Lotus/Domino 8.5 WebService Consumer manipulating SOAP Header

July 28, 2010 Leave a comment

There is pretty often a need to incorporate SOAP Header in the message sent by Web Service consumer. While Domino 8.5 is using Axis Java library under the hood of it’s generated Java Web Service Consumers,it blocks standard setHeader API in the client proxy. We had to look through all generated java files to find the solution. Below is example of sending SOAP Header from Lotus Web Consumer agent.

In the generated by Domino class for endpoint – XXXEndpointStub.java locate the code responsible for making the call, similar to the following:

lotus.domino.websvc.client.Call _call = createCall("submitRequest");
java.lang.Object _resp = _call.invoke(new java.lang.Object[] {parameters});

Modify it to create and addHeader before call invocation.For example to create following SoapHeader:

<soap:Envelope …>

<au:auth xmlns:au=”http://www.example.com“>


Code will be:

lotus.domino.websvc.client.Call _call = createCall("submitRequest");

try {
// Create soap header elements
SOAPHeaderElement header = new SOAPHeaderElement(“http://www.example.com&#8221;, “auth”);
SOAPElement elemSystem = header.addChildElement(“username”, “au”, “http://www.example.com&#8221;);

// add header to payload
} catch (Exception e) {
throw new ….

java.lang.Object _resp = _call.invoke(new java.lang.Object[] {parameters});


Error Importing PKCS12/ PFX Certificate to Websphere 6.1 and Establishing Handshake

October 15, 2009 Leave a comment

Having spent few hours debugging handshake between WESB and WAS server in the backend, we found out that the problem was with the root CA certificate key size  -it was 4K, while WAS policy files restrict it to 1K.

One of the symptoms was that when trying to import certificate generated by our local Enterprise Microsoft CA Server to Websphere Server we’ve got errors described below. Both importing from WAS console and through ikeyman.bat gave errors: “Database is corrupted” and “Could not open keystore“.

Trying to see the content of this PFX file using keytool
\java\jre\bin>keytool -list -v -keystore test.pfx -storetype pkcs12 -storepass test

Also ended up in error “java.io.IOException: Error in loading the keystore: Private key decryption error: (java.security.InvalidKeyException: Illegal key size)

The issue appeared to boil down to a problem with the Java security policy files and thier ‘restricted’ and ‘unrestricted’ flavours and the size of the keys used by our local CA.

Downloading the unrestricted JCE policy files for IBM JVM 1.4.2+ (US_export_policy.jar and local_policy.jar) and replacing them in WAS JVM worked like a charm.

Resolution steps for WAS 6.1:

    • Go to the developerWorks Java Technology Security page at URL: Java Technology Security
    • Click on the “J2SE 5.0” link for WebSphere Application Server 6.1.xx
    • Scroll down on the resulting page and click on the “IBM SDK Policy files” link.
    • Select “Unrestricted JCE Policy files for SDK for all newer versions 1.4.2+” and download them
    • Extract the local_policy.jar and US_export_policy.jar files from the unrestricted.zip archive.
    • Stop the application server
    • Back up the local_policy.jar and US_export_policy.jar files located in the following directory: \java\jre\lib\security\
    • Place the new files, previously downloaded to \java\jre\lib\security\
    • Start the server

Now you will be able to open it with ikeyman and from admin console

Functional Quality Testing for SOA / WebServices

March 19, 2009 1 comment

As the number of services is growing in our environment, the need for automatic regression/functional testing is increasing.  I have recenly encountered articles on IBM Rational Tester for SOA Quality. It is nice tool, but having budget contraints we will have to build something on our own.

First thing that comes to mind to use Ant ant Junit tests that would be able to send SOAP and test results against expected XMLs. And quick search reveals IBM’s recent article on that topic:

 Testing SOA applications with WebSphere Integration Developer and Ant scripts

Also so far we have been using SOAPUI for our initial and integration unit testing, it would be nice to re-use existing SOAPUI projects in Continous Integration scripts and also expand them not only to send and receive results, but verify results against predefined set of results. Researching few articles on this theme: 

 Testing Web Services with SoapUI

Series of articles on continuous integration (CI), SoapUI and Groovy:
Functional Web Services Testing Made Easy with SoapUI – Part 1
Functional Web Services Testing Made Easy with SoapUI – Part 2
Functional Web Services Testing Made Easy with SoapUI – Part 3

Categories: SOA Tags: , , , ,

Websphere wsadmin.bat utility running out of memory

January 16, 2009 Leave a comment

Recently we have encountered Memory problems running Websphere wsadmin based scripts.

We were trying to retrieve large amount of CBE events from WESB using eventquery.bat script and default 256K memory settings were easily exhausted.

Our first option was to find in wsadmin.bat the line shown below and increase it

set PERFJAVAOPTION=-Xms256m -Xmx256m -Xj9 -Xquickstart


 But of course we wanted somewhat more elegant solution and came by the following IBM Tech Note, with the ‘javaoption’ parameter described:



 Instead of modyfing wsadmin.bat file passing ‘javaoption’ parameters worked perfectly

wsadmin.bat   -javaoption –Xms256m -javaoption –Xmx768m .. rest of parameters…

or in event query case:

eventquery.bat   -javaoption –Xms256m -javaoption –Xmx768m .. rest of parameters…

Websphere Password Decoding

December 16, 2008 Leave a comment

Passwords stored in Websphere Server configuration files actually could be decoded

for the Websphere ESB 6.1 that runs on top of WAS 6.1.17 the actual comand is:
\IBM\WebSphere\ESB\deploytool\itp\plugins\com.ibm.websphere.v61_6.1.200>\IBM\WebSphere\ESB\java\bin\java -cp ws_runtime.jar com.ibm.ws.security.util.PasswordDecoder {xor}booqL2sSOm0=encoded password == “{xor}bWcqL2sSOm0=”, decoded password == “hello”

And a very nice online password decoder

Plugins integration with WID 6.1.2

November 18, 2008 8 comments

The new WID 6.1.2 hides plugin installation by default. I was looking for usual Eclipse menu Help->Software Updates->Find and Install to point to Site for installing the plugin, but it disappead. The trick was to switch from the default “Business Integration” perspective to “Resources” and then “Software Updates” are back and working.

Of course other ways of copying jars to features/plugins and links are still working, but the managed updates via Eclipse seems to be more elegant way. (http://www.venukb.com/2006/08/20/install-eclipse-plugins-the-easy-way/)

Collection of useful SOA and general plugins:

  1. Subclipse plugin installation instructions : Subversion integartion
  2. SoapUI Plugin – Web Service Testing
  3. BIRT Plugin – useful for Tivoli Common Reporting on SOA infrastructure
  4. WSRR Plugin – Webservice registry and repository plugin

Web Services Contract First

October 1, 2008 Leave a comment

There are lots and lots of reasons to design the contract for the webservice (interface,messages etc) and only then proceed to the actual coding. Anyway it’s a common practice to any software project, but it is not that straightforward process in Visual Studio ASMX webservices.

With all the Vistual studio pre-generated project artifacts and templates it’s so much easier to get your[WebMethod] and voila! WSDL is genareted and contract is ready.

Here is nice article to address the doubts “Contract-First Web Services: 6 Reasons to Start with WSDL and Schema” on SOA Magazine

Nice post on the WebServiceContractFirst in VS2008 and WCF

After doing some research and blogs scanning WSCF tool from thinktecture looks promising for ASMX
WSCF.blue is the new edition that supports WCF  http://wscfblue.codeplex.com/

(For the default .AddIn file locations for Visual Studio 2008 add-ins http://www.mztools.com/articles/2008/MZ2008001.aspx )