JMS Resource Scoped Roles

I am trying to configure a security role which is scoped at a JMS resource level, i am using JMX for this. I am using RoleMapperEditor MBean, but i am facing some difficulties is deriving the "ResourceId"
Resource Id till JMS Module is this : type=<jms>, application=MyJMSModule <--- this is working, using this i can scope only at JMS Module level
I tried to write a resource id like this to scope at topic level: type=<jms>, application=MyJMSModule, destinationType=topic, resource=MyTopic <--- this is NOT working
any clues on deriving the resource id will be very helpful, i dont see any weblogic documentation regarding this
thanks

Did you find a fix for this? I'm experiencing the same problem.

Similar Messages

Scoped roles for JNDI resources

I have resources bound to my server via JNDI. In the console, I configure a scoped role for one of the resources. I set the role up to allow users that are in the group Administrator to access the resource. However, configuring this scoped role seems to have no effect on the operation of the system. I am still able to access the resource without credentials or even with credentials that aren't valid for the Administrator group. I am using WebLogic 8.1b. Any suggestions?
Thanks,
Joel

You should post this to the security newsgroup.
cheers
mbg
"Joel" <[email protected]> wrote in message
news:3e8a0687$[email protected]..
I have resources bound to my server via JNDI. In the console, I configurea scoped role for one of the resources. I set the role up to allow users
that are in the group Administrator to access the resource. However,
configuring this scoped role seems to have no effect on the operation of the
system. I am still able to access the resource without credentials or even
with credentials that aren't valid for the Administrator group. I am using
WebLogic 8.1b. Any suggestions?
>
Thanks,
Joel

Are Visitor Entitlement Roles == Scoped Roles

I'm working on the security implementation for a WebLogic 8.1 Portal application.
I've been doing some prototyping and am trying to determine where Visitor Entitlement
roles are stored. Are these implemented as scoped roles from a WL platform viewpoint.
I created two test roles for my portal and do not see any scoped roles under
the application or the portal node in the WebLogic console.
I'm trying to determine if these portal entitlement roles are/can be treated as
weblogic platform roles and can be used in security annotations for an EJB or
Java Control, and if they can be used for IsCallerInRole. I can create a security
policy to protect the portal resource, but I'm looking for a way to apply the
corresponding security in the business layer.
Thanks in advance for any advice.
Jim

Jim,
The WLP roles are stored in the default role mapper provider. They are
scoped roles, but only attachable to WLP resources (pages, portlets, etc.)
and cannot be used to protect J2EE resources. The basic reason for this
is because WLP roles can include custom predicates (date/time/profile
attributes) that rely on layered product classes that the base application
server is unaware of and cannot edit using the WLS console.
In Service Pack 3, the WLP admin tools will allow the converse - that is,
you'll be able to reference/use WLS global roles in WLP policies.
Service Pack2 adds a new tag to the auth taglib which allows you to
do a isUserInRole check against the WLP (and WLS) roles.
-Phil
"Jim Maycott" <[email protected]> wrote in message
news:[email protected]..
>
I'm working on the security implementation for a WebLogic 8.1 Portalapplication.
I've been doing some prototyping and am trying to determine where VisitorEntitlement
roles are stored. Are these implemented as scoped roles from a WLplatform viewpoint.
I created two test roles for my portal and do not see any scoped rolesunder
the application or the portal node in the WebLogic console.
I'm trying to determine if these portal entitlement roles are/can betreated as
weblogic platform roles and can be used in security annotations for an EJBor
Java Control, and if they can be used for IsCallerInRole. I can create asecurity
policy to protect the portal resource, but I'm looking for a way to applythe
corresponding security in the business layer.
Thanks in advance for any advice.
Jim

Getting dump while assigning resource to role

Hi,
We are using BAPI_BUS2177_STAFFING_ADD to assign resource to role.
It is assigning first resource to first role in first project. And giving dump for next resource to role assignment for the same project.
Short dump description is like as follows:
The exception 'CX_DPR_FATAL_ERROR' was raised, but it was not caught anywhere
along
the call hierarchy.
Since exceptions represent error situations and this error was not
adequately responded to, the running ABAP program
'CL_DPR_AUTHORIZATION_SERVICES=CP' has to be
terminated.
The problem is of "COMMIT". I ma not understanding where to write exact commit. Even if we are commiting at project level it is giving dump.
Could you please give any suggestion on it.
Thanks & Regards,
Anil Salekar

Hello Kaixiang,
When you add staffing to project then commit after each resource assignment. That will avoid the dump.
Use:
CALL FUNCTION 'BAPI_CPROJECTS_COMMIT_WORK'
TABLES
return = it_return.
Note: Re award if useful
Thanks,
Appasaheb..

MDB deployement error in Glassfish - "JMS resource not created"

Hi,
I'm tring to deploy a J2EE application which has couple of MDBs in Glassfish 2.1. I get the following error when I deploy the EAR file to the app server. I've cofigured JMS resources using admin console but still getting this error. I've no experience of JMS, I'm not sure if I've configured it correctly. Any step-by-step guide with screenshots would be very useful, but can't find any. Please help me if you have any idea what I'm doing wrong. Thanks in advance.
 
[#|2009-03-05T13:09:10.143+0000|SEVERE|sun-appserver2.1|javax.enterprise.system.container.ejb|_ThreadID=35;_ThreadName=Thread-3757;com.sun.enterprise.connectors.ConnectorRuntimeException: JMS resource not created : ;_RequestID=075ba53a-1835-482d-9db7-fe79fe1f1eb3;|EJB5090: Exception in creating EJB container <a href="http://forums.sun.com/#" class="jive-link-anchor"></a> 
 
[#|2009-03-05T13:09:10.143+0000|SEVERE|sun-appserver2.1|javax.enterprise.system.container.ejb|_ThreadID=35;_ThreadName=Thread-3757;_RequestID=075ba53a-1835-482d-9db7-fe79fe1f1eb3;|appId=cdm moduleName=cdm-ejb_jar ejbName=SupplierEJB|#] 
 
[#|2009-03-05T13:09:10.143+0000|SEVERE|sun-appserver2.1|javax.enterprise.system.core.classloading|_ThreadID=35;_ThreadName=Thread-3757;_RequestID=075ba53a-1835-482d-9db7-fe79fe1f1eb3;|LDR5004: UnExpected error occured while creating ejb container 
com.sun.enterprise.connectors.ConnectorRuntimeException: JMS resource not created : 
at com.sun.enterprise.connectors.system.ActiveJmsResourceAdapter.getPhysicalDestinationFromConfiguration(ActiveJmsResourceAdapter.java:1591) 
at com.sun.enterprise.connectors.system.ActiveJmsResourceAdapter.updateMDBRuntimeInfo(ActiveJmsResourceAdapter.java:1421) 
at com.sun.enterprise.connectors.inflow.ConnectorMessageBeanClient.setup(ConnectorMessageBeanClient.java:170) 
at com.sun.ejb.containers.MessageBeanContainer.<init>(MessageBeanContainer.java:209) 
at com.sun.ejb.containers.ContainerFactoryImpl.createContainer(ContainerFactoryImpl.java:524) 
at com.sun.enterprise.server.AbstractLoader.loadEjbs(AbstractLoader.java:527) 
at com.sun.enterprise.server.ApplicationLoader.doLoad(ApplicationLoader.java:191) 
at com.sun.enterprise.server.TomcatApplicationLoader.doLoad(TomcatApplicationLoader.java:126) 
at com.sun.enterprise.server.ExtendedApplicationLoader.doLoad(ExtendedApplicationLoader.java:134) 
at com.sun.enterprise.server.AbstractLoader.load(AbstractLoader.java:238) 
at com.sun.enterprise.admin.server.core.jmx.SunoneInterceptor.invoke(SunoneInterceptor.java:304) 
at com.sun.enterprise.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:174) 
at com.sun.enterprise.deployment.client.DeploymentClientUtils.startApplication(DeploymentClientUtils.java:159) 
at com.sun.enterprise.deployment.client.DeployAction.run(DeployAction.java:538) 
at java.lang.Thread.run(Thread.java:619) 

Hi Nigel,
Thanks for ur reply. In my ejb-jar.xml I have
<?xml version="1.0" encoding="UTF-8"?>

<ejb-jar version="2.1" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd">
<display-name>myJARName</display-name>
<enterprise-beans>
 <message-driven>
 <display-name>myEJB</display-name>
 <ejb-name>myEJB</ejb-name>
 <ejb-class>com.mycompany.app.mdb.MyMessageBean</ejb-class>
 <messaging-type>javax.jms.MessageListener</messaging-type>
 <transaction-type>Container</transaction-type>
 <message-destination-type>javax.jms.Queue</message-destination-type>
 <message-destination-link>MyQueue</message-destination-link>
 <activation-config>
 <activation-config-property>
 <activation-config-property-name>destinationType</activation-config-property-name>
 <activation-config-property-value>javax.jms.Queue</activation-config-property-value>
 </activation-config-property>
 </activation-config>
.......So I've created JMS resource with same JNDI name and Physical destination name (both are MyQueue). I don't see any different JNDI name in ejb-jar.xml. Is it nor right?

JMS Resource Adapter and JDeveloper 10g

Hello,
I an trying to use the OC4J JMS Resource Adapter for WebSphere MQ with Jdeveloper 10g (OC4J 9.0.4). The program is just a servlet that sends a message to a JMS Queue. My orion-web.xml looks like:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE orion-web-app PUBLIC "-//Evermind//DTD Orion Web Application 2.3//EN" "http://xmlns.oracle.com/ias/dtds/orion-web.dtd">
<orion-web-app servlet-webdir="/servlet/">
<resource-ref-mapping name="jms/QCF" location="mqjms/MyQCF" />
<resource-env-ref-mapping name="jms/QUEUE1" location="mqjms/MyQ" />
</orion-web-app>
The problem is that when I try to start the server I get the following Jdeveloper error:
java.lang.IllegalArgumentException: Unrecognized parent-elem combination: interface oracle.jdeveloper.xml.oc4j.war.OrionWebApp - resource-env-ref-mapping
 at oracle.javatools.xml.bind.XMLBinding.throwUnrecognizedElem(XMLBinding.java:127)
 at oracle.jdeveloper.xml.j2ee.war.WebAppBinding.elem2intImpl(WebAppBinding.java:637)
 at oracle.javatools.xml.bind.XMLBinding.elem2int(XMLBinding.java:104)â¦.
Any ideas?
Thanks in advance

Did you find a fix for this? I'm experiencing the same problem.

Error initializing the Oracle JMS Resource provider for Topics

Getting this error when starting OC4J 9.0.3 standlone on Windows2000.
Resource provider config'd as
<resource-provider class="oracle.jms.OjmsContext" name="ojms">
<description> OJMS/AQ </description>
<property name="datasource" value="jdbc/ProlianceDS"></property>
</resource-provider>
Datasource config'd as
 <data-source
 class="com.evermind.sql.OrionCMTDataSource"
 name="ProlianceDS"
 location="jdbc/ProlianceDS"
 xa-location="jdbc/xa/ProlianceDS"
 ejb-location="jdbc/ProlianceDS"
 connection-driver="oracle.jdbc.driver.OracleDriver"
 username="proliance"
 password="******"
 url="jdbc:oracle:thin:@aps67.ere.com:1538:ifstst"
 inactivity-timeout="30"
 />
ejb-jar config'd as
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
<enterprise-beans>
<message-driven>
<description>Proliance Message Driven Bean</description>
<display-name>ProlianceMDB</display-name>
<ejb-name>ProlianceMDB</ejb-name>
<ejb-class>com.lendlease.bll.ProlianceMDB</ejb-class>
<transaction-type>Container</transaction-type>
<message-selector>
<method>
<ejb-name>ProlianceMDB</ejb-name>
<method-name>onMessage</method-name>
</method>
</message-selector>
<message-driven-destination>
<destination-type>javax.jms.Topic</destination-type>
<subscription-durability>Durable</subscription-durability>
</message-driven-destination>
<resource-ref>
<res-ref-name>java:comp/resource/ojms/Topics/PROLIANCE.OUT_AQ</res-ref-name>
<res-type>javax.jms.Topic</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<resource-env-ref>
<resource-env-ref-name>java:comp/resource/ojms/TopicConnectionFactories/aqTcf</resource-env-ref-name>
<resource-env-ref-type>javax.jms.TopicConnectionFactory</resource-env-ref-type>
</resource-env-ref>
</message-driven>
</enterprise-beans>
<assembly-descriptor>
<container-transaction>
<method>
<ejb-name>ProlianceMDB</ejb-name>
<method-name>onMessage</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
orion-ejb-jar config'd as:
<?xml version = '1.0'?>
<!DOCTYPE orion-ejb-jar PUBLIC "-//Evermind//DTD Enterprise JavaBeans 1.1 runtime//EN" "http://xmlns.oracle.com/ias/dtds/orion-ejb-jar.dtd">
<orion-ejb-jar deployment-time="e7f1ce76f6" deployment-version="1.0.2.2">
<enterprise-beans>
<message-driven-deployment
name="ProlianceMDB"
connection-factory-location="java:comp/resource/ojms/TopicConnectionFactories/aqTcf"
destination-location="java:comp/resource/ojms/Topics/PROLIANCE.OUT_AQ"
subscription-name="PROLIANCE_SUBSCRIBER">
</message-driven-deployment>
</enterprise-beans>
</orion-ejb-jar>
Full startup trace is:
C:\ora\oc4j_9.0.3\j2ee\home>java -Djdbc.connection.debug=true -jar oc4j.jar
Node started with id=-2143203582
Auto-unpacking C:\ora\oc4j_9.0.3\j2ee\home\applications\ProlianceMDB.ear... done.
Auto-unpacking C:\ora\oc4j_9.0.3\j2ee\home\applications\ProlianceMDB\ProlianceMDB.war... done.
Auto-deploying ProlianceMDB (New server version detected)...
Copying default deployment descriptor from archive at C:\ora\oc4j_9.0.3\j2ee\home\applications\ProlianceMDB/ProlianceMDB
.jar/META-INF/orion-ejb-jar.xml to deployment directory C:\ora\oc4j_9.0.3\j2ee\home\application-deployments\ProlianceMDB
\ProlianceMDB.jar...
Auto-deploying ProlianceMDB.jar (New server version detected)... done.
Error initializing the Oracle JMS Resource provider for Topics: Not an OracleConnection
Error deploying file:/C:/ora/oc4j_9.0.3/j2ee/home/applications/ProlianceMDB/ProlianceMDB.jar homes: No javax.jms.Destina
tion found at the specified destination-location (java:comp/resource/ojms/Topics/PROLIANCE.OUT_AQ) for MessageDrivenBean
ProlianceMDB
OrionCMTConnection not closed, check your code!
Logical connection not closed, check your code!
Created at:
java.lang.Throwable: OrionCMTConnection created
at com.evermind.sql.OrionCMTConnection.<init>(OrionCMTConnection.java:42)
at com.evermind.sql.OrionCMTDataSource.getConnection(OrionCMTDataSource.java:82)
at oracle.jms.AQjmsConnection.newDBConnection(AQjmsConnection.java:1681)
at oracle.jms.AQjmsConnection.<init>(AQjmsConnection.java:537)
at oracle.jms.AQjmsTopicConnectionFactory.createTopicConnection(AQjmsTopicConnectionFactory.java:232)
at oracle.jms.OjmsResource.initT(OjmsResource.java:512)
at oracle.jms.OjmsResource.initAQ(OjmsResource.java:411)
at oracle.jms.OjmsResource.init(OjmsResource.java:214)
at oracle.jms.OjmsContextFactory.getObjectInstance(OjmsContextFactory.java:103)
at oracle.jms.OjmsContext.getResource(OjmsContext.java:328)
at com.evermind.server.Application.lookupResource(Application.java:2548)
at com.evermind.server.Application.lookupResource(Application.java:2563)
at com.evermind.server.ApplicationContext.handleResourceLookup(ApplicationContext.java:639)
at com.evermind.server.ApplicationContext.lookup(ApplicationContext.java:162)
at com.evermind.server.ApplicationContext.lookup(ApplicationContext.java:66)
at com.evermind.server.ejb.MessageDrivenHome.<init>(MessageDrivenHome.java:236)
at com.evermind.server.ejb.EJBPackageDeployment.bindHomes(EJBPackageDeployment.java:304)
at com.evermind.server.ejb.EJBContainer.postInit(EJBContainer.java:595)
at com.evermind.server.Application.postInit(Application.java:431)
at com.evermind.server.Application.setConfig(Application.java:136)
at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1635)
at com.evermind.server.ApplicationServer.initializeApplications(ApplicationServer.java:1585)
at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1240)
at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:93)
at java.lang.Thread.run(Thread.java:484)
Auto-deploying ProlianceMDB Poster (New server version detected)...
Oracle9iAS (9.0.3.0.0) Containers for J2EE initialized
Using native aqapi.jar with OC4J -didn't copy from 9.2.0.2 DB. 9.2.0.2 patchset ran fully, completed fine. What's going wrong?
Brian

Shouldn't I be getting a com.evermind.sql.OrclCMTConnection created instead of a com.evermind.sql.OrionCMTConnection (per the stack trace)? OJMS is complaining that it doesn't have an OracleCOnnection but how do I tell it to use the "OrclCMTConnection" class instead?
Brian

Lookup JMS resource from server level failed, but other level will success

I have a jms resource in websphere the full jndi is
cell/nodes/sampleNode/servers/sampleServer/jms/foundation/SimpleQueue.TCFIf I use
Context jndiContext = (Context)jndiInitialContext.lookup("cell/nodes/sampleNode/servers/sampleServer/jms/foundation/SimpleQueue.TCF");No problem
but if use
Context jndiContext = (Context)jndiInitialContext.lookup("cell/nodes/sampleNode/servers/sampleServer");
(TopicConnectionFactory)jndiContext.lookup("jms/foundation/SimpleQueue.TCF");This will fail with exception
0000000a W UOW=3-fc00fc-21429626:localhost source=com.ibm.ws.naming.util.Helpers org=IBM prod=WebSphere component=Application Server thread=[P=500142:O=0:CT]
          NMSV0610I: A NamingException is being thrown from a javax.naming.Context implementation. Details follow:
Context implementation: com.ibm.ws.naming.jndicos.CNContextImpl
Context method: lookupExt
Target name: jms/foundation/SimpleQueue.TCF
Other data: ""
Exception stack trace: javax.naming.NamingException: Error during resolve [Root exception is org.omg.CORBA.INTERNAL: initial and forwarded IOR inaccessible vmcid: IBM minor code: 58C completed: No]
        at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1939)
        at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1862)
        at com.ibm.ws.naming.jndicos.CNContextImpl.lookupExt(CNContextImpl.java:1552)
        at com.ibm.ws.naming.jndicos.CNContextImpl.lookup(CNContextImpl.java:1354)
        at Main.main(Main.java:98)
Caused by: org.omg.CORBA.INTERNAL: initial and forwarded IOR inaccessible vmcid: IBM minor code: 58C completed: No
        at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1213)
        at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1320)
        at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1109)Even I change the lookup level to other like
Context jndiContext = (Context)jndiInitialContext.lookup("cell/nodes/sampleNode/servers");
(TopicConnectionFactory)jndiContext.lookup("sampleServer/jms/foundation/SimpleQueue.TCF");It will success, only from server level, exception happened.
Any idea?
Thank you.

I haven't tried this before, but I think you need to tell Apache to tunnel t3 and/or iiop explicitly in the config:
http://e-docs.bea.com/wls/docs103/plugins/apache.html#wp124662
Which client jar are you using? The thin client or the wlfullclient.jar/weblogic.jar?
If you read this section of the JMS thin client docs, it discusses how thin client t3 urls are transparently switched to iiop and http urls use iiop tunneling:
http://e-docs.bea.com/wls/docs103/client/jms_thin_client.html#wp1026979

Monitor jms resource

Ok, is there a quick/simple way to monitor a jms topic/queue. You know, just to see if any messages are in the topic/queue and how many are being sent, etc...
I check out the docs for montoring and snmp and OH MY GOD... you've got to be kidding, if this is the only way. Not that I think this is even a way, as I didn't see anything in there that would tell me how many messages may be in my topic.
This is related to another post I sent where I'm trying to figure out why my mdb ejb won't load. Unfortunetly I can't even tell if somthing is getting on the stupid topic, so I don't know if the mdb is loading and just not getting the message from the topic, or if the message is getting to the topic, but the mdb never loads to handle it.
I don't want to be a broken record here, but have you guys at sun looked at how this all works in weblogic? It's so intuitive, the web console interface allows you to examine the status of any deployed ejbs, and also the status and statistics for jms resources. Perhaps by Sun Appserver 10 or 11 you guys will finally get it.
Tony F

Look,
Sorry to "needlessly flame the product", but so far my experience with it is that nothing matches exactly the documentation, nothing really works (except thier sample apps, but no example of anything other then thier sample apps), and the only way to get answers to simple questions is to post on forums, because the documantion that comes with the installation doesn't help.
The link you sent me had instructions on using the Admin console of IMQ. Of course, no documentation that came with the installation mentioned it. So, right off the bat I get the part of Adding a broker, and instead of seeing the screen shown in the tutorial, I get the Add Broker screen , but the textboxes are missing - you can't enter anything. So right away it doesn't work. Just another example of how evertime I try to do somthing with this product I run into a wall.
Anyway, as far as flaming the product before I fully investigate the options, I guess my answer is I shouldn't have to spend 3 weeks pouring thru documenation, samples, and newgroups just to figure out how to do somthing simple, like monitor messages in a queue. And when I finally get an answer, it simple doesn't work.
However, I will curb my frustration with this product and refrain from commenting on it. On the positive side, the sun employees seem to actually monitor this topic and respond frequently and quickly, which is more then I could say for other vendors such as bea.

Doubt on using DB as JMS resource provider

Hi
I am trying to use Oracle DB as JMS resource provider. I am trying to create required tables like following.
connect as sysdba/pwd
CREATE USER TUSER IDENTIFIED BY tiger
GRANT CONNECT, RESOURCE,AQ_ADMINISTRATOR_ROLE TO TUSER
GRANT EXECUTE ON SYS.DBMS_AQ TO TUSER // Hanging
In line 3 it never completes. Looks like some lock is there on that table, But I am not able to understand what lock.
Can anybody explain me what could be wrong. (I am not DBA. Just trying to learn JMS using DB as resource provider. I am using the DB which comes with Infra)
Thanks
Ratheesh

Which database version is this? The hang is likely caused by a lock held on the dbms_aq package. For example, when a session is blocked inside dbms_aq package wating for messages to be delivered, it is not possble to grant/revoke execute permissions on that package to a different db user.
You could try bouncing the db to see if you still see the hang.
Hope this helps,
-Frances

Authorization for JMS resources

Hi,
consider the following use-case: we define a JMS topic to which certain, and only certain J2EE apps (probably running in different engines) should be allowed to report messages, but not for example a "malicious" standalone client. On the other side, clients should be allowed browse/read these messages without restrictions. In other words, distinct and selected producers, but broad audience of consumers.
How could this be achieved best?
In the online help I found a page suggesting to define a security policy. So I went to Visual Admin -> Security Provider -> Policy Configuration -> service.jms.default.authorization, selected "basic" as authentication method, removed group "Guest" from security role "clients" in "Security Roles", mapped it to a distinct user group (it's an UME user group to be precise, since my engine runs on an UME user store) and tried to publish a message to the topic --- to my surprise it worked! However, it shouldn't, since my client program does neither give user/password for the JNDI lockup nor for the creation of the topic connection.
In fact, it does not matter how the "client" role is mapped to a user or group, my "malicious" standalone client always is able to post a message.
What am I doing wrong?
Best Regards
Michael
By the way: what exactly is the purpose of the user/password entries for factories and destinations in the JMS connector? The docu says it is for access to the JMS provider, but at least the SAP JMS provider seems not to make any use of them. Is this for access to third-party JMS providers?

Hi
Here are the steps you should make in version 6.40 :
1. Create your own topic
JMS Provider -> "Runtime" tab -> "JMS Server instances" border ("default") -> "Topics" tab -> "Create" button.
Let's name this topic "MySecureTopic".
2. Create a user which will have the permissions to produce messages to "MySecureTopic".
Security Provider -> "Runtime" tab -> "User Management" tab -> "Create User" button.
Let's name this user "secureproducer" with password "securepasswd". In my test I put this
user in "Authenticated users" group, but maybe he can be in any other group.
3. Now create new Security Role:
Security Provider -> "Components" ("service.jms.default.authorization") -> "Runtime" tab -> "Policy Configuration" tab -> "Security Roles" tab -> "Security Roles" -> "Add" button.
Note: in "service.jms.default.authorization" 'default' is the name of JMS instance (JMS Provider -> "Runtime" tab -> "JMS Server instances" border). If you use another instance, you should use the respective component ("service.jms.another.authorization").
The name of my role is "SecureProdurerRole".
Also add "secureproducer" user in this role :
Select "SecureProdurerRole" and click on "Mappings" -> "Add" button.
Security Provider -> "Runtime" tab -> "Policy Configuration" tab -> "Security Roles" tab -> "Mappings" border -> "Users" border -> "Add" button
4. Now you should add a security rule that makes the required behaviour :
Security Provider -> "Runtime" tab -> "Policy Configuration" tab -> "Resources" tab ->
 4.1. from "Resources" border choose "topic"
 4.2. from "Instances" border choose "MySecureTopic"
 4.3. from "Actions" border choose Action "produce"
 4.4. in "Granted" border should be only "SecureProdurerRole" and in "Denied" border - "administrators" and "clients" roles.
Now in your Java code you must create your JMS connection with username and password provided:
// this is the producer connection
tc = tcf.createTopicConnection("secureproducer", "securepasswd");
Otherwise using
tc = tcf.createTopicConnection();
this exception will occur :
javax.jms.JMSSecurityException: You do not have permissions: action produce and instance MySecureTopic.
 at ...
HTH
Best regards

In p6 8.2,I can't filter resources or role to resources planning

in p6 8.2,"resources"section,"planning"page,"filter and group by" ,I open a dialog windows to select portfilos,projects,roles or resources ,but after I click the button"OK",the application have no changes, it also not retrun to the "planning" page and display the content about the resources that i selected.
the screenshot url is : http://p13.freep.cn/p.aspx?u=v20_p13_photo_1202140017531921_0.png
Edited by: 914151 on 2012-2-13 上午8:22

This is caused by the default security policy which blocks file sharing with unidentified networks by making them public. (How it determines unidentified networks is another interesting question). To allow file sharing, you have to change the local
security policy to allow unidentified networks to be private.
Local Security Policy | Network List Manager Policies |Unidentified Networks
Bill

How to deploy app level JMS resource using DeployerRuntime?

I have an app level (described in the app, not global) JMS module. And inside this module I have several different resources.
 Here is my question: when using weblogic.management.deploy.DeployerRuntime (or WLST) what syntax should I use in case I need to set target for each JMSResource?
 Here is my code:
 DeploymentData info = new DeploymentData();
 info.addTarget("Server",null);
 String[] mods = { "JMSModule" };
 info.addTarget("Server",mods);
 String[] jRes = { "JMSModule@JMSResources" };
 info.addTarget("JMS_Server",jRes);
 ObjectName task = ( ObjectName )
 connection.invoke ( deployer, "deploy",
 new Object[] { path, APP_NAME, "nostage", null, info, new Boolean(true)},
 new String[] {"java.lang.String", "java.lang.String", "java.lang.String",
 "java.lang.String", "weblogic.management.deploy.DeploymentData", "java.lang.Boolean"} );
 I tried different combinations of
 String[] jRes = { "JMSModule@JMSResources" };
 String[] jRes = { "JMSModule/JMSResources" };
 String[] jRes = { "JMSModule\\JMSResources" };
 but nothing seems to work.
 Thank you.

Hi Sunil,
Thanks for the reply, it worked.
Another doubt on the same lines. Now that the jar has been deployed as a library in WLS, when i try to deploy a WAR which refers to this deployed jar library, im unable to. I run into and error stating that the library is inaccessible.
I have to bounce the server and before doing that, i have to manually copy the library.jar from <WLS_domain>/servers/AdminServer/upload/ directory to <WLS_domain>/lib/ directory, once copied i then try to deploy the WAR, then the deployment goes fine.
Is there any means that this deployed library jar be made available soon after deployment and also to avoid copying the file.
Thanks,
Vijay.

Can not lookup jms resource

platform is java application server PE 8, jms queue resource name is jms/queue, built using admin console.
A jsp file lookup the queue resource:
<%
InitialContext ctx=new InitialContext();
Object o1=ctx.lookup("java:comp/env/jms/factory");
Object o2=ctx.lookup("java:comp/env/jms/queue");
%>
o1 lookup successed,but o2 lookup failed.
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: serial context communication ex
 org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:830)
 org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:763)
 org.apache.jsp.testjms_jsp._jspService(testjms_jsp.java:74)
 org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:105)
 javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:336)
 org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:297)
 org.apache.jasper.servlet.JspServlet.service(JspServlet.java:247)
 javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
 sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source)
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 java.lang.reflect.Method.invoke(Method.java:585)
 org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
 java.security.AccessController.doPrivileged(Native Method)
 javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
 org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
 org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
root cause
javax.naming.CommunicationException: serial context communication ex [Root exception is com.sun.enterprise.resource.PoolingException]
 com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:317)
 javax.naming.InitialContext.lookup(InitialContext.java:351)
 org.apache.jsp.testjms_jsp._jspService(testjms_jsp.java:51)
 org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:105)
 javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:336)
 org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:297)
 org.apache.jasper.servlet.JspServlet.service(JspServlet.java:247)
 javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
 sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source)
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 java.lang.reflect.Method.invoke(Method.java:585)
 org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
 java.security.AccessController.doPrivileged(Native Method)
 javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
 org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
 org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
root cause
com.sun.enterprise.resource.PoolingException
 com.sun.enterprise.connectors.AdministeredObjectResource.createAdministeredObject(AdministeredObjectResource.java:143)
 com.sun.enterprise.naming.factory.AdministeredObjectFactory.getObjectInstance(AdministeredObjectFactory.java:89)
 javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
 com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:293)
 javax.naming.InitialContext.lookup(InitialContext.java:351)
 org.apache.jsp.testjms_jsp._jspService(testjms_jsp.java:51)
 org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:105)
 javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:336)
 org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:297)
 org.apache.jasper.servlet.JspServlet.service(JspServlet.java:247)
 javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
 sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source)
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 java.lang.reflect.Method.invoke(Method.java:585)
 org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
 java.security.AccessController.doPrivileged(Native Method)
 javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
 org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
 org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server logs.

sorry!
this is beacause the imq.jar was not included in the class-path of the project!

OSB JMS resources in a cluster

Hi,
I am creating an OSB cluster with multiple managed servers using a script. I would like to know what resources (JMS) are needed and how they should be targeted so that reporting works.
Best regards
Dimo

I think I have found out what is required by the OSB:
1. DataSource deployed in the cluster AND on the admin server for the reporting (wlsbjmsrpDataSource), scripts to drop and create the tables are located in ${osb_home}/dbscripts/oracle/
2. JMS Module containing:
2.1. 3 Connection factories:weblogic.wlsb.jms.transporttask.QueueConnectionFactory, wli.reporting.jmsprovider.XAConnectionFactory, wli.reporting.jmsprovider.NonXAConnectionFactory
2.2. 8 Queues - QueueIn, wli.reporting.jmsprovider.queue, wli.reporting.jmsprovider_error.queue, wli.reporting.purge.queue, wlsb.internal.transport.task.queue.email, wlsb.internal.transport.task.queue.file, wlsb.internal.transport.task.queue.ftp, wlsb.internal.transport.task.queue.sftp
I am not sure if that list is complete as it has been a bit of reverse engineering to find it out...

JMS Resource Scoped Roles

Similar Messages

Maybe you are looking for