Attaching Security policy to Database Adapter

Hi,
Can anyone please tell me how can i attach security policy to a database adapter in soa 11g?

Hi,
Can anyone please help me how can i attach policy in adapter levels?Suppose if i want to do an encryption in the beginning of the SOA process and finally at the end of process i have to decrypt the data and then insert it to the DB. But i didnt find any way to attach the decryption policy to DBAdapter level.Do we have any option to do it?

Similar Messages

How to pass Username from OWSM Security policy in Oracle Apps Adapter .jca file

My BPEL process uses Oracle Applications Adapter. The following is the .jca file for the Adapter. The Username is initialized statically to "sysadmin" when I created the Adapter.Is it possible to pass in the username from the OWSM Security policy for the username value below? If so how to do? I appreciate your response.
<adapter-config name="EBSAdapter" adapter="Apps" wsdlLocation="../WSDLs/EBSAdapter.wsdl" xmlns="http://platform.integration.oracle/blocks/adapter/fw/metadata">
<connection-factory UIConnectionName="EBS1" location="eis/Apps/EBS1" UIConcurrentPgmName="" UIOracleAppType="DBOBJECT"/>
<endpoint-interaction portType="EBSAdapter_ptt" operation="EBSAdapter">
    <interaction-spec className="oracle.tip.adapter.apps.AppsStoredProcedureInteractionSpec">
      <property name="SchemaName" value="APPS"/>
      <property name="PackageName" value="INTG"/>
      <property name="ProcedureName" value="GET_USER_PROFILE1"/>
      <property name="IRepInternalName" value="PLSQL:INTG:WEBCENTER_GET_USER_PROFILE1"/>
      <property name="Username" value="sysadmin"/>
      <property name="Responsibility" value="System Administrator"/>
    </interaction-spec>
</endpoint-interaction>
</adapter-config>

1. Go to Invoke activity
2. Click on Properties tab.
3. click Add
4. Add this property "jca.apps.Username" and map it with either variable or expression.
5. Populate variable defined at previous step with some valid username value at runtime.
hope this helps.
Regards,
Karan
Oracle Fusion Middleware Blog

Testing Security policy attached web service

Hi,
I am facing a scenario where I need to test our web service ( which has security policy annotation ) in the similar way how the ( external ) customer would do , i.e with security policy attached. So is there any way to test this scenario..?
though there are some SSSP envts to enable this security policy to the soap requests, we want to test in all envts irrespective of oracle infrastructure ( as the customer does).
Thanks,
Praveen S K

We do most of our external testing of this type using soapUI. This allows us to sign/encrypt messages or provide a username/token. This also allows the creation of repeatable test suites with validations built into them.
Thanks,
Adam DesJardin

Use of current time for polling Database Adapter query

I am writing a simple BPEL process with a Polling Database Adapter and a Recieve. The idea is that we are polling an XE database for any entries in a TRIP table which have an expiration date/time field that has passed.
The Adapter was build using JDeveloper 10.1.3.2 (with Oracle Application Server patched to 10.1.3.3.0) as a "Poll for New Changed Records in a Table" Operation type with a STATUS field (0 for live, 1 for expired) as the Logical Delete Field.
I was unable to find a way to generate a SELECT query expression with the wizard that would allow me to use current/system time as an attribute, so I finished the wizard and edited the Toplink Descriptor to use a custom SQL expression for the query. This resulted in the following code in the toplink_mappings.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<toplink:object-persistence version="Oracle TopLink - 10g Release 3 (10.1.3.1.0) (Build 061004)"
xmlns:opm="http://xmlns.oracle.com/ias/xsds/opm" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:toplink="http://xmlns.oracle.com/ias/xsds/toplink"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<opm:name>ExpiredTripPoller</opm:name>
<opm:class-mapping-descriptors>
<opm:class-mapping-descriptor xsi:type="toplink:relational-class-mapping-descriptor">
<opm:class>ExpiredTripPoller.Trip</opm:class>
<opm:alias>Trip</opm:alias>
<opm:primary-key>
<opm:field table="TRIP" name="ID" xsi:type="opm:column"/>
</opm:primary-key>
<opm:events xsi:type="toplink:event-policy"/>
<opm:querying xsi:type="toplink:query-policy">
<opm:queries>
<opm:query name="ExpiredTripPoller" xsi:type="toplink:read-all-query">
<toplink:timeout>0</toplink:timeout>
<toplink:call xsi:type="toplink:sql-call">
<toplink:sql>SELECT ID, LPN, START_TIME, EXPIRY_TIME, STATUS FROM TRIP WHERE ((STATUS = '0') AND (EXPIRY_TIME < SYSDATE)) ORDER BY EXPIRY_TIME ASC</toplink:sql>
</toplink:call>
<toplink:reference-class>ExpiredTripPoller.Trip</toplink:reference-class>
<toplink:cache-usage>primary-key</toplink:cache-usage>
<toplink:lock-mode>none</toplink:lock-mode>
<toplink:container xsi:type="toplink:list-container-policy">
<toplink:collection-type>java.util.Vector</toplink:collection-type>
</toplink:container>
</opm:query>
<opm:query name="findAllTrip" xsi:type="toplink:read-all-query">
<toplink:timeout>0</toplink:timeout>
<toplink:reference-class>ExpiredTripPoller.Trip</toplink:reference-class>
<toplink:cache-usage>primary-key</toplink:cache-usage>
<toplink:lock-mode>none</toplink:lock-mode>
<toplink:container xsi:type="toplink:list-container-policy">
<toplink:collection-type>java.util.Vector</toplink:collection-type>
</toplink:container>
</opm:query>
</opm:queries>
<toplink:does-exist-query xsi:type="toplink:does-exist-query">
<toplink:existence-check>check-database</toplink:existence-check>
</toplink:does-exist-query>
<toplink:read-all-query xsi:type="toplink:read-all-query">
<toplink:reference-class>ExpiredTripPoller.Trip</toplink:reference-class>
<toplink:container xsi:type="toplink:list-container-policy">
<toplink:collection-type>java.util.Vector</toplink:collection-type>
</toplink:container>
</toplink:read-all-query>
</opm:querying>
<opm:attribute-mappings>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>id</opm:attribute-name>
<opm:field table="TRIP" name="ID" xsi:type="opm:column"/>
<opm:attribute-classification>java.math.BigDecimal</opm:attribute-classification>
</opm:attribute-mapping>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>lpn</opm:attribute-name>
<opm:field table="TRIP" name="LPN" xsi:type="opm:column"/>
<opm:attribute-classification>java.lang.String</opm:attribute-classification>
</opm:attribute-mapping>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>startTime</opm:attribute-name>
<opm:field table="TRIP" name="START_TIME" xsi:type="opm:column"/>
<opm:attribute-classification>java.sql.Timestamp</opm:attribute-classification>
</opm:attribute-mapping>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>expiryTime</opm:attribute-name>
<opm:field table="TRIP" name="EXPIRY_TIME" xsi:type="opm:column"/>
<opm:attribute-classification>java.sql.Timestamp</opm:attribute-classification>
</opm:attribute-mapping>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>status</opm:attribute-name>
<opm:field table="TRIP" name="STATUS" xsi:type="opm:column"/>
<opm:attribute-classification>java.math.BigDecimal</opm:attribute-classification>
</opm:attribute-mapping>
</opm:attribute-mappings>
<toplink:descriptor-type>independent</toplink:descriptor-type>
<toplink:caching>
<toplink:cache-type>weak-reference</toplink:cache-type>
<toplink:always-refresh>true</toplink:always-refresh>
</toplink:caching>
<toplink:remote-caching>
<toplink:cache-type>weak-reference</toplink:cache-type>
</toplink:remote-caching>
<toplink:instantiation/>
<toplink:copying xsi:type="toplink:instantiation-copy-policy"/>
<toplink:change-policy xsi:type="toplink:deferred-detection-change-policy"/>
<toplink:tables>
<toplink:table name="TRIP"/>
</toplink:tables>
</opm:class-mapping-descriptor>
</opm:class-mapping-descriptors>
</toplink:object-persistence>
To test I used the above custom SQL at the command line and it filtered the records by EXPIRY_TIME as expected.
When deployed, the polling process updates the STATUS file dof table entries, but all entries with status 0 regardless of EXPIRY_DATE. My modification appears to be being ignored. I was unsure as to whether the QUERY was being determined in some other way so I modified the descriptor (with the toplink expression editor) to compare against a literal time value, producing the following modified toplink_mappings.xml:
<?xml version="1.0" encoding="UTF-8"?>
<toplink:object-persistence version="Oracle TopLink - 10g Release 3 (10.1.3.1.0) (Build 061004)"
xmlns:opm="http://xmlns.oracle.com/ias/xsds/opm" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:toplink="http://xmlns.oracle.com/ias/xsds/toplink"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<opm:name>ExpiredTripPoller</opm:name>
<opm:class-mapping-descriptors>
<opm:class-mapping-descriptor xsi:type="toplink:relational-class-mapping-descriptor">
<opm:class>ExpiredTripPoller.Trip</opm:class>
<opm:alias>Trip</opm:alias>
<opm:primary-key>
<opm:field table="TRIP" name="ID" xsi:type="opm:column"/>
</opm:primary-key>
<opm:events xsi:type="toplink:event-policy"/>
<opm:querying xsi:type="toplink:query-policy">
<opm:queries>
<opm:query name="ExpiredTripPoller" xsi:type="toplink:read-all-query">
<opm:criteria operator="lessThan" xsi:type="toplink:relation-expression">
<toplink:left name="expiryTime" xsi:type="toplink:query-key-expression">
<toplink:base xsi:type="toplink:base-expression"/>
</toplink:left>
<toplink:right xsi:type="toplink:constant-expression">
<toplink:value xsi:type="xsd:date">2007-07-30</toplink:value>
</toplink:right>
</opm:criteria>
<toplink:timeout>0</toplink:timeout>
<toplink:reference-class>ExpiredTripPoller.Trip</toplink:reference-class>
<toplink:cache-usage>primary-key</toplink:cache-usage>
<toplink:lock-mode>none</toplink:lock-mode>
<toplink:container xsi:type="toplink:list-container-policy">
<toplink:collection-type>java.util.Vector</toplink:collection-type>
</toplink:container>
</opm:query>
<opm:query name="findAllTrip" xsi:type="toplink:read-all-query">
<toplink:timeout>0</toplink:timeout>
<toplink:reference-class>ExpiredTripPoller.Trip</toplink:reference-class>
<toplink:cache-usage>primary-key</toplink:cache-usage>
<toplink:lock-mode>none</toplink:lock-mode>
<toplink:container xsi:type="toplink:list-container-policy">
<toplink:collection-type>java.util.Vector</toplink:collection-type>
</toplink:container>
</opm:query>
</opm:queries>
<toplink:does-exist-query xsi:type="toplink:does-exist-query">
<toplink:existence-check>check-database</toplink:existence-check>
</toplink:does-exist-query>
<toplink:read-all-query xsi:type="toplink:read-all-query">
<toplink:reference-class>ExpiredTripPoller.Trip</toplink:reference-class>
<toplink:container xsi:type="toplink:list-container-policy">
<toplink:collection-type>java.util.Vector</toplink:collection-type>
</toplink:container>
</toplink:read-all-query>
</opm:querying>
<opm:attribute-mappings>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>id</opm:attribute-name>
<opm:field table="TRIP" name="ID" xsi:type="opm:column"/>
<opm:attribute-classification>java.math.BigDecimal</opm:attribute-classification>
</opm:attribute-mapping>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>lpn</opm:attribute-name>
<opm:field table="TRIP" name="LPN" xsi:type="opm:column"/>
<opm:attribute-classification>java.lang.String</opm:attribute-classification>
</opm:attribute-mapping>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>startTime</opm:attribute-name>
<opm:field table="TRIP" name="START_TIME" xsi:type="opm:column"/>
<opm:attribute-classification>java.sql.Timestamp</opm:attribute-classification>
</opm:attribute-mapping>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>expiryTime</opm:attribute-name>
<opm:field table="TRIP" name="EXPIRY_TIME" xsi:type="opm:column"/>
<opm:attribute-classification>java.sql.Timestamp</opm:attribute-classification>
</opm:attribute-mapping>
<opm:attribute-mapping xsi:type="toplink:direct-mapping">
<opm:attribute-name>status</opm:attribute-name>
<opm:field table="TRIP" name="STATUS" xsi:type="opm:column"/>
<opm:attribute-classification>java.math.BigDecimal</opm:attribute-classification>
</opm:attribute-mapping>
</opm:attribute-mappings>
<toplink:descriptor-type>independent</toplink:descriptor-type>
<toplink:caching>
<toplink:cache-type>weak-reference</toplink:cache-type>
<toplink:always-refresh>true</toplink:always-refresh>
</toplink:caching>
<toplink:remote-caching>
<toplink:cache-type>weak-reference</toplink:cache-type>
</toplink:remote-caching>
<toplink:instantiation/>
<toplink:copying xsi:type="toplink:instantiation-copy-policy"/>
<toplink:change-policy xsi:type="toplink:deferred-detection-change-policy"/>
<toplink:tables>
<toplink:table name="TRIP"/>
</toplink:tables>
</opm:class-mapping-descriptor>
</opm:class-mapping-descriptors>
</toplink:object-persistence>
On deployment, this version of the BPEL process behaved as expected - only modifying the records with EXPIRY_TIME less thatn the literal time specified. (Also, I can't really pass in the time as a parameter as this is a polling model).
Can anyone shed any light on what is happening or suggest how I might go about polling in the desired way?
Cheers

Please take a look at this article which states SYSDATE is not supported in a
where clause.
http://www.oracle.com/technology/pub/articles/bpel_cookbook/qualcomm-bpel.html
Excerpt from the article:
Here are three important things you should do in implementing the above design:
Have the status of the record being processed stored in the database. The status includes the process state, next process attempt time, and processing attempt count.
Create an updatable view that exposes only records that are ready to be processed. A view is needed because the database adapter cannot handle a where clause that compares against SYSDATE.
Design logic that determines if a process instance that has faulted should be retried and when the retry should occur. This information will be updated in the database by use of a stored procedure. This can also be done with an update partner link and additional logic in BPEL.
mahalo,
a iii

How do I resolve this error in Safari Your page is blocked due to a security policy that prohibits access to Category Remote Proxies"?

I'm trying to access several pages and keep geting "Your page is blocked due to a security policy that prohibits access to Category Remote Proxies" After going over all my security stuff I just can't find where I would correct the error.
Is there anyone who could help me?
Thanks
Fr. Gary

very strange,
1. check time and date on your computer
2. reset network configuration, make sure there are no proxy servers and you get DNS from your router not manual
3. Reset certificates database
Go to Terminal (Applications>Utilities)
sudo rm /var/db/crls/*cache.db
(you will be prompted for your password)
and reboot the computer
post back

Invoke a business service base in a WSDL with customer WS-Security Policy

Customer write a Web service (Refer to the attachment file “HTTPS_PartyServicePortType.WSDL”)which declare a WS-Security Policy and apply this it to WS binding ,How can I generate a business service base in this WSDL and invoke it successfully?
When create a business service in OSB, we get a error with below messages
[[OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.
After enhanced the OSB domain with OWSM extension, we found the OOTB OWSM defined cannot support the HttpsToken and OSB cannot support below WS-Policy defined in OWSM, refer to http://docs.oracle.com/cd/E21764_01/doc.1111/e15866/owsm.htm#OSBDV1681
51.2.8.1 Unsupported Assertion
•     binding-permission-authorization
•     http-security
•     OptimizedMimeSerialization (MTOM)
•     RMAssertion (Reliable Messaging)
•     sca-component-authorization
•     sca-component-permission-authorization
•     UsingAddressing
•     wss-saml-token-bearer-over-ssl (Authentication)
it means that we cannot generate a web service with customer WS-security Policy
The WS-Security Policy is shown as below:
<wsp:Policy wsu:Id="WSHttpBinding_IPartyServicePortType_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy><sp:Basic256/></wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
BestRegards!
Simon

Hi
According to
http://e-docs.bea.com/wls/docs90/webserv/annotations.html#1050414
If you are going to publish the policy file in the Web Service archive, the policy XML file must be located in either the META-INF/policies or WEB-INF/policies directory of the EJB JAR file (for EJB implemented Web Services) or WAR file (for Java class implemented Web Services), respectively.
Can you make sure the policy file is in there?
Also there is a sample from the developer at http://dev2dev.bea.com/blog/jlee/archive/2005/09/how_to_use_anno.html
Vimala-

Create new Security Policy in UME is not available

Hello,
We are on NW CE 7.1 EHP1 and MII 12.1.7 build 47.
I have MII Super Administrator role, few custom roles and I also have Action "Manage_All" and I am able to perform most of the activities on UME but I don't see any option to create new security policies all I can do is modify the Default Security Policy and save it.
It never shows me an option to create new security policy and I am not sure what roles or actions I am missing.
1) Are there any roles or actions that my profile needs to have?
2) Is it something to do with NW CE version or MII version?
3) Has something gone wrong or have we missed some configuration while installing NW CE or MII?
Any suggestions will be of great help
Thanks,
Adarsh

Adarsh,
I am not a NW UME expert, but I know this issue has nothing to do with MII. Not sure if you have rights but providing the Administrators Group for the UME database should allow you to do this.
I would try posting this thread on the NW UME Forum. Modifying policies in NW has nothing to do with MII.
Just to verify what policies are you trying to change, I am assuming they are in NW UME and not MII, is this correct? If they are in MII can you be more specific.
Good luck.

Database Adapter-Insert

Hi,
I am new to BPEL. I am trying to learn through tutorials. I am working on Insert tutorial (Database Adapters).
I was able to compile the project sucessfully in jdev and deploy to Bpel server.
After giving the input and hitting on post xml message the follwing error comes up:
file:/C:/product/10.1.3.1/OracleAS_1/bpel/domains/default/tmp/.bpel_Insert_1.0_3955c8686706b0e75f228f767a18cf38.tmp/InsertService.wsdl [ InsertService_ptt::insert(MoviesCollection) ] - WSIF JCA Execute of operation 'insert' failed due to: DBWriteInteractionSpec Execute Failed Exception.
insert failed. Descriptor name: [Insert.Movies]. [Caused by: JDBC 2.0 feature is not yet implemented]
; nested exception is:
     ORABPEL-11616
DBWriteInteractionSpec Execute Failed Exception.
insert failed. Descriptor name: [Insert.Movies]. [Caused by: JDBC 2.0 feature is not yet implemented]
Caused by Exception [TOPLINK-4002] (Oracle TopLink - 10g Release 3 (10.1.3.1.0) (Build 061004)): oracle.toplink.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: JDBC 2.0 feature is not yet implementedError Code: 0.
Does anyone have idea about this error?
My settings in oc4j_ra.xml are as below:
<connector-factory location="eis/DB/BPELSamples" connector-name="Database Adapter">
          <config-property name="xADataSourceName" value=""/>
          <config-property name="dataSourceName" value=""/>
          <config-property name="platformClassName" value="oracle.toplink.internal.databaseaccess.OraclePlatform"/>
          <config-property name="usesNativeSequencing" value="true"/>
          <config-property name="sequencePreallocationSize" value="50"/>
          <config-property name="defaultNChar" value="false"/>
          <config-property name="usesBatchWriting" value="true"/>
          <config-property name="driverClassName" value="oracle.lite.poljdbc.POLJDBCDriver"/>
          <config-property name="connectionString" value="jdbc:polite4@localhost:1531:orabpel"/>
          <config-property name="userName" value="system"/>
          <config-property name="password" value="manager"/>
          <config-property name="minConnections" value="1"/>
          <config-property name="maxConnections" value="5"/>
          <config-property name="minReadConnections" value="1"/>
          <config-property name="maxReadConnections" value="5"/>
          <config-property name="usesExternalConnectionPooling" value="false"/>
          <config-property name="usesExternalTransactionController" value="false"/>
          <connection-pooling use="none">
          </connection-pooling>
          <security-config use="none">
          </security-config>
     </connector-factory>
and datasources.xml is
<connection-pool name="BPELPM_CONNECTION_POOL">
<connection-factory factory-class="oracle.lite.poljdbc.POLJDBCDriver"
user="system"
password="manager"
url="jdbc:polite4@localhost:1531:orabpel" />
</connection-pool>
<managed-data-source name="BPELServerDataSource"
connection-pool-name="BPELPM_CONNECTION_POOL"
jndi-name="jdbc/BPELServerDataSource" tx-level="global"/>
<managed-data-source name="BPELServerDataSourceWorkflow"
connection-pool-name="BPELPM_CONNECTION_POOL"
jndi-name="jdbc/BPELServerDataSourceWorkflow" tx-level="local"/>

I have a database connection called bpel samples in jdev. Can anyone help me in creating bpel process to insert data in a table using database adapters.
I am not able to get any output for any of the database adapter tutorials. Any hints????
Thanks in advance.
Edited by: user3833651 on Apr 22, 2009 8:17 PM

The database version is only important with the dehydration store. If you are using the adapters to select / delete / update / insert data into your application it comes down to the jdbc drivers. Basically if you are above 8i you should be fine.
olite is a very basic database, and the jdbc drivers are flaky, it's also not based on the Oracle code, therefore is not upgradable if you want to increase performance. You would need to perform some manual steps to migrate to a standard database.
If you are wanting to do basic tutorials and don't want to have a heavy database using all your resources, use oracle XE. No need to pact. If you have a oracle database installed somewhere use that.
http://www.oracle.com/technology/software/products/database/xe/index.html
cheers
James

Security-permission in Resource Adapter?

I added this permission definition to the META-INF/ra.xml file:
<security-permission>
  <description>Test SecurityPermission</description>
  <security-permission-spec>
    grant {
      permission java.security.SecurityPermission "getPolicy";
  </security-permission-spec>
</security-permission>
But when I run
java.security.Policy policy = java.security.Policy.getPolicy();
from the adapter code, I still get a java.security.AccessControlException:
java.security.AccessControlException: access denied (java.security.SecurityPermission getPolicy)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:267)
at
java.security.AccessController.checkPermission(AccessController.java:394)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:540)
at java.security.Policy.getPolicy(Policy.java:121)
What do I do wrong (or have I found a bug ;) ???
BTW: I try to set permissions to read an XML-file from the adapter's jars or rar.
Hans Bausewein

To answer my own question ;-)
The adapter code should wrap the privileged code in a PrivilegedAction.
I've found it in section 10.7 of J2EE Connector Architecture and Enterprise Application Integration by Rahul Sharma:
  http://developer.java.sun.com/developer/Books/j2ee/connectorch10.pdf
Hans

Database Adapter: Insert, relationships, sequences and problems of course

Hello Everyone!!
I'm trying to do an insert in an Oracle Express Database with a database adapter. I'm trying to do the insert in two tables: SOLICITUDES with a column called NUMSOLICITUD that is also the primary key of the table and it's populated from its own sequence and the other table whose name is DOCJUST with a field NUMSOL. SOLICITUDES has a 1:M relationship with DOCJUST and the fields used in this relationship are NUMSOLICITUD and NUMSOL. The problem is that when the adapter do the insert, the first insert made on SOLICITUDES is correct, but when it tries to insert in the DOCJUST table, when it's supposed to insert in NUMSOL the same value inserted in NUMSOLICITUDES instead of that, a NULL value is inserted in NUMSOL so the process fails. Is it because the NUMSOLICITUDES column is populated from a sequence? How can I resolve that?
Thanks!!

Hi,
OK, I found the following article: http://soa-bpel-esb.blogspot.com/2010/04/understanding-catch-and-catchall.html
Using the info from that article I have created a test flow, which contains the same insert database adapter as the production flow. I have placed the Invoke within its own scope and attached a "CatchAll" block to this scope. To this block I have added a "empty" step (do nothing).
In my tests, I see the desired results i.e. the second time I initiate the flow with the same data, the CatchAll block executes, which does nothing, and processing continues after the scope.
So far so good - my query is how would I catch the specific error of unique index violation rather than general catchall?
As before, and assistance/comments greatly appreciated.
Anit

How to apply row level security against the database administrator

I would like an advice in applying row level security against the database administrator. We need to prevent DBA from editing data in some table rows or have any indication that data was corrupted.
There is no problem in viewing the data so we considered one way hash function or digital signature which will be stored in the same table, but we see following disadvantages:
HASH - DBA may use the same hash function to update the stored data after he changes the sensitive row.
Digital signature - the is a need to manage and keep the private key in a safe place outside of DB
Is there additional ways to achieve the aim?

Does VPD helps to prevent from DBA to edit/view a data in specific rows?Yes.
If I correctly understand, DBA has full access to security policy used by VPD to control the access and can grant himself privileges that I don't want.You can to define which users can be exempt of the politics, for the context or by Grant EXEMPT.
This includes DBAs.
The simple fact of being DBA doesn't guarantee the exemption.
Everything goes to depend of the VPD config.

EAP-TLS client security policy enforcement question using ISE

Hi Experts ,
I have remote site connected to HQ wireless controller and cisco ISE used as RADIUS server . I am using EAP-TLS authentication method where client will validate the server certificate and server will validate the client certificate.
I am using EAP-TLS and machine authentication.
In case of server certificate installation using internal PKI (Root CA ) server , I am quite clear that we can create certificate in ISE and can be signed by CA which will be used for EAP-TLS as well. however I am trying to under the client certificate installation.
how does client gets certificate from CA. is there any mechanism used by AD to import the certificate automatically to all the clients ?
and more important is , which certificate will be installed on client machines. Do we need to create certificate first from CA and save in repository and later can be installed same to client machines .... Sorry it could be microsoft AD related question however i am pretty sure that since we as a wireless techie , need to know even client side configuration.
This is all about certificate installation . how about entire security policy which is used for EAP-TLS ?
how will client wireless network adapter properties automatically configured with same SSID which is configured with EAP-TLS along with certificate validation ?
I am not sure ... will it get pushed through AD ? how will it happen ?
It would be really helpful if someone could put light on this ..

Hello Vino,
Some answers below :
how does client gets certificate from CA. is there any mechanism used by AD to import the certificate automatically to all the clients ?
You have templates in the certificate authority to user or machine certificate and you can apply these certificates to a group of machines or users using GPO in the Windows Server 2008.
It can be automatically because the machine can get it using GPO from domain and after can authenticates using 802.1X using these certificates received from this policy.
If you want a user certificate and get it manually you can access the CA too using the URL https://X.X.X.X/certsrv and request manually the user certificate using your domain credentials and install manually to authenticate using EAP-TLS with this user certificate.
In the Cisco ISE Side it needs to have a local certificate from the same client CA or from another CA and the Cisco ISE needs to trust in the clients CA Issuer to accept the client certificate and allow this one to access the network.
In the client side the same happens, the client needs to trust in the Issuer CA for the Cisco ISE certificate to validate ISE certificate and get access to the network.
and more important is , which certificate will be installed on client machines. Do we need to create certificate first from CA and save in repository and later can be installed same to client machines .... Sorry it could be microsoft AD related question however i am pretty sure that since we as a wireless techie , need to know even client side configuration.
If you have a Windows Server with GPO and a CA configured you can use some templates to apply automatically a machine certificate or user certificate to a group of machines or user, in the case of machines it can be get from the domain using GPO and in the case of user certificate it can be get manually or using GPO too.
This is all about certificate installation . how about entire security policy which is used for EAP-TLS ?
The EAP-TLS is the most secured method to use to authenticate devices in the network because you have certificates and you have trusted certificate authority that you trust and only devices who has certificates from these CAs will be allowed to access the network.
Another method very secured is EAP-FAST with machine and user certificate that the ISE will validade both the machine and user certificate before allow this one to get access to the network.
how will client wireless network adapter properties automatically configured with same SSID which is configured with EAP-TLS along with certificate validation ?
You can apply it too using GPO in the Windows Server to a domain machine but when you have a machine that is not a domain machine you can use a user certificate to authenticate this one and need to install manually the user certificate in that machine to authenticate the user to wireless network and create SSID specifying the policy that is EAP-TLS.
Remember that client machine needs to have the CA issuer for the Cisco ISE certificate to trust in the Cisco ISE and get access to the network and the opposite too (ISE needs to have the CA Issuer to trust in the client)
I hope it helps.

An attempt to attach an auto-named database ....\aspnetdb.mdf failed

I've installed VWD 2005(Beta 2) and MS SQL Express and also followed the aspnet tour at http://beta.asp.net/guidedtour2. After trying new webcontrol (login control) and trying to execute the page, I've got an error such as below: An attempt to attach an auto-named database for file c:\inetpub\wwwroot\Demo\App_Data\aspnetdb.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: An attempt to attach an auto-named database for file c:\inetpub\wwwroot\Demo\App_Data\aspnetdb.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SqlException (0x80131904): An attempt to attach an auto-named database for file c:\inetpub\wwwroot\Demo\App_Data\aspnetdb.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.] System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +684979 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +207 System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +1751 System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK) +32 System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +601 System.Data.SqlClient.SqlInternalConnectionTds..ctor(SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +159 System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +346 System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) +28 System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +445 System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +66 System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +304 System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +85 System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +105 System.Data.SqlClient.SqlConnection.Open() +111 System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, Boolean revertImpersonate) +126 System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation) +239 System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String username, Int32& status, String& password, Int32& passwordFormat, String& passwordSalt, Int32& failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, Boolean& isApproved) +815 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +80 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved) +42 System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +78 System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +161 System.Web.UI.WebControls.Login.AttemptLogin() +94 System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +101 System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35 System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +115 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +134 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5670
can anyone help me to solve the problem... thanks

mfauziii wrote:
I've installed VWD 2005(Beta 2) and MS SQL Express and also followed the aspnet tour at http://beta.asp.net/guidedtour2. After trying new webcontrol (login control) and trying to execute the page, I've got an error such as below: An attempt to attach an auto-named database for file c:\inetpub\wwwroot\Demo\App_Data\aspnetdb.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: An attempt to attach an auto-named database for file c:\inetpub\wwwroot\Demo\App_Data\aspnetdb.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SqlException (0x80131904): An attempt to attach an auto-named database for file c:\inetpub\wwwroot\Demo\App_Data\aspnetdb.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.] System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +684979 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +207 System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +1751 System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK) +32 System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +601 System.Data.SqlClient.SqlInternalConnectionTds..ctor(SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +159 System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +346 System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) +28 System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +445 System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +66 System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +304 System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +85 System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +105 System.Data.SqlClient.SqlConnection.Open() +111 System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, Boolean revertImpersonate) +126 System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation) +239 System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String username, Int32& status, String& password, Int32& passwordFormat, String& passwordSalt, Int32& failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, Boolean& isApproved) +815 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +80 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved) +42 System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +78 System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +161 System.Web.UI.WebControls.Login.AttemptLogin() +94 System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +101 System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35 System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +115 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +134 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5670
can anyone help me to solve the problem... thanks

Failing to attach WS-Policy to ProxyService in OSB

Im trying to attach a policy to a proxyservice. I'm attaching wss_username_token_service_policy from the list from the OWSM. I also set it to consume the ws-security headers but when i deploy i get the following message:
[OSB Kernel:398139]The binding type of service Common/ProxyServices/PS_CardManagementService is based on wsdl, the service should have ws-policy configuration.
The weird thing is that i've build other services in exact the same way (wsdl wise) and they all deployed and worked without a problem. I've rebuild the PS from the wsdl a couple of times but it doesnt seem to fix the problem.
I can add the policy using the SB console without a problem and it also works correct.
Can anyone tell me what is wrong?
Thanks in advance!

Seems it has something to do with the mds-owsm. When i look in the log i see:
[2011-06-20T20:42:59.897+02:00] [osb_server1] [WARNING] [WSM-02101] [oracle.wsm.resources.policymanager] [tid: [ACTIVE].ExecuteThread: '16' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: OracleSystemUser] [ecid: 0000J2iNDuu7y0G_yx0FyW1Dvr15000G7J,0] [APP: wsm-pm] [dcid: ae78371b7bf314eb:1452020e:1306f4fcdbe:-7ffd-0000000000000117] Generic Oracle WSM Policy Manager error.[[
oracle.mds.exception.MDSRuntimeException: weblogic.common.resourcepool.ResourceDisabledException: Pool mds-owsm is Suspended, cannot allocate resources to applications..
     at oracle.mds.internal.persistence.db.BaseReposAccess.<init>(BaseReposAccess.java:360)
     at oracle.mds.internal.persistence.db.shredded.ShreddedReposAccess.<init>(ShreddedReposAccess.java:274)
     at oracle.mds.internal.persistence.db.shredded.ShreddedDBMSConnection.createReposAccess(ShreddedDBMSConnection.java:444)
     at oracle.mds.internal.persistence.db.BaseDBMSConnection.getOrCreateReposAccess(BaseDBMSConnection.java:2072)
     at oracle.mds.internal.persistence.db.BaseDBMSCVersionSupport.getDocument(BaseDBMSCVersionSupport.java:286)
     at oracle.mds.persistence.DelegatingMSConnectionVersionSupport.getDocument(DelegatingMSConnectionVersionSupport.java:72)
     at oracle.mds.internal.persistence.PManagerVersionSupportImpl.getDocument(PManagerVersionSupportImpl.java:255)
     at oracle.mds.core.MOState.getTipPDocument(MOState.java:981)
     at oracle.mds.core.MOState.checkStaleVersion(MOState.java:893)
     at oracle.mds.core.MOState.checkStalenessDocFromBuilder(MOState.java:723)
     at oracle.mds.core.MOState.getIsStaleLastModified(MOState.java:537)
     at oracle.mds.core.MOContent.getIsStaleLastModified(MOContent.java:267)
     at oracle.mds.core.MetadataObject.isStale(MetadataObject.java:721)
     at oracle.wsm.mds.MDSAccessor.getLatestMOCopy(MDSAccessor.java:1388)
     at oracle.wsm.mds.MDSAccessor.getMetadataObjectAsMO(MDSAccessor.java:1506)
     at oracle.wsm.mds.MDSAccessor.getStoreLastUpdatedDate(MDSAccessor.java:1629)
     at oracle.wsm.policymanager.impl.UpdateService.seed(UpdateService.java:1885)
     at oracle.wsm.policymanager.impl.UpdateService.<init>(UpdateService.java:238)
     at oracle.wsm.policymanager.impl.QueryService.seed(QueryService.java:2443)
     at oracle.wsm.policymanager.impl.QueryService.<init>(QueryService.java:217)
     at oracle.wsm.policymanager.impl.PolicyAccessService.getQueryService(PolicyAccessService.java:259)
     at oracle.wsm.policymanager.impl.PolicyAccessService.getPoliciesByPolicyReferencesMap(PolicyAccessService.java:214)
     at oracle.wsm.policymanager.impl.PolicyAccessService.getPoliciesAsStringsByPolicyReferencesMap(PolicyAccessService.java:348)
     at sun.reflect.GeneratedMethodAccessor925.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
     at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
     at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
     at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
     at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
     at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
     at $Proxy216.getPoliciesAsStringsByPolicyReferencesMap(Unknown Source)
     at oracle.wsm.policymanager.ejb.impl.PolicyAccessService_elx95s_IStringPolicyAccessServiceRemoteImpl.getPoliciesAsStringsByPolicyReferencesMap(PolicyAccessService_elx95s_IStringPolicyAccessServiceRemoteImpl.java:188)
     at oracle.wsm.policymanager.ejb.impl.PolicyAccessService_elx95s_IStringPolicyAccessServiceRemoteImpl_WLSkel.invoke(Unknown Source)
     at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
     at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
     at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
     at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
     at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: oracle.mds.internal.persistence.db.fcf.MDSDBIOException: weblogic.common.resourcepool.ResourceDisabledException: Pool mds-owsm is Suspended, cannot allocate resources to applications..
     at oracle.mds.internal.persistence.db.JNDIConnectionManagerImpl.fetchConnection(JNDIConnectionManagerImpl.java:96)
     at oracle.mds.internal.persistence.db.ConnectionManager.getConnection(ConnectionManager.java:347)
     at oracle.mds.internal.persistence.db.BaseReposAccess.<init>(BaseReposAccess.java:347)
     ... 53 more
Caused by: weblogic.jdbc.extensions.PoolDisabledSQLException: weblogic.common.resourcepool.ResourceDisabledException: Pool mds-owsm is Suspended, cannot allocate resources to applications..
     at weblogic.jdbc.common.internal.JDBCUtil.wrapAndThrowResourceException(JDBCUtil.java:251)
     at weblogic.jdbc.common.internal.RmiDataSource.getPoolConnection(RmiDataSource.java:344)
     at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:360)
     at oracle.mds.internal.persistence.db.JNDIConnectionManagerImpl.fetchConnection(JNDIConnectionManagerImpl.java:91)
     ... 55 moreI tried stopping an starting the datasource but that didnt do much. Can anyone tell me how I can fix this?
Much thanks!

Password indirection for database adapter

Does the database adapter support the use of thge password indirection feature? I refer to the topic Creating an Indirect Password in the OC4J J2EE Security Guide, see http://download-east.oracle.com/docs/cd/B14099_15/web.1012/b14013/passman.htm#sthref746,
oc4j-ra.xml is not listed.

you will notice a JNDI name for this e.g. eis/DB/... this is used to look at the Application Server configuration. If it doesn't exist then it will use the credentials used as design time. Not good asthe connection will be fore development mainly.
you can safely remove the mcf setting from the wsdl so it will always force the AS connection. this is good practice.
To configure the AS configuration there is the oc4j-ra.xml file for the DB adapter. Or you can configure in Enterprise Manager
EM -> oc4j_soa (home if basic install) -> Administration -> JDBC Resources
configure a connection pool and data source
then create a JNDI name entry for the DB adapter
EM -> oc4j_soa (home if basic install) -> Applications -> Drop Down box select Adapter Resources -> DB Adapter
Use the examples. You will see that the connect string = jdbc/DBName
cheers
James

Attaching Security policy to Database Adapter

Similar Messages

Maybe you are looking for