainSocketImpl"
                              file="PlainSocketImpl.java" line="213" method="connectToAddress"/>
                          <ns2:frame class="java.net.PlainSocketImpl"
                              file="PlainSocketImpl.java" line="200" method="connect"/>
                          <ns2:frame class="java.net.SocksSocketImpl"
                              file="SocksSocketImpl.java" line="366" method="connect"/>
                          <ns2:frame class="java.net.Socket"
                              file="Socket.java" line="529" method="connect"/>
                          <ns2:frame class="java.net.Socket"
                              file="Socket.java" line="478" method="connect"/>
                          <ns2:frame class="java.net.Socket"
                              file="Socket.java" line="375" method="&lt;init>"/>
                          <ns2:frame class="java.net.Socket"
                              file="Socket.java" line="218" method="&lt;init>"/>
                          <ns2:frame
                              class="javax.net.DefaultSocketFactory"
                              file="SocketFactory.java" line="212" method="createSocket"/>
                          <ns2:frame class="HTTPClient.HTTPConnection"
                              file="HTTPConnection.java" line="3606" method="getSocket"/>
                          <ns2:frame class="HTTPClient.HTTPConnection"
                              file="HTTPConnection.java" line="4364" method="doConnect"/>
                          <ns2:frame class="HTTPClient.HTTPConnection"
                              file="HTTPConnection.java" line="3358" method="sendRequest"/>
                          <ns2:frame class="HTTPClient.HTTPConnection"
                              file="HTTPConnection.java" line="3281" method="handleRequest"/>
                          <ns2:frame class="HTTPClient.HTTPConnection$9"
                              file="HTTPConnection.java" line="3032" method="run"/>
                          <ns2:frame class="HTTPClient.HTTPConnection$9"
                              file="HTTPConnection.java" line="3023" method="run"/>
                          <ns2:frame
                              class="HTTPClient.HttpClientConfiguration"
                              file="HttpClientConfiguration.java"
                              line="666" method="doAction"/>
                          <ns2:frame class="HTTPClient.HTTPConnection"
                              file="HTTPConnection.java" line="5401" method="doAction"/>
                          <ns2:frame class="HTTPClient.HTTPConnection"
                              file="HTTPConnection.java" line="3023" method="setupRequest"/>
                          <ns2:frame class="HTTPClient.HTTPConnection"
                              file="HTTPConnection.java" line="1524" method="ExtensionMethod"/>
                          <ns2:frame
                              class="oracle.jdevimpl.webservices.tcpmonitor.config.NetworkAccessRule"
                              file="NetworkAccessRule.java" line="1403" method="getResponseDefault"/>
                          <ns2:frame
                              class="oracle.jdevimpl.webservices.tcpmonitor.config.NetworkAccessRule"
                              file="NetworkAccessRule.java" line="325" method="getResponse"/>
                          <ns2:frame
                              class="oracle.jdevimpl.webservices.tcpmonitor.config.PassThroughRule"
                              file="PassThroughRule.java" line="135" method="execute"/>
                          <ns2:frame
                              class="oracle.jdevimpl.webservices.tcpmonitor.config.Rule"
                              file="Rule.java" line="473" method="fire"/>
                          <ns2:frame
                              class="oracle.jdevimpl.webservices.tcpmonitor.ConnectionHandler"
                              file="ConnectionHandler.java" line="558" method="getResponse"/>
                          <ns2:frame
                              class="oracle.jdevimpl.webservices.tcpmonitor.ConnectionHandler"
                              file="ConnectionHandler.java" line="412" method="run"/>
                          <ns2:frame
                              class="java.util.concurrent.Executors$RunnableAdapter"
                              file="Executors.java" line="441" method="call"/>
                          <ns2:frame
                              class="java.util.concurrent.FutureTask$Sync"
                              file="FutureTask.java" line="303" method="innerRun"/>
                          <ns2:frame
                              class="java.util.concurrent.FutureTask"
                              file="FutureTask.java" line="138" method="run"/>
                          <ns2:frame
                              class="java.util.concurrent.ThreadPoolExecutor$Worker"
                              file="ThreadPoolExecutor.java" line="886" method="runTask"/>
                          <ns2:frame
                              class="java.util.concurrent.ThreadPoolExecutor$Worker"
                              file="ThreadPoolExecutor.java" line="908" method="run"/>
                          <ns2:frame class="java.lang.Thread"
                              file="Thread.java" line="662" method="run"/>
                      </ns2:stackTrace>
                  </ns2:exception>
              </S:Detail>
          </S:Fault>
      </S:Body>
      I get following error message when calling getData method:
      <S:Envelope>
      <S:Body>
          <S:Fault>
              <faultcode>S:Server</faultcode>
              <faultstring>UNIMPLEMENTED</faultstring>
              <detail>
                  <ns2:exception class="java.lang.AssertionError" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
                      <message>UNIMPLEMENTED</message>
                      <ns2:stackTrace>
                          <ns2:frame class="weblogic.xml.domimpl.DocumentImpl" file="DocumentImpl.java" line="407" method="getElementById" />
                          <ns2:frame class="com.sun.org.apache.xml.internal.security.utils.IdResolver" file="IdResolver.java" line="146" method="getElementByIdUsingDOM" />
                          <ns2:frame class="com.sun.org.apache.xml.internal.security.utils.IdResolver" file="IdResolver.java" line="113" method="getElementById" />
                          <ns2:frame class="com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment" file="ResolverFragment.java" line="92" method="engineResolve" />
                          <ns2:frame class="com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver" file="ResourceResolver.java" line="263" method="resolve" />
                          <ns2:frame class="org.jcp.xml.dsig.internal.dom.DOMURIDereferencer" file="DOMURIDereferencer.java" line="95" method="dereference" />
                          <ns2:frame class="org.jcp.xml.dsig.internal.dom.DOMReference" file="DOMReference.java" line="370" method="dereference" />
                          <ns2:frame class="org.jcp.xml.dsig.internal.dom.DOMReference" file="DOMReference.java" line="304" method="digest" />
                          <ns2:frame class="org.jcp.xml.dsig.internal.dom.DOMXMLSignature" file="DOMXMLSignature.java" line="470" method="digestReference" />
                          <ns2:frame class="org.jcp.xml.dsig.internal.dom.DOMXMLSignature" file="DOMXMLSignature.java" line="366" method="sign" />
                          <ns2:frame class="test.WebServis" file="WebServis.java" line="391" method="signMessage" />
                          <ns2:frame class="test.WebServis" file="WebServis.java" line="117" method="getJIR" />
                          <ns2:frame class="sun.reflect.NativeMethodAccessorImpl" file="NativeMethodAccessorImpl.java" line="native" method="invoke0" />
                          <ns2:frame class="sun.reflect.NativeMethodAccessorImpl" file="NativeMethodAccessorImpl.java" line="57" method="invoke" />
                          <ns2:frame class="sun.reflect.DelegatingMethodAccessorImpl" file="DelegatingMethodAccessorImpl.java" line="43" method="invoke" />
                          <ns2:frame class="java.lang.reflect.Method" file="Method.java" line="601" method="invoke" />
                          <ns2:frame class="weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker" file="WLSInstanceResolver.java" line="92" method="invoke" />
                          <ns2:frame class="weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker" file="WLSInstanceResolver.java" line="74" method="invoke" />
                          <ns2:frame class="com.sun.xml.ws.server.InvokerTube$2" file="InvokerTube.java" line="151" method="invoke" />
                          <ns2:frame class="com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl" file="EndpointMethodHandlerImpl.java" line="268" method="invoke" />
                          <ns2:frame class="com.sun.xml.ws.server.sei.SEIInvokerTube" file="SEIInvokerTube.java" line="100" method="processRequest" />
                          <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="866" method="__doRun" />
                          <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="815" method="_doRun" />
                          <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="778" method="doRun" />
                          <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="680" method="runSync" />
                          <ns2:frame class="com.sun.xml.ws.server.WSEndpointImpl$2" file="WSEndpointImpl.java" line="403" method="process" />
                          <ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit" file="HttpAdapter.java" line="539" method="handle" />
                          <ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter" file="HttpAdapter.java" line="253" method="handle" />
                          <ns2:frame class="com.sun.xml.ws.transport.http.servlet.ServletAdapter" file="ServletAdapter.java" line="140" method="handle" />
                          <ns2:frame class="weblogic.wsee.jaxws.WLSServletAdapter" file="WLSServletAdapter.java" line="171" method="handle" />
                          <ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke" file="HttpServletAdapter.java" line="708" method="run" />
                          <ns2:frame class="weblogic.security.acl.internal.AuthenticatedSubject" file="AuthenticatedSubject.java" line="363" method="doAs" />
                          <ns2:frame class="weblogic.security.service.SecurityManager" file="SecurityManager.java" line="146" method="runAs" />
                          <ns2:frame class="weblogic.wsee.util.ServerSecurityHelper" file="ServerSecurityHelper.java" line="103" method="authenticatedInvoke" />
                          <ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter$3" file="HttpServletAdapter.java" line="311" method="run" />
                          <ns2:frame class="weblogic.wsee.jaxws.HttpServletAdapter" file="HttpServletAdapter.java" line="336" method="post" />
                          <ns2:frame class="weblogic.wsee.jaxws.JAXWSServlet" file="JAXWSServlet.java" line="99" method="doRequest" />
                          <ns2:frame class="weblogic.servlet.http.AbstractAsyncServlet" file="AbstractAsyncServlet.java" line="99" method="service" />
                          <ns2:frame class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="820" method="service" />
                          <ns2:frame class="weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction" file="StubSecurityHelper.java" line="227" method="run" />
                          <ns2:frame class="weblogic.servlet.internal.StubSecurityHelper" file="StubSecurityHelper.java" line="125" method="invokeServlet" />
                          <ns2:frame class="weblogic.servlet.internal.ServletStubImpl" file="ServletStubImpl.java" line="301" method="execute" />
                          <ns2:frame class="weblogic.servlet.internal.TailFilter" file="TailFilter.java" line="26" method="doFilter" />
                          <ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter" />
                          <ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter$1" file="JpsAbsFilter.java" line="119" method="run" />
                          <ns2:frame class="java.security.AccessController" file="AccessController.java" line="native" method="doPrivileged" />
                          <ns2:frame class="oracle.security.jps.util.JpsSubject" file="JpsSubject.java" line="315" method="doAsPrivileged" />
                          <ns2:frame class="oracle.security.jps.ee.util.JpsPlatformUtil" file="JpsPlatformUtil.java" line="442" method="runJaasMode" />
                          <ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter" file="JpsAbsFilter.java" line="103" method="runJaasMode" />
                          <ns2:frame class="oracle.security.jps.ee.http.JpsAbsFilter" file="JpsAbsFilter.java" line="171" method="doFilter" />
                          <ns2:frame class="oracle.security.jps.ee.http.JpsFilter" file="JpsFilter.java" line="71" method="doFilter" />
                          <ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter" />
                          <ns2:frame class="oracle.dms.servlet.DMSServletFilter" file="DMSServletFilter.java" line="139" method="doFilter" />
                          <ns2:frame class="weblogic.servlet.internal.FilterChainImpl" file="FilterChainImpl.java" line="56" method="doFilter" />
                          <ns2:frame class="weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction" file="WebAppServletContext.java" line="3730" method="wrapRun" />
                          <ns2:frame class="weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction" file="WebAppServletContext.java" line="3696" method="run" />
                          <ns2:frame class="weblogic.security.acl.internal.AuthenticatedSubject" file="AuthenticatedSubject.java" line="321" method="doAs" />
                          <ns2:frame class="weblogic.security.service.SecurityManager" file="SecurityManager.java" line="120" method="runAs" />
                          <ns2:frame class="weblogic.servlet.internal.WebAppServletContext" file="WebAppServletContext.java" line="2273" method="securedExecute" />
                          <ns2:frame class="weblogic.servlet.internal.WebAppServletContext" file="WebAppServletContext.java" line="2179" method="execute" />
                          <ns2:frame class="weblogic.servlet.internal.ServletRequestImpl" file="ServletRequestImpl.java" line="1490" method="run" />
                          <ns2:frame class="weblogic.work.ExecuteThread" file="ExecuteThread.java" line="256" method="execute" />
                          <ns2:frame class="weblogic.work.ExecuteThread" file="ExecuteThread.java" line="221" method="run" />
                      </ns2:stackTrace>
                  </ns2:exception>
              </detail>
          </S:Fault>
      </S:Body>
      I've read some Weblogic documentation regarding web services and security but it seems I can't see the wood for the trees. I would be very grateful if somebody could give me a few pointers. Also, as a last resort, would it help if I rewrote code using Axis2 and could such web service be deployed to Weblogic successfully?