OSB - ALSB / WLST / Security / add entry with WLST in Access Control
Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain')
Hello,
I try to reproduce with WLST script the input from the consol to declare user on Access Control proxy (security).
sbconsol->$Proxy Service->Security->General Confiruration->Access Control->Transport Access Control->Add Conditions
* First implementation without success with the com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean : accessControlSecurity1()
* Second try with the service definition of the proxy service but cannot parse with Xpath accessControl Security2()
any idee ???
test case :
prerequisit
create an ALSB domain 10.3 (admin one with username='weblogic' password='weblogic' url='t3://localhost:7001') and create a proxy service on the default project
conf/setEnv.cmd
@CLS
@echo ON
@set BEA_HOME=D:\PRODUCT\MIDDLEWARE\SOA\OSB_10.3
@set WL_HOME=%BEA_HOME%\wlserver_10.3
@set OSB_HOME=%BEA_HOME%\osb_10.3
@set SCRIPTING_HOME=E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security
@set OSB_LIB=%OSB_HOME%/lib/sb-kernel-api.jar;%BEA_HOME%/modules/com.bea.alsb.statistics_1.0.1.0.jar;%OSB_HOME%/lib/sb-kernel-resources.jar;%OSB_HOME%/lib/sb-kernel-common.jar;%OSB_HOME%/lib/sb-kernel-impl.jar;%OSB_HOME%\lib\sb-security.jar;%OSB_HOME%/modules/com.bea.common.configfwk_1.3.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.0.0.jar;%BEA_HOME%/modules/com.bea.common.configfwk_1.2.1.0.jar;%OSB_HOME%/lib/modules/com.bea.alsb.resources.archive.jar;
@set TOOL_LIB=%SCRIPTING_HOME%\lib\log4j-1.2.15.jar;%SCRIPTING_HOME%\lib\jsch-0.1.43.jar;%SCRIPTING_HOME%\lib\db2jcc.jar
@set CLASSPATH=%OSB_LIB%;%TOOL_LIB%;%CLASSPATH%
@set CLASSPATH=%SCRIPTING_HOME%\lib\db2jcc.jar;%TOOL_LIB%;%CLASSPATH%
@set MODULE_LIB=%SCRIPTING_HOME%\lib
@call %WL_HOME%\server\bin\setWLSEnv.cmd > nul 2<&1
launch.cmd
@CLS
@echo OFF
@SETLOCAL
@call "conf\setEnv.cmd" > nul 2<&1
set PWD=%~dp0
%JAVA_HOME%\bin\java -Dmodule.lib=%MODULE_LIB% weblogic.WLST -skipWLSModuleScanning lib/security.py
lib/security.py
from com.bea.wli.monitoring import StatisticType
from java.util import HashMap
from java.util import HashSet
from java.util import ArrayList
from java.util import Collections
from java.io import FileInputStream
from java.io import FileOutputStream
from java.lang import String
from java.lang import Boolean
from com.bea.wli.sb.util import EnvValueTypes
from com.bea.wli.config.env import EnvValueQuery;
from com.bea.wli.config import Ref
from com.bea.wli.config.customization import Customization
from com.bea.wli.config.customization import EnvValueCustomization
from com.bea.wli.config.customization import FindAndReplaceCustomization
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.management.query import BusinessServiceQuery
from com.bea.wli.sb.management.query import ProxyServiceQuery
from com.bea.wli.sb.management.configuration import ServiceConfigurationMBean
import os
# before, create an ALSB domain 10.3 with a proxy service in the default project and add an Acces Control Policy in the consol
# sbconsol->Project Explorer->default->${proxy service}->Security->Access Control->Create Session->Add Conditions->User->USR_1->Add
# when we try to modify the Acces Control Policy of the proxy service with the ServiceSecurityConfigurationMBean
def accessControlSecurity1( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get the ServiceSecurityConfigurationMBean
serviceSecurityConfigurationMBean = findService(String("ServiceSecurityConfiguration.").concat(sessionName), "com.bea.wli.sb.security.management.configuration.ServiceSecurityConfigurationMBean")
# get the XACMLAuthorizer
working_directory=pwd()
serverConfig()
xacmlAuthorizer = cd('/SecurityConfiguration/%s/Realms/myrealm/Authorizers/XACMLAuthorizer' % domain_name )
cd(working_directory)
domainRuntime()
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
# use the security Mbean to add : USER_A,USER_B,USER_C to the policy
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance(xacmlAuthorizer)
policyHolder.setPolicyExpression("Usr(USER_A,USER_B,USER_C)")
policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(ref)
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope,policyHolder)
# print the service definition
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# we can see the security entry in the service definition has follow
# <xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <ser:coreEntry isProxy="true" isEnabled="true" isAutoPublish="false">
# <ser:description/>
# <ser:security>
# <con:access-control-policies xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con:message-level-policies>
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# </con:access-control-policies>
# </ser:security>
# but when we commit
SessionMBean.activateSession(sessionName, "description for session activation")
# we got the following exception
# Unexpected error: com.bea.wli.config.session.SessionConflictException
# No stack trace available.
# Problem invoking WLST - Traceback (innermost last):
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 246, in ?
# File "E:\PROJETS\RECURANT\EDF\linky\WLST\WORKING\Security\lib\security.py", line 105, in accessControlSecurity1
# com.bea.wli.config.session.SessionConflictException: Conflicts for session SessionScript1363339726764
# [Non-Critical] Concurrent Modification Conflicts
# NONE
# [Critical] Resources with validation errors
# 1 - ProxyService test/PS_TEST_bis CannotCommit
# + CannotCommit [OSB Security:386836]Unnecessary proxy wide message access control policy found for service "test/PS_TEST_bis". Hint: The service is neither an active security
# intermediary nor has custom authentication enabled. ServiceDiagnosticLocation[SECURITY_TAB]:DiagnosticLocation:<con:message-level-policies xmlns:ser="http://www.bea.com/wli/sb/services" xml
# ns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:con="http://www.bea.com/wli/sb/services/security/config">
# <con1:default-policy xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/
# config">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_A,USER_B,USER_C)</con:policy-expression>
# </con:policy>
# </con1:default-policy>
# </con:message-level-policies>
# [Info] Informational messages
# NONE
# at com.bea.wli.config.session.SessionManager.commitSessionUnlocked(SessionManager.java:358)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:339)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:297)
# at com.bea.wli.config.session.SessionManager.commitSession(SessionManager.java:306)
disconnect()
# when we try to modify the Acces Control Policy of the proxy service whith the service XML definition
def accessControlSecurity2( domain_name ):
# connection
print "\n\n\n***********************************************************************************************"
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
# parsing the proxy definition
nsSer = "declare namespace ser='http://www.bea.com/wli/sb/services'"
nsXsi = "declare namespace xsi='http://www.w3.org/2001/XMLSchema-instance'"
nsTran = "declare namespace tran='http://www.bea.com/wli/sb/transports'"
nsEnv = "declare namespace env='http://www.bea.com/wli/config/env'"
nsCon = "declare namespace con='http://www.bea.com/wli/sb/services/security/config'"
nsCon1 = "declare namespace con1='http://www.bea.com/wli/sb/services/security/config'"
# when we try to parse the following Xpath Expression, it' working but not sufficent to access the <con:policy-expression> element
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "WORKING{%s}" % confElem
# get the result
# <xml-fragment xsi:type="con:ProviderPolicyContainerType" xmlns:con="http://www.bea.com/wli/sb/security/accesscontrol/config" xmlns:con1="http://www.bea.com/wli/sb/services/security/config" xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env">
# <con:policy provider-id="XACMLAuthorizer">
# <con:policy-expression>Usr(USER_1,USER_2,USER_3)</con:policy-expression>
# </con:policy>
# </xml-fragment>
# and when we try to acces the <con:policy> element whith the following Xpath expression we got an empty result
confPath = "ser:coreEntry/ser:security/con:access-control-policies/con1:transport-level-policy/con:policy"
confElem = serviceDefinition.selectPath(nsSer + nsXsi + nsTran + nsEnv + nsCon + nsCon1 + confPath )
print "DON'T WORKING{%s}" % confElem
# get empty result
# array([], org.apache.xmlbeans.XmlObject)
# want to modify the value like this on the <con:policy-expression> but cannot reach it ...
#confValue="Usr(USER_A,USER_B,USER_C)"
#confElem.setStringValue(confValue)
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
# print the service definition
def printServiceDefinition( domain_name ):
# connection
connect( 'weblogic', 'weblogic', 't3://localhost:7001')
domainRuntime()
# create a session
sessionName = String("SessionScript"+Long(System.currentTimeMillis()).toString())
SessionMBean = findService( SessionManagementMBean.NAME ,SessionManagementMBean.TYPE)
SessionMBean.createSession(sessionName)
# get service ref
ConfigurationMBean = findService(String("ALSBConfiguration.").concat(sessionName), "com.bea.wli.sb.management.configuration.ALSBConfigurationMBean")
bsQuery = ProxyServiceQuery()
bsQuery.setPath("default/*")
refs = ConfigurationMBean.getRefs(bsQuery)
for ref in refs:
print 'ref=%s'%ref
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
servConfMBean = findService( "%s.%s" % (ServiceConfigurationMBean.NAME, sessionName), ServiceConfigurationMBean.TYPE)
serviceDefinition = servConfMBean.getServiceDefinition(ref)
print serviceDefinition
# commit
SessionMBean.activateSession(sessionName, "description for session activation")
disconnect
#accessControlSecurity1('cluster_domain')
accessControlSecurity2('cluster_domain')
Similar Messages
-
I have problems with the Assign Access Control in HFM
I have problems when I want assign Access Control by Shared Services in application HFM. I login with user admin and send me this message
Processing Error:
Description: Invalid argument.
Code: -2147220951
Trace: Number:-2147220951
Description:
Source:General Security Error
Page:
Actor: General Security Error
Anyone can't help meI've seen this error when the application isn't registered properly. Try re-registering via Workspace.
-
Integrating SAP HCM with third party Access Control System
Hi Experts,
We have client using SAP HCM and intend procuring an Access Control Solution to manage her people.
What the client wants to avoid though is having to create a new employee in SAP HCM and manually creating same in the Access Control Software. Is there a way this can be automated such that upon recruitment of new staff, the data is updated in the Access Control DB which uses MS SQL? If this is possible, what is required to get this working well.
Thanks for your support in this regard.
Regards
JohnFor time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
I hope this answer will help. -
How do I add a line into an access control list?
We have a user VLAN that allows connectivity to printer VLAN. Printers connect and need snmp to communicate.
New printers were brought in, and they need port 443 opened. I was under the impression I could insert a line into an ACL(below).
I have copied the production ACL to this test ACL (102) and it works fine when I changed the VLAN interface to use this ACL. I copied and pasted, however, and the new ACL was easy to create and apply. Since I have 30 more production switches to do this to, I was hoping I would not have to delete this ACL and recreate it. I thought there was a way to "inject" a line into an ACL
Any thoughts?
access-list 102 permit udp any any eq bootps
access-list 102 permit udp any any eq bootpc
access-list 102 permit icmp 10.0.32.0 0.255.3.255 10.0.32.1 0.255.0.0 echo
access-list 102 permit icmp 10.0.32.0 0.255.3.255 10.0.32.1 0.255.0.0 echo-reply
access-list 102 permit icmp 10.0.32.1 0.255.0.0 10.0.32.0 0.255.3.255 echo
access-list 102 permit icmp 10.0.32.1 0.255.0.0 10.0.32.0 0.255.3.255 echo-reply
access-list 102 permit icmp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 echo
access-list 102 permit icmp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 echo-reply
access-list 102 permit tcp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq 443
access-list 102 permit udp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq snmp
access-list 102 permit tcp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq 161
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.32.0 0.255.3.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.64.0 0.255.0.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 log
access-list 102 permit ip host 10.105.34.9 10.0.112.0 0.255.0.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.112.0 0.255.0.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.114.0 0.255.0.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.161.0 0.255.0.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.165.0 0.255.0.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.235.0 0.255.0.255 log
access-list 102 permit ip 10.0.32.0 0.255.3.255 10.0.240.24 0.255.0.0
access-list 102 permit ip 10.0.32.0 0.255.3.255 10.2.240.0 0.0.1.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.240.0 0.255.0.255 log
access-list 102 deny ip 10.0.32.0 0.255.3.255 10.0.241.0 0.255.0.255 log
access-list 102 permit ip any anyUse show ip-access lists to see the numbering:
R1#sh ip access-lists
Extended IP access list 102
10 permit udp any any eq bootps
20 permit udp any any eq bootpc
30 permit icmp 10.0.32.0 0.255.3.255 10.0.32.1 0.255.0.0 echo
40 permit icmp 10.0.32.0 0.255.3.255 10.0.32.1 0.255.0.0 echo-reply
50 permit icmp 10.0.32.1 0.255.0.0 10.0.32.0 0.255.3.255 echo
60 permit icmp 10.0.32.1 0.255.0.0 10.0.32.0 0.255.3.255 echo-reply
70 permit icmp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 echo
80 permit icmp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 echo-reply
90 permit tcp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq 443
100 permit udp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq snmp
110 permit tcp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq 161
120 deny ip 10.0.32.0 0.255.3.255 10.0.32.0 0.255.3.255 log
130 deny ip 10.0.32.0 0.255.3.255 10.0.64.0 0.255.0.255 log
140 deny ip 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 log
150 permit ip host 10.105.34.9 10.0.112.0 0.255.0.255 log
160 deny ip 10.0.32.0 0.255.3.255 10.0.112.0 0.255.0.255 log
170 deny ip 10.0.32.0 0.255.3.255 10.0.114.0 0.255.0.255 log
180 deny ip 10.0.32.0 0.255.3.255 10.0.161.0 0.255.0.255 log
190 deny ip 10.0.32.0 0.255.3.255 10.0.165.0 0.255.0.255 log
200 deny ip 10.0.32.0 0.255.3.255 10.0.235.0 0.255.0.255 log
210 permit ip 10.0.32.0 0.255.3.255 10.0.240.24 0.255.0.0
220 permit ip 10.0.32.0 0.255.3.255 10.2.240.0 0.0.1.255 log
230 deny ip 10.0.32.0 0.255.3.255 10.0.240.0 0.255.0.255 log
240 deny ip 10.0.32.0 0.255.3.255 10.0.241.0 0.255.0.255 log
250 permit ip any any
Then if you want to add something at line 245:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip access-list extended 102
R1(config-ext-nacl)#245 deny ip host 1.1.1.1 host 2.2.2.2
Now it should be done:
R1(config-ext-nacl)#do show ip access-lists
Extended IP access list 102
10 permit udp any any eq bootps
20 permit udp any any eq bootpc
30 permit icmp 10.0.32.0 0.255.3.255 10.0.32.1 0.255.0.0 echo
40 permit icmp 10.0.32.0 0.255.3.255 10.0.32.1 0.255.0.0 echo-reply
50 permit icmp 10.0.32.1 0.255.0.0 10.0.32.0 0.255.3.255 echo
60 permit icmp 10.0.32.1 0.255.0.0 10.0.32.0 0.255.3.255 echo-reply
70 permit icmp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 echo
80 permit icmp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 echo-reply
90 permit tcp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq 443
100 permit udp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq snmp
110 permit tcp 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 eq 161
120 deny ip 10.0.32.0 0.255.3.255 10.0.32.0 0.255.3.255 log
130 deny ip 10.0.32.0 0.255.3.255 10.0.64.0 0.255.0.255 log
140 deny ip 10.0.32.0 0.255.3.255 10.0.96.0 0.255.0.255 log
150 permit ip host 10.105.34.9 10.0.112.0 0.255.0.255 log
160 deny ip 10.0.32.0 0.255.3.255 10.0.112.0 0.255.0.255 log
170 deny ip 10.0.32.0 0.255.3.255 10.0.114.0 0.255.0.255 log
180 deny ip 10.0.32.0 0.255.3.255 10.0.161.0 0.255.0.255 log
190 deny ip 10.0.32.0 0.255.3.255 10.0.165.0 0.255.0.255 log
200 deny ip 10.0.32.0 0.255.3.255 10.0.235.0 0.255.0.255 log
210 permit ip 10.0.32.0 0.255.3.255 10.0.240.24 0.255.0.0
220 permit ip 10.0.32.0 0.255.3.255 10.2.240.0 0.0.1.255 log
230 deny ip 10.0.32.0 0.255.3.255 10.0.240.0 0.255.0.255 log
240 deny ip 10.0.32.0 0.255.3.255 10.0.241.0 0.255.0.255 log
245 deny ip host 1.1.1.1 host 2.2.2.2
Daniel Dib
CCIE #37149
Please rate helpful posts. -
Can I add blog entries with my ipad??
I started a blog in iWeb on my macbook and then wondered if I could add entries with my iPad and iPhone since I'm not going to be traveling with my macbook. Trying to do a travel journal via this method.
If you use Wordpress as Koeklin suggests you can embed that blog into an iWeb page as shown in this demo page: Embed a Site Within an iWeb Page. That way visitors don't need to leave your site to see your blog and you can add to it from your mobile device(s).
OT -
What is better for security? WPA2 or Access control
I have a Airport express and 2 computers; a Mac and a PC.
When it come to securing your wi-fi connection so you don't get unauthorized clients on your network.
What is better
A- Just using encryption like WPA2 or some other password based system or
B- Just entering the "Airport ID" (MAC) of the computers I want to authorize in my network on the Access control panel.
Seems to me like the later is easier on the clients since they don't need a password or anything, It's completely transparent for the client. And I believe encryption slows down the connection a bit and create overhead for the computer. But maybe I don't have the full picture of the situation.
Is there anybody who can illuminated this subject for me?
thanks
PowerBookG4 Mac OS X (10.3.9)WPA2 is virtually uncrackable only really vulnerable if you use a real word as a password.
When using access control, MAC addresses are sent unecrypted can be read and spoofed and therefore do not add any security.
Unfortunately "Closed" networks, MAC access control lists, and reduction in transmission power are all more "feel good" security rather than real security. All these various approaches are dated and mistakenly lead to overconfidence.
WPA is your friend if you value wireless security. -
Business Rules Framework (BRF) with Access Controll V10 (ERM and CUP)
Hi Experts,
where can I find some information about the usage of BRF with respect to Access Controll (especially ERM and CUP)?
Thanks in advance and best regards,
MarlenHi Marlen,
For ramp-up customers we have ramp-up knowledge transfer to be found here:
http://service.sap.com/rkt
If you are not participating in the AC 10.0 ramp-up you would need to wait until the product is general available.
For general information on BRF have look here:
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/43/8b85c9db2f614fe10000000a1553f7/frameset.htm
Best,
Frank -
Editing proxy and business service security with WLST
My customer wants to manage the OSB with WLST as much as possible. I'm wondering if it is possible to handle the security and policies on proxy and business service with WLST.
Any ideas or links to documenation are welcome.
Thanks!I think you can do this. Please refer - http://docs.oracle.com/cd/E14571_01/core.1111/e10043/wlstcmds.htm#CHDGHDFJ
But not sure of how much flexibility you will get with WLST. I will recommend using OWSM that is specifically used for similar activities for the soa suite.
Please refer - http://docs.oracle.com/cd/E21764_01/web.1111/e13713/owsm_appendix.htm & http://docs.oracle.com/cd/E21764_01/doc.1111/e15866/owsm.htm for more details.
Thanks,
Patrick -
How to undo activated OSB session with WLST?
Does anybody know if there´s a chance to undo an activated OSB session with WLST?
There´s a way to undo an UNactivated session but not an activated one (like the undo session in /sbconsole).
Thanks in advance.
Edited by: 956378 on 31-ago-2012 12:48"zone copy active-zoneset full-zoneset vsan 2" is the correct command. It will overwrite the full zoneset (identical) and ready to edit.
-
Hi!
I need help, please... I would like to rename OSB resources (e.g. OSB project name, proxy service,...) with WLST.
Could anyone help me ho to do this?
I tried to navigate in WLST but I can't find the OSB resource (for example proxy service) which I wanted to rename. Where should I look for it?
And which WLST command do I have to execute?
As I know the commands in WLST are in session, so the changes activate at the same time, don't they?
Thanks for help in advance!
Regards,
ViktorCould someone please help me?
Thanks! -
OSB: Is it possible to change throttling settings with WLST?
Hi all,
I am trying to find a solution to change the throttling settings of a business service with WLST, since it is not possible to set it in the customization file.
I already know the parameter alsbImportPlan.setPreserveExistingOperationalValues(boolean) to preserve or change the operational values with the imported jar file, but I cannot find how to change the parameters separately for a business service (e.g. throttling state, max concurrency).
Thanks for any help,
KatjaHi Fabio,
thanks for your approach. Could you give me some more ideas how to do that exactly? What do you mean with "write a code"? With WLST it does not work, I think. So you mean some code to extract the jar, change the xml, package the jar again and then deploy it? We need the changes at deployment time, because the settings have to be adjusted for the different environments.
Best regards,
Katja -
Problem starting adminserver with WLST and Nodemanager
I have a domain with one cluster containing 4 managed servers. Now I want to start the adminserver with WLST using the Nodemanager. (I know there are other/beter ways but in this situation I need to do it with Nodemanager).
The problem is that the Nodemanager doesn't add the right memory arguments to the start command of the admin server.
This is what I do:
nmConnect(usernaam,password,host,port,domain)
nmstart(adminserver)
This does start the adminserver only without the proper memory arguments.
I tried:
using a startup.properties file in the directory <domain-dir> \servers\<server-name> \data\nodemanager with the following arguments: -Xms1024m -Xmx1024m
and
Puting the memory arguments in the "Server Start" properties in the config.xml (This works fine for the managedservers)
How can I solve this?The nmstart command has a properties argument. Have you tried that?
nmStart([serverName], [domainDir], [props], [writer])
<Richard Greeven> wrote in message news:[email protected]..
I have a domain with one cluster containing 4 managed servers. Now I want to
start the adminserver with WLST using the Nodemanager. (I know there are
other/beter ways but in this situation I need to do it with Nodemanager).
The problem is that the Nodemanager doesn't add the right memory arguments
to the start command of the admin server.
This is what I do:
nmConnect(usernaam,password,host,port,domain)
nmstart(adminserver)
This does start the adminserver only without the proper memory arguments.
I tried:
using a startup.properties file in the directory <domain-dir>
\servers\<server-name> \data\nodemanager with the following
arguments: -Xms1024m -Xmx1024m
and
Puting the memory arguments in the "Server Start" properties in the
config.xml (This works fine for the managedservers)
How can I solve this? -
Update deployment plan definition with WLST
Hello,
I would like to write a script in order to get the existing deployemnt plan of my deployed application (Deployement plan is yet modified, I don't want to use loadApplication). Then I would to update my deployement plan (update/add work manager constraints).
I can't find any WLST api to do that. The Weblogic console doesn't record the actions when I do it through the console.
I would like top the the same as this link http://download.oracle.com/docs/cd/E15051_01/wls/docs103/config_scripting/updateplan.html
But with a deploymenPlan got from the server and not from the filesystem
The only way I see is to use a Java parser un Jython to update the existing deployemnt plan and then, redeploy the application but This solution is very heavy in term of developpment. It should be more efficient when a built in parser
Could you please help me giving me some information about how to update deployement plans of a yet deployed application with WLST ?
Thank you !
C.Thank you for answering.
In fact, I have found the solution for my use case according to the previous html link
The WLST plan seems to be accessible only by file system.
If your application is yet deployed with a deployment plan and you want to update this plan, you have to login on the admin server via WLST,get the application absolute path and the plan absoluth path :
cd ("AppDeployments/" + INTERNAL_APP_NAME)
appPath = cmo.getAbsoluteSourcePath()
planPath = cmo.getAbsolutePlanPath()and then, load the existing plan :
plan = loadApplication(appPath, planPath)after that, you can use the api described at the following link http://download.oracle.com/docs/cd/E15051_01/wls/docs103/config_scripting/updateplan.html to update the plan.
Then, you have to redeploy the application :
redeploy(APP_NAME)Thank you for helping !
C. -
How to use boot.properties to bypass username and password entry in WLST while connecting to server?
I'm currently writing a script that starts managed servers through WLST and I want it to avoid having the user enter their username and password similar to how startManagedWebLogic.sh does when a boot.properties file exists in the security directory of the server.
Currently, the way my script is set up is that it starts up WLST and enters the connect command, where it requests the username and password. The admin server URL is pulled from a config file used for the script.
Does anyone know how to supply the boot.properties file into WLST to have it automatically use the values in there? I do not want to have to save the values in plain text, nor do I want to have to create a new file to store them if it isn't necessary. I've read this thread weblogic.system.BootIdentityFile not working with WLST and tried copying boot.properties to domain home but didn't have any luck and still had to enter username and password. I have also tried looking into how startManagedWebLogic.sh pulls the values from the boot.properties but was unable to clearly identify how this is done. Any help would be much appreciated.
Thanks,
BrianExamples are presented here: Middleware Snippets: Starting and Stopping a Java EE Environment when using WebLogic
The examples use the Node Manager and Admin Server to start the managed server. To start the AdminServer nmStart is used. Note that boot.properties (in ${DOMAIN_HOME}/servers/${ADMIN_SERVER_NAME}/security) must exist in order to start a server with nmStart.
Next you can use, for example, the ServerLifeCycleRuntimeMBean to start the managed server (in this case the Node Manager and the Admin Server will make sure a boot.properties and startup.properties are propagated to the right directory ${DOMAIN_HOME}/servers/${SERVER_NAME}/data/nodemanager.
When the Admin Server is not available you can also use nmStart for the managed server. In this case you have to create boot.properties and startup.properties yourself by using nmGenBootStartupProps and copy them to the ${DOMAIN_HOME}/servers/${SERVER_NAME}/data/nodemanager directory. -
Distrubute Queue Creation with WLST
Hi,
I am trying to created queues on a clustered env with wlst 8.1.sp5.jar and remaining jars from 8.1 sp4. When i run the script it gets executed completely with creating required queue's. But it also throws one exception. I am not able to figure out why it is throwing this error. If anyone has info about it let me know.
[jmsQueueCreation] cd('/')
[jmsQueueCreation] JMSQueue with name 'cgJMSServer_auto_1.TransformationCheckWeb
.queue.AsyncDispatcher_error' has been created successfully.
[jmsQueueCreation] JMSQueue with name 'cgJMSServer_auto_1.TransformationCheckWeb
.queue.AsyncDispatcher' has been created successfully.
[jmsQueueCreation] java.lang.NullPointerException
[jmsQueueCreation] at weblogic.management.configuration.JMSLegalHelper.lega
lErrorDestination(JMSLegalHelper.java:575)
[jmsQueueCreation] at weblogic.management.configuration.JMSQueueMBean_Helpe
r.validateAttribute(JMSQueueMBean_Helper.java:41)
[jmsQueueCreation] at weblogic.management.info.ExtendedInfo.validateAttribu
te(ExtendedInfo.java:323)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.checkAt
tributeValueIsLegal(DynamicMBeanImpl.java:1635)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.prepare
ForModification(DynamicMBeanImpl.java:1570)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.setAttr
ibute(DynamicMBeanImpl.java:1089)
[jmsQueueCreation] at weblogic.management.internal.ConfigurationMBeanImpl.s
etAttribute(ConfigurationMBeanImpl.java:362)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1361)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1336)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.pr
ivate_setAttribute(RemoteMBeanServerImpl.java:431)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.se
tAttribute(RemoteMBeanServerImpl.java:387)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl_WL
Skel.invoke(Unknown Source)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.invoke(BasicServ
erRef.java:477)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef$1.run(BasicServe
rRef.java:420)
[jmsQueueCreation] at weblogic.security.acl.internal.AuthenticatedSubject.d
oAs(AuthenticatedSubject.java:363)
[jmsQueueCreation] at weblogic.security.service.SecurityManager.runAs(Secur
ityManager.java:147)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.handleRequest(Ba
sicServerRef.java:415)
[jmsQueueCreation] at weblogic.rmi.internal.BasicExecuteRequest.execute(Bas
icExecuteRequest.java:30)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.execute(ExecuteThread.j
ava:219)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:
178)
[jmsQueueCreation] at java.lang.Thread.startThreadFromVM(Unknown Source)
[jmsQueueCreation] --------------- nested within: ------------------
[jmsQueueCreation] java.lang.NullPointerException
[jmsQueueCreation] at weblogic.management.configuration.JMSLegalHelper.lega
lErrorDestination(JMSLegalHelper.java:575)
[jmsQueueCreation] at weblogic.management.configuration.JMSQueueMBean_Helpe
r.validateAttribute(JMSQueueMBean_Helper.java:41)
[jmsQueueCreation] at weblogic.management.info.ExtendedInfo.validateAttribu
te(ExtendedInfo.java:323)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.checkAt
tributeValueIsLegal(DynamicMBeanImpl.java:1635)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.prepare
ForModification(DynamicMBeanImpl.java:1570)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.setAttr
ibute(DynamicMBeanImpl.java:1089)
[jmsQueueCreation] at weblogic.management.internal.ConfigurationMBeanImpl.s
etAttribute(ConfigurationMBeanImpl.java:362)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1361)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1336)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.pr
ivate_setAttribute(RemoteMBeanServerImpl.java:431)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.se
tAttribute(RemoteMBeanServerImpl.java:387)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl_WL
Skel.invoke(Unknown Source)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.invoke(BasicServ
erRef.java:477)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef$1.run(BasicServe
rRef.java:420)
[jmsQueueCreation] at weblogic.security.acl.internal.AuthenticatedSubject.d
oAs(AuthenticatedSubject.java:363)
[jmsQueueCreation] at weblogic.security.service.SecurityManager.runAs(Secur
ityManager.java:147)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.handleRequest(Ba
sicServerRef.java:415)
[jmsQueueCreation] at weblogic.rmi.internal.BasicExecuteRequest.execute(Bas
icExecuteRequest.java:30)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.execute(ExecuteThread.j
ava:219)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:
178)
[jmsQueueCreation] at java.lang.Thread.startThreadFromVM(Unknown Source)
[jmsQueueCreation] --------------- nested within: ------------------
[jmsQueueCreation] javax.management.RuntimeOperationsException: RuntimeException
thrown by the setAttribute weblogic.management.internal.WebLogicAttribute@2c127
cbmethod of the Dynamic MBean
[jmsQueueCreation] at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicO
utboundRequest.java:108)
[jmsQueueCreation] at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemo
teRef.java)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl_81
4_WLStub.setAttribute(Unknown Source)
[jmsQueueCreation] at weblogic.management.internal.ConfigurationMBeanImpl.u
pdateConfigMBeans(ConfigurationMBeanImpl.java:972)
[jmsQueueCreation] at weblogic.management.internal.ConfigurationMBeanImpl.s
etAttribute(ConfigurationMBeanImpl.java)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1361)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1336)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.pr
ivate_setAttribute(RemoteMBeanServerImpl.java:431)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.se
tAttribute(RemoteMBeanServerImpl.java:387)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl_WL
Skel.invoke(Unknown Source)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.invoke(BasicServ
erRef.java)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef$1.run(BasicServe
rRef.java)
[jmsQueueCreation] at weblogic.security.acl.internal.AuthenticatedSubject.d
oAs(AuthenticatedSubject.java)
[jmsQueueCreation] at weblogic.security.service.SecurityManager.runAs(Secur
ityManager.java)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.handleRequest(Ba
sicServerRef.java)
[jmsQueueCreation] at weblogic.rmi.internal.BasicExecuteRequest.execute(Bas
icExecuteRequest.java)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.execute(ExecuteThread.j
ava)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:
178)
[jmsQueueCreation] at java.lang.Thread.startThreadFromVM(Unknown Source)
[jmsQueueCreation] JMSQueue with name 'cgJMSServer_auto_2.TransformationCheckWeb
.queue.AsyncDispatcher_error' has been created successfully.
[jmsQueueCreation] JMSQueue with name 'cgJMSServer_auto_2.TransformationCheckWeb
.queue.AsyncDispatcher' has been created successfully.
[jmsQueueCreation] java.lang.NullPointerException
[jmsQueueCreation] at weblogic.management.configuration.JMSLegalHelper.lega
lErrorDestination(JMSLegalHelper.java:575)
[jmsQueueCreation] at weblogic.management.configuration.JMSQueueMBean_Helpe
r.validateAttribute(JMSQueueMBean_Helper.java:41)
[jmsQueueCreation] at weblogic.management.info.ExtendedInfo.validateAttribu
te(ExtendedInfo.java:323)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.checkAt
tributeValueIsLegal(DynamicMBeanImpl.java:1635)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.prepare
ForModification(DynamicMBeanImpl.java:1570)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.setAttr
ibute(DynamicMBeanImpl.java:1089)
[jmsQueueCreation] at weblogic.management.internal.ConfigurationMBeanImpl.s
etAttribute(ConfigurationMBeanImpl.java:362)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1361)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1336)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.pr
ivate_setAttribute(RemoteMBeanServerImpl.java:431)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.se
tAttribute(RemoteMBeanServerImpl.java:387)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl_WL
Skel.invoke(Unknown Source)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.invoke(BasicServ
erRef.java:477)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef$1.run(BasicServe
rRef.java:420)
[jmsQueueCreation] at weblogic.security.acl.internal.AuthenticatedSubject.d
oAs(AuthenticatedSubject.java:363)
[jmsQueueCreation] at weblogic.security.service.SecurityManager.runAs(Secur
ityManager.java:147)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.handleRequest(Ba
sicServerRef.java:415)
[jmsQueueCreation] at weblogic.rmi.internal.BasicExecuteRequest.execute(Bas
icExecuteRequest.java:30)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.execute(ExecuteThread.j
ava:219)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:
178)
[jmsQueueCreation] at java.lang.Thread.startThreadFromVM(Unknown Source)
[jmsQueueCreation] --------------- nested within: ------------------
[jmsQueueCreation] java.lang.NullPointerException
[jmsQueueCreation] at weblogic.management.configuration.JMSLegalHelper.lega
lErrorDestination(JMSLegalHelper.java:575)
[jmsQueueCreation] at weblogic.management.configuration.JMSQueueMBean_Helpe
r.validateAttribute(JMSQueueMBean_Helper.java:41)
[jmsQueueCreation] at weblogic.management.info.ExtendedInfo.validateAttribu
te(ExtendedInfo.java:323)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.checkAt
tributeValueIsLegal(DynamicMBeanImpl.java:1635)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.prepare
ForModification(DynamicMBeanImpl.java:1570)
[jmsQueueCreation] at weblogic.management.internal.DynamicMBeanImpl.setAttr
ibute(DynamicMBeanImpl.java:1089)
[jmsQueueCreation] at weblogic.management.internal.ConfigurationMBeanImpl.s
etAttribute(ConfigurationMBeanImpl.java:362)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1361)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1336)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.pr
ivate_setAttribute(RemoteMBeanServerImpl.java:431)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.se
tAttribute(RemoteMBeanServerImpl.java:387)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl_WL
Skel.invoke(Unknown Source)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.invoke(BasicServ
erRef.java:477)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef$1.run(BasicServe
rRef.java:420)
[jmsQueueCreation] at weblogic.security.acl.internal.AuthenticatedSubject.d
oAs(AuthenticatedSubject.java:363)
[jmsQueueCreation] at weblogic.security.service.SecurityManager.runAs(Secur
ityManager.java:147)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.handleRequest(Ba
sicServerRef.java:415)
[jmsQueueCreation] at weblogic.rmi.internal.BasicExecuteRequest.execute(Bas
icExecuteRequest.java:30)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.execute(ExecuteThread.j
ava:219)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:
178)
[jmsQueueCreation] at java.lang.Thread.startThreadFromVM(Unknown Source)
[jmsQueueCreation] --------------- nested within: ------------------
[jmsQueueCreation] javax.management.RuntimeOperationsException: RuntimeException
thrown by the setAttribute weblogic.management.internal.WebLogicAttribute@2c6a4
acmethod of the Dynamic MBean
[jmsQueueCreation] at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicO
utboundRequest.java:108)
[jmsQueueCreation] at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemo
teRef.java)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl_81
4_WLStub.setAttribute(Unknown Source)
[jmsQueueCreation] at weblogic.management.internal.ConfigurationMBeanImpl.u
pdateConfigMBeans(ConfigurationMBeanImpl.java:972)
[jmsQueueCreation] at weblogic.management.internal.ConfigurationMBeanImpl.s
etAttribute(ConfigurationMBeanImpl.java)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1361)
[jmsQueueCreation] at com.sun.management.jmx.MBeanServerImpl.setAttribute(M
BeanServerImpl.java:1336)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.pr
ivate_setAttribute(RemoteMBeanServerImpl.java:431)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl.se
tAttribute(RemoteMBeanServerImpl.java:387)
[jmsQueueCreation] at weblogic.management.internal.RemoteMBeanServerImpl_WL
Skel.invoke(Unknown Source)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.invoke(BasicServ
erRef.java)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef$1.run(BasicServe
rRef.java)
[jmsQueueCreation] at weblogic.security.acl.internal.AuthenticatedSubject.d
oAs(AuthenticatedSubject.java)
[jmsQueueCreation] at weblogic.security.service.SecurityManager.runAs(Secur
ityManager.java)
[jmsQueueCreation] at weblogic.rmi.internal.BasicServerRef.handleRequest(Ba
sicServerRef.java)
[jmsQueueCreation] at weblogic.rmi.internal.BasicExecuteRequest.execute(Bas
icExecuteRequest.java)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.execute(ExecuteThread.j
ava)
[jmsQueueCreation] at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:
178)
[jmsQueueCreation] at java.lang.Thread.startThreadFromVM(Unknown Source)
[jmsQueueCreation] JMSDistributedQueue with name 'dist_TransformationCheckWeb.qu
eue.AsyncDispatcher' has been created successfully.
[jmsQueueCreation] JMSDistributedQueueMember with name 'cgJMSServer_auto_1.Trans
formationCheckWeb.queue.AsyncDispatcher' has been created successfully.
[jmsQueueCreation] JMSDistributedQueueMember with name 'cgJMSServer_auto_2.Trans
formationCheckWeb.queue.AsyncDispatcher' has been created successfully.
[jmsQueueCreation] JMSDistributedQueue with name 'dist_TransformationCheckWeb.qu
eue.AsyncDispatcher_error' has been created successfully.
[jmsQueueCreation] JMSDistributedQueueMember with name 'cgJMSServer_auto_1.Trans
formationCheckWeb.queue.AsyncDispatcher_error' has been created successfully.
[jmsQueueCreation] JMSDistributedQueueMember with name 'cgJMSServer_auto_2.Trans
formationCheckWeb.queue.AsyncDispatcher_error' has been created successfully.Hi
I am actually using JMX but trying to do pretty much the same thing as using WLST. Here is my code snippet.
JMSServerMBean jmsServer = this.getJMSServerMBean();
JMSQueueMBean jmsQ = this.findOrCreateJMSQueue("qName");
jmsQ.setJNDIName("myJNDIName");
jmsServer.addDestination(jmsQueue);
// I added this line after your post
jmsQ.setParent(jmsServer);
The problem still exists. The JMSQueue appears in the weblogic console with JNDIName attached but does NOT appear in my JNDI tree. Do I have to manually put an object in the tree or am I missing something.
Thanks
Eugene
Maybe you are looking for
-
I can't figure out how to find my pictures!!
I just had my iPhone 4s replaced today because I was having some technical trouble. I asked the guy who was helping me if I'd lose anything with transfering to the new phone and he told me I'd lose my videos and any progress in games or apps that did
-
How slow should a Mac mini with i7 2.3 GHz quad core be?
I am really disappointed about how mind numbingly slow this computer is for even the most basic tasks. I'm wondering is something wrong with it or is this just what happens when you don't have an SSD? I have been using exclusively SSDs in my comput
-
Itunes 64 bit and windows 7 blue screen of death
Just installed Itunes 64bit on my new HP laptop and after a restart the computer had to be rolled back to start again. Is there a fault in Itunes....? The very first problem with Windows 7.
-
Conversion of ABAP Reports to BW
Hi all, I am pretty much aware of the scenarios where in we build the infocubes based on the business requirements, thru the gap analysis (business content approach). I would really be thankful if somebody can provide me a good overview and the possi
-
Deskjet 3522 language - how can I change the language preference on the printer display?
After setting up initially, somehow hit wrong button and changed language to Chinese. Anyone know how to change it back to English?