ALSB 261 Security
Hi,
I'm wanting to grant someone the integration operator role so they can review the configuration of the services on the bus but they also need to be able to use the debug tool. Can this security combination be done i.e. so they can't make config changes but can debug services in the test console.
Regards,
Dave
Hi,
I'm wanting to grant someone the integration operator role so they can review the configuration of the services on the bus but they also need to be able to use the debug tool. Can this security combination be done i.e. so they can't make config changes but can debug services in the test console.
Regards,
Dave
Similar Messages
-
OSB - ALSB / WLST / Security / add entry with WLST in Access Control
Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain')Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain') -
Error using the test console of the Oracle Service Bus 11gR1
Hi I am facing a an issue while using the test console of the Oracle Service Bus 11gR1 .
Every time I try to execute a business service or a proxy service I end up getting the following message.
Error Accessing Test Configuration
*"Test Console" service is not running. Contact administrator to start this service.*
In fact to add to my frustration I am unable to execute any of my proxy services from outside clients like SOAPUI as well.
Is anyone else facing this too ??
Also every time the server starts I can see some diagnostic error messages on my Eclipse console.
*[ERROR] AdapterManager - ServletContainerAdapter manager not initialized correctly.*
Attached the whole log at the end below.
To provide an update on my trouble shooting
1. ) I tried to give the IntegrationAdmin and IntegrationDeployer roles to my admin user. in fact i also tried to give it all the possible privileges.
Result: Still the same error message.
Error Accessing Test Configuration
"Test Console" service is not running. Contact administrator to start this service.
2.) I have already tried to change the following entry <java:alsb-test-console-debug>true</java:alsb-test-console-debug> in my C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\alsbdebug.xml
I am also attaching the file contents here
<java:sb-debug-logger xmlns:java="java:com.bea.wli.debug">
<java:alsb-stages-transform-runtime-debug>false</java:alsb-stages-transform-runtime-debug>
<java:alsb-alert-manager-debug>false</java:alsb-alert-manager-debug>
<java:alsb-credential-debug>false</java:alsb-credential-debug>
<java:alsb-jms-reporting-provider-debug>false</java:alsb-jms-reporting-provider-debug>
<java:alsb-management-credential-debug>false</java:alsb-management-credential-debug>
<java:alsb-management-dashboard-debug>false</java:alsb-management-dashboard-debug>
<java:alsb-management-debug>false</java:alsb-management-debug>
<java:alsb-management-user-mgt-debug>false</java:alsb-management-user-mgt-debug>
<java:alsb-module-debug>false</java:alsb-module-debug>
<java:alsb-monitoring-aggregator-debug>false</java:alsb-monitoring-aggregator-debug>
<java:alsb-monitoring-debug>false</java:alsb-monitoring-debug>
<java:alsb-pipeline-debug>false</java:alsb-pipeline-debug>
<java:alsb-security-wss-debug>false</java:alsb-security-wss-debug>
<java:alsb-service-account-manager-debug>false</java:alsb-service-account-manager-debug>
<java:alsb-service-provider-manager-debug>false</java:alsb-service-provider-manager-debug>
<java:alsb-service-repository-debug>false</java:alsb-service-repository-debug>
<java:alsb-service-security-manager-debug>false</java:alsb-service-security-manager-debug>
<java:alsb-service-validation-debug>false</java:alsb-service-validation-debug>
<java:alsb-test-console-debug>true</java:alsb-test-console-debug>
<java:alsb-transports-debug>false</java:alsb-transports-debug>
<java:alsb-uddi-debug>false</java:alsb-uddi-debug>
<java:alsb-wsdl-repository-debug>false</java:alsb-wsdl-repository-debug>
<java:alsb-wspolicy-repository-debug>false</java:alsb-wspolicy-repository-debug>
<java:alsb-security-encryption-debug>false</java:alsb-security-encryption-debug>
<java:alsb-security-module-debug>false</java:alsb-security-module-debug>
<java:alsb-sources-debug>false</java:alsb-sources-debug>
<java:alsb-custom-resource-debug>false</java:alsb-custom-resource-debug>
<java:alsb-mqconnection-debug>false</java:alsb-mqconnection-debug>
<java:alsb-throttling-debug>false</java:alsb-throttling-debug>
<java:alsb-flow-resource-debug>false</java:alsb-flow-resource-debug>
<java:alsb-flow-transport-debug>false</java:alsb-flow-transport-debug>
<java:alsb-flow-deployment-debug>false</java:alsb-flow-deployment-debug>
<java:alsb-debugger-debug>false</java:alsb-debugger-debug>
<java:alsb-console-debug>false</java:alsb-console-debug>
<java:alsb-result-caching-debug>false</java:alsb-result-caching-debug>
<java:alsb-bpel-debug>false</java:alsb-bpel-debug>
<java:alsb-jca-framework-adapter-debug>false</java:alsb-jca-framework-adapter-debug>
</java:sb-debug-logger>
starting weblogic with Java version:
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode)
Starting WLS with line:
C:\Oracle\MIDDLE~1\home11g\JDK160~1\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=AdminServer -Djava.security.policy=C:\Oracle\MIDDLE~1\home11g\WLSERV~1.3\server\lib\weblogic.policy -Xverify:none -da -Dplatform.home=C:\Oracle\MIDDLE~1\home11g\WLSERV~1.3 -Dwls.home=C:\Oracle\MIDDLE~1\home11g\WLSERV~1.3\server -Dweblogic.home=C:\Oracle\MIDDLE~1\home11g\WLSERV~1.3\server -Ddomain.home=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1 -Dcommon.components.home=C:\Oracle\MIDDLE~1\home11g\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Djrockit.optfile=C:\Oracle\MIDDLE~1\home11g\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.domain.config.dir=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\FMWCON~1 -Doracle.server.config.dir=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\FMWCON~1\servers\AdminServer -Doracle.security.jps.config=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\fmwconfig\jps-config.xml -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Digf.arisidbeans.carmlloc=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\Oracle\MIDDLE~1\home11g\USER_P~1\domains\OSB_DO~1\config\FMWCON~1\arisidprovider -Dweblogic.alternateTypesDirectory=C:\Oracle\MIDDLE~1\home11g\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\home11g\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Dweblogic.jdbc.remoteEnabled=false -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\home11g\patch_wls1033\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\home11g\patch_oepe1033\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\home11g\patch_ocp353\profiles\default\sysext_manifest_classpath weblogic.Server
<30-Jun-2010 16:22:43 o'clock BST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 16.0-b13 from Sun Microsystems Inc.>
<30-Jun-2010 16:22:47 o'clock BST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.3.0 Fri Apr 9 00:05:28 PDT 2010 1321401 >
<30-Jun-2010 16:22:48 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<30-Jun-2010 16:22:48 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<30-Jun-2010 16:22:49 o'clock BST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\AdminServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<30-Jun-2010 16:22:49 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\AdminServer.log00005. Log messages will continue to be logged in C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\AdminServer.log.>
<30-Jun-2010 16:22:49 o'clock BST> <Notice> <Log Management> <BEA-170019> <The server log file C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\AdminServer.log is opened. All server side log events will be written to this file.>
<30-Jun-2010 16:22:56 o'clock BST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<30-Jun-2010 16:22:58 o'clock BST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<30-Jun-2010 16:22:58 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\access.log00005. Log messages will continue to be logged in C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\access.log.>
<30-Jun-2010 16:23:06 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<30-Jun-2010 16:23:06 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<30-Jun-2010 16:23:59 o'clock BST> <Warning> <JDBC> <BEA-001110> <No test table set up for pool "wlsbjmsrpDataSource". Connections will not be tested.>
<30-Jun-2010 16:23:59 o'clock BST> <Warning> <JDBC> <BEA-001552> <The Logging Last Resource (LLR) data source wlsbjmsrpDataSource will not function when it is a participant in a global transaction that spans multiple WebLogic Server instances because remote JDBC support is disabled. LLR will function in single-server configurations.>
<30-Jun-2010 16:25:35 o'clock BST> <Alert> <OSB Security> <BEA-387068> <There is no PKI credential mapper provider configured in your security realm. Service key provider management will be disabled. Configure a PKI credential mapper provider if you need service provider support. This is typically the case if you have Oracle Service Bus proxy services with web service security enabled or outbound 2-way SSL connections.>
<30-Jun-2010 16:25:40 o'clock BST> <Warning> <WliSbTransports> <BEA-381917> <MQ Transport could not be registered due to : Missing MQ Library>
[ERROR] AdapterManager - ServletContainerAdapter manager not initialized correctly.
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\OSB_domain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\OSB_domain.log00005. Log messages will continue to be logged in C:\Oracle\Middleware\home11g\user_projects\domains\OSB_domain\servers\AdminServer\logs\OSB_domain.log.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7001 for protocols iiop, t3, ldap, snmp, http.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.128.2.170:7001 for protocols iiop, t3, ldap, snmp, http.>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "AdminServer" for domain "OSB_domain" running in Development Mode>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<30-Jun-2010 16:26:11 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
This is really putting me off and its really disappointing to see all these issues in this new release.
How can oracle let a release slip in with such a Major Issue.
Please can any one help or provide a work around atleast.
Regards
NitinI guess till version 10gr3.1 you only needed to start one server and it allowed to access both admin and service bus console.Yes, in 11g as well you may access the admin and OSB console by just starting the admin server but in 11g OSB configuration gets deployed on OSB server (managed server) and test service also runs over this server.
Are you saying there is some other server I need to start just for running the test console ????Yes. Managed server osb_server1 needs to be started for deploying, testing and accessing OSB resources.
As If the OSB server was not running how can I check my published services, modify them and do all the bits and pieces after opening the open the service bus console but not just test them???You can modify and save your configuration without staring OSB server but if you will check in change centre then all the changes being done without starting OSB server will remain in partially activated state.
I have been using the service bus for 3 years and I have never faced any such issue.With each new release you may get new features and with a major release like 11g, architecture and functionality may change.
If it all there is some other server I need to start then whats the process to do so ??Open command prompt. Navigate to $Domain_Home/bin and run command
startManagedWeblogic.cmd <nameOfManagedServer>
for eg. -
D:\OFMW11g\mw\user_projects\domains\ofmw_domain\bin>startManagedWebLogic.cmd osb_server1
Once this server is up and running, try using test console.
Regards,
Anuj -
Logging SQL parameters in Database Adapter??
Hi there!!
We'd like to be able to log all the parameters that are used in a SQL operation in Database Adapters. So far, we've been able to log the query with '?' instead of the real parameters. For example: select t.* from tsupcontact t WHERE t.idsupplier = ? AND t.idproject IS NULL AND (t.iduser = ? OR ? IS NULL)
But we need to be able to see the actual parameters that are passed to the query (we're having some trouble with the database adapters and we need to see what's really going on the database).
Any ideas? Thanks in advance!!You need to edit the the aslbdebug.xml file in ./user_projects/domains/<your domain>. Then go into the weblogic console and change the levels to debug. You will get lots of debugging. Below are the settings in my file.
<java:sb-debug-logger xmlns:java="java:com.bea.wli.debug">
<java:alsb-stages-transform-runtime-debug>true</java:alsb-stages-transform-runtime-debug>
<java:alsb-alert-manager-debug>false</java:alsb-alert-manager-debug>
<java:alsb-credential-debug>false</java:alsb-credential-debug>
<java:alsb-jms-reporting-provider-debug>false</java:alsb-jms-reporting-provider-debug>
<java:alsb-management-credential-debug>false</java:alsb-management-credential-debug>
<java:alsb-management-dashboard-debug>false</java:alsb-management-dashboard-debug>
<java:alsb-management-debug>false</java:alsb-management-debug>
<java:alsb-management-user-mgt-debug>false</java:alsb-management-user-mgt-debug>
<java:alsb-module-debug>true</java:alsb-module-debug>
<java:alsb-monitoring-aggregator-debug>false</java:alsb-monitoring-aggregator-debug>
<java:alsb-monitoring-debug>false</java:alsb-monitoring-debug>
<java:alsb-pipeline-debug>true</java:alsb-pipeline-debug>
<java:alsb-security-wss-debug>false</java:alsb-security-wss-debug>
<java:alsb-service-account-manager-debug>false</java:alsb-service-account-manager-debug>
<java:alsb-service-provider-manager-debug>false</java:alsb-service-provider-manager-debug>
<java:alsb-service-repository-debug>false</java:alsb-service-repository-debug>
<java:alsb-service-security-manager-debug>false</java:alsb-service-security-manager-debug>
<java:alsb-service-validation-debug>false</java:alsb-service-validation-debug>
<java:alsb-test-console-debug>true</java:alsb-test-console-debug>
<java:alsb-transports-debug>true</java:alsb-transports-debug>
<java:alsb-uddi-debug>true</java:alsb-uddi-debug>
<java:alsb-wsdl-repository-debug>false</java:alsb-wsdl-repository-debug>
<java:alsb-wspolicy-repository-debug>false</java:alsb-wspolicy-repository-debug>
<java:alsb-security-encryption-debug>false</java:alsb-security-encryption-debug>
<java:alsb-security-module-debug>false</java:alsb-security-module-debug>
<java:alsb-sources-debug>false</java:alsb-sources-debug>
<java:alsb-custom-resource-debug>true</java:alsb-custom-resource-debug>
<java:alsb-mqconnection-debug>false</java:alsb-mqconnection-debug>
<java:alsb-throttling-debug>false</java:alsb-throttling-debug>
<java:alsb-flow-resource-debug>false</java:alsb-flow-resource-debug>
<java:alsb-flow-transport-debug>false</java:alsb-flow-transport-debug>
<java:alsb-flow-deployment-debug>false</java:alsb-flow-deployment-debug>
<java:alsb-debugger-debug>true</java:alsb-debugger-debug>
</java:sb-debug-logger> -
Use Sign.xml and Encrypt.xml for both request AND response within WSDL?
Hi,
ALSB: 2.6
I was wandering if it's possible to use abstract outof the box WS-Policy file within WSDL file to specify encryption
(Encrypt.xml) and digital signature(Sign.xml) with X509 for both request and response???
So far, it only works for either request or response BUT not both. i.e. within WSDL file
<!-- following WSDL works for encrypting and signing request with X509 in test console -->.....
<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<wsdl:operation name="Message">
<soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
<wsdl:input>
<!-- WS-Policy file applied here -->
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
Or
<!-- following WSDL works for encrypting and signing response with X509 in test console -->
<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<wsdl:operation name="Message">
<soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<!-- WS-Policy file applied here -->
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
But not both
<!-- following WSDL doesn't work for encrypting and signing both response and request with X509 in test console -->
<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<wsdl:operation name="Message">
<soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
<wsdl:input>
<!-- WS-Policy file applied here -->
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</wsdl:input>
<wsdl:output>
<!-- WS-Policy file applied here -->
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
<wsp:PolicyReference URI="policy:Encrypt.xml"/>
</wsp:Policy>
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
... Instead, I got error message like
<15/01/2008 10:15:04 AM NZDT> <Error> <ALSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: Fault
, message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fdb, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: Message]
--- Error message:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode>
<faultstring>Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</faultstring></soapenv:Fa
ult></soapenv:Body></soapenv:Envelope>
weblogic.xml.crypto.wss.WSSecurityException: Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
X509v3
at weblogic.xml.crypto.wss.SecurityBuilderImpl.addEncryption(SecurityBuilderImpl.java:308)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processConfidentiality(SecurityPolicyDriver.java:280)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:75)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:86)
Truncated. see log file for complete stacktrace
>
<15/01/2008 10:15:24 AM NZDT> <Error> <com.bea.weblogic.kernel> <000000> <Failed to build CertPath
java.security.cert.CertPathBuilderException: [Security:090603]The certificate chain is invalid because it could not be completed. The trusted CAs did not inclu
de CN=x509,OU=x509,O=x509,L=Wellington,ST=Wellington,C=NZ.
at weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:669)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
at com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
Truncated. see log file for complete stacktrace
>
<15/01/2008 10:15:24 AM NZDT> <Error> <ALSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault,
message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fd8, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: null]
--- Error message:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault xmlns:wsse="http://docs.oasis-open.or
g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurityToken</faultcode><faultstring>Security token failed to validate. weblo
gic.xml.crypto.wss.SecurityTokenValidateResult@3c5347b[status: false][msg [
Version: V1
Subject: CN=x509, OU=x509, O=x509, L=Wellington, ST=Wellington, C=NZ
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 13052787793731294943682394984664645854838424340012907077330623....
The 'System Error Handler' from 'Invocation Trace' in ALSB test console is something like
[pre]
$fault:
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
<con:reason>
A web service security fault
occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Failed
to get token for tokenType:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3]
</con:reason>
<con:details>
<err:WebServiceSecurityFault
xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
soapenv:Server
</err:faultcode>
<err:faultstring>
Failed to get token for tokenType:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>
So is this a feature not supported in ALSB 2.6 yet or am I missing something dead simple?
Thanks in advance
SamInstead of specifying policies for input and output separately you could place the policy reference only once in the operation element. Maybe will this solve your problem...
http://e-docs.bea.com/alsb/docs26/security/ws_policy.html#wp1061166 -
Proxy Service giving "Cannot Compute Effective WSDL for: Proxy Service"
Hi,
After updating the wsdl and schema, our proxy service is complaining with error : "Cannot Compute Effective WSDL for: Proxy Service " <ProxyService_Location_Name> when I launch a test console or access the Proxy Endpoint on IE.
Proxy and Business Services are pointing to the same WSDL. From Business Service, I am able to launch the test console. . Before updating the wsdl and schema, it was working fine. We tried to check in JDeveloper to see whether there are any issues with WSDL or Schema, but they are working fine.
Security Settings on Proxy Service are : Basic Authentication, User-Name Token Policy and also applied Transport Access Control. Security worked fine earlier before update.
From log file :
Root cause of ServletException.
java.io.IOException: Can not compute effective WSDL for : ProxyService ********
at com.bea.wli.sb.transports.http.ResourceRequestProcessor.securedInvoke(ResourceRequestProcessor.java:93)
at com.bea.wli.sb.transports.http.ResourceRequestProcessor.process(ResourceRequestProcessor.java:65)
at com.bea.wli.sb.transports.http.generic.RequestHelperBase.handleMetadataRequest(RequestHelperBase.java:181)
at com.bea.wli.sb.transports.http.generic.RequestHelperBase.service(RequestHelperBase.java:83)
at com.bea.wli.sb.transports.http.wls.HttpTransportServlet.service(HttpTransportServlet.java:127)
at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
Any suggestions/ideas on why this error is happening is much appreciated.
Thanks,
SrithiThere must be definitely some issue in the Policy Configuration, due to which it is not able to Compute Effective WSDL.
Can you please do the following and capture the logs:
- set the transports debug flag to true in the alsbdebug.xml in your domain directory :
<java:alsb-transports-debug>true</java:alsb-transports-debug>
<java:alsb-service-security-manager-debug>true</java:alsb-service-security-manager-debug>
<java:alsb-service-validation-debug>true</java:alsb-service-validation-debug>
<java:alsb-wspolicy-repository-debug>true</java:alsb-wspolicy-repository-debug>
- set the WLS log level to debug
- Then restart the servers
This should give some additional details on the specific error.
It is considered good etiquette to reward answerers with points (as "helpful" - 5 pts - or "correct" - 10pts).
https://forums.oracle.com/forums/ann.jspa?annID=893 -
Bug: export WSDL for proxy service
done under workshop 10.3, rightclick on proxy, then osb/export wsdl contains the wrong location (in my case port 7001 instead of 8001)
done with service bus web console the location is alright.
please report and fix this.
anyway does it belong to here or the workshop or soa forum? I feel free to xpost.
the whole export is annoying because it goes to a zip. why would i want to zip a single wsdl file.
thanks you for you attention,
BarossaThere must be definitely some issue in the Policy Configuration, due to which it is not able to Compute Effective WSDL.
Can you please do the following and capture the logs:
- set the transports debug flag to true in the alsbdebug.xml in your domain directory :
<java:alsb-transports-debug>true</java:alsb-transports-debug>
<java:alsb-service-security-manager-debug>true</java:alsb-service-security-manager-debug>
<java:alsb-service-validation-debug>true</java:alsb-service-validation-debug>
<java:alsb-wspolicy-repository-debug>true</java:alsb-wspolicy-repository-debug>
- set the WLS log level to debug
- Then restart the servers
This should give some additional details on the specific error.
It is considered good etiquette to reward answerers with points (as "helpful" - 5 pts - or "correct" - 10pts).
https://forums.oracle.com/forums/ann.jspa?annID=893 -
USPS XML City/ZIP Request and Response
Curious to know if anyone know of any open source for Cold
Fusion that connects to the USPS web tools API and sends an XML
request to return city and state based on a valid US zip code
number input.Instead of specifying policies for input and output separately you could place the policy reference only once in the operation element. Maybe will this solve your problem...
http://e-docs.bea.com/alsb/docs26/security/ws_policy.html#wp1061166 -
Security: web services on WLS 8.5, ALSB and proxy on 9.1
Hi everyone, here's my current situation. I've got some web services running on WLS 8.5, and I've imported them as Business Services into ALSB. The web services themselves are not secured, but I modified the WSDLs so that I could create proxy services which enforce the security.
The security enforcement works when I test it through ALSB test console. However, now I'm trying to create a client web service to invoke the proxy. The client is being made using Workshop running on 8.5 server.
I can get the client to successfully invoke the proxy with no policies attached. Then I made a proxy with BEA's Auth.xml required for inbound messages. The keystores are identical on both the proxy server and the client server.
<input>
<wsp:Policy>
<wsp:PolicyReference URI="policy:Auth.xml"/>
</wsp:Policy>
<soap:body use="literal"/>
</input>
I imported the WSDL into workshop and created a java control from it. I attached a WSSE policy file to the control:
<wsSecurityOut>
<encryption>
<encryptionKey>
<alias>flcoi1</alias>
</encryptionKey>
</encryption>
</wsSecurityOut>
Added this control into a blank web service. The only error being returned from the server is:
com.bea.control.ServiceControlException: SERVICE FAULT:
Code:java.lang.NullPointerException
String:null
Detail:
END SERVICE FAULT
with no further explanations. Does someone know what would cause this exception? Or if it's even possible to do what I'm trying (between WLS 8 and 9)?Hi!
In my tries to get security to work between WL 8.x to ALSB I realized that WL 8.x don't have support for WS-Security (and therfore WS-Policy) that ALSB uses, but maybe there are some workarounds...
/Patrik -
ALSB passing NTLM security credentials to end point URL in business service
Hi,
We are using AXIS API to pass NTLM authentication details to SharePoint Web Service by setting the user name and password details as below.
call.setUsername
call.setPassword
This is working fine when we invoke the MOSS search WSDL directly. However, when we introduce ALSB in between and create proxy and business service, the user name and password set using call.setUsername and call.setPassword are not passed correctly and we are getting the below error.
BEA-380000: Unauthorized
Could any one help how this can be resolved?
Thanks
SampathRK,
Use the *$inbound/ctx:transport/ctx:request/http:query-string* element to get all the arguments in the URL.
http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/httppollertransport/transports.html#wp1083292.
After that You can have conditional routing to Route it specific BS either Fiction BS or WarBased BS or you can try using Routing Table.
For doing that do i need to maintain any schema for Business Service?No , I think if you just need to route the request to JMS BS coming from Other Application,
But if You want to validate the request which you would be sending to BS then use schema to validate your incoming request.
Regards,
Abhinav -
OSB proxy secured with message level protection - No Protocol error
I have an OSB business service that calls a JAX-WS service protected by OWSM policy wss11_message_protection_service_policy. The business service is protected by the corresponding client policy. The proxy service is secured by wss11_message_protection_service_policy. Business service works fine but the proxy doesn't. It runs into this "no protocol" error below on the outbound. The system is a windows 8 64 bit PC and uses IPV6. The domain path has no spaces (I read online on an unrelated forum that spaces can cause this 'no protocol' error). This error occurs only with the message protection policy. UserName token works fine from proxy->business svc->webservice. There are no issues with the certificates because I am able to call the webservice using a jax-ws client using the certificates in keystore.
Caused By: java.net.MalformedURLException: no protocol: /OSBProject/proxy/HelloS
erviceProxySvc
at java.net.URL.<init>(URL.java:583)
at java.net.URL.<init>(URL.java:480)
at java.net.URL.<init>(URL.java:429)
at oracle.wsm.security.identity.WSMIdentityReaderValidator.getHostname(W
SMIdentityReaderValidator.java:200)
at oracle.wsm.security.identity.WSMIdentityReaderValidator.getIdentity(W
SMIdentityReaderValidator.java:149)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor
.fetchIdentity(SecurityScenarioExecutor.java:488)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor
.initialize(SecurityScenarioExecutor.java:455)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor
.init(SecurityScenarioExecutor.java:347)
at oracle.wsm.security.policy.scenario.executor.Wss11AnonWithCertsScenar
ioExecutor.init(Wss11AnonWithCertsScenarioExecutor.java:97)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populate
AssertionExecutors(WSPolicyRuntimeExecutor.java:259)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.populate
AssertionExecutors(WSPolicyRuntimeExecutor.java:282)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.init(WSP
olicyRuntimeExecutor.java:165)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.getPolicyExecutor(
PolicyExecutionEngine.java:137)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExec
utionEngine.java:101)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1059)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:489)
at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvo
ker.java:374)
at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundH
andler.java:217)
at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundH
andler.java:215)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAs(JpsSubject.java:213)
at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler.processRequest(Wsm
OutboundHandler.java:214)
at com.bea.wli.sb.test.service.wss.WssHandler.processRequest(WssHandler.
java:279)
at com.bea.wli.sb.test.service.ServiceMessageBuilder.buildMessage(Servic
eMessageBuilder.java:468)
at com.bea.wli.sb.test.service.ServiceMessageBuilder.buildMessage(Servic
eMessageBuilder.java:116)
at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessage
Sender.java:261)
at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMe
ssageSender.java:79)
at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessage
Sender.java:137)
at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessage
Sender.java:135)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
146)
at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityCo
ntextService.java:55)
at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageS
ender.java:140)
at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.
java:454)
at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceE
JBBean.java:167)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.__WL_invoke(
Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(Ses
sionRemoteMethodInvoker.java:40)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(Unkno
wn Source)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invok
e(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:17
4)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef
.java:345)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef
.java:259)
at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_1036_WLStub.
invoke(Unknown Source)
at com.bea.alsb.console.test.TestServiceClient.invoke(TestServiceClient.
java:174)
at com.bea.alsb.console.test.actions.DefaultRequestAction.invoke(Default
RequestAction.java:117)
at com.bea.alsb.console.test.actions.DefaultRequestAction.execute(Defaul
tRequestAction.java:70)
at com.bea.alsb.console.test.actions.ServiceRequestAction.execute(Servic
eRequestAction.java:143)
at org.apache.struts.action.RequestProcessor.processActionPerform(Reques
tProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201
(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunn
er.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionI
nterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processAct
ionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.alsb.console.common.base.SBConsoleRequestProcessor.processAct
ionPerform(SBConsoleRequestProcessor.java:91)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.ja
va:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInt
ernal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(Pa
geFlowRequestProcessor.java:853)
at com.bea.alsb.console.common.base.SBConsoleRequestProcessor.process(SB
ConsoleRequestProcessor.java:191)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(A
utoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageF
lowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionSe
rvlet.java:262)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServ
let.java:134)
at com.bea.alsb.console.common.base.SBConsoleActionServlet.doGet(SBConso
leActionServlet.java:49)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlow
Utils.java:1199)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlow
Utils.java:1129)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.exec
uteAction(ScopedContentCommonSupport.java:687)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.proc
essActionInternal(ScopedContentCommonSupport.java:142)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.processAction(St
rutsStubImpl.java:76)
at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiAct
ionHandler.java:111)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedActi
on(NetuiContent.java:181)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedActi
on(NetuiContent.java:167)
at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackD
ata(NetuiContent.java:225)
at com.bea.netuix.nf.ControlLifecycle$2.visit(ControlLifecycle.java:180)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:324)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j
ava:334)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java
:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:199)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileS
ervlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
tyHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
a:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:32
4)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUt
il.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.jav
a:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:1
71)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:16
3)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsF
ilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
ervletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
ontext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
ava:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>Replied offline as forum was down. Issue sorted.
Many thanks for detailed analysis. -
Where is com/sap/security/core/server/secstorefs/SecStoreFS?
Hi,
I am trying to create a Java client in NWDS that retrieves a DataSource object via JNDI from my XI 3.0 system.
I have added the jars I could think of (connector.jar, jta.jar, sapj2eeclient.jar, sapopensta.jar, etc.) to my build path.
When I attempt to retrieve the DataSource object via my Context I get the following exception:
java.lang.NoClassDefFoundError: com/sap/security/core/server/secstorefs/SecStoreFS
at com.sap.sql.connect.OpenSQLConnectInfo.getStore(OpenSQLConnectInfo.java:798)
at com.sap.sql.connect.OpenSQLConnectInfo.lookup(OpenSQLConnectInfo.java:783)
at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:209)
at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:197)
at com.sap.engine.services.dbpool.spi.ManagedConnectionFactoryImpl.createManagedConnection(ManagedConnectionFactoryImpl.java:113)
at com.sap.engine.services.dbpool.spi.DefaultConnectionManagerImpl.allocateConnection(DefaultConnectionManagerImpl.java:26)
at com.sap.engine.services.dbpool.cci.ConnectionFactoryImpl.getConnection(ConnectionFactoryImpl.java:51)
at com.hclaxon.xi.tools.CommsChannelConfigurator.createDBConnection(CommsChannelConfigurator.java:382)
at com.hclaxon.xi.tools.CommsChannelConfigurator.run(CommsChannelConfigurator.java:425)
at com.hclaxon.xi.tools.CommsChannelConfigurator.main(CommsChannelConfigurator.java:465)
Exception in thread "main"
Could someone please tell me which jar contains the class mentioned above?
thanks
BrianHi all,
Update to original question. I realised I was using a newer version of the openSQL api, so changed that.
Now I get a different execption:
java.lang.NoClassDefFoundError: com/sap/security/core/server/secstorefs/SecStoreFSException
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:1618)
at java.lang.Class.getConstructor0(Class.java:1930)
at java.lang.Class.newInstance0(Class.java:278)
at java.lang.Class.newInstance(Class.java:261)
at com.sap.sql.connect.OpenSQLDataSource.newInstance(OpenSQLDataSource.java:148)
at com.sap.sql.connect.OpenSQLDataSource.newInstance(OpenSQLDataSource.java:133)
at com.sap.engine.services.dbpool.spi.ManagedConnectionFactoryImpl.createManagedConnection(ManagedConnectionFactoryImpl.java:102)
at com.sap.engine.services.dbpool.spi.DefaultConnectionManagerImpl.allocateConnection(DefaultConnectionManagerImpl.java:26)
at com.sap.engine.services.dbpool.cci.ConnectionFactoryImpl.getConnection(ConnectionFactoryImpl.java:51)
Can anyone tell me where this class is?
thanks
Brian -
How to deal with security when migrating application from weblogic 5.1 to weblogic 6.1?
Dear All,
I have one statement int weblogic 5.1 weblogic.propertis as follow,
weblogic.security.realmClass=com.tbcn.security.realm.TestRealm
but after converting to weblogic 6.1 there are no corresponding statement in
the file config.xml. And when i start the new application, error occured.
what should I do?
The error message is:
<2001/8/27 am 11:33:42> <Notice> <Management> <Loading configuration file
.\config\tbcn\config.xml
<2001/8/27 am 11:33:49> <Emergency> <Server> <Unable to initialize the
server: 'Fatal initializatio
Throwable: java.lang.NullPointerException
java.lang.NullPointerException
at
weblogic.security.SecurityService.initializeRealm(SecurityService.java:261)
at
weblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:385)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.NullPointerException
java.lang.NullPointerException
at
weblogic.security.SecurityService.initializeRealm(SecurityService.java:261)
at
weblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:385)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exceptionDear Satya,
My weblogic propertis file as follow,
# CORE PROPERTIES
# You should set these before you start the WebLogic Server the first time.
# If you need more instructions on individual properties in this
# section, check the same section in the Optional Properties, where
# we've left the long explanations. Or, better yet, go to our
# website and read all about properties, at:
# http://www.weblogic.com/docs51/admindocs/properties.html
# CORE SYSTEM PROPERTIES
# TCP/IP port number at which the WebLogic Server listens for connections
weblogic.system.listenPort=7001
# CORE SECURITY-RELATED PROPERTIES
# Read important information about security at:
# http://www.weblogic.com/docs51/admindocs/properties.html
# REQUIRED: The system password MUST be set in order to start the
# WebLogic Server. This password is case-sensitive, at least 8 characters.
# The username for the privileged user is ALWAYS "system".
# This username and password also includes httpd access (see
# HTTPD properties below).
weblogic.password.system=12345678
# RECOMMEND Set to 'everyone' if HTTPD is enabled
weblogic.allow.execute.weblogic.servlet=everyone
# Set individual ACLs to restrict access to HTTP-related resources,
# such as the Administration servlets.
# To make your own servlets generally available, follow this
# pattern (provide a weblogic.allow.execute) for your packages and
# set ACLs as appropriate.
# CORE SECURITY-RELATED PROPERTIES FOR SSL
# Read important information about SSL at:
# http://www.weblogic.com/docs51/classdocs/API_secure.html
# Enable SSL
# (default if property not defined is false)
weblogic.security.ssl.enable=true
# SSL listen port
weblogic.system.SSLListenPort=7002
# Servlets for SSL
# Authentication servlet for creating tokens for applets
weblogic.httpd.register.authenticated=weblogic.t3.srvr.ClientAuthenticationS
ervlet
# Limits number of unclaimed stored tokens
weblogic.security.certificateCacheSize=3
# Capture CA root of client servlet
weblogic.httpd.register.AdminCaptureRootCA=admin.AdminCaptureRootCA
# Certificates for SSL
# Name of acceptable CA roots
# For client authentication change value to a valid .pem file
#weblogic.security.clientRootCA=SecureServerCA.pem
# Server certificates for SSL
weblogic.security.certificate.server=democert.pem
weblogic.security.key.server=demokey.pem
weblogic.security.certificate.authority=ca.pem
# registration for certificate generator servlet
weblogic.httpd.register.Certificate=utils.certificate
weblogic.allow.execute.weblogic.servlet.Certificate=system
# CORE HTTPD ADMINISTRATIVE PROPERTIES
# True permits the HTTPD to run (default)
# Uncomment this property to disable HTTPD
#weblogic.httpd.enable=false
# If authentication is required, add username/password for each user
# who will be included in an ACL, as in this commented-out example:
#weblogic.password.peter=#8gjsL4*
# SYSTEM PROPERTIES
# System properties in this section are set to system defaults
# Performance pack. The shared library must be accessible from your
# PATH (NT) or from your shared library path (UNIX; the name of the
# variable varies: LD_LIBRARY_PATH, SHLIB_PATH, etc.)
weblogic.system.nativeIO.enable=true
# Outputs logging information to the console as well as to the log file
weblogic.system.enableConsole=true
# Sets the directory or URL for the WebLogic Admin help pages
# The help pages are shipped in the "docs/adminhelp" directory, in the
# default document root in public_html
weblogic.system.helpPageURL=/weblogic/myserver/public_html/docs51/adminhelp/
# If you prefer to access the most recent help pages, you can do so online
# by commenting out the previous property and uncommenting this one:
#weblogic.system.helpPageURL=http://www.weblogic.com/docs51/adminhelp/
# Properties for tuning the server's performance
# Number of WebLogic Server execute threads.
weblogic.system.executeThreadCount=15
# Other optional system properties
# Limits size of weblogic.log (in K) and versions old log
weblogic.system.maxLogFileSize=1024
# Adjust minimum length of password
weblogic.system.minPasswordLen=8
# UNIX only: If running on port 80 on UNIX, enable the setUID program
#weblogic.system.enableSetUID=false
# UNIX only: Unprivileged user to setUID to after starting up
# WebLogic Server on port 80
#weblogic.system.nonPrivUser=nobody
# CLUSTER-SPECIFIC PROPERTIES
# Cluster-specific properties in this section are set to system defaults.
# CLUSTER USERS: Note that ALL Cluster-specific properties should be set
# in the per-cluster properties file ONLY.
# Time-to-live (number of hops) for the cluster's multicast messages
# (default 1, range 1-255).
#weblogic.cluster.multicastTTL=1
# Sets the load-balancing algorithm to be used between
# replicated services if none is specified. If not specified,
# round-robin is used.
#weblogic.cluster.defaultLoadAlgorithm=round-robin
# SERVER-SPECIFIC CLUSTER PROPERTIES
# Cluster-related properties in this section are set to system defaults.
# CLUSTER USERS: Note that these server-specific cluster-related properties
# should be set in the per-server properties file ONLY.
# Sets the weight of the individual server for the weight-based
load-balancing.
# Range is 0 - 100.
# Larger numbers increase the amount of traffic routed to this server.
#weblogic.system.weight=100
# SYSTEM STARTUP FILES - Examples
# CLUSTER USERS: Note that ONLY startup registrations for pinned RMI
# objects should be registered in the per-server properties file.
# All other startup classes should be registered in the per-cluster
# properties file.
# For more info on writing and using startup file, see the
# Developers Guide "Writing a WebLogic Client application," at
# http://www.weblogic.com/docs51/classdocs/API_t3.html
# Register a startup class by giving it a virtual name and
# supplying its full pathname.
#weblogic.system.startupClass.[virtual_name]=[full_pathname]
# Add arguments for the startup class
#weblogic.system.startupArgs.[virtual_name]={argname]=[argvalue]
# This example shows the entry for examples/t3client/StartupQuery.java
#weblogic.system.startupClass.doquery=examples.t3client.StartupQuery
#weblogic.system.startupArgs.doquery=\
# query=select * from emp,\
# db=jdbc:weblogic:pool:demoPool
# SYSTEM SHUTDOWN FILES - Examples
# For more info on writing and using shutdown file, see the
# Developers Guide "Writing a WebLogic Client application," at
# http://www.weblogic.com/docs51/classdocs/API_t3.html
# Register a shutdown class by giving it a virtual name and
# supplying its full pathname.
#weblogic.system.shutdownClass.[virtual_name]=[full_pathname]
# Add arguments for the shutdown class
#weblogic.system.shutdownArgs.[virtualName]={argname]=[argvalue]
# This example shows the entry for examples/t3client/ShutdownTest.java
#weblogic.system.shutdownClass.ShutdownTest=examples.t3client.ShutdownTest
#weblogic.system.shutdownArgs.ShutdownTest=\
# outfile=c:/temp/shutdown.log
# SECURITY-RELATED PROPERTIES FOR WORKSPACES
# For backward compatibility, the following entries disable Access
# Control on Workspaces
weblogic.allow.read.weblogic.workspace=everyone
weblogic.allow.write.weblogic.workspace=everyone
# JOLT FOR WEBLOGIC PROPERTIES
# These properties configure a BEA Jolt connection pool for use with
# the simpapp and bankapp examples, and register a servlet for use with
# with the simpapp example. The default server address provided here
# points to a public TUXEDO server that is hosted by BEA for use with
# this example.
# Servlet registration for simpapp example:
#weblogic.httpd.register.simpapp=examples.jolt.servlet.simpapp.SimpAppServle
t
# Pool creation and cleanup
# note this example is set up to work with the public
# demo TUXEDO server available from BEA's website:
#weblogic.system.startupClass.demojoltpoolStart=\
# bea.jolt.pool.servlet.weblogic.PoolManagerStartUp
#weblogic.system.startupArgs.demojoltpoolStart=\
# poolname=demojoltpool,\
# appaddrlist=//beademo1.beasys.com:8000,\
# failoverlist=//beademo1.beasys.com:8000,\
# minpoolsize=1,\
# maxpoolsize=3
#weblogic.system.shutdownClass.demojoltpoolStop=\
# bea.jolt.pool.servlet.weblogic.PoolManagerShutDown
#weblogic.system.shutdownArgs.demojoltpoolStop=\
# poolname=demojoltpool
# WEBLOGIC ENTERPRISE CONNECTIVITY PROPERTIES
# The registrations enable a BEA IIOP connection pool and
# register servlets for use with the simpapp and university examples.
# Configure for your environment and uncomment to use.
# Uncommenting these properties requires WebLogic Enterprise Connectivity
# and an operating WebLogic Enterprise Server.
# Servlet registration for simpapp servlet example
#weblogic.httpd.register.SimpappServlet=\
# examples.wlec.servlets.simpapp.SimpappServlet
#weblogic.allow.execute.weblogic.servlet.SimpappServlet=everyone
# Servlet registration for simpapp EJB example
# (You'll need to add the wlec_ejb_simpapp.jar to the
# weblogic.ejb.deploy property in this file.)
#weblogic.httpd.register.ejbSimpappServlet=\
# examples.wlec.ejb.simpapp.ejbSimpappServlet
#weblogic.allow.execute.weblogic.servlet.ejbSimpappServlet=everyone
# Pool creation and cleanup for the simpapp example
#weblogic.CORBA.connectionPool.simplepool=\
# appaddrlist=//wlehost:2468,\
# failoverlist=//wlehost:2468,\
# minpoolsize=2,\
# maxpoolsize=3,\
# username=wleuser,\
# userrole=developer,\
# domainname=simpapp
# Servlet registration for university Servlet example:
#weblogic.httpd.register.UniversityServlet=\
# examples.wlec.servlets.university.UniversityServlet
#weblogic.allow.execute.weblogic.servlet.UniversityServlet=everyone
# Pool creation and cleanup for the University example:
#weblogic.CORBA.connectionPool.Univpool=\
# appaddrlist=//wlehost:2498,\
# failoverlist=//wlehost:2498,\
# minpoolsize=2,\
# maxpoolsize=3,\
# username=wleuser,\
# userrole=developer,\
# apppassword=wlepassword,\
# domainname=university
# WEBLOGIC FILE PROPERTIES
# Maps a volume name to a path, for client file read/write
#weblogic.io.fileSystem.[volumeName]=[fullPathName]
# WEBLOGIC JMS DEMO PROPERTIES
# CLUSTER USERS: Note that ALL JMS deployment should be done in the
# per-cluster properties file ONLY.
# You set up a JDBC connection pool if you want persistent messages
# (including durable subscriptions). To use JMS and EJBs in the same
# transaction, both must use the same JDBC connection pool. Uncomment
# the following property to use the default JDBC connection pool
# 'demo', which is defined in the Demo connection pool section of this file.
#weblogic.jms.connectionPool=demoPool
# The JMS Webshare example demonstrates how the ClientID for a
# durable subscriber is configured in the connection factory:
#weblogic.jms.topic.webshareTopic=jms.topic.webshareTopic
#weblogic.jms.connectionFactoryName.webshare=jms.connection.webshareFactory
#weblogic.jms.connectionFactoryArgs.webshare=ClientID=webshareUser
#weblogic.httpd.register.webshare=examples.jms.webshare.WebshareServlet
# The JMS trader example shows how to use JMS with an EJB. In addition
# to uncommenting the following properties, you must also set up and
# deploy the EJB example examples.ejb.basic.statelessSession.Trader in
# ejb_basic_statelessSession.jar to try out this JMS example:
#weblogic.jms.topic.exampleTopic=javax.jms.exampleTopic
#weblogic.jms.connectionFactoryName.trader=jms.connection.traderFactory
#weblogic.jms.connectionFactoryArgs.trader=ClientID=traderReceive
#weblogic.httpd.register.jmstrader=examples.jms.trader.TraderServlet
# Registers the underlying servlet
#weblogic.httpd.register.jmssender=examples.jms.sender.SenderServlet
# These properties are used with the ServerReceive JMS example,
# which demonstrates how to establish a JMS message consumer
# in a startup class:
#weblogic.system.startupClass.serverReceive=\
# examples.jms.startup.ServerReceive
#weblogic.system.startupArgs.serverReceive=\
# connectionFactory=javax.jms.TopicConnectionFactory,\
# topic=javax.jms.exampleTopic
# These properties are used with the PoolReceive JMS example,
# which demonstrates how to establish a pool of JMS message consumers
# in a startup class:
#weblogic.system.startupClass.poolReceive=\
# examples.jms.startup.PoolReceive
#weblogic.system.startupArgs.poolReceive=\
# connectionFactory=javax.jms.TopicConnectionFactory,\
# topic=javax.jms.exampleTopic
#weblogic.allow.create.weblogic.jms.ServerSessionPool=everyone
# WEBLOGIC RMI DEMO PROPERTIES
# CLUSTER USERS: Note that pinned RMI objects should be registered
# in the per-server properties file ONLY. All other RMI startup
# classes should be registered in the per-cluster properties file.
# Remote classes registered at startup after the pattern:
#weblogic.system.startupClass.[virtualName]=[fullPackageName]
# These examples can be compiled to see RMI in action. Uncomment to use:
#weblogic.system.startupClass.hello=examples.rmi.hello.HelloImpl
#weblogic.system.startupClass.multihello=examples.rmi.multihello.HelloImpl
#weblogic.system.startupClass.stock=examples.rmi.stock.StockServer
# WEBLOGIC EJB DEMO PROPERTIES
# CLUSTER USERS: Note that ALL EJB deployment should be done in the
# per-cluster properties file ONLY.
# See WebLogic Demo Connection Pool below for a connection pool
# to use with these examples.
# Deploys EJBeans. Uncomment the appropriate lines below and
# modify DBMS-related info and paths to match your particular installation:
# TBCN EJB PROPERTIES
weblogic.ejb.deploy=\
C:/weblogic/myserver/AccountSB.jar, \
C:/weblogic/myserver/AddressEntryDet.jar, \
C:/weblogic/myserver/AddressEntry.jar, \
C:/weblogic/myserver/Affiliate.jar, \
C:/weblogic/myserver/ContactPerson.jar, \
C:/weblogic/myserver/ContactSB.jar, \
C:/weblogic/myserver/Factory.jar, \
C:/weblogic/myserver/FactorySups.jar, \
c:/weblogic/myserver/LoginUsers.jar, \
c:/weblogic/myserver/Member.jar, \
c:/weblogic/myserver/MemberQuotaUsage.jar,\
c:/weblogic/myserver/MemberToCategory.jar,\
c:/weblogic/myserver/Organization.jar, \
c:/weblogic/myserver/Person.jar, \
c:/weblogic/myserver/QuotaType.jar,\
c:/weblogic/myserver/Registration.jar, \
c:/weblogic/myserver/TempAccounts.jar, \
c:/weblogic/myserver/TempDomain.jar, \
c:/weblogic/myserver/UserAccount.jar, \
c:/weblogic/myserver/UserRole.jar, \
c:/weblogic/myserver/BuyerProducts.jar, \
c:/weblogic/myserver/Catalog.jar, \
c:/weblogic/myserver/Categories.jar, \
c:/weblogic/myserver/CategoryToCategory.jar, \
c:/weblogic/myserver/CountryToCategory.jar, \
c:/weblogic/myserver/InvitedMember.jar, \
c:/weblogic/myserver/ProductOrigin.jar, \
c:/weblogic/myserver/ProductOtherFee.jar,\
c:/weblogic/myserver/ProductSups.jar, \
c:/weblogic/myserver/Products.jar,\
c:/weblogic/myserver/ProductToCategory.jar, \
c:/weblogic/myserver/SecondaryQcEntry.jar, \
c:/weblogic/myserver/CodeClass.jar,\
c:/weblogic/myserver/ConfirmationSB.jar, \
c:/weblogic/myserver/PurchasedPackage.jar,\
c:/weblogic/myserver/RejectReasonCode.jar, \
c:/weblogic/myserver/ServiceOrder.jar,\
c:/weblogic/myserver/ServiceOrderLog.jar,\
c:/weblogic/myserver/ServiceOrderState.jar,\
c:/weblogic/myserver/ServiceOrderType.jar,\
c:/weblogic/myserver/ServicePackageDetails.jar, \
c:/weblogic/myserver/ServicePackage.jar, \
c:/weblogic/myserver/ServicePayment.jar, \
c:/weblogic/myserver/ServiceReqSB.jar, \
c:/weblogic/myserver/TAM.jar, \
c:/weblogic/myserver/SubscriptionEB.jar, \
c:/weblogic/myserver/PostingCategoryEB.jar, \
c:/weblogic/myserver/PostingBrowsedEB.jar, \
c:/weblogic/myserver/PostingInfoEB.jar, \
c:/weblogic/myserver/TransactionLogEB.jar, \
c:/weblogic/myserver/PostingSB.jar
#weblogic.ejb.deploy=\
# d:/weblogic/myserver/ejb_basic_beanManaged.jar, \
# d:/weblogic/myserver/ejb_basic_containerManaged.jar, \
# d:/weblogic/myserver/ejb_basic_statefulSession.jar, \
# d:/weblogic/myserver/ejb_basic_statelessSession.jar, \
# d:/weblogic/myserver/ejb_extensions_finderEnumeration.jar, \
# d:/weblogic/myserver/ejb_extensions_readMostly.jar, \
# d:/weblogic/myserver/ejb_subclass.jar, \
# d:/weblogic/myserver/jolt_ejb_bankapp.jar
# Servlet used by the EJB basic beanManaged example
# Uncomment to use:
weblogic.httpd.register.beanManaged=\
examples.ejb.basic.beanManaged.Servlet
# Add a list of users (set the password with
weblogic.password.[username]=XXX)
# to set an ACL for this servlet:
#weblogic.allow.execute.weblogic.servlet.beanManaged=user1,user2,etc
#weblogic.password.user1=user1Password
#weblogic.password.user2=user2Password
# WEBLOGIC XML DEMO PROPERTIES
# These properties are required to run the XML examples.
# Uncomment to use.
# CLUSTER USERS: Note that ALL servlets should be set up
# in the per-cluster properties file ONLY.
#weblogic.httpd.register.StockServlet=examples.xml.http.StockServlet
# BizTalk example properties
#weblogic.jms.queue.tradeIncoming=biztalk.jms.tradeIncoming
#weblogic.jms.queue.tradeError=biztalk.jms.tradeError
#weblogic.httpd.register.BizTalkServer=examples.xml.biztalk.BizHttpProtocolA
dapter
#weblogic.httpd.initArgs.BizTalkServer=bizQueue=biztalk.jms.tradeIncoming
# WEBLOGIC ZAC DEMO PROPERTIES
# These registrations enable the ZAC Publish Wizard.
weblogic.zac.enable=true
# Set the publish root for a WebLogic Server. Edit and
# uncomment to use.
#weblogic.zac.publishRoot=d:/weblogic/zac
# Set an ACL for each package you publish. The [name] is
# the "Package name" you assign in the ZAC Publish Wizard.
# Publish a package, edit this property, and uncomment to use.
#weblogic.allow.read.weblogic.zac.[name]=[user list]
#weblogic.allow.write.weblogic.zac.[name]=system
# HTTPD ADMINISTRATIVE PROPERTIES
# Enables logging of HTTPD info in common log format and
# sets the log file name (default is "access.log" in "myserver")
weblogic.httpd.enableLogFile=true
weblogic.httpd.logFileName=access.log
# Tracks HTTPD requests with events delivered to WEBLOGIC.LOG.HTTPD
weblogic.httpd.enableEvents=false
# Enables HTTP sessions
weblogic.httpd.session.enable=true
# Sets an optional cookie name. The default name is "WebLogicSession".
# Prior to version 4.0, the default was "TengahSession". To make
# this backward compatible with cookies generated from previous
# installations, you should set this property to "TengahSession".
# Uncomment this line and set this to any string of your choice,
# or comment out this property to use the default.
#weblogic.httpd.session.cookie.name=WebLogicSession
# MIME types
weblogic.httpd.mimeType.text/html=html,htm
weblogic.httpd.mimeType.image/gif=gif
weblogic.httpd.mimeType.image/jpeg=jpeg,jpg
weblogic.httpd.mimeType.application/pdf=pdf
weblogic.httpd.mimeType.application/zip=zip
weblogic.httpd.mimeType.application/x-java-vm=class
weblogic.httpd.mimeType.application/x-java-archive=jar
weblogic.httpd.mimeType.application/x-java-serialized-object=ser
weblogic.httpd.mimeType.application/octet-stream=exe
weblogic.httpd.mimeType.text/vnd.wap.wml=wml
weblogic.httpd.mimeType.text/vnd.wap.wmlscript=wmls
weblogic.httpd.mimeType.application/vnd.wap.wmlc=wmlc
weblogic.httpd.mimeType.application/vnd.wap.wmlscriptc=wmlsc
weblogic.httpd.mimeType.image/vnd.wap.wbmp=wbmp
# In seconds, the keep-alive for HTTP and HTTPS requests
weblogic.httpd.http.keepAliveSecs=60
weblogic.httpd.https.keepAliveSecs=120
# WEBLOGIC JDBC DRIVER PROPERTIES
# Enables JDBC driver logging and sets the file name for the log
# The weblogic.jdbc.logFile is placed in the per-server
# directory (default is "myserver")
weblogic.jdbc.enableLogFile=false
weblogic.jdbc.logFileName=jdbc.log
# WEBLOGIC JDBC CONNECTION POOL MANAGEMENT
# CLUSTER USERS: Note that ALL JDBC connection pools should be set up
# in the per-cluster properties file ONLY.
# For creating JDBC connection pools. This example shows a connection
# pool called "oraclePool" that allows 3 T3Users "guest," "joe," and "jill"
# to use 4 JDBC connections (with a potential for up to 10 connections,
# incremented by two at a time, with a delay of 1 second between each
# attempt to connect to the database), to an Oracle database server called
# "DEMO." If more than 4 connections are opened, after 15 minutes, unused
# connections are dropped from the pool until only 4 connections remain
open.
# Every 10 minutes, any unused connections in the pool are tested and
# refreshed if they are not viable.
#weblogic.jdbc.connectionPool.oraclePool=\
# url=jdbc:weblogic:oracle,\
# driver=weblogic.jdbc.oci.Driver,\
# loginDelaySecs=1,\
# initialCapacity=4,\
# maxCapacity=10,\
# capacityIncrement=2,\
# allowShrinking=true,\
# shrinkPeriodMins=15,\
# refreshMinutes=10,\
# testTable=dual,\
# props=user=SCOTT;password=tiger;server=DEMO
# Get more details on each argument for this property in the
# Administrators Guide on setting properties at:
# http://www.weblogic.com/docs51/admindocs/properties.html
# Set up ACLs for this connection pool with the following:
weblogic.allow.reserve.weblogic.jdbc.connectionPool.oraclePool=everyone
# guest,joe,jill
#weblogic.allow.reset.weblogic.jdbc.connectionPool.oraclePool=\
# joe,jill
#weblogic.allow.shrink.weblogic.jdbc.connectionPool.oraclePool=\
# joe,jill
# This property is an ACL that specifies the users who can
# create dynamic connection pools:
#weblogic.jdbc.connectionPoolcreate.admin=joe,jill
# Read more about setting up and using connection pools in the
# developers guide for WebLogic JDBC at:
# http://www.weblogic.com/docs51/classdocs/API_jdbct3.html#T5a
# TBCN JDBC CONNECTION POOL MANAGEMENT
weblogic.jdbc.connectionPool.oraclePool=\
url=jdbc:oracle:thin:@202.109.102.151:1521:tbcn,\
driver=oracle.jdbc.driver.OracleDriver,\
loginDelaySecs=1,\
initialCapacity=2,\
maxCapacity=10,\
capacityIncrement=2,\
allowShrinking=true,\
shrinkPeriodMins=15,\
refreshMinutes=10,\
testTable=dual,\
props=user=tbcn;password=ca91768
weblogic.allow.reserve.weblogic.jdbc.connectionPool.oraclePool=everyone
weblogic.jdbc.TXDataSource.oracleDataSource=oraclePool
weblogic.jdbc.DataSource.oracleReadOnlyDataSource=oraclePool
# WEBLOGIC DEMO CONNECTION POOL PROPERTIES
# CLUSTER USERS: Note that ALL JDBC connection pools should be set up
# in the per-cluster properties file ONLY.
# This connection pool uses the sample Cloudscape database shipped
# with WebLogic. Used by the EJBean, JHTML, JSP and JMS examples.
# Uncomment to use:
#weblogic.jdbc.connectionPool.demoPool=\
# url=jdbc:cloudscape:demo,\
# driver=COM.cloudscape.core.JDBCDriver,\
# initialCapacity=1,\
# maxCapacity=2,\
# capacityIncrement=1,\
# props=user=none;password=none;server=none
# Add a TXDataSource for the connection pool:
#weblogic.jdbc.TXDataSource.weblogic.jdbc.jts.demoPool=demoPool
# Add an ACL for the connection pool:
#weblogic.allow.reserve.weblogic.jdbc.connectionPool.demoPool=everyone
# WEBLOGIC HTTP SERVLET PROPERTIES
# CLUSTER USERS: Note that ALL servlets should be set up
# in the per-cluster properties file ONLY.
# WebLogic offers different types of servlets for various uses.
# Classpath servlet registration
# The ClasspathServlet is used to serve classes from
# the system CLASSPATH. It is used by applets to load
# classes they depend upon, and is registered against
# the virtual name 'classes' here by default. This means
# you should set your applet codebase to "/classes".
# You can register multiple virtual names for this servlet.
# Note that it can also be used to serve other
# resources/files from the system CLASSPATH.
# Don't confuse the ClasspathServlet with the ServletServlet. The
# ClasspathServlet is used for serving classes for client-side Java only.
# The ServletServlet is used to invoke unregistered servlets.
# See the Administrators Guide "Setting up WebLogic as an HTTP server"
# http://www.weblogic.com/docs51/admindocs/http.html#classfile for more
info.
weblogic.httpd.register.classes=weblogic.servlet.ClasspathServlet
# We also set an open ACL for everyone to call the ClasspathServlet
# so that applets work without requiring further changes.
weblogic.allow.execute.weblogic.servlet.classes=everyone
# File servlet registration
# FileServlet searches below the documentRoot for the requested file
# and serves it if found. If the requested file is a directory,
# FileServlet will append the defaultFilename to the requested path
# and serve that file if found.
weblogic.httpd.register.file=weblogic.servlet.FileServlet
weblogic.httpd.initArgs.file=defaultFilename=index.html
weblogic.httpd.indexFiles=zh_TW/index.htm
# ServerSideInclude servlet registration
# SSIServlet searches below the documentRoot for the
# requested .shtml file and serves it if found.
weblogic.httpd.register.*.shtml=weblogic.servlet.ServerSideIncludeServlet
# Example URL: http://localhost:7001/portside/welcome.shtml
# for the file /weblogic/myserver/public_html/portside/welcome.shtml
# PageCompileServlet (used by JHTML)
# See the information below under WebLogic JHTML
# JSPServlet (used by JSP)
# See the information below under WebLogic JSP
# ServletServlet registration
# Allows unregistered servlets in the servlet classpath (see Servlet
# reload properties below) to be r -
BAD_CERTIFICATE error calling a web service over SSL in ALSB 2.6
We have a business service on an ALSB 2.6 server (running on WL 9.2.1) that connects to a web service over SSL. When we try to run it, we get the following exception:
<Sep 17, 2009 7:49:17 AM PDT> <Error> <ALSB Kernel> <BEA-380001> <Exception on TransportManagerImpl.sendMessageToService, com.bea.
wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
com.bea.wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.bea.wli.sb.transports.TransportException.newInstance(TransportException.java:146)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOu
tboundMessageContext.java:310)
at com.bea.wli.sb.transports.http.HttpsTransportProvider.sendMessageAsync(HttpsTransportProvider.java:435)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
Truncated. see log file for complete stacktrace
This exception only occurs when hitting the web service through the bus. I have written a standalone Java application that posts to the web service and it works fine. I ran the application on the server where the ALSB is running using the same jdk (1.5.0_06 - the version that ships with 9.2.1) and the same cacerts file so I know it's not a problem with the certificate not being trusted. I have tried updating the cacerts file to the latest one distributed with JRE 1.6 and it still doesn't work.
After 8 hours of troubleshooting, I'm out of ideas. Does anyone have any suggestiosn?
Thanks.
Matt
Edited by: user6946981 on Sep 17, 2009 7:58 AMAre you sure that your standalone application is using the same keystore (eg. cacert)? Default WebLogic configuration uses different keystore (demo).
I saw BAD_CERTIFICATE error only once and the cause was in keytool that somehow corrupted certificate during import. Deleting and importing certificate again helped me, but I doubt you have the same problem as your standalone application works.
Another idea ... Is hostname varification used? I know that the error message would look different if this was the cause, but try to add this parameter to your weblogic startup script: -Dweblogic.security.SSL.ignoreHostnameVerification=true
Last but not least, there is difference between your standalone application and ALSB runtime as WebLogic uses Certicom SSL provider. If you don't find the reason, contact Oracle support. Maybe they can help you to tweak Certicom provider in some way. -
Errors while consuming secured portlet on anonymous user
Hello,
I'm trying to configure security end-to-end Portlet as in this link http://fusionsecurity.blogspot.com/2010/09/hands-on-wsrp-security-in-oracle-fusion_04.html.
I got WSRP security with authenticated users, but when I try to consume the portlet on anonymous users (unauthenticated), I receive the error below:
Caused By: javax.xml.rpc.soap.SOAPFaultException: FailedAuthentication : The security token cannot be authenticated.
at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:669)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:475)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:149)
at oracle.portlet.wsrp.v2.soap.runtime.WSRP_v2_Markup_Binding_SOAP_Stub.initCookie(WSRP_v2_Markup_Binding_SOAP_Stub.java:343)
at oracle.portlet.wsrp.v2.WSRP_v2_Markup_PortTypeJaxbToSoap.initCookie(WSRP_v2_Markup_PortTypeJaxbToSoap.java:671)
at oracle.portlet.wsrp.v2.ServerToWSRPv2.initCookie(ServerToWSRPv2.java:22225)
at oracle.portlet.client.connection.wsrp.ActivityServerWrapper.initCookie(ActivityServerWrapper.java:1125)
at oracle.portlet.client.techimpl.wsrp.WSRPInitCookiePipe.execute(WSRPInitCookiePipe.java:130)
… more
We have the following usecase:
1) Created an ADF application with one JSP page and converted to portlet.
2) Created a consumer application (Webcenter Portal Framework Application).
3) In the consumer app, created a WSRP connection for this portlet (to register the producer).
- In the "Configure Security Attributes" in the WSRP portlet producer wizard, we have selected the following:
- Token Profile: WSS 1.0 SAML Token with Message Protection
- Configuration: Default
- Default user: anonymous
4) Drag and drop the portlet on the consumer page and run.
Would anyone tell me how do I set the permission for an anonymous user?
Thanks.Hi Bijesh,
Yes, I have tried not specifying a default user and I got the error below:
<Feb 3, 2015 2:53:48 PM BRST> <Notice> <Stdout> <BEA-000000> <<Feb 3, 2015 2:53:48 PM BRST> <Error> <oracle.wsm.resources.security> <WSM-00008> <Web service authentication failed.
javax.security.auth.login.LoginException: wsrp:minimal
at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:184)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:325)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User wsrp:minimal javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User wsrp:minimal denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
I’ve set ADF Security for my Portlet Application following the steps below:
Create an Enterprise Role ‘Participante’. (The authenticated user has this group 'Participante' in LDAP)
Create an Application Role ‘participante-role’ and map to the enterprise role ‘Participante’.
Assign ‘participante-role’ to Web Page or Task Flow in Resources Grants.
Those steps work well when I am using Task Flows. If I use Portlets based on Page instead of Task Flow, the security does not work.
I have already tested the second option (create a guest user). The problem here is that the user has the authenticated-role associated to it.
Thanks for help.
Maybe you are looking for
-
DISM reports corruption, repair-windowsimage states HEALTHY
I have been working a several Windows 8.1 systems regarding issues. Some state out of memory (which it does not have), just black screen when sitting for a while. I have run dism /online /cleanup-image /restorehealth which consistently states it fixe
-
How do I prevent the playhead from returning to it's original position after pausing or stopping with the spacebar or k button? With either the skimmer on or off, whenever I pause or stop the **** playhead will always return to the position it
-
Only 0 serial numbers entered instead of 30
Hi Experts, I am facing one problem during Usage decision in QA32 TRANSACTION, After saving the Usage decision , the system saying that +'Only 0 serial numbers entered instead of 30'+, due to that i am unable to save the usage decision so that goods
-
Taglib (How formatting a date when you use a taglib)
Hi! I have used the following taglib to show the date in a jsp: <td><c:out value='${my_object.date}'/></td> // (Where date is a Timestamp) And i obtain: 2004-05-25 00:00:00.0 But i would like to obtain the following the same date in the following for
-
How to shuffle photos when creating a slideshow?
When I click the slideshow button on an album I have the option to shuffle photos, but do not have the same option when I create a slideshow. I want to save the slideshow; can I save a slideshow played after using the slideshow button? Or how can I s