Custom Adaptor Module on Soap Receiver

Hi All,
In PI 7.1.1 I have a soap receiver communication channel with a call to a simple custom adaptor module before and after the call to the XISoapAdaptorBean
The call before works displaying the message in the call. It seems that the module is not being called for the response.
This used to work in XI. What's changed?
John

Hi Stefan,
To the best of my knowledge I've followed the API when switching the code. The module is extremely simple at the moment; it just logs that it's been called.
     public ModuleData process(ModuleContext moduleContext, ModuleData inputModuleData)
          throws ModuleException
     { // process
//          get the XI message
          try
               Message msg = (Message)inputModuleData.getPrincipalData();
               MessageDirection iDirection=msg.getMessageDirection();
               amk = new MessageKey(msg.getMessageId(), iDirection);
               Audit.addAuditLogEntry(amk, AuditLogStatus.SUCCESS, "CreateKeyFields: Module called");
          catch (Exception e)
               ModuleException me = new ModuleException(e);
               throw me;
          return inputModuleData;
     } // process
I'm missing com.sap.aii.af.cpa.svc_api.jar, is this likely to be the culprit? It still compiles, deploys and works for all the outbound modules I've worked on.
Kind regards,
John

Similar Messages

Accessing SOAP header information in a custom adaptor module

Hi Guys,
Could anyone point me in the direction of information on how to access the SOAP:Header element when writing a custom adaptor module for a http/ SOAP communication channel?
I'm trying to add some WS-Security stuff which isn't available in XI 3.0.
Many thanks,
John

The solution is as follows:
Mark as Do Not Use SOAPEnvelope in the communication channel.
It may be possible to use the SAP implementation of MessageFactory, SOAPEnvelope etc., I forced XI the Apache Axis implementation, a thread on which can be found here Link: [Accessing SOAP header information in a custom adaptor module;
The SOAP Envelope is created by
javax.xml.soap.MessageFactory mf= org.apache.axis.soap.MessageFactoryImpl.newInstance();
This doesn't work it creates a com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl
org.apache.axis.message.SOAPEnvelope env = new org.apache.axis.message.SOAPEnvelope();
org.apache.axis.Message iSoapMessage = new org.apache.axis.Message(env);
SOAPMessage sm = iSoapMessage;
SOAPBody iBody = se.getBody();
if(iBody!=null)
     iBody.addDocument(iDoc);
     addDocument failed for some reason when called in XI returning
     Exception caught by adapter framework: Exception in method process.
     The code below is copied straight from the addDocument method, but it works.
     org.w3c.dom.Element iDocRoot= iDoc.getDocumentElement();
     org.apache.axis.message.SOAPBodyElement bodyElement = new org.apache.axis.message.SOAPBodyElement(iDocRoot);
     iBody.addChildElement(bodyElement);
In order to get a document representation of the Envelope you can use
Document iEnvelopeDoc = ((org.apache.axis.message.SOAPEnvelope)env).getAsDocument();
You are now in a position to add or adjust the SOAP Envelope as your require. It enabled me to add WS-Security information to a message.
It is normally possible to use javax.xml.transform.Transformer on the various classes SOAPEnvelope, SOAPBody etc. as they implement Node. However doing this in XI caused a crash.
The final document can be then be set in the xmlPayload before being sent out the door.
Hope this helps someone,
John

Custom Adaptor for JDBC Communication Channel

Hi Guys,
My apologies if this has been asked before, but I did a few searches and could not find anything.
I'm trying to write an adaptor that will use/ access the information passed into a JDBC Receiver communication channel prior to the normal adaptor being called.
Iu2019ve written a module that gets as much information from the ModuleContext and the ModuleData as possible, but I canu2019t find where the information on the database connection is being passed.
Is there any way of accessing the Database Connection information in a custom adaptor module?
Kind regards,
John

Hi 'PI Expert'
Thanks for your reply. I'm not sure we can use that as we're running PI7.0, but just in case:
I can't find too much information suggesting that it's possible to call the Directory API from within an adaptor module allowing the information to be read, and hopefully modified, when the communication channel is used.
Is it possible to call the Directory API from within a custom adaptor module?
Kind regards,
John

Adapter Module in SOAP Sender Adapter

Hi All,
To Confirm, Is it possible to use Custom Adapter Modules in SOAP Sender Adapter. If so, where exactly custom module has to be placed in communication channel with respect to the standard bean of SOAP Adapter.
Thanks in advance.
Regards,
Sudharshan N A

Hi,
The sender adapter cannot be extended Check this
http://help.sap.com/saphelp_nwpi711/helpdata/en/43/951aceb1146353e10000000a11466f/frameset.htm
http://help.sap.com/saphelp_nwpi711/helpdata/en/cd/5af7c0c994e24fb0d0088443513de2/frameset.htm
Regards
Suraj

SOAP Web Service + Custom Login Module issue

Hi Guys,
We faced an authentication issue in our project. Could you please give any advice how the issue could be resolved.
Environment: A simple SOAP Web Service on top of POJO class created in a Web Application. The web application deployed to the SAP NetWeaver 7.10 Application Server in the Enterprise Application Archive.
Configuration:
 Single Service Administration Application(NetWeaver Administration -> SOA Management -> Application and Scenario Communication -> Single Service Administration)
 The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
 Authentication Application(NetWeaver Administration-> Configuration Management->Security->Authentication)
 The application(<vendorName>/<earName>*<vendor>~<webAppName>) has Authentication Stack configured to use our custom login module.
Issue: BasicPasswordLoginModule used by the J2EE when we are trying to execute the web service using Web Service Navigator(checked in debug mode). It seems that we missed something in configuration.
Idea: The main Idea is to use our custom login module when we are executing a web service.
Could you help me to resolve the issue.
Thanks,
Dmitry
Edited by: Dmitry Eidin on Jul 17, 2009 3:46 PM

> The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
That's the point.

Usage of Module processor in SOAP Receiver Adapter

Hi,
I have scenario where I am calling an external Web Service via XI. Unfortunately I need Java Mapping to generate the complete SOAP Message (there are some special header elements required by the Web Service) and flag 'no soap' in the SOAP Receiver Adapter. This works fine, but I have additional Web Service Calls that have the same Header logic and I don't want to use Java Mapping all the time.
I was wondering if it is possible to use graphical User Mapping for the Business Data that goes to the SAOP Body as a payload and use Java code to generate the SOAP Message (actually the SOAP Wrapper and the Header).
Can I do this in XI using the Module processor in the SOAP Receiver adapter or do I have to use two mappigs, one based on the Graphical mapping and another using Java Mapping? Is it feasible at all in XI?
Thanks in advance.

Hi,
You can use Module Processor.
But,
1. If it is a synch call, in when the message is going from the SOAP adapter to the Webservice, you will need to manually Add the SOAP header as you want . ( you will need to create the entire SOAP mesage as the output of the Module ).
2. When the response comes back, the same module will need to remove the SOAP header etc and pass a valid , XML message to the Graphical mapping.
If you have a requirement that some fields of the SOAP header will be needed to be accesed in the Response mapping, then you would need to either add this field to some field in the response payload.
Better option would be to use, Either a Java or a XSL mapping that does all the required stuff for you.
Regards
Bhavesh

Code to retrive the sender and receiver interface names using custome adapter module

Hello Team,
I want to develop an custom adapter module which could retrieve the names of the sender and receiver interfaces of the scenario and for that i am trying to use com.sap.aii.af.service.administration.api.monitoring.ProcessContextFactory.ParamSet but i don't know whether this API will support or not and also i don't know how to develop the code using this API so please suggest me some code for it so that i could retrieve the names.
Thanks you all in advance.
Regards,
Avinash.

Hi,
Just ASMA setting will do the needful. Are you planning to rename your target file name. If yes then only you will require UDF.
Update: Since your directory name will be taken from source file name then you have to use mapping for this, else it will not be possible.
I don't know if creating a new module for this will help you solve the issue, but in that case rather creating adapter module, mapping will be easier.
Regards,
Sarvesh
Edited by: Sarvesh Singh on Dec 7, 2009 3:04 PM

SOAP Receiver Adaptor

Hello Everyone,
I am working on development of XI web services. The web services which I have developed are working fine from my peers computer but when I try running them using Mercury Load Runner from my machine I am getting the following error the Message General error while they are running without requiring to make any changes on my peers machine
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- 
- <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Category>XIAdapterFramework</SAP:Category>
<SAP:Code area="MESSAGE">GENERAL</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: invalid content type for SOAP: TEXT/HTML</SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack />
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
I went through the SDN site, went through web blogs threads and made the suggested changes like adding a new module
localejbs/AF_Modules/MessageTransformBean in the module tab of the receiver SOAP channel and configuring the module transform with parameter name Transform.ContentType and value text/xml;charset=utf-8
After doing that I am again getting the Receiver Determination Error i.e No Receiver could be determined error. I checked the steps listed for this error and again it is not getting solved.
My question is why is the web service working on my peers terminal and not mine?
Also the web service is working properly in Soap Scope Server but not on my terminal ?
How can I debug this issue ?
Thanking all of you in anticipation. Can anyone please help me with the same?
Best Regards,
Kiran

Sak,
Your error message says invalid content type for SOAP: TEXT/HTML. So please check these threads where they have discussed some solutions for this:
See stefans reply in this thread:
Re: Soap Receiver : how to convert application/xml of payload to text/xml?
Also please check this:
Re: invalid content type for SOAP: TEXT/HTML
invalid content type for SOAP: TEXT/HTML
invalid content type for SOAP
Regards,
---Satish

SOAP receiver adapter for Axis

Hi,
I used SOAP receiver adapter for Axis like below:
Transport Prorocol : HTTP
Message Protocol : Axis
Url: http://<IP>:<Port>/xxx/WebService/services/Head/yyy
Authentication : Basic
User: <user>
Password: <password>
SOAP Version : 1.1
SOAP Action: : <method>
Encapsulation Format : MIME
Payload Extraction : SOAP Body
When i drive PI message it generates error below.
What must i do to solve this problem?
Thanks.
Error message
com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.ejb.EJBException: Exception in getMethodReady() for stateless bean sap.com/com.sap.aii.axis.appxml|com.sap.aii.adapter.axis.ejb.jarxml|AFAdapterBean; nested exception is: com.sap.engine.services.ejb3.util.pool.PoolException: javax.ejb.EJBException: Exception raised from invocation of public void com.sap.aii.adapter.axis.modules.AFAdapterBean.ejbCreate() throws javax.ejb.CreateException method on bean instance com.sap.aii.adapter.axis.modules.AFAdapterBean@20715646 for bean sap.com/com.sap.aii.axis.appxml|com.sap.aii.adapter.axis.ejb.jarxml|AFAdapterBean; nested exception is: javax.ejb.CreateException: java.lang.NoClassDefFoundError: org/apache/axis/types/URI$MalformedURIException

*Url:* http://172.28.6.194:8080/AssetManagerWebService/services/Head/SapTest
When i use Url with *?wsdl* it generates below (it'is very long. I give part of it)
wsdl
<?xml version="1.0" encoding="UTF-8" ?>
- <wsdl:definitions targetNamespace="http://schemas.hp.com/AssetManager/Custom/Head/SapTest/Wsdl" xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="http://schemas.hp.com/AssetManager/Custom/Head/SapTest/Wsdl" xmlns:intf="http://schemas.hp.com/AssetManager/Custom/Head/SapTest/Wsdl" xmlns:tns1="http://schemas.hp.com/AssetManager/Custom/Head/SapTest/Types" xmlns:tns2="http://schemas.hp.com/AssetManager/R51/ACMetaData" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- 
- <wsdl:types>
- <schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://schemas.hp.com/AssetManager/Custom/Head/SapTest/Wsdl" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:AdministrationTypes="http://schemas.hp.com/AssetManager/Custom/Head/Administration/Types" xmlns:CableTypes="http://schemas.hp.com/AssetManager/Custom/Head/Cable/Types" xmlns:CatalogTypes="http://schemas.hp.com/AssetManager/Custom/Head/Catalog/Types" xmlns:ChargebackTypes="http://schemas.hp.com/AssetManager/Custom/Head/Chargeback/Types"
<import namespace="http://schemas.hp.com/AssetManager/R51/ACMetaData" />
<import namespace="http://schemas.hp.com/AssetManager/Custom/Head/SapTest/Types" />
- <annotation>
<documentation>Auto-generated schema for AssetCenter web services for Head/SapTest Implementation</documentation>
</annotation>
<import namespace="http://schemas.hp.com/AssetManager/Custom/Head/SAM/Types" schemaLocation="../../schema/Head/SAM/SAMTypes.xsd" />
<import namespace="http://schemas.hp.com/AssetManager/R51/ACMetaData" ......
<wsdl:operation name="retrieveAllBusinessAPIListByName">
<wsdlsoap:operation soapAction="retrieveAllBusinessAPIListByName" />
<wsdl:input name="retrieveAllBusinessAPIListByNameRequest">
<wsdlsoap:body use="literal" />
</wsdl:input>
<wsdl:output name="retrieveAllBusinessAPIListByNameResponse">
<wsdlsoap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SapTestService">
<wsdl:port binding="impl:SapTestSoapBinding" name="SapTest">
<wsdlsoap:address location="http://172.28.6.194:8080/AssetManagerWebService/services/Head/SapTest" />
</wsdl:port>
</wsdl:service>
</wsdl:definitions>

SOAP Receiver adapter with attachments not working

Hello,
I have a simple synchronous scenario like this; ABAP proxy with attachments to SOAP with attachments.
The SOAP receiver adapter has been configured with the parameters 'Do not Use SOAP envelope' and 'Keep attachments'. We create our own SOAP envelope with custom SOAP headers, so that's the reason for the 'Do not use SOAP envelope' setting.
When we test the scenario with an attachment then we get a timeout from PI. However, when we test the same scenario without any attachment then no errors occur.
The external webservice has also been tested with SOAP UI and it works fine.
Do you have any clues what the problem can be? What are we still missing in the configuration?
We did try with the adapter modules such as PayloadSwapBean and the Message TransformBean, so far without success...
Many thanks.
Roberto

Hi Stefan,
The attachments are not really big, around 150KB.
According to the other party (Oracle Service Bus) no messages with attachments have been received. In fact it seems like those messages never leave the PI server. SOAP requests without attachments are processed successfully.
Thanks
Roberto

SOAP Receiver error - HTTP 500 Internal Server Error

Hi,
We have a FILE to SOAP Asynchronous scenario to send data from our PI to customer PI.
We are sending PGP encrypted file as the payload. So, foll settings have been maintained:
Do not use SOAP envelope in Sender and Receiver SOAP
nosoap=true in the URL.
Message transform bean in the SOAP channels.
File is successfully sent and received through SOAP protocol.
But, both the SOAP Receiver and Sender channels are in error:
SOAP Receiver error:
SOAP: response message contains an error XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 500 Internal Server Error.
As, this is a asynch scenario, we are not expecting the response.
SOAP sender at customer PI is in error. Error text is not mentioned. It just displays: error occured.
At both the ends, we do not have Repository objects as there is no mapping.
Kindly help...
Thanks,
Pratibha.

Hi All,
For the same scenario, we need to Sign the data using the WebServices Security.
(We are sending PGP encrypted data as SOAP payload using MTB, i have ticked "Do not use SOAP envelope")
I have selected WebServicesSecurity as the security profile in the SOAP Receiver and selected "Sign" in the Receiver agreement, have provided our private cert.
Tried sending a message. Communication channel audit Log shows the message:
Success MP: Processing local module localejbs/sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean
Success SOAP: request message entering the adapter with user J2EE_GUEST
Success SOAP: Web Services Security processing...
Success SOAP: Web Services Security processing skiped. Empty body...
Success SOAP: completed the processing
Please suggest how I can apply the WSS..
Thanks,
Pratibha.

Get Message details in custom adapter module

Hello,
Could you please let me know how can we retrieve following parameters in custom adapter module?
Message size
Message Mapping name
Operation Mapping name
Sender and Receiver Interface names
Thanks!
Regards,
Shweta

Hi Shweta
Not all the information is available directly from the adapter module.
Message size
Retrieve the input stream of the payload, convert the stream to bytes and count the bytes length.
Message msg = (Message) inputModuleData.getPrincipalData();
XMLPayload payload = msg.getDocument();
InputStream inStr = payload.getInputStream();
// Convert inStream to bytes
int size = bytes.length;
Sender and Receiver interface names
You can only get Sender interface in sender module, and receiver interface in receiver module. You can get the from the getAction() method.
Message msg = (Message) inputModuleData.getPrincipalData();
String interfaceName = msg.getAction().getName();
Operation Mapping name
This is not directly available from the Adapter Framework. One workaround is to access this via the Integration Directory API. With the Interface Determination Service API, you can read the Interface Determination object to get the associated mapping. To do this you have to make a SOAP call to the API.
Message Mapping name
I'm not sure how this can be retrieved as this is only available in ESR.
If the module is on the receiver side, another option is to extract the information during mapping and store it into Dynamic Configuration, then in the receiver module, to extract it from Dynamic Configuration.
Rgds
Eng Swee

Use Moduls with SOAP Sender Adapter

Hi Experts,
I have a question regarding the use of modules in the soap sender adapter / communication channel. Is it correct that the use of modules in the soap sender adapter is not possible?
the background of my question is that we use modules from SEEBURGER in our Communication channels for archiving incoming and outgoing documents. the use of modules in the soap receiver adapter is possible. why not in the soap sender???
according to the sap help it is possible to use the axis framwork in the soap adapter. then it should be possible to use modules. Is that correct? I tested it but it is not working. If I send a soap message (with the soap reveicer adapter) to the axis soap sender adapter there occure internal server errors. it is only working if I write my own modules for the axis soap sender adapter? is it not possible to use external modules like in other channels (File/FTP, soap receiver etc.)???
thanks and best regards!
Christopher

we have moduls from SEEBURGER. so I have to test it. but before I need a scenario with which I can test it.
We have a customer who sends xml-files per soap to us. these files we receive succussfully with the soap sender adapter. now we want to use some modules. so we have to use the axis soap sender adapter. I tried to send an xml file with the soap receiver adapter to the axis soap sender adapter, but this was not working. http 500 internal server errors occurred. is it possible that this scenario (soap-to-axis-soap) is not working? need I a specific configuration for this?
thanks and regards
Christopher

Error in the SOAP Receiver communication channel

Hi ,
My scenario is RFC - to -SOAP (synchronous ) i have specified the TARGET URL inthe SOAP receiver comminication chanel.. but while testing the interface by providing the test data from R/3 .. I'm not getting any Respose.. ..
If I check in the SXMB_MONI in i'm getting the following message .. but the URL whicjh i provided that is fine.. but my doubt is through XI may be it's not able to connect the Target System... .. so, please suggest me...
<SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Category>XIAdapterFramework</SAP:Category>
<SAP:Code area="MESSAGE">GENERAL</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: www.webservicex.net</SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack />
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
regards
Jain

By default, the SOAP adapter sends the SOAP message with the content type text/xml.
When you check "Do not use SOAP envelope", the default contnet type is application/xml.
You can change the content type like this: Go to the SOAP receiver communication channel module tab. Add the module "localejbs/AF_Modules/MessageTransformBean" before the standard module. Add the parameter name Transform.ContentType and value text/xml.
Check out this
/people/varadharajan.krishnasamy/blog/2007/01/09/troubleshooting-soap-message--xi
One way of testing ur scenario
/people/michal.krawczyk2/blog/2005/08/25/xi-sending-a-message-without-the-use-of-an-adapter-not-possible
Also have a look here
SAP Note 856597
reward points if solution found helpfull
regards
chandrakanth

Help - using custom login module with embedded jdev oc4j to access ejb 3

Hi All (Frank ??),
I'm just wondering if anyone has successfully been able to leverage a custom login module in combination
with a client that connects to a local EJB 3 stateless session bean through Jdeveloper 10.1.3.2's embedded oc4j.
I have spent 2+ days trying to get this to work - and i think I resound now to the fact im going to
have to deploy to oc4j standalone instead.
I got close.. but finally was trumped with the following error from the client trying to access the ejb:-
javax.naming.NoPermissionException: Not allowed to look up XXXXXX, check the namespace-access tag
setting in orion-application.xml for details.
Using the various guides available, I had no problem getting the custom login module working
with a local servlet running from JDev's embedded oc4j.. however with ejb - no such luck.
I have a roles table (possible values Member, Admin) - that maps to sr_Member and sr_Admin
respectively in various config files.
I'm using EJB 3 annotations for protecting methods .. for example
@RolesAllowed("sr_Member")
Steps that I had to do so far :-
In <jdevhome>\jdev\system\oracle.jwee.10.1.3.40.66\embedded-oc4j\config\system-jazn-data.xml1) Add custom login module
 <application>
 <name>current-workspace-app</name>
 <login-modules>
 <login-module>
 <class>kr.security.KnowRushLoginModule</class>
 <control-flag>required</control-flag>
 <options>
 <option>
 <name>dataSource</name>
 <value>jdbc/DB_XE_KNOWRUSHDS</value>
 </option>
 <option>
 <name>user.table</name>
 <value>users</value>
 </option>
 <option>
 <name>user.pk.column</name>
 <value>id</value>
 </option>
 <option>
 <name>user.name.column</name>
 <value>email_address</value>
 </option>
 <option>
 <name>user.password.column</name>
 <value>password</value>
 </option>
 <option>
 <name>role.table</name>
 <value>roles</value>
 </option>
 <option>
 <name>role.to.user.fk.column</name>
 <value>user_id</value>
 </option>
 <option>
 <name>role.name.column</name>
 <value>name</value>
 </option>
 </options>
 </login-module>
 </login-modules>
 </application>2) Grant login rmi permission to roles associated with custom login module (also in system-jazn-data.xml)
<grant>
 <grantee>
 <principals>
 <principal>
 <realm-name>jazn.com</realm-name>
 <type>role</type>
 <class>kr.security.principals.KRRolePrincipal</class>
 <name>Admin</name>
 </principal>
 </principals>
 </grantee>
 <permissions>
 <permission>
 <class>com.evermind.server.rmi.RMIPermission</class>
 <name>login</name>
 </permission>
 </permissions>
</grant>
<grant>
 <grantee>
 <principals>
 <principal>
 <realm-name>jazn.com</realm-name>
 <type>role</type>
 <class>kr.security.principals.KRRolePrincipal</class>
 <name>Member</name>
 </principal>
 </principals>
 </grantee>
 <permissions>
 <permission>
 <class>com.evermind.server.rmi.RMIPermission</class>
 <name>login</name>
 </permission>
 </permissions>
</grant>3) I've tried creating various oracle and j2ee deployment descriptors (even though ejb-jar.xml and orion-ejb-jar.xml get created automatically when running the session bean in jdev).
My ejb-jar.xml contains :-
<?xml version="1.0" encoding="utf-8"?>
<ejb-jar xmlns ....
<assembly-descriptor>
 <security-role>
 <role-name>sr_Admin</role-name>
 </security-role>
 <security-role>
 <role-name>sr_Member</role-name>
 </security-role>
</assembly-descriptor>
</ejb-jar>Note- i'm not specifying the enterprise-beans stuff, as JDev seems to populate this automatically.
My orion-ejb-jar.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-ejb-jar ...
<assembly-descriptor>
 <security-role-mapping name="sr_Admin">
 <group name="Admin"></group>
 </security-role-mapping>
 <security-role-mapping name="sr_Member">
 <group name="Member"></group>
 </security-role-mapping>
 <default-method-access>
 <security-role-mapping name="sr_Member" impliesAll="true">
 </security-role-mapping>
 </default-method-access>
</assembly-descriptor>My orion-application.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-application xmlns ...
<security-role-mapping name="sr_Admin">
 <group name="Admin"></group>
</security-role-mapping>
<security-role-mapping name="sr_Member">
 <group name="Member"></group>
</security-role-mapping>
<jazn provider="XML">
 <property name="role.mapping.dynamic" value="true"></property>
 <property name="custom.loginmodule.provider" value="true"></property>
</jazn>
<namespace-access>
 <read-access>
 <namespace-resource root="">
 <security-role-mapping name="sr_Admin">
 <group name="Admin"/>
 <group name="Member"/>
 </security-role-mapping>
 </namespace-resource>
 </read-access>
 <write-access>
 <namespace-resource root="">
 <security-role-mapping name="sr_Admin">
 <group name="Admin"/>
 <group name="Member"/>
 </security-role-mapping>
 </namespace-resource>
 </write-access>
</namespace-access>
</orion-application>My essentially auto-generated EJB 3 client does the following :-
 Hashtable env = new Hashtable();
 env.put(Context.SECURITY_PRINCIPAL, "matt.shannon");
 env.put(Context.SECURITY_CREDENTIALS, "welcome1");
 final Context context = new InitialContext(env);
 KRFacade kRFacade = (KRFacade)context.lookup("KRFacade");
...And throws the error
20/04/2007 00:55:37 oracle.j2ee.rmi.RMIMessages
EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
javax.naming.NoPermissionException: Not allowed to look
up KRFacade, check the namespace-access tag setting in
orion-application.xml for details
 at
com.evermind.server.rmi.RMIClientConnection.handleLookupRe
sponse(RMIClientConnection.java:819)
 at
com.evermind.server.rmi.RMIClientConnection.handleOrmiComm
andResponse(RMIClientConnection.java:283)
....I can see from the console that the user was successfully authenticated :-
20/04/2007 00:55:37 kr.security.KnowRushLoginModule validate
WARNING: [KnowRushLoginModule] User matt.shannon authenticated
And that user is granted both the Admin, and Member roles.
The test servlet using basic authentication correctly detects the user and roles perfectly...
public void doGet(HttpServletRequest request,
 HttpServletResponse response)
 throws ServletException, IOException
 LOGGER.log(Level.INFO,LOGPREFIX +"doGet called");
 response.setContentType(CONTENT_TYPE);
 PrintWriter out = response.getWriter();
 out.println("<html>");
 out.println("<head><title>ExampleServlet</title></head>");
 out.println("<body>");
 out.println("The servlet has received a GET. This is the reply.");
 out.println(" getRemoteUser = " + request.getRemoteUser());
 out.println(" getUserPrincipal = " + request.getUserPrincipal());
 out.println(" isUserInRole('sr_Admin') = "+request.isUserInRole("sr_Admin"));
 out.println(" isUserInRole('sr_Memeber') = "+request.isUserInRole("sr_Member"));Anyone got any ideas what could be going wrong?
cheers
Matt.
Message was edited by:
mshannon

Thanks for the response. I checked out your blog and tried your suggestions. I'm sure it works well in standalone OC4J, but i was still unable to get it to function correctly from JDeveloper embedded.
Did you ever get the code working directly from JDeveloper?
Your custom code essentially seems to be the equivalent of a grant within system-jazn-data.xml.
For example, the following grant to a custom jaas role (JAAS_ADMIN) that gets added by my custom login module gives them rmi login access :-
 <grant>
 <grantee>
 <principals>
 <principal>
 <realm-name>jazn.com</realm-name>
 <type>role</type>
 <class>kr.security.principals.KRRolePrincipal</class>
 <name>JAAS_Admin</name>
 </principal>
 </principals>
 </grantee>
 <permissions>
 <permission>
 <class>com.evermind.server.rmi.RMIPermission</class>
 <name>login</name>
 </permission>
 </permissions>
 </grant>If I add the following to orion-application.xml

<namespace-access>
 <read-access>
 <namespace-resource root="">
 <security-role-mapping>
 <group name="JAAS_Admin"></group>
 </security-role-mapping>
 </namespace-resource>
 </read-access>Running a standalone client against the embedded jdev oc4j server gives the namespace-access error.
I tried out your code by essentially creating a static reference to a singleton class that does the role lookup/provisioning with rmi login grant :-
From custom login module :-
private static KRSecurityHelper singleton = new KRSecurityHelper();
protected Principal[] m_Principals;
 Vector v = new Vector();
 v.add(singleton.getCustomRmiConnectRole());
 // set principals in LoginModule
 m_Principals=(Principal[]) v.toArray(new Principal[v.size()]);
Singleton class :-
package kr.security;
import com.evermind.server.rmi.RMIPermission;
import java.util.logging.Level;
import java.util.logging.Logger;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.policy.Grantee;
import oracle.security.jazn.realm.Realm;
import oracle.security.jazn.realm.RealmManager;
import oracle.security.jazn.realm.RealmRole;
import oracle.security.jazn.realm.RoleManager;
import oracle.security.jazn.policy.JAZNPolicy;
import oracle.security.jazn.JAZNException;
public class KRSecurityHelper
private static final Logger LOGGER = Logger.getLogger("kr.security");
private static final String LOGPREFIX = "[KRSecurityHelper] ";
public static String CUSTOM_RMI_CONNECT_ROLE = "remote_connect";
private RealmRole m_Role = null;
public KRSecurityHelper()
 LOGGER.log(Level.FINEST,LOGPREFIX +"calling JAZNConfig.getJAZNConfig");
 JAZNConfig jc = JAZNConfig.getJAZNConfig();
 LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getRealmManager");
 RealmManager realmMgr = jc.getRealmManager();
 try
 // Get the default realm .. e.g. jazn.com
 LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getGetDefaultRealm");
 Realm r = realmMgr.getRealm(jc.getDefaultRealm());
 LOGGER.log(Level.INFO,LOGPREFIX +"default realm: "+r.getName());
 // Access the role manager for the remote connection role
 LOGGER.log(Level.FINEST,
 LOGPREFIX +"calling default_realm.getRoleManager");
 RoleManager roleMgr = r.getRoleManager();
 LOGGER.log(Level.INFO,LOGPREFIX +"looking up custom role '"
 CUSTOM_RMI_CONNECT_ROLE "'");
 RealmRole rmiConnectRole = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
 if (rmiConnectRole == null)
 LOGGER.log(Level.INFO,LOGPREFIX +"role does not exist, create it...");
 rmiConnectRole = roleMgr.createRole(CUSTOM_RMI_CONNECT_ROLE);
 LOGGER.log(Level.FINEST,LOGPREFIX +"constructing new grantee");
 Grantee gtee = new Grantee(rmiConnectRole);
 LOGGER.log(Level.FINEST,LOGPREFIX +"constructing login rmi permission");
 RMIPermission login = new RMIPermission("login");
 LOGGER.log(Level.FINEST,
 LOGPREFIX +"constructing subject.propagation rmi permission");
 RMIPermission subjectprop = new RMIPermission("subject.propagation");
 // make policy changes
 LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getPolicy");
 JAZNPolicy policy = jc.getPolicy();
 if (policy != null)
 LOGGER.log(Level.INFO, LOGPREFIX
 + "add to policy grant for RMI 'login' permission to "
 + CUSTOM_RMI_CONNECT_ROLE);
 policy.grant(gtee, login);
 LOGGER.log(Level.INFO, LOGPREFIX
 + "add to policy grant for RMI 'subject.propagation' permission to "
 + CUSTOM_RMI_CONNECT_ROLE);
 policy.grant(gtee, subjectprop);
 // m_Role = rmiConnectRole;
 m_Role = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
 LOGGER.log(Level.INFO, LOGPREFIX
 + m_Role.getName() + ":" + m_Role.getFullName() + ":" + m_Role.getFullName());
 else
 LOGGER.log(Level.WARNING,LOGPREFIX +"Cannot find jazn policy!");
 else
 LOGGER.log(Level.INFO,LOGPREFIX +"custom role already exists");
 m_Role = rmiConnectRole;
 catch (JAZNException e)
 LOGGER.log(Level.WARNING,
 LOGPREFIX +"Cannot configure JAZN for remote connections");
public RealmRole getCustomRmiConnectRole()
 return m_Role;
}Using the code approach and switching application.xml across so that namespace access is for the group remote_connect, I get the following error from my bean :-
INFO: Login permission not granted for current-workspace-app (test.user)
Thus, the login permission that I'm adding through the custom remote_connect role does not seem to work. Even if it did, i'm pretty sure I would still get that namespace error.
This has been such a frustrating process. All the custom login module samples using embedded JDeveloper show simple j2ee servlet protection based on settings in web.xml.
There are no samples showing jdeveloper embedded oc4j using ejb with custom login modules.
Hopefully the oc4j jdev gurus like Frank can write a paper that demonstrates this.
Matt.

Custom Adaptor Module on Soap Receiver

Similar Messages

Maybe you are looking for