auth-method BASIC with custom realm
I've set up my web.xml with <auth-method>BASIC, and I've defined a custom realm
for authentication. When I enter a valid userid/password at login, I can trace
authUserPassword() in my custom realm, and I can see that it is returning an object
which is a subclass of weblogic.security.acl.User, as it should. However, rather
than acknowledging a successful login and moving on, the login dialog is redisplayed,
(minus password). Further attempts to enter the same userid/password don't invoke
authUserPassword(), presumably since the "failed" login is still cached. What
am I missing?
Have a look in the web server log to see under what account the failed
accesses took place, that will help in identifying the cause.
"Bill Welch" <[email protected]> wrote in message
news:3b2a6431$[email protected]..
>
I've set up my web.xml with <auth-method>BASIC, and I've defined a customrealm
for authentication. When I enter a valid userid/password at login, I cantrace
authUserPassword() in my custom realm, and I can see that it is returningan object
which is a subclass of weblogic.security.acl.User, as it should. However,rather
than acknowledging a successful login and moving on, the login dialog isredisplayed,
(minus password). Further attempts to enter the same userid/passworddon't invoke
authUserPassword(), presumably since the "failed" login is still cached.What
am I missing?
Similar Messages
-
Urgent-------ACLs with Custom Realm.
Can anyone list acls that have to define in my Custom Realm to start default server
successfully?
Thanks.Have a look in the web server log to see under what account the failed
accesses took place, that will help in identifying the cause.
"Bill Welch" <[email protected]> wrote in message
news:3b2a6431$[email protected]..
>
I've set up my web.xml with <auth-method>BASIC, and I've defined a customrealm
for authentication. When I enter a valid userid/password at login, I cantrace
authUserPassword() in my custom realm, and I can see that it is returningan object
which is a subclass of weblogic.security.acl.User, as it should. However,rather
than acknowledging a successful login and moving on, the login dialog isredisplayed,
(minus password). Further attempts to enter the same userid/passworddon't invoke
authUserPassword(), presumably since the "failed" login is still cached.What
am I missing? -
Authorization with custom realm
Hello,
I have created a custom realm to access user and role information stored in a database. It is working fine for authentication. However, the Subject, Principal, and roles/groups do not seem to be used for later authorization steps. How should this information be stored so that the containers can access it?
In particular, when enabling security constraints in web.xml to limit the access of a particular url to a particular role, that url can never be accessed. The server generates messages implying that the user is not logged in:
Checking Web Permission with Principals : null
Checking with Principal : nonlogin-principal
Any suggestions on how to appropriately store the login information would be appreciated.
Thanks!I have had a custom realm that handles ACLs since 5.1. My question is I want to
mix it with the out-of-the box ldaprealm v2. I was hoping for a failover mechanism
where I can supply a custom realm that knows how to authorize and leave it up
to the canned ldaprealm to authenticate. The filerealm behaves in such a manner,
does it not.
I will try your idea about extending the ldaprealm. But, the challenge will be
in dealing with the delegate.
"Utpal" <[email protected]> wrote:
If you extend the weblogic.security.ldaprealmv2.LDAPRealm and implements
newAcl, deleteAcl, newPermission,
setPermission etc, I think it's doable.
=========
public class weblogic.security.ldaprealmv2.LDAPRealm extends
weblogic.security.a
cl.AbstractListableRealm implements weblogic.security.acl.DebuggableRealm
=========
-utpal
"Utpal" <[email protected]> wrote in message
news:[email protected]..
Why don't you use the Custom Security Realm? You can construct an ACLin a
custom seecurity realm.
http://edocs.beasys.com/wls/docs61/security/prog.html#1042361
-utpal
"Ziad Kurdi" <[email protected]> wrote in message
news:3c9b4c80$[email protected]..
Is there a way in 6.1 to use the supplied LDAP Realm V2 for
authentication
and
managing groups, but enhance it with ACL's (stored in a database)
for
authorization?
Obviously, I would like to take advantage of the server's caching
realm
capabilities.
I currently running a custom realm (from 5.1 which works in 6.1)
that
mixes LDAP
authentication, group management, and DB ACL's for authorization,
but I
no
longer
wish to capture the user's password (due to sorporate policies) and
would
like
to avoid maitaining the authentication code.
Thanks in advance for any assistance. -
Recursion Problem with custom realms built on EJB's
Hello there,
We have developed a web-app which uses authentication on a derivative of
RDBMSRealm, except that instead of RDBMSDelegate we have created our
'EJBDelegate' to do all of our database dirtywork. Unfortunately there
appears to be a problem that after a certain length of time some
security check happens in the EJB layer, which calls getUser(), which
calls the EJB layer, and I am stuck in an infinite recursive loop.
Ideal solution - I disable security for the EJB's entirely as we view
web-app level security as sufficient.
Any ideas on where I might find such a setting?
Thanks much,
Daniel Wabyick
Server Applications Engineer
Fluid, Inc.
http://www.fluid.comHi Tony,
i got the same problem as described on :
Use of "displaytag" on WebAS 6.4
Did you already found a solution how to deal with this displaytag-tld problem?
hope to hear from you. thx in advance,
lars -
FORM auth-method not working, it still gives a BASIC type pop-up box.
Hi All,
I'm trying to secure a web application running on Web As 7. I created a login module stack and put it into web-j2ee-engine.xml along with the security role map...
<login-module-configuration>
<login-module-stack>
<login-module>
<login-module-name>EvaluateTicketLoginModule</login-module-name>
<flag>sufficient</flag>
<options>
<option>
<name>ume.configuration.active</name>
<value>true</value>
</option>
</options>
</login-module>
<login-module>
<login-module-name>BasicPasswordLoginModule</login-module-name>
<flag>requisite</flag>
</login-module>
<login-module>
<login-module-name>CreateTicketLoginModule</login-module-name>
<flag>optional</flag>
<options>
<option>
<name>ume.configuration.active</name>
<value>true</value>
</option>
</options>
</login-module>
</login-module-stack>
<password-change-config/>
</login-module-configuration>
<security-role-map>
<role-name>AppEveryone</role-name>
<server-role-name>all</server-role-name>
</security-role-map>
Then I added the auth-method, security-role, and security-constraint to the web.xml file...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>AppRealm</realm-name>
</login-config>
<security-role>
<description>AppEveryone</description>
<role-name>AppEveryone</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>General access restriction</web-resource-name>
<description>
</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>AppEveryone</description>
<role-name>AppEveryone</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
... and everything works fine. If the user allready has a logon ticket they get right into the application, and if they don't have a ticket, a standard web-browser dialogue box pops-up and asks for a username and password. If they authenticate with the dialogue box, they are then given a logon ticket and sent to the application.
So now I want to use an html page rather than the dialog-pop-up box for entering the username and password. So from what I can tell, I still need to use the BasicPasswordLoginModule but I need to change the login-config section of web.xml.
So I changed the <login-config> section of the web.xml to this...
<login-config>
<auth-method>FORM</auth-method>
<realm-name>AppRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
I then created the login.html and error.html files and put them in the same directory as the .WAR file (I also put copies in the \root directory incase my path wasn't right). They are as follows...
<b>login.html</b> -
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Test: Login Form</title>
</head>
Login Form
Welcome to the login page.
You will have to authenticate to get access to the secure area: <form method="POST" action="j_security_check"> Username: <input type="text" name="j_username">
Password: <input type="password" name="j_password">
<input type="submit" value="Login"> <input type="reset" value="Reset">
</form>
</html>
<b>error.html</b> -
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Test: Error logging in</title>
</head>
<body bgcolor="#FFFFFF">
Error Logging In...
I am sorry, you must have put in the wrong username/password.
</body>
</html>
But for whatever reason I'm still getting the browser pop-up box instead of my form when I try to access the application. What am I doing wrong? I am making all these changes after the app has been deployed, do these changes to the xml files need to be done during the build phase? If anybody has any ideas please let me know... you will be rewarded.The issue has been resolved. There was no interesting work-a-round or fix involved.
-
Custom Realm Bug in WebLogic SP3?
I recently upgraded WebLogic 6.1 from SP1 to SP3 and am now
receiving a ClassCastException when invoking the checkPermission
method on a Custom realm ACL that extends weblogic.security.acl.AclImpl.
This code worked fine in SP1. It seems that other developers
have experienced this problem when applying service packs to
WebLogic 5. Any one else encountering this problem with
WebLogic 6 and what is the workaround? (Stack trace attached)
TIA
[aclimplexception.txt]I was unable to determine the cause of the problem, but I was
able to identify that AclImpl was changed between SP1 and SP3.
I updated SP3's weblogic.jar with the weblogic.security.acl.AclImpl
class in the weblogic.jar from SP1 and the exception went away.
I did not see anything in the release notes for SP2 and SP3
that indicate what may have changed. Does anyone know?
"Jason Southern" <[email protected]> wrote:
>
>
>
I recently upgraded WebLogic 6.1 from SP1 to SP3 and am now
receiving a ClassCastException when invoking the checkPermission
method on a Custom realm ACL that extends weblogic.security.acl.AclImpl.
This code worked fine in SP1. It seems that other developers
have experienced this problem when applying service packs to
WebLogic 5. Any one else encountering this problem with
WebLogic 6 and what is the workaround? (Stack trace attached)
TIA -
Hi everyone! I have a problem that got the better of me yesterday, and I hope that I can get some hints here.
I'm trying to deploy an application as a *.war file on WebLogic (10.3.2.0), and in the web.xml file I have defined a security realm, but when it is deployed the default myrealm seems to be used insteadand logging in doesn't work.
In the web.xml file it looks like this:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>mysystem-rest</realm-name>
</login-config>
In jaas.config:
mysystem-rest
xx.xxxxx.xxxxxxxxxxxxx.xxxxxxxxxxxxx.xxxxx.loginmodule required dataSourceName="java:comp/env/jdbc/MYSYSTEMDS";
Any ideas? Should I have a weblogic.xml file in the deployment?Hi,
web.xml file must exist under the root element <web-app>.
Please refer the following to configure your web application. Let me know if it is useful:
http://docs.oracle.com/cd/E13222_01/wls/docs81/webapp/web_xml.html
http://docs.oracle.com/cd/E13222_01/wls/docs92/secwlres/secejbwar.html
http://docs.oracle.com/cd/E12840_01/wls/docs103/security/thin_client.html
Edited by: 901081 on May 31, 2012 1:56 PM -
Hi,
I try to use JAAS authentication with custom Realm. So I invoke it like that:
subject = Authentication.login("myCustomRealm", new MyCustomCallbackHandler( ...
I have a "myCustomRealm" in my console and it seems to be configured correctly.
When I use a function 'Validate this Security Realm' i get 'The realm myCustomRealm
has been validated successfully'.
However, when I run the application I get an exception:
weblogic.security.service.InvalidParameterException[Security:090396]: Realm myCustomRealm
does not exist.
Any idea what can be a problem ?
Thanks
Marcin Stanski"Marcin Stanski" <[email protected]> wrote in message
news:3fb35d55$[email protected]..
>
Hi,
I try to use JAAS authentication with custom Realm. So I invoke it likethat:
>
>
subject = Authentication.login("myCustomRealm", newMyCustomCallbackHandler( ...
I have a "myCustomRealm" in my console and it seems to be configuredcorrectly.
When I use a function 'Validate this Security Realm' i get 'The realmmyCustomRealm
has been validated successfully'.
However, when I run the application I get an exception:
weblogic.security.service.InvalidParameterException[Security:090396]:Realm myCustomRealm
does not exist.
Any idea what can be a problem ?
Make sure that myCustomRealm is set as the default realm. -
Help with Weblogic 6 sp1 Custom Realm !!!!
We are trying to run Weblogic 6.0 sp1 with our current environment (ejb 1.1, custom
security realm)
We can compile and deploy our ejb 1.1 beans. We wish to start with ejb1.1 and
move to ejb2.0 once we can get our custom security working.
The JDBC connection pools are fine.
Our custom security realm uses LDAP for user authentication and an Oracle table
for authorization (acls).
Earlier, I wrote to the board and received the below following instructions to
use our existing custom realm in wl 60. You can read below, but I followed these
instructions on Solaris 5.6.
1. I ensured the SunOS patches were up to date.
2. We ensured the LD_LIBRARY_PATH reflected weblogic 6 (and not 5.1). We moved
the 5.1 classes over to wl6.
3. We copied our custom realm properties file to the weblogic root and/or the
config subdirectory (tried them both).
4. We ensured the security realm class we wrote is in the classpath (we bunch
all our serverside classes in a jar file anyway).
5. Then we created a custom realm via the console – name BFXRealm and it’s
class name <package>.BFXRealm, left configuration box blank.
6. Then we created a custom caching realm BFXCachingREalm and set its basic realm
as the custom realm, BFXRealm. All of the enable caches are checked to true.
7. Then we set the default realm to the BFXCachingRealm.
Now, when we perform a query, the everyone group should be implied. We don’t
implement LDAP lookup on queries. If I try to run a query from a client, I see
the client box connecting with the server:
Last line - you can see the client box connecting to the server -
<May 30, 2001 2:20:07 PM EDT> <Info> <J2EE> <Deployed : DefaultWebApp_myserver>
<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <WebLogic Server started>
<May 30, 2001 2:20:07 PM EDT> <Info> <Configuration Management> <Backed up booted
configuration /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml
at /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml.booted>
<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <ListenThread listening
on port 7001>
<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <SSLListenThread listening
on port 7002>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <System has file
descriptor limits of - soft: '1024', hard: '1024'>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Using effective
file descriptor limit of: '1024' open sockets/files.>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Allocating: '3'
POSIX reader threads>
<May 30, 2001 2:20:23 PM EDT> <Info> <HTTP> <[HTTP myserver] Created log stream
/opt/apps/weblogic/beasp1/wlserver6.0sp1/config/mydomain/logs/access.log>
<May 30, 2001 2:21:50 PM EDT> <Info> <WebLogicServer> <Adding address: 152.51.164.233/152.51
The client receives the error:
javax.naming.AuthenticationException. Root exception is java.lang.SecurityException:
Authentication
for user aws4270 denied in realm weblogic
It’s as if the fileRealm.properties is only being looked at. We do not
use this for our user/groups/acls in wl5.1.0 and we do not want to in wl6
For “fun”, I added a user to the fileRealm.properties file via the
console and ran a client query. It worked.
But when I tried to call an ejbCreate from the client, I received these errors
from the server:
BFXSecurityRealmException is a custom exception we have written. A query works
but a create does not - obviously cannot get to acl in database (?)
and why the ejb20 errors? We just want to start with ejb 1.1
In SeqStoreSecurityHelper.isUserAuthorized(): schema = seqStore.INTNUC, class
= bioseq, project = HIPPI, permission = create
<May 30, 2001 2:50:10 PM EDT> <Info> <EJB> <EJB Exception in method: ejbCreate:
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBean.ejbCreate(BioSequenceBean.java:1562)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanImpl.ejbCreate(BioSequenceBeanImpl.java:833)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.ejb20.manager.DBManager.create(DBManager.java:408)
at weblogic.ejb20.internal.EntityEJBHome.create(EntityEJBHome.java:353)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl.create(BioSequenceBeanHomeImpl.java:111)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl_WLSkel.invoke(BioSequenceBeanHomeImpl_WLSkel.java:78)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:128)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:118)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The client receives the error:
java.rmi.RemoteException: EJB Exception:; nested exception is:
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
o
ccurred.
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.
HOW CAN WE GET THE SERVER TO BYPASS FILEREALM and use BFXREALM ???????????
Thanks,
Anne
Subject: Re: Do Custom Security Realms have to use Mbeans?
Date: 17 May 2001 06:38:23 -0800
From: "Tom Moreau" <[email protected]>
Newsgroup: weblogic.developer.interest.security
Yes this can be done. Here's how:
1) I'll assume that the classname to your custom realm is "com.yourcompany.YourCustomRealm"
2) I'll assume that your custom realm has some kind of properties file from which
it reads its configuration data. Let's call this file "YourCustomRealm.properties"
3) Copy YourCustomRealm.properties to every machine that you're running wls on
(you are probably already doing this today).
4) Make sure that com.yourcompany.YourCustomRealm is in the classpath when you
start wls (you should already be doing this today)
5) In 5.1, there used to be some utility classes that customers used for their
custom realms - something about Pools & Factories. These have been renamed in
6.0. If you're using these classes, then go to your 5.1 weblogic jar file and
pull out these classes and add them to your classpath for 6.0.
6) In the console, create a custom realm and set it's realm class name to com.yourcompany.YourCustomRealm.
Leave the configuration data section blank.
7) In the console, configure your custom realm as the alternate realm. That is,
create a caching realm and set it's basic realm to your custom realm, then set
the realm's caching realm to the caching realm you just created.
I'm pretty sure this should work for you. We did this to provide a patch that
let 6.0 users uses the LDAPRealm rewrite from 5.1.
The downside is that you don't get single point of administration - that is, you
have to make your custom realm's configuration data (YourCustomRealm.properties)
available on all the machines you're running WLS on. If you rework your custom
realm, then the configuration data gets put in the custom realm configuration
you create via the console and automatically copied to other machines for you.
- TomWe are trying to run Weblogic 6.0 sp1 with our current environment (ejb 1.1, custom
security realm)
We can compile and deploy our ejb 1.1 beans. We wish to start with ejb1.1 and
move to ejb2.0 once we can get our custom security working.
The JDBC connection pools are fine.
Our custom security realm uses LDAP for user authentication and an Oracle table
for authorization (acls).
Earlier, I wrote to the board and received the below following instructions to
use our existing custom realm in wl 60. You can read below, but I followed these
instructions on Solaris 5.6.
1. I ensured the SunOS patches were up to date.
2. We ensured the LD_LIBRARY_PATH reflected weblogic 6 (and not 5.1). We moved
the 5.1 classes over to wl6.
3. We copied our custom realm properties file to the weblogic root and/or the
config subdirectory (tried them both).
4. We ensured the security realm class we wrote is in the classpath (we bunch
all our serverside classes in a jar file anyway).
5. Then we created a custom realm via the console – name BFXRealm and it’s
class name <package>.BFXRealm, left configuration box blank.
6. Then we created a custom caching realm BFXCachingREalm and set its basic realm
as the custom realm, BFXRealm. All of the enable caches are checked to true.
7. Then we set the default realm to the BFXCachingRealm.
Now, when we perform a query, the everyone group should be implied. We don’t
implement LDAP lookup on queries. If I try to run a query from a client, I see
the client box connecting with the server:
Last line - you can see the client box connecting to the server -
<May 30, 2001 2:20:07 PM EDT> <Info> <J2EE> <Deployed : DefaultWebApp_myserver>
<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <WebLogic Server started>
<May 30, 2001 2:20:07 PM EDT> <Info> <Configuration Management> <Backed up booted
configuration /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml
at /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml.booted>
<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <ListenThread listening
on port 7001>
<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <SSLListenThread listening
on port 7002>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <System has file
descriptor limits of - soft: '1024', hard: '1024'>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Using effective
file descriptor limit of: '1024' open sockets/files.>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Allocating: '3'
POSIX reader threads>
<May 30, 2001 2:20:23 PM EDT> <Info> <HTTP> <[HTTP myserver] Created log stream
/opt/apps/weblogic/beasp1/wlserver6.0sp1/config/mydomain/logs/access.log>
<May 30, 2001 2:21:50 PM EDT> <Info> <WebLogicServer> <Adding address: 152.51.164.233/152.51
The client receives the error:
javax.naming.AuthenticationException. Root exception is java.lang.SecurityException:
Authentication
for user aws4270 denied in realm weblogic
It’s as if the fileRealm.properties is only being looked at. We do not
use this for our user/groups/acls in wl5.1.0 and we do not want to in wl6
For “fun”, I added a user to the fileRealm.properties file via the
console and ran a client query. It worked.
But when I tried to call an ejbCreate from the client, I received these errors
from the server:
BFXSecurityRealmException is a custom exception we have written. A query works
but a create does not - obviously cannot get to acl in database (?)
and why the ejb20 errors? We just want to start with ejb 1.1
In SeqStoreSecurityHelper.isUserAuthorized(): schema = seqStore.INTNUC, class
= bioseq, project = HIPPI, permission = create
<May 30, 2001 2:50:10 PM EDT> <Info> <EJB> <EJB Exception in method: ejbCreate:
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBean.ejbCreate(BioSequenceBean.java:1562)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanImpl.ejbCreate(BioSequenceBeanImpl.java:833)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.ejb20.manager.DBManager.create(DBManager.java:408)
at weblogic.ejb20.internal.EntityEJBHome.create(EntityEJBHome.java:353)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl.create(BioSequenceBeanHomeImpl.java:111)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl_WLSkel.invoke(BioSequenceBeanHomeImpl_WLSkel.java:78)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:128)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:118)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The client receives the error:
java.rmi.RemoteException: EJB Exception:; nested exception is:
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
o
ccurred.
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.
HOW CAN WE GET THE SERVER TO BYPASS FILEREALM and use BFXREALM ???????????
Thanks,
Anne
Subject: Re: Do Custom Security Realms have to use Mbeans?
Date: 17 May 2001 06:38:23 -0800
From: "Tom Moreau" <[email protected]>
Newsgroup: weblogic.developer.interest.security
Yes this can be done. Here's how:
1) I'll assume that the classname to your custom realm is "com.yourcompany.YourCustomRealm"
2) I'll assume that your custom realm has some kind of properties file from which
it reads its configuration data. Let's call this file "YourCustomRealm.properties"
3) Copy YourCustomRealm.properties to every machine that you're running wls on
(you are probably already doing this today).
4) Make sure that com.yourcompany.YourCustomRealm is in the classpath when you
start wls (you should already be doing this today)
5) In 5.1, there used to be some utility classes that customers used for their
custom realms - something about Pools & Factories. These have been renamed in
6.0. If you're using these classes, then go to your 5.1 weblogic jar file and
pull out these classes and add them to your classpath for 6.0.
6) In the console, create a custom realm and set it's realm class name to com.yourcompany.YourCustomRealm.
Leave the configuration data section blank.
7) In the console, configure your custom realm as the alternate realm. That is,
create a caching realm and set it's basic realm to your custom realm, then set
the realm's caching realm to the caching realm you just created.
I'm pretty sure this should work for you. We did this to provide a patch that
let 6.0 users uses the LDAPRealm rewrite from 5.1.
The downside is that you don't get single point of administration - that is, you
have to make your custom realm's configuration data (YourCustomRealm.properties)
available on all the machines you're running WLS on. If you rework your custom
realm, then the configuration data gets put in the custom realm configuration
you create via the console and automatically copied to other machines for you.
- Tom -
Required methods in custom realms
Can anyone help.Being very new to this topic I have a few questions.I have been tasked to the job of constructing a custom security realm. All I want to do in this realm is to authenticated users, all the other tasks are to be passed to the caching realm, and therefore the WLSRealm.My questions are, What methods as an absolute minimum would I need to implement to supply the WLS with what It needs?What is the calling sequence of events made by the WLS against the realm?Were can I find more information regarding custom realms?RegardsPaul.
Hi,
Thank you for your question.
We are currently looking into this issue and will give you an update as soon as possible.
Thank you for your understanding and support.
Linda Li
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Linda Li
TechNet Community Support -
Custom Auth. Object with Profile and role assignment not working
Hi,
I have created custom Authorization Object with field ACTVT with allowed values - 01,02, 03. Now test it with custom program using AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ' it is working fine and returning sy-subrc 12. At this point i have not created any role using this Auth Object.
Now I have created custom role ZPM_**** and assigned above Auth object to it with value ACTVT 03. Assigned this role to user.
When I try to test the above custom program with any ACTVT value it is giving sy-subrc as 0. Used below custom code in program.
AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ'
ID 'ACTVT' FIELD '01'.
Am I missing anything? The profiles are generated correctly.
Best Regards,
NileshBelow are the screen shots for PFCG:
-
Client certificate authentication with custom authorization for J2EE roles?
We have a Java application deployed on Sun Java Web Server 7.0u2 where we would like to secure it with client certificates, and a custom mapping of subject DNs onto J2EE roles (e.g., "visitor", "registered-user", "admin"). If we our web.xml includes:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>certificate</realm-name>
<login-config>that will enforce that only users with valid client certs can access our app, but I don't see any hook for mapping different roles. Is there one? Can anyone point to documentation, or an example?
On the other hand, if we wanted to create a custom realm, the only documentation I have found is the sample JDBCRealm, which includes extending IASPasswordLoginModule. In our case, we wouldn't want to prompt for a password, we would want to examine the client certificate, so we would want to extend some base class higher up the hierarchy. I'm not sure whether I can provide any class that implements javax.security.auth.spi.LoginModule, or whether the WebServer requires it to implement or extend something more specific. It would be ideal if there were an IASCertificateLoginModule that handled the certificate authentication, and allowed me to access the subject DN info from the certificate (e.g., thru a javax.security.auth.Subject) and cache group info to support a specialized IASRealm::getGroupNames(string user) method for authorization. In a case like that, I'm not sure whether the web.xml should be:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>MyRealm</realm-name>
<login-config>or:
<login-config>
<auth-method>MyRealm</auth-method>
<login-config>Anybody done anything like this before?
--ThanksWe have JDBCRealm.java and JDBCLoginModule.java in <ws-install-dir>/samples/java/webapps/security/jdbcrealm/src/samples/security/jdbcrealm. I think we need to tweak it to suite our needs :
$cat JDBCRealm.java
* JDBCRealm for supporting RDBMS authentication.
* <P>This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* <P>In order to plug in a realm into the server you need to
* implement both a login module (see JDBCLoginModule for an example)
* which performs the authentication and a realm (as shown by this
* class) which is used to manage other realm operations.
* <P>A custom realm should implement the following methods:
* <ul>
* <li>init(props)
* <li>getAuthType()
* <li>getGroupNames(username)
* </ul>
* <P>IASRealm and other classes and fields referenced in the sample
* code should be treated as opaque undocumented interfaces.
final public class JDBCRealm extends IASRealm
protected void init(Properties props)
throws BadRealmException, NoSuchRealmException
public java.util.Enumeration getGroupNames (String username)
throws InvalidOperationException, NoSuchUserException
public void setGroupNames(String username, String[] groups)
}and
$cat JDBCLoginModule.java
* JDBCRealm login module.
* <P>This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* <P>In order to plug in a realm into the server you need to implement
* both a login module (as shown by this class) which performs the
* authentication and a realm (see JDBCRealm for an example) which is used
* to manage other realm operations.
* <P>The PasswordLoginModule class is a JAAS LoginModule and must be
* extended by this class. PasswordLoginModule provides internal
* implementations for all the LoginModule methods (such as login(),
* commit()). This class should not override these methods.
* <P>This class is only required to implement the authenticate() method as
* shown below. The following rules need to be followed in the implementation
* of this method:
* <ul>
* <li>Your code should obtain the user and password to authenticate from
* _username and _password fields, respectively.
* <li>The authenticate method must finish with this call:
* return commitAuthentication(_username, _password, _currentRealm,
* grpList);
* <li>The grpList parameter is a String[] which can optionally be
* populated to contain the list of groups this user belongs to
* </ul>
* <P>The PasswordLoginModule, AuthenticationStatus and other classes and
* fields referenced in the sample code should be treated as opaque
* undocumented interfaces.
* <P>Sample setting in server.xml for JDBCLoginModule
* <pre>
* <auth-realm name="jdbc" classname="samples.security.jdbcrealm.JDBCRealm">
* <property name="dbdrivername" value="com.pointbase.jdbc.jdbcUniversalDriver"/>
* <property name="jaas-context" value="jdbcRealm"/>
* </auth-realm>
* </pre>
public class JDBCLoginModule extends PasswordLoginModule
protected AuthenticationStatus authenticate()
throws LoginException
private String[] authenticate(String username,String passwd)
private Connection getConnection() throws SQLException
}One more article [http://developers.sun.com/appserver/reference/techart/as8_authentication/]
You can try to extend "com/iplanet/ias/security/auth/realm/certificate/CertificateRealm.java"
[http://fisheye5.cenqua.com/browse/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.java?r=SJSAS_9_0]
$cat CertificateRealm.java
package com.iplanet.ias.security.auth.realm.certificate;
* Realm wrapper for supporting certificate authentication.
* <P>The certificate realm provides the security-service functionality
* needed to process a client-cert authentication. Since the SSL processing,
* and client certificate verification is done by NSS, no authentication
* is actually done by this realm. It only serves the purpose of being
* registered as the certificate handler realm and to service group
* membership requests during web container role checks.
* <P>There is no JAAS LoginModule corresponding to the certificate
* realm. The purpose of a JAAS LoginModule is to implement the actual
* authentication processing, which for the case of this certificate
* realm is already done by the time execution gets to Java.
* <P>The certificate realm needs the following properties in its
* configuration: None.
* <P>The following optional attributes can also be specified:
* <ul>
* <li>assign-groups - A comma-separated list of group names which
* will be assigned to all users who present a cryptographically
* valid certificate. Since groups are otherwise not supported
* by the cert realm, this allows grouping cert users
* for convenience.
* </ul>
public class CertificateRealm extends IASRealm
protected void init(Properties props)
* Returns the name of all the groups that this user belongs to.
* @param username Name of the user in this realm whose group listing
* is needed.
* @return Enumeration of group names (strings).
* @exception InvalidOperationException thrown if the realm does not
* support this operation - e.g. Certificate realm does not support
* this operation.
public Enumeration getGroupNames(String username)
throws NoSuchUserException, InvalidOperationException
* Complete authentication of certificate user.
* <P>As noted, the certificate realm does not do the actual
* authentication (signature and cert chain validation) for
* the user certificate, this is done earlier in NSS. This default
* implementation does nothing. The call has been preserved from S1AS
* as a placeholder for potential subclasses which may take some
* action.
* @param certs The array of certificates provided in the request.
public void authenticate(X509Certificate certs[])
throws LoginException
// Set up SecurityContext, but that is not applicable to S1WS..
}Edited by: mv on Apr 24, 2009 7:04 AM -
We need to develop a new Single Sign On security provider to automatically authenticate Oracle BPM Workspace application.
Following some samples and tips from Oracle Forum, blogs[1], OTN Samples[2], and also the documentation[3] we build a new Assertion Provider.
We created a new MBean type, implemented the classes AuthenticationProvider, IdentityAsserter, and installed it at MBeanTypes folder at Weblogic Server.
The new Assertion Provider appears at realm providers and was configured without errors.
In this first test we develop a very simple authentication, just decoding the username from the new token and trusting it.
But when we try to call the BPM Workspace passing the new token in the http headers, seems nothing happend: the BPM Workspace login page it is opened and there isn't any message in the log indicating that the new provider has been used.
In fact we need to develop a SSO that receive the token at URL (not in the http headers) run a specific library to decrypt the token, check the token validity and proceed with the authentication. But at now we haven't even a simple sample working ...
Is it possible to have SSO at Oracle BPM Workspace only configuring a provider at Weblogic realm or we need to config/hack something at BPM Workspace application?
BPM Workspace web.xml it is already configured by default with these options:
<auth-method>CLIENT-CERT,FORM</auth-method>
<realm-name>myrealm</realm-name>
Infra:
RHEL 5.5 64Bits - Kernel 2.6.18-194.el5
Oracle SOA Suite 11gR1 PS2 - 11.1.1.3.0
Some references checked:
[1] http://fusionsecurity.blogspot.com/2009/07/building-custom-security-providers-with.html
[2] code-sample ID S224: Sample Security Providers for WLS 9.1
https://www.samplecode.oracle.com/tracker/tracking/linkid/prpl1004?sfLoginToken=088763F78B4F7961288649650A424AF3&sfProj=codesamples&isLoggedIn=true&id=S224&dapCheckedPassed=false
[3] Oracle® Fusion Middleware Developing Security Providers for Oracle WebLogic Server 11g Release 1 (10.3.3) E13718-02
http://download.oracle.com/docs/cd/E21043_01/web.1111/e13718/intro.htm...seems nothing happend: the BPM Workspace login page it is opened and there isn't any message in the log indicating that the new provider...
Is there an Audit provider configured, which collects and stores the security logs.
To my knowledge, WebLogic uses the same cookie name (<code>JSESSIONID</code>) for all web applications on the server.
That way, no matter what type of authentication method is used in a particular web application, an authenticated user will have
single sign-on to all other web applications in the server.
If you want to have a global single sign-on a good solution would be to use Oracel Single Sign-On (http://download.oracle.com/docs/cd/E17904_01/core.1111/e10043/osso_d_10g.htm)
With your own implementation how is the authentication token mapped to a username? -
Error occurred while finding users using API with custom field
Hi All,
I am getting the following error while searching user using API with custom attribute. Did anybody faced the same problem before ?
Hashtable<Object,Object> env = new Hashtable<Object,Object>();
env.put("java.naming.factory.initial", "weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://localhost:14000");
System.setProperty("java.security.auth.login.config","C:\\Oracle\\Middleware\\Oracle_IDM1\\designconsole\\config\\authwl.conf");
System.setProperty("OIM.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env, "xelsysadm", "Weblogic123$");
OIMClient client = new OIMClient(env);
client.login("xelsysadm", "Weblogic123$".toCharArray());
SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
tcUserOperationsIntf moUserUtility = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
Hashtable mhSearchCriteria = new Hashtable();
mhSearchCriteria.put("USR_UDF_ACTUALSTARTDATE",formatter.format(date));
tcResultSet moResultSet = moUserUtility.findAllUsers(mhSearchCriteria);
printTcResultSet(moResultSet,"abcd");
log4j:WARN No appenders could be found for logger (org.springframework.jndi.JndiTemplate).
log4j:WARN Please initialize the log4j system properly.
Exception in thread "main" Thor.API.Exceptions.tcAPIException: Error occurred while finding users.
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_1036_WLStub.findAllUsersx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at com.sun.proxy.$Proxy2.findAllUsersx(Unknown Source)
at Thor.API.Operations.tcUserOperationsIntfDelegate.findAllUsers(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at com.sun.proxy.$Proxy3.findAllUsers(Unknown Source)
at oim.standalone.code.OIMAPIConnection.usersearch(OIMAPIConnection.java:209)
at oim.standalone.code.OIMAPIConnection.main(OIMAPIConnection.java:342)
Caused by: Thor.API.Exceptions.tcAPIException: Error occurred while finding users.
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.findAllUsers(tcUserOperationsBean.java:4604)
at Thor.API.Operations.tcUserOperationsIntfEJB.findAllUsersx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1614.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy347.findAllUsersx(Unknown Source)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl.findAllUsersx(Unknown Source)
at Thor.API.Operations.tcUserOperationsIntf_e9jcxp_tcUserOperationsIntfRemoteImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Thank youHi J,
Thanks for the reply. But the code is working fine for OOTB attributes and for 11g API i am getting permission exception
Exception in thread "main" oracle.iam.platform.authz.exception.AccessDeniedException: You do not have permission to search the following user attributes: USR_UDF_ACTUALSTARTDATE.
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.search(UserManagerImpl.java:1465)
at sun.reflect.GeneratedMethodAccessor1034.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy366.search(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManagerEJB.searchx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1449.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy365.searchx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.searchx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.iam.identity.exception.SearchAttributeAccessDeniedException: You do not have permission to search the following user attributes: USR_UDF_ACTUALSTARTDATE.
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.search(UserManagerImpl.java:1462)
... 44 more -
Error provisioning a resource with custom approval process
Hi,
While trying to provision a resource with custom approval process, I get the following error:
<May 11, 2012 8:07:18 AM IST> <Warning> <oracle.wsm.agent.handler.wls.WLSPropertyUtils> <BEA-000000> <WLSPropertyUtils:getOperationName(),operation name is null>
<May 11, 2012 8:07:18 AM IST> <Warning> <org.eclipse.persistence.session.oim> <BEA-000000> <
Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-12899: value too large for column "DEV_OIM"."REQUEST_APPROVALS"."APPROVAL_STATUS" (actual: 442, maximum: 32)
Error Code: 12899
Call: UPDATE REQUEST_APPROVALS SET APPROVAL_STATUS = ? WHERE (REQUEST_APPROVALS_KEY = ?)
bind => [com.oracle.bpel.client.BPELFault: faultName: {{http://schemas.xmlsoap.org/ws/2003/03/business-process/}selectionFailure}
parts: {{
summary=<summary>XPath query string returns zero node.
The assign activity of the to node query is returning zero node.
Either the to node data or the xpath query in the to node was invalid.
According to BPEL4WS spec 1.1 section 14.3, verify the to node value at line number 251 in the BPEL source.
</summary>}
, 6]
Query: UpdateObjectQuery(oracle.iam.request.vo.ApprovalData@11e00d4b)
at org.eclipse.persistence.exceptions.DatabaseException.sqlException(DatabaseException.java:324)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeDirectNoSelect(DatabaseAccessor.java:801)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeNoSelect(DatabaseAccessor.java:867)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:587)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:530)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeCall(AbstractSession.java:914)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:206)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:192)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.updateObject(DatasourceCallQueryMechanism.java:715)
at org.eclipse.persistence.internal.queries.StatementQueryMechanism.updateObject(StatementQueryMechanism.java:430)
at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.updateObjectForWriteWithChangeSet(DatabaseQueryMechanism.java:1141)
at org.eclipse.persistence.queries.UpdateObjectQuery.executeCommitWithChangeSet(UpdateObjectQuery.java:84)
at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:287)
at org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58)
at org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:675)
at org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:589)
at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:109)
at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:86)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2898)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1225)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1207)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1167)
at org.eclipse.persistence.internal.sessions.CommitManager.commitChangedObjectsForClassWithChangeSet(CommitManager.java:233)
at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:108)
at org.eclipse.persistence.internal.sessions.AbstractSession.writeAllObjectsWithChangeSet(AbstractSession.java:3260)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabase(UnitOfWorkImpl.java:1413)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabaseWithChangeSet(UnitOfWorkImpl.java:1518)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.writeChanges(UnitOfWorkImpl.java:5499)
at oracle.iam.request.repository.ApprovalRepository.updateApprovalInstanceWithOutcome(ApprovalRepository.java:84)
at oracle.iam.request.impl.ApprovalManager.approvalInstanceComplete(ApprovalManager.java:111)
at oracle.iam.request.impl.ApprovalPolicyServiceImpl.updateApprovalResult(ApprovalPolicyServiceImpl.java:52)
at oracle.iam.request.api.ApprovalPolicyServiceEJB.updateApprovalResultx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy351.updateApprovalResultx(Unknown Source)
at oracle.iam.request.api.ApprovalPolicyService_1nib43_ApprovalPolicyServiceRemoteImpl.updateApprovalResultx(ApprovalPolicyService_1nib43_ApprovalPolicyServiceRemoteImpl.java:462)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at $Proxy184.updateApprovalResultx(Unknown Source)
at oracle.iam.request.api.ApprovalPolicyServiceDelegate.updateApprovalResult(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at $Proxy350.updateApprovalResult(Unknown Source)
at oracle.iam.request.workflowcallback.ApprovalCallBack.completed(ApprovalCallBack.java:28)
at oracle.iam.platform.workflowservice.ws.CallbackServiceImpl.callback(CallbackServiceImpl.java:98)
at oracle.iam.platform.workflowservice.ws.wls.CallbackService.callback(CallbackService.java:33)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:92)
at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:74)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:151)
at com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl.invoke(EndpointMethodHandlerImpl.java:265)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)
at weblogic.wsee.jaxws.tubeline.FlowControlTube$FlowControlAwareTube.processRequest(FlowControlTube.java:155)
at weblogic.wsee.jaxws.tubeline.FlowControlTube$1.run(FlowControlTube.java:94)
at weblogic.wsee.jaxws.tubeline.FlowControlTube$1.run(FlowControlTube.java:92)
at javax.security.auth.Subject.doAs(Subject.java:337)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:91)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:373)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:524)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:255)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140)
at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:208)
at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:310)
at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:223)
at weblogic.wsee.jaxws.JAXWSServlet.doPost(JAXWSServlet.java:124)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at weblogic.wsee.jaxws.JAXWSServlet.service(JAXWSServlet.java:79)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:260)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: java.sql.SQLException: ORA-12899: value too large for column "DEV_OIM"."REQUEST_APPROVALS"."APPROVAL_STATUS" (actual: 442, maximum: 32)
at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:74)
at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:135)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:210)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:473)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:423)
at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1095)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:205)
at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1040)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1379)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3568)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3694)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1508)
at weblogic.jdbc.wrapper.PreparedStatement.executeUpdate(PreparedStatement.java:172)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeDirectNoSelect(DatabaseAccessor.java:792)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeNoSelect(DatabaseAccessor.java:867)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:587)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:530)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeCall(AbstractSession.java:914)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:206)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:192)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.updateObject(DatasourceCallQueryMechanism.java:715)
at org.eclipse.persistence.internal.queries.StatementQueryMechanism.updateObject(StatementQueryMechanism.java:430)
at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.updateObjectForWriteWithChangeSet(DatabaseQueryMechanism.java:1141)
at org.eclipse.persistence.queries.UpdateObjectQuery.executeCommitWithChangeSet(UpdateObjectQuery.java:84)
at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:287)
at org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58)
at org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:675)
at org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:589)
at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:109)
at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:86)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2898)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1225)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1207)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1167)
at org.eclipse.persistence.internal.sessions.CommitManager.commitChangedObjectsForClassWithChangeSet(CommitManager.java:233)
at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:108)
at org.eclipse.persistence.internal.sessions.AbstractSession.writeAllObjectsWithChangeSet(AbstractSession.java:3260)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabase(UnitOfWorkImpl.java:1413)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabaseWithChangeSet(UnitOfWorkImpl.java:1518)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.writeChanges(UnitOfWorkImpl.java:5499)
at oracle.iam.request.repository.ApprovalRepository.updateApprovalInstanceWithOutcome(ApprovalRepository.java:84)
at oracle.iam.request.impl.ApprovalManager.approvalInstanceComplete(ApprovalManager.java:111)
at oracle.iam.request.impl.ApprovalPolicyServiceImpl.updateApprovalResult(ApprovalPolicyServiceImpl.java:52)
at oracle.iam.request.api.ApprovalPolicyServiceEJB.updateApprovalResultx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy351.updateApprovalResultx(Unknown Source)
at oracle.iam.request.api.ApprovalPolicyService_1nib43_ApprovalPolicyServiceRemoteImpl.updateApprovalResultx(ApprovalPolicyService_1nib43_ApprovalPolicyServiceRemoteImpl.java:462)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at $Proxy184.updateApprovalResultx(Unknown Source)
at oracle.iam.request.api.ApprovalPolicyServiceDelegate.updateApprovalResult(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
at $Proxy350.updateApprovalResult(Unknown Source)
at oracle.iam.request.workflowcallback.ApprovalCallBack.completed(ApprovalCallBack.java:28)
at oracle.iam.platform.workflowservice.ws.CallbackServiceImpl.callback(CallbackServiceImpl.java:98)
at oracle.iam.platform.workflowservice.ws.wls.CallbackService.callback(CallbackService.java:33)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:92)
at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:74)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:151)
at com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl.invoke(EndpointMethodHandlerImpl.java:265)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)
at weblogic.wsee.jaxws.tubeline.FlowControlTube$FlowControlAwareTube.processRequest(FlowControlTube.java:155)
at weblogic.wsee.jaxws.tubeline.FlowControlTube$1.run(FlowControlTube.java:94)
at weblogic.wsee.jaxws.tubeline.FlowControlTube$1.run(FlowControlTube.java:92)
at javax.security.auth.Subject.doAs(Subject.java:337)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:91)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:373)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:524)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:255)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140)
at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:208)
at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:310)
at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:223)
at weblogic.wsee.jaxws.JAXWSServlet.doPost(JAXWSServlet.java:124)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at weblogic.wsee.jaxws.JAXWSServlet.service(JAXWSServlet.java:79)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:260)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<May 11, 2012 8:07:18 AM IST> <Error> <oracle.iam.request.impl> <IAM-2050200> <Failed to create the request in the repository.>
<May 11, 2012 8:07:18 AM IST> <Error> <oracle.iam.request.impl> <IAM-2050050> <Exception thrown Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-12899: value too large for column "DEV_OIM"."REQUEST_APPROVALS"."APPROVAL_STATUS" (actual: 442, maximum: 32)
Error Code: 12899
Call: UPDATE REQUEST_APPROVALS SET APPROVAL_STATUS = ? WHERE (REQUEST_APPROVALS_KEY = ?)
bind => [com.oracle.bpel.client.BPELFault: faultName: {{http://schemas.xmlsoap.org/ws/2003/03/business-process/}selectionFailure}
parts: {{
summary=<summary>XPath query string returns zero node.
The assign activity of the to node query is returning zero node.
Either the to node data or the xpath query in the to node was invalid.
According to BPEL4WS spec 1.1 section 14.3, verify the to node value at line number 251 in the BPEL source.
</summary>}
, 6]
Any idea how to resolve this ??
Thanks,Based on the error trace
Caused By: java.sql.SQLException: ORA-12899: value too large for column "DEV_OIM"."REQUEST_APPROVALS"."APPROVAL_STATUS" (actual: 442, maximum: 32)
you are inserting a value too large for REQUEST_APPROVALS.APPROVAL_STATUS column. It should contain values like COMPLETED, approved, rejected etc... Check your custom approval process again.
Regards
user12841694
Maybe you are looking for
-
Can no longer see shared printer
Our home office setup consists of my MPB (now running 10.5.8), a G5 iMac running 10.3, and a G4 iMac running 10.2. The printer (HP DeskJet 970Cse) is direct-connected to the G4 via USB, and is shared. After upgrading the MBP to 10.5, it can no longer
-
NWBC 2.0 logon failure to ABAP/JAVA stack system
Hi, Maybe not the correct forum, but there isn't any for the NWBC. I am testing the Netweaver business client 2.0. It seems to work fine for portal connections, but when i try to connect to a netweaver system (abap+java) using the internal ITS url (h
-
Parallel Approvals -- How to send Input to Data preparation process
Hello, I have created a parallel process with using gateways to send a form through 8 concurrent approvals; the problem is that the form only gets updated with the formdata of the quickest completed route; so ultimately data is lost from some branche
-
Can I download the Photoshop Elements 12 with the serial number? MacBook air doesn't have a disc
I recieved the Adobe Photoshop Elements 12 discs for Christmas, along with a MacBook Air. Unfortunately the MacBook Air does not have a disc drive. Is there a way that I can download it using the serial number that came with it?
-
HT4623 my apps will not sync on my iphone
My apps will not sync on my phone. I restored it and now there is no music or apps on my phone.