How to get security context in BPEL to get Logged in UserId

Hi All,
We have a requirement of getting security context in BPEL flow and from that we want to extract currentUserId. The requirement is to know who has initiated the composite flow. We are not passing userId in the event payload. In ADF we get the same through following expression:
ADFContext.getCurrent().getSecurityContext().getUserName()
Is there any similar api which we can access to get currentUserId?
Thanks,
Naga

Hi,
If your BPEL has oracle/wss_username_token_service_policy you can retrieve the username from the SOAP headers...
Have a look at this...
http://yuanmengblog.blogspot.com.au/2012/09/extracting-and-passing-wss-name-token.html
Cheers,
Vlad

Similar Messages

  • How to share security context between different application ?

    Hi all,
    I have two applications(ADF faces + BC, JDev 10.1.3.1) deployed into OAS 10.1.3.1.
    The two applications are :
    1) SalesApp -> main menu page = SalesMenu.jspx
    2) ReportApp -> main menu page = ReportMenu.jspx
    I want implement security using CustomLogin.
    The question is :
    How can I share security context between the applications ?
    What I mean is, from SalesMenu.jspx there is one menu item to jump into ReportMenu.jspx, and I want user no need to Login again, Login is once and the user is recognized in the two apps. How to achieve that ?
    Thank you for your help,
    xtanto

    Xtanto,
    actually you can't if these are separate J2EE application deployments. The session is not shared and thus the authentication is lost. I heard that OracleAs is planning to implement a feature that allows you to share the session and thus a context between two J2EE deployments. I am not 100 % sure this is the case and will check with OC4J Product Management
    Frank

  • How to pass security context in

    Hi,
    I am running BIP reports (Enterprise Edition) against application that requires a VPD context to be set up. How do I do this - is there anything like a LOGIN TRIGGER in BIP. I know that I can use a beforeReport trigger - however, I have a set of parameters whose LOV is based on this context, and they seem to display before the beforeReport trigger gets fired.
    The context is set up as follows:
    v_ssouser := SYS_CONTEXT('USERENV','CLIENT_IDENTIFIER');
    vpd.set_user (v_ssouser);
    Thanks
    Phil

    Hi,
    you can call a function that's defined in a package, when you use datatemplates.
    Look at the BI Documentation and
    Data Template - PLS-00302: component 'P_PARAMETER' must be declared
    Chris

  • How to insert security headers thru BPEL Process

    I am new to BPEL process creation and stuff, but I need to complete a task in which I need
    1.Create a BPEL process which accepts Username and password and set it into the soap request header as follows;
    <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
    ty-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-24438666"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
    y-utility-1.0.xsd">
    <wsse:Username>Username </wsse:Username>
    <wsse:Password
    Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
    -profile-1.0#PasswordDigest">password </wsse:Password>
    <wsse:Nonce>syVMUbFNvaQAfQaDpVDolA==</wsse:Nonce>
    <wsu:Created>2009-03-25T22:55:51Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>
    Can you please let me know what all steps I need follow in order to introduce the soap:header with wsse :security header settings. I am using 10.1.2.
    I tried to do it by importing a schema wsse.xsd into my WSDL file. and in bpel.xml I set the properties as follows,
    <property name="wsdlLocation">AccruentService.wsdl</property>
    <property name="wsseUsername">username</property>
    <property name="wssePassword">password</property>
    <property name="wsseHeaders">credentials</property>
    but does not put in the required header.
    I dont know if I need to do anything else, Please help.

    Hi,
    Thanks for the quick reply.
    I tried doing he same as mentioned in the link that u provided, but I got struck at this;
    I did not understand why we are doing this;
    <bpelx:insertAfter>
    <bpelx:from variable="pswd" query="/wsse:Password"/>
    <bpelx:to variable="userNameToken" query="/wsse:UsernameToken/wsse:Username"/>
    </bpelx:insertAfter>
    <bpelx:append>
    <bpelx:from variable="userNameToken" query="/wsse:UsernameToken"/>
    <bpelx:to variable="securityContext" query="/wsse:Security"/>
    </bpelx:append>
    after doing this and deploying, my request when tested thru SOAPUI looks like this with not security headers
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:add="http://schemas.xmlsoap.org/ws/2003/03/addressing" xmlns:acc="http://www.accruent.com/">
    <soapenv:Header>
    <add:MessageID>?</add:MessageID>
    <add:ReplyTo>
    <add:Address>?</add:Address>
    <!--Optional:-->
    <add:ReferenceProperties>
    <!--You may enter ANY elements at this point-->
    </add:ReferenceProperties>
    <!--Optional:-->
    <add:PortType>?</add:PortType>
    <!--Optional:-->
    <add:ServiceName PortName="?">?</add:ServiceName>
    <!--You may enter ANY elements at this point-->
    </add:ReplyTo>
    </soapenv:Header>
    <soapenv:Body>
    ....I just removed so that it is short
    </soapenv:Body>
    </soapenv:Envelope>
    the service which I am invoking should

  • Get SECURITY FAILURE message when trying to log into everthing

    We just got DSL and are able to browse the internet, but evertime we try to login into any account, (ebay, hotmail, myspace, etc) that require a username and password, we get the security failure (it also says something about encryption) message that pops up onto the screen. We have tried using Internet Explorer and Firefox with no luck. Cookies does not seem to be the problem.

    I am getting this message too. It is not limited to Firefox, I am getting the same message (sometimes the box and wording is a little different) in Safari and even Opera. My elderly mother called me from the the other side of California confused about what to do and how to access her emails. I know that it is not my computer, I have five with different operating systems and browsers. The last time I called Verizon tech support they ran me around in circles for almost two hours and after I spent the next week complaining to anyone that I could find in customer relations they finally called me back and said they had a problem with their server and it was not my fault after all. The official response to me was "We are sorry you had that problem, we will look into it." I would not be surprised that the solution that Verizon comes up to fix this problem is to install (buy) their "security suite" and this problem will be magically  fixed.

  • How does Tree Finder creates the BPEL flow tree - using ORABPEL schema

    I want to understand how does Tree Finder option on BPEL console gets the BPEL flow tree displayed ? How does the references to further BPEL processe instances get stored w.r.t the current BPEL process instance ? Which tables in ORABPEL schema are involved or store such references ?
    Basically, I wish to get a similar tree given a BPEL instance id in my code. Pls help.
    Analysis Done:
    if I see the audit trail of the BPEl instance, it gives me an XML with multiple nodes having wikey and partnerWSDL elements. Does this partnerWSDL holds the key here ?
    wikey="10011-BpInv0-BpSeq0.3-2"
    wikey=<cikey>-<node_id>-<scope_id> [orabpel.WORK_ITEM]
    Thanks.

    Is it based on root_id/parent_id column in orabpel.CUBE_INSTANCE ?

  • How can you securely erase my eMacs HDD without the use of a disk drive?

    I want to get rid of my eMac, it runs fine and would be a waste if I just threw it out, but the disk drive doesn't work, how can I securely delete the HDD to get all personal info off of it so I could either sell it or give it away while still working? I also, surprisingly after nearly 15 years, have misplaced the original startup discs.

    Well, you didn't state that in your original post. Sorry for the misunderstanding. Here's an option for you:
    Open Accounts preferences and click on the lock icon to authenticate. Create a new user account by clicking on the Add [-] button. Be sure to configure this account with Administrator status. Log out of your account and log into the new account. Now delete your account. Be sure to select the last option that completely removes your account. If there is a sub-option to Securely Erase then select that option. If not then see Mac OS X 10.4 Help: Removing files from your computer. Note the option for securely erasing free space. It's time consuming but will assure none of your files can be accessed. If you aren't concerned about your data's security then you can skip any options to securely erase free space.

  • Getting Initial context

    Here is some debug output from a simple test I run against a WL6.1
    Server. Notice the 35 secs. it takes to get Initial Context.
    -- Initializing bean access.
    -- Succeeded getting naming context.
    -- Execution time: 35047 ms.
    -- Succeeded looking up jndi name.
    -- Execution time: 453 ms.
    -- Succeeded casting Home interface.
    -- Execution time: 94 ms.
    Second time I run the test from the same machine I get this.
    -- Initializing bean access.
    -- Succeeded getting naming context.
    -- Execution time: 1907 ms.
    -- Succeeded looking up jndi name.
    -- Execution time: 312 ms.
    -- Succeeded casting Home interface.
    -- Execution time: 31 ms.
    The pattern is consistent. First attempt to get the Initial Context
    from any of my client boxes will take about 30 secs more than any
    consecutive attempts.
    Here is the code for getting the Context:
    long startTime = 0;
    if (logging) {
         log("Initializing bean access.");
         startTime = System.currentTimeMillis();
    try {
         //get naming context
         Context ctx = getInitialContext();
         if (logging) {
              long endTime = System.currentTimeMillis();
              log("Succeeded getting naming context.");
              log("Execution time: " + (endTime - startTime) + " ms.");
              startTime =endTime;
         //look up jndi name
         Object ref = ctx.lookup("DynamicPool");
         if (logging) {
              long endTime = System.currentTimeMillis();
              log("Succeeded looking up jndi name.");
              log("Execution time: " + (endTime - startTime) + " ms.");
              startTime =endTime;
         //cast to Home interface
         dynamicPoolHome = (DynamicPoolHome) PortableRemoteObject.narrow(ref,
    DynamicPoolHome.class);
         if (logging) {
              long endTime = System.currentTimeMillis();
              log("Succeeded casting Home interface.");
              log("Execution time: " + (endTime - startTime) + " ms.");
    catch(Exception e) {
         if (logging) {
              log("Failed initializing bean access.");
         e.printStackTrace();
    Am I missing something here ?
    Regards,
    Klaus

    My first guess would be a DNS problem.
    Also, creating an InitialContext loads a fair amount of classes. If you're
    loading them over the network, that could also account for the slow-down.
    -- Rob
    Klaus Preisler wrote:
    Here is some debug output from a simple test I run against a WL6.1
    Server. Notice the 35 secs. it takes to get Initial Context.
    -- Initializing bean access.
    -- Succeeded getting naming context.
    -- Execution time: 35047 ms.
    -- Succeeded looking up jndi name.
    -- Execution time: 453 ms.
    -- Succeeded casting Home interface.
    -- Execution time: 94 ms.
    Second time I run the test from the same machine I get this.
    -- Initializing bean access.
    -- Succeeded getting naming context.
    -- Execution time: 1907 ms.
    -- Succeeded looking up jndi name.
    -- Execution time: 312 ms.
    -- Succeeded casting Home interface.
    -- Execution time: 31 ms.
    The pattern is consistent. First attempt to get the Initial Context
    from any of my client boxes will take about 30 secs more than any
    consecutive attempts.
    Here is the code for getting the Context:
    long startTime = 0;
    if (logging) {
    log("Initializing bean access.");
    startTime = System.currentTimeMillis();
    try {
    //get naming context
    Context ctx = getInitialContext();
    if (logging) {
    long endTime = System.currentTimeMillis();
    log("Succeeded getting naming context.");
    log("Execution time: " + (endTime - startTime) + " ms.");
    startTime =endTime;
    //look up jndi name
    Object ref = ctx.lookup("DynamicPool");
    if (logging) {
    long endTime = System.currentTimeMillis();
    log("Succeeded looking up jndi name.");
    log("Execution time: " + (endTime - startTime) + " ms.");
    startTime =endTime;
    //cast to Home interface
    dynamicPoolHome = (DynamicPoolHome) PortableRemoteObject.narrow(ref,
    DynamicPoolHome.class);
    if (logging) {
    long endTime = System.currentTimeMillis();
    log("Succeeded casting Home interface.");
    log("Execution time: " + (endTime - startTime) + " ms.");
    catch(Exception e) {
    if (logging) {
    log("Failed initializing bean access.");
    e.printStackTrace();
    Am I missing something here ?
    Regards,
    Klaus

  • How to get the context data using java script in interactive forms

    Hi All,
    How to get the context data using java script in interactive forms by adobe,  am using web dynpro java
    thanks.

    Hi venkat,
    Please Refer this link.
      Populating one Drop-Down list from the selection of another Drop-down list
    Thanks,
    Raju.

  • HT5622 Will I have to awnser my security questions every time I get an app? And if so how do I get rid of them?

    Will I have to awnser my security questions every time I get an app? And if so how do I get rid of them?

    If you forgot them:
    From a Kappy  post
    The Three Best Alternatives for Security Questions and Rescue Mail
       1. Use Apple's Express Lane.
    Go to https://expresslane.apple.com ; click 'See all products and services' at the
    bottom of the page. In the next page click 'More Products and Services, then
    'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
    ID security questions' and click 'Continue'. Please be patient waiting for the return
    phone call. It will come in time depending on how heavily the servers are being hit.
    2.  Call Apple Support in your country: Customer Service: Contact Apple support.
    3.  Rescue email address and how to reset Apple ID security questions.
    A substitute for using the security questions is to use 2-step verification:
    Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

  • I forgot the answers to the security questions. When I get the screen with security questions to be answered, the email adress where the reset procedure is sent to is wrong. How do I change it?

    I forgot the answers to the security questions. When I get the screen to answer them, the email address listed to send the email procedure is wrong. How do i change this email address?

    Alternatives for Help Resetting Security Questions and/or Rescue Mail
         1. If you have a valid rescue email address, then use this procedure:
             Rescue email address and how to reset Apple ID security questions.
         2. Fill out and submit this form. Select the topic, Account Security. You must
             have a Rescue Email to use this option.
         3. This is the only option if you do not already have a valid Rescue Email.
             These are telephone numbers for contacting Apple Support in your country.
             Apple ID- Contacting Apple for help with Apple ID account security. Select
             the appropriate country and call. Ask to speak to the Account Security Team.
    Note: If you have already forgotten your security questions, then you cannot
             set up a rescue email address in order to reset them. You must set up
             the rescue email address beforehand.
    Your Apple ID: Manage My Apple ID.
                             Apple ID- All about Apple ID security questions.

  • How can I get security updates without dealing with Firefox 4 update reminders?

    I tried Firefox 4 for awhile, hated it and reloaded 3.6. I keep getting reminders to update to 4 which are bothersome. I have disabled reminders, but how can I continue to get security updates without upgrading to 4?

    Install Secunia's free Personal Software Inspector: http://secunia.com/vulnerability_scanning/personal
    You also need to update Flash a.s.a.p. The version you're running right now is a security risk. See http://www.adobe.com/support/security/advisories/apsa11-02.html
    Update via http://get.adobe.com/flashplayer/
    Also, update Firefox to 3.6.17 because there was a security breach at Comodo which is an SSL certificate provider recently whereby a number of fraudulent certificates were inadvertently issued. These allow a hacker to impersonate any site including online banking and the Firefox version you're running at the moment will not warn you that the site is a fake. The fraudulent certificates were blacklisted in v3.6.17 and beyond.
    See http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/

  • How to create a client get security token in STS ?

    Dear all,
    How to create a client get security token in STS(security token service supported by Netweaver7.3) ?
    Thanks.

    Hi Sagarika,
    use scc4 for creating a new client
    and login to the new client that u created using sap* and pass as password
    use sccl over there to do a local client copy
    sccl for copying local client
    scc9 for remote client copy
    Merlin

  • When and how does the message context get removed from the message when we use pass thru send port

    Friends,
    i have a doubt regarding message context.
    Assume i have used XMLRecieve pipeline in the receive side to receive the message so that the message context is created. I.e properties are promoted/written.
    now if we use pass thru transmit pipe line at send side, how and when does the message context get removed from the message?? Since pass thru does not have any stages/components, how does the message context removed and sent out a pure message to destination???
     i mean what exactly happens here to remove the context??
    Ravindar

    Thanks for the reply.
    "The Context is created by the Adapter, regardless of any Pipeline or Pipeline Component.  It has nothing to do with PassThrough vs. XmlReceive, although XmlReceive will write Promoted Properties to the existing Context,
    as can any other Component."
    yeah yeah, adapter does create some properties in context. You are right, i am aware of it. I just missed to explain it clearly. what i meant is addition of context properties will not happen if pass thru used. Thanks its clear.
    "No.  The Context already exists on the Message when it comes from the MessageBox and
    is equally available to any Component in any Stage.  The Context that hits the Pipeline is whatever was last Persisted, either by a Receive Port or Orchestration.  It is not created by the XmlAssembler (XmlTransmit)"
    You are right , the context already exists on the message while it leaves the receive port, and once it persists
    to message box the context and message context gets stored in messages in relative tables.
    Now as you said the components get the message from the last persistence, assume i have a send port(with passthru)
    subscriber and a orchestration subsrciber for this message.
    Orchestration gets the message with context right!!
    if the send sendport(with passthru) also gets message along with context, then where is this context removed/demoted
    while sending it out?.  i guess as per SAAkhlaq said,
    here sendport(with passthru) should get a pure message without context as passthru used. 
    or is it that ultimately send adapter removes the context completely?
    or is it something like biztalk run time load the context from database into cache and both orchestration and send port gets pure message, and if needed they use context from cache???
    sorry i may be troubling you, but i am confused. i hope i am not creating any nuisance with this
    post.
    Ravindar

  • How to pass the security context between different OC4J servers

    My problem is the following: it seems that there is no standard J2EE solution in a production environment with more than one J2EE application server products to pass the security context between different J2EE application servers.
    I have a distributed application on two different OC4J servers, let's say that we have the web layer (with servlets) deployed on a server instance Server1 and the EJBs deployed on a second OC4J server Server2. If an user is authenticated at the web tier (in Server1) it gets a Principal object. It seems that the same Principal object cannot be used for authorization in the second application server, Server2. This means that in the server Server2 the authentication should be done again. It means that it should be duplicated the mechanism for authentication on Server2 (together with the passwords, users, and so on), thing that is a clear disadvantage of this approach.
    Do you know if there is a specific OC4J solution for this approach?
    Thank you,
    Marinel

    I have a simmilar issue? Did you succeeded to find a solution?

Maybe you are looking for