Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

PPM 7.5 Web Service question

SOLVED
Go to solution
Highlighted

PPM 7.5 Web Service question

Hello Guys,

I have the requirement to delete demand management requests closed for a curtain time.
My idea was to use the Web Services deleteRequests.
I get it to run using the Web Services Toolkit.
However I'm not happy with the security setting.
Putting the admin's password in a file is not secure.
So my next idea was to put my Java class file in the WEB-INF/classes dir of the ppm server.
When I run the file from there I get a "WSDoAllReceiver: Incoming message does not contain required Security header" error.

My question is: How do I get a web service to work without having a password stored in a file?

I'm on ppm 7.5 SP3

The attament contains the Java code.

Regards
Volker
5 REPLIES
Mahen M
Honored Contributor

Re: PPM 7.5 Web Service question

Hi,
There are 2 types of Authentication available in Webservices.
1. HTTP basic authentication
2. WS-Security implemented
a) Through the SOAP message header
b) Using the UsernameToken profile as defined by the OASIS
standard (docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-username-token-profile-1.0.pdf)

We use 'WS-Security' in which I store the password in Passwordcallbackhandler.Java to store the password.

I am not a expert in this webservices. Please refer to "Service-Oriented Architecture: Web Services Guide" document given by HP for more information

Regards,
Mahendran M

Re: PPM 7.5 Web Service question

Hi,

thank you for the response and the doc's.
I have used the WebService Guide. But finally there are no information how to use a more sophisticated PasswordCallbackHandler.
From my current point of view is best for me using the PasswordCallbackHandler delivered with PPM. But this means additional code in my Java file and it seems to be that there is no information available how to use this callback handler.
Alternative a password callback handler which use the encrypted password of the ppm admin, stored in the database, can be a good way as well.

Regards
Volker
Solution

Re: PPM 7.5 Web Service question

Hi Volker,

try to use the following code snippets.
I used it to decrypt the DB password from server.conf.

import com.kintana.core.util.PasswordManager
import com.kintana.sc.security.ElGamalPrivateKey

// decrypt password
try {
PasswordManager.setPrivateKey(new ElGamalPrivateKey("security/private_key.txt"));
} catch (IOException e) {
e.printStackTrace()
if (debug) { %> ERROR: File 'security/private_key.txt' does not exist
<% }
initFailed = true;
}

if (PasswordManager.isElGamalEncrypted(dbPassword))
try {
dbPassword = PasswordManager.decrypt(dbPassword);
} catch (RuntimeException e) {
e.printStackTrace();
if (debug) { %> ERROR: Could not decrypt DB password
<% }
initFailed = true;
}

Kind regards,
Michael
Jyotir ++
Member

Re: PPM 7.5 Web Service question

Hi,

Have you done all the configuration changes on XML files which is required for security setting.

Please try to do the changes as stated in SOA doc and let me know if you face issue while accessing Webservices.

Back Again,
Jyotir

Re: PPM 7.5 Web Service question

solved
//Add this to "OnDomLoad" event