Problem Description
The following problems can occur:
● Deployment problems
● Authentication problems
● Authorization problems
| Scenario Type: | Error analysis |
| NetWeaver Component: | J2EE (Web Service) |
| Validity: | J2EE version >= 6.30 |
Decision Roadmap
Prerequisites
-
Main Tools
Log Viewer or Visual Administrator
Analysis
Deployment problems
● Technical Background:
During deployment, configuration data is taken from the ws-deployment-descriptor.xml and stored in the Configuration Manager under /webservices (service Configuration Adapter). During the call of the Web services, the configuration data is looked up.
● Solution:
Problems of this kind should not appear anymore after SP4. If they do appear, this is due to lock timeouts. Change the property locking.timeout of Service Web Service Security (tc~sec~wssec~service) to a higher value (default 30000 = 30 seconds).
● Symptom:
Error while processing document security. The error was class com.sap.engine.frame.core.configuration.NameNotFoundException. A configuration with the path webservices/proxies/sap.com/WSSEC_PROXIES/com.sap.security.core.ws.proxies.wss.Wss*doc_basicPort_Rpc/authenticate/wss does not exist.
Date : 02/27/2004
Time : 16:15:59:876
Message ID : 000BCD719CC1003C00000032000010A00003D456FA2FC96F
Severity : Error
Location : com.sap.security.core.client.ws.DeployableSecurityProtocol.handleRequest
Source Name : /System/Security/WS/SecurityProtocol
Thread : SAPEngine_Application_Thread[impl:3]_18
Message : Error while processing document security. The error was class com.sap.engine.frame.core.configuration.NameNotFoundException A configuration with the path "webservices/proxies/sap.com/WSSEC_PROXIES/com.sap.security.core.ws.proxies.wss.Wss*doc_basicPort_Rpc/authenticate/wss" does not exist..
Datasource : 22418350:./log/system/security.log
Application : sap.com/WSSEC_CLIENT_EAR
Argument Objs :
Arguments : class com.sap.engine.frame.core.configuration.NameNotFoundException,A configuration with the path "webservices/proxies/sap.com/WSSEC_PROXIES/com.sap.security.core.ws.proxies.wss.Wss*doc_basicPort_Rpc/authenticate/wss" does not exist.,
Dsr Component : P111854_D11_22418350
Dsr Transaction : 2db34230693711d88e6c000bcd719cc1
Dsr User : Administrator
Indent : 0
Level : 0
Message Code : _DeployableSecurityProtocol0800
Message Type : 1
Relatives :
Resource Bundlename : com.sap.security.core.client.ws.DeployableSecurityProtocolMessage
Session : 126
Source :
Thread :
Transaction :
User : Administrator
● Analysis / solution:
Redeploy the application
Authentication problems
● Symptom:
HTTP 401 / Invalid credentials
● Analysis:
Authentication was not accepted, or user is not in group Everyone
● Solution:
Check for output in the security log, test logon using /wsnavigator
Authorization problems
● Symptom:
The client gets the error message Authorization failed for the specified security roles. For details see log entry 000BCD719CC1004C000000C2000010A00003D45747B8E725
SOAP message:
HTTP/1.1 500 Internal Server Error Connection: close Set-Cookie: JSESSIONID=(J2EE22418300)ID22418350DB2006953124854834067End; Version=1; Path=/ Set-Cookie: sapj2ee_Stocks*sso=22418350; Version=1; Path=/ Server: SAP J2EE Engine/6.30 Content-Type: text/xml Date: Fri, 27 Feb 2004 15:37:40 GMT
● Analysis:
The user is not member of one of the required J2EE security roles.
● Solution:
Take the ID of the log entry, open the security log in the Log Viewer and search for the log entry. This will lead to an message of severity Warning like:
Calling operation getQuote of component sap.com/WSSEC_SERVER_EAR*WSSEC_TEST_Assembly.jar for principal Administrator denied (roles: [StockGuests, StockCustomers]).
The message contains the user in combination with the component and the required security roles that are needed to successfully authorize the request. In the Security Service look for the security roles of the component and check the user assignment.
If no roles were assigned (roles: []), no authorization is possible and the assignment must be changed in the IDE.
● Symptom:
The server responds with HTTP 503
● Analysis / solution:
The Web service is not started. Check in the list of deployed Web services if the application has been started (deploy service, wsnavigator).
1 comment:
For a Excellent Online Resource for SAP EP and SAP Web Dynpro ABAP, Visit Learn SAP Online
SAP EP - Standard Portal Services
Portal Eventing and Navigation
Portal Look and Feel - Branding the Portal
How to Develop Portal Applications
SAP EP-Developing portal content and assigning permissions
SAP EP-Role maintenance
SAP EP-How to make Enterprise Portal highly available
Implement Single Sign On
SAP EP-J2EE architechture
What is SAP Enterprise Portal
And Many More...
Basics of Web Dynpro ABAP
ABAP Data Types and Objects
ABAP Statements
WD4A - Introduction WDA - SAP Logon Procedures
WD4A-Format the Values appearing on value Axis of Business Graphic
WD4A-Navigate from one view to another and back to previous view
WD4A - How to Calculate next 12 months from current month in web dynpro ABAP
WD4A - Validate Inputs in a web dynpro ABAP Application
And Many More...
Post a Comment