OWSM 10.1.3.3 on WebLogic 10.3.5

Similar Messages

• [OSB and OWSM] - External Web service stacks and frameworks

  Hi everyone ! I'm starting to read about OSB and OWSM and I'm having some doubts. I've some developments of Web services with external Stacks like CXF, JBossWS, Metro and I'd like to ask some questions:
  1- Will I be able to productively leverage all features of OSB and OWSM like creating a proxy service to add WS-* standards policies and features (WS-Security, for instance) even with these web services implemented in different stacks other than Weblogic's ?
  2- If it is possible, do these web services need to be deployed at the Weblogic server to enable the OWSM and OSB to work effectively ?
  3- Even if it is possible to use the OSB and OWSM nicely with webservices developed at external stacks and deployed at other application servers is there any reason to quit using these external web service stacks in favor of Weblogic's (like features only enabled on OSB/OWSM when the services use the Weblogic stack) ?
  I suppose that if I ignore the JAX-WS stack from Weblogic and use an external framework (like CXF) I'll lose most of the application server administration capabilities since the Weblogic server won't be able to recognize the CXF stack as it does with its own.But, the main doubt I'm in is, since OSB and OWSM might be used with external providers I probably won't need to develop my web services using the Weblogic implementation (which my team does not yet know) since there will be no features of the OSB and OWSM which can only be used with the Weblogic's stack. I would like, please, to know your oppinions about these considerations. Sorry about the long post and possible errors (I just started learning).
  Thank you!

  Hi Lupan,
  I can speak mostly to OWSM as my experience with OSB is small thus far.
  +1- Will I be able to productively leverage all features of OSB and OWSM like creating a proxy service to add WS-* standards policies and features (WS-Security, for instance) even with these web services implemented in different stacks other than Weblogic's ?+
  OWSM (10gR3) has two types of policy enforcement point (PEP) -- Gateway and Agent. The Gateway acts as a remote proxy and is neutral to the service implementation technology as long as it adheres to SOAP 1.1. In this regard you can use OWSM freely with CXF, MS implementations, etc. Agents run in-process with the service and thus have far greater restrictions on what service implementation frameworks and containers that are supported. There is some certification for AXIS 1.x running in OAS and Tomcat; but practically speaking, my recommendation for Agents is to only use within OAS 10gR3 where it is built in (and using OC4J Web Services through JAX-RPC).
  OWSM 11gR1 initially supports only agent-style (in process) PEP and is built-in to Fusion Middleware and WLS. It is only for Fusion and WLS Web Service implementations.
  OWSM is quite full-featured for WS-*.
  +2- If it is possible, do these web services need to be deployed at the Weblogic server to enable the OWSM and OSB to work effectively ?+
  "No" if using OWSM Gateway PEP. A qualified "Yes" if using OWSM Agent PEP.
  +3- Even if it is possible to use the OSB and OWSM nicely with webservices developed at external stacks and deployed at other application servers is there any reason to quit using these external web service stacks in favor of Weblogic's (like features only enabled on OSB/OWSM when the services use the Weblogic stack) ?+
  There is the manageability that you mention, but also there is the identity propagation scenario and tight security integration. Both OAS and WLS hosted services in the native stacks (JAX-RPC and JAX-WS) allow sophisticated and secure passing of identity in the request -- for instance, via SAML Assertions in the WS-Sec header -- and built-in capabilities to map the passed identity into the running service's Subject (i.e. enabling JAAS security etc.).
  In my experience this type of identity propagation functionality has either been absent or less complete in other typical implementation frameworks not closely aligned with the container security mechanisms.
  Hope this helps,
  Todd

• RCU for OWSM install

  We have an ADF application where we make synchronous call outs to Third party published web services. These web service are secured by username token and SAML token ws-security policies.
  After some research we figure that we should leverage OWSM with our ADF application where the client policies can be used to make call to these secure web services.
  I understand OWSM can be installed on the weblogic server domain by extending the domain with an OWSM template.  But it appears that it needs to connect to database schema for which RCU needs to be used.
  Is it OK to download the RCU from the SOA Suite download site even though we are not using any parts of the SOA Suite.
  Does the RCU version correspond to the Jdev version ?
  So RCU version 11.1.1.6 works for Jdev version 11.1.1.6 ?

  It is available here -
  http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
  Just expand "Prerequisites & Recommended Install Process" and you would find the download link.
  Regards,
  Anuj

• Does J2SE web service consumer need weblogic as agent?

  Since OWSM 11g, agent is part of weblogic server. so, does this mean for a J2SE web service consumer, I need to install weblogic for it to let it work with OWSM agent? if so, what configuration needed for J2SE web service consumer to work with weblogic ?

  I got the following error.
  But If I call it from a jsp page or a servlet. Nothing happend, Transaction is successful.
  java.lang.NullPointerException
       at org.apache.commons.discovery.resource.ClassLoaders.getAppLoaders(ClassLoaders.java:206)
       at org.apache.axis.AxisProperties.getClassLoaders(AxisProperties.java:118)
       at org.apache.axis.AxisProperties.getNameDiscoverer(AxisProperties.java:105)
       at org.apache.axis.AxisProperties.getResourceClassIterator(AxisProperties.java:112)
       at org.apache.axis.configuration.EngineConfigurationFactoryFinder$1.run(EngineConfigurationFactoryFinder.java:116)
       at java.security.AccessController.doPrivileged(Native Method)
       at org.apache.axis.configuration.EngineConfigurationFactoryFinder.newFactory(EngineConfigurationFactoryFinder.java:113)
       at org.apache.axis.configuration.EngineConfigurationFactoryFinder.newFactory(EngineConfigurationFactoryFinder.java:160)
       at org.apache.axis.client.Service.getEngineConfiguration(Service.java:813)
       at org.apache.axis.client.Service.getAxisClient(Service.java:104)
       at org.apache.axis.client.Service.<init>(Service.java:113)
       at org.tempuri.wsdl.EFSnet2Locator.<init>(EFSnet2Locator.java:10)
       at com.ipharmacy.payment.Payment.main(Payment.java:12)

• OWSM security for a OSB service- authenticate from weblogic security realms

  Hello,
  I have a requirement to add security to a OSB service.
  The user details are configured in weblogic security realms. lets say there are ten different users.
  I need to protect my osb service using OWSM policy & the policy should be configured to authenticate the user from realms.
  I am new to OWSM & wondering if this is possible?
  Can the experts please direct me to any docs or steps?
  Thanks
  Ganesh

  Hi,
  Thanks for the links.
  I followed the blog and configured it using oracle/wss_username_token_service_policy.
  Now my requirement is to send the username,password from proxy to business and to the BPEL. (the bpel needs this username /password & and in header)
  The issue I am facing is the proxy service is not sending the soap header details to business service.
  I dont want to make the proxy as passthrough. (ie set Process WS-Security Header to NO)
  I have to authorize on proxy level and then send the same credential details to business service?
  So the question is, how can I retrieve the header after osb process it?
  Can anyone please help me here?
  Thanks
  Ganesh

• OWSM: Jar for weblogic.wsee.jws.jaxws.owsm.SecurityPolicyFeature

  I am developing a JAX-WS client to access the web service which has OWSM policy "wss_username_token_service_policy" attached to it. Hence i am trying to add the below code:
  weblogic.wsee.jws.jaxws.owsm.SecurityPolicyFeature[] securityFeature = new weblogic.wsee.jws.jaxws.owsm.SecurityPolicyFeature[]
  new weblogic.wsee.jws.jaxws.owsm.SecurityPolicyFeature( "policy:oracle/wss_username_token_service_policy")
  But I am unable to find the class SecurityPolicyFeature class in weblogic.wsee.jws.jaxws.owsm package of weblogic.jar. It only has PolicySubjectBindingFeature class in it. Hence I am unable to proceed. Can you let me know where I can find this class?

  You're welcome... If you think the answer is helpful/correct just remember to mark it accordingly... Don't just mark the question as anwered, but mark the answers as well...
  https://forums.oracle.com/forums/ann.jspa?annID=893
  Cheers,
  Vlad

• Weblogic 10.3 and OWSM

  Hi
  I am working with SOA Suite 11g
  How can I install OWSM on weblogic 10.3 server?
  Also, where can I find OWSM installation guide for installing OWSM on WebLogic 10.3?

  Please post this in the SOA Suite forum as the readers aren't specialized to SOA Suite, simply WLS:
  SOA Suite

• OWSM server agent for BPEL process in Weblogic

  Hello,
  We are trying to protect a BPEL process (in Weblogic) with a OWSM server agent, but we couldn't find clear guidelines on that.
  OWSM 10.1.3.x is in one machine, and Oracle BPEL 10.1.3.x is in another, with Weblogic 9.2.
  Can anyone give us instructions or tips on how to do this, considering this scenario?
  Thanks a lot.
  Daniel Viero.

  Dave, Andre,
  It's unfortunate that you were given incorrect information.
  Let's take this issue offline by contacting me directly.
  OWSM agent support for .NET was taken out as .NET was going through multiple revisions while 10.1.3.1 was being developed, and the old agent wasn't compatible with the new .NET versions; and there were resource restrictions on our part to keep up with the new version support.
  While on this topic, I would like to hear from you and others what their thoughts are around this kind of support in a future release.
  1. We could add back .NET agent (similar to 4.0.3)
  2. We could manage the policies for .NET through Oracle Enterprise Manager while letting the .NET framework enforce them. This will allow for centralized management of policies, while leveraging the security stack of .NET for enforcement.
  Which approach would you prefer?
  Thanks,
  Vikas Jain
  http://ws-security.blogspot.com

• Partial Message encryption Configuration in Weblogic EM for  OWSM

  Strange behavior of “Partial message encryption “  in OWSM
  If message format is like this
  <cban:transferFund xmlns:cban="http://cbank.com">
  <cban:arg0>string</cban:arg0>
  <cban:arg1>string</cban:arg1>
  </cban:transferFund>
  Then body element configuration in message encryption setting
  Name space  http://cbank.com
  Element arg0
  is working fine
  But my requirement is for below message
  <cban:transferFund xmlns:cban="http://cbank.com"> <!--Optional:-->    <
  <arg0>string</arg0>
  <arg1>string</arg1 >
  </cban:transferFund>
  For this
  Name space : http://cbank.com
  Element : I tried all possible combination but none is working
  I tried these
  :arg0
  //:arg0
  //cban:arg0
  //cban//arg0
  cban:arg0
  With Regards
  Siddharth

  In the portal.properties you have a parameter called fuego.portal.papi.instancesCacheSize.
  By the way there is a very good document reltaed to the cache at
  http://www.oracle.com/technology/products/bpm/bpm10gr3technicalarticles/oracle%20bpm%20papi%20cache.pdf
  Regards
  Edited by: ruben.vidaurre on 16-dic-2009 22:22

• Install BPEL PM on WebLogic Server 9.2 & AIX 6.1

  We are running into a BPEL PM issue while installing SOA Suite on WLS 9.2 and AIX 6.1. During server startup the BPEL application fails with the following error message:
  ####<May 28, 2009 12:33:47 PM CDT> <Error> <Deployer> <nsiprdsoa2> <SOAServer2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243532027915> <BEA-149231> <Unable to set the activation state to true for the application 'BPELPM'.
  weblogic.application.ModuleException: [HTTP:101216]Servlet: "BPEL_Axis_Servlet" failed to preload on startup in Web application: "/orabpel".
  ORABPEL-00006
  Cipher creation error.
  Failed to load the JCE cipher "DESede/ECB/PKCS5Padding". Your environment may not be set correctly.
  You must have the JCE library files installed in your JRE installation as an extension. Copy the jar files from "/opt/apps/oracle/product/bpel/oracle10g/bpel\install\java\jce1.2.2" to the "(jdk_path)\jre\lib\ext" directory (where jdk_path is your jdk installation directory).
  classpath: /usr/java5/lib/tools.jar:/usr/java5/jre/lib/ext/ibmjceprovider.jar:/usr/java5/jre/lib:/usr/java5/jre/ext/lib:/opt/apps/bea/weblogic92/server/lib/weblogic.jar:/opt/apps/bea/weblogic92/server/lib/webservices.jar:/opt/apps/oracle/product/bpel/oracle10g/bpel/domains/default/tmp/.generated:/opt/apps/oracle/product/bpel/oracle10g/bpel/system/classes:/opt/apps/oracle/product/bpel/oracle10g/bpel/system/services/config:/opt/apps/oracle/product/bpel/oracle10g/bpel/system/services/schema:/opt/apps/oracle/product/bpel/oracle10g/integration/esb/config:/opt/apps/oracle/product/bpel/oracle10g/integration/esb/system/classes:/opt/apps/oracle/product/bpel/oracle10g/owsm/lib/custom:/opt/apps/oracle/product/bpel/oracle10g/SOASUITE10134.jar:/opt/apps/bea/CCI/apps/soaApps/ADAPTERS.jar
       at com.collaxa.cube.util.DESService.decrypt(DESService.java:66)
       at com.collaxa.cube.util.CXPasswordUtils.decrypt(CXPasswordUtils.java:50)
       at com.collaxa.cube.ws.soap.axis.BPELAxisServlet.init(BPELAxisServlet.java:50)
       at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:278)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
       at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
       at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48)
       at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:507)
       at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1723)
       at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1700)
       at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1620)
       at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:2761)
       at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:889)
       at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:333)
       at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
       at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
       at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
       at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:117)
       at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
       at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
       at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:26)
       at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:635)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
       at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
       at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:154)
       at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:80)
       at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:181)
       at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:358)
       at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:52)
       at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:186)
       at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
       at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:233)
       at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
       at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
       at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:173)
       at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:89)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
       at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:891)
       at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:333)
       at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
       at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
       at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
       at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:117)
       at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
       at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
       at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:26)
       at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:635)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
       at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
       at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:154)
       at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:80)
       at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:181)
       at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:358)
       at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:52)
       at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:186)
       at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
       at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:233)
       at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
       at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
       at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:173)
       at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:89)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
  ORABPEL-00006
  As you can see we have ibmjceprovider.jar in the class path but it appears we are missing some other jar. Any ideas would be appreciated.

  Hi
  You must have the JCE library files installed in your JRE installation as an extension. Copy the jar files from \"{1}\\install\\java\\jce1.2.2\" to the \"(jdk_path) \\jre\\lib\\ext\" directory (where jdk_path is your jdk installation directory).
  Add the following jars to external directory as well as the bpelc classpath :
  sunjce_provider.jar
  local_policy.jar
  US_export_policy.jar
  The jars mentioned above come with jce1_2_2.jar.
  Regards
  Anirudh Pucha

• Error WSM-02120 when starting Weblogic Server

  Hi All,
  I have problem while starting weblogic server, I found this error:
  WSM-02120 : Unable to
  oracle.wsm.policymanager.
  PolicyManagerException: WSM-02120 : Unable to
    connect to the Oracle WSM Policy Manager due to the following error
    "javax.naming.CommunicationEx
    ception [Root exception is java.net.ConnectException:
    t3://b00wps01:8889,b00wps01:8888: Destination unreachable; nested
    exception is:
            java.net.ConnectException: Connection refused; No available router
    to destination]".
            at
    oracle.wsm.policymanager.BeanFactory.getInitialContext(BeanFactory.java:619)
            at
    oracle.wsm.policymanager.BeanFactory.getJndiObj(BeanFactory.java:648)
  I have followed this instruction (OWSM Error Message: WSM-02120 ... Connection refused; No available router to destination (Doc ID 1569900.1) from oracle support, and unfortunately it didn't work.
  Anyone can help me to solve this issue?

  Hi there,
  Can you check the JDK version and see the compatible with your weblogic installation ?
  You can refer the certification matrix from Oracle to check the compatible version of JDK. Here you go - Oracle Fusion Middleware 12c (12.1.3.0.0) Certification Matrix.
  Most probably, this issue will occur when JDK is not compatible with weblogic installation..
  Lakshman

• Cannot seem to register any of my web services in OWSM, v10.1.3.1

  Hi All -
  I am using Oracle Web Services Manager, v10.1.3.1 build [2006.10.06.06.37]
  Whenever I try to use OWSM management console to register a web service with my gateway I get the following error:
  "Service information cannot be added because of the following reason(s):
  Cannot read WSDL: Failed to retrieve the Service WSDL from WSDL URL with HTTP Status 401"
  I have verified the service's WSDL is accessible by navigating to its URL. The web service is hosted in weblogic and is on the same machine as OWSM.
  Any suggestions?
  Thanks.
  -greg

  Hi,
  I had the same problem, but using HTTP. Check if the gateway ID that exist in your gateway settings is the same that exist in gateway configuration file (gateway.component.id argument): <ORACLE_HOME>/owsm/config/gateway/gateway-config-installer.properties.
  If isn't, you must enter the gateway ID from OWSM settings in gateway.component.id argument into this file and redeploy de gateway application.
  Let me know if it will work. because I tried do set my OWSM do accept HTTPS requests from my client application and it didn't work.
  Thanks,
  Rodrigo

• Custom OWSM Authorization Policy Not Visible in OSB 11g

  I am trying to configure custom OWSM authorization policies to grant web service access in OSB to userids associated with custom WebLogic groups. Both OSB and SOA are version 11.1.1.5 with an Oracle Enterprise 11g database backend. To help rule out some possible operational errors, here are things that ARE working with the combination of SOA and OSB servcies:
  * the underlying SOA service functions in the /em console test page
  * the OSB proxy service works from the /sbconsole test page with OWSM oracle/wss_username_token_policy enabled
  * the oracle/log_policy can be added to the OSB business service and generates log entries
  * the outer proxy service can be successfully invoked from a remote client with no security policies,
  with HTTP transport security and authorization policies and with OWSM authentication policies
  attached (given the correct request payloads)
  These findings would appear to rule out connection errors from the OSB engine to the jdbc/mds/owsm DataSource or proper startup of the "OWSM Policy Support in OSB Initializer Application" service within WebLogic. (By the way, that deploys with a typo in its registered name -- "Aplication" with a single p.)
  Here are the steps that were performed:
  1) created group myfirmIdentityData in WebLogic console (/console)
  2) created userid myappuser in WebLogic console
  3) added myappuser to the myfirmIdentityData group in WebLogic console
  4) cloned the oracle/component_authorization_permitall Security policy to myfirm/authorize_IdentityData
  using the Fusion console (/em on the SOA domain)
  5) edied myfirm/authorize_IdentityData to add the "role" myfirmIdentityGroup to the
  list of permitted roles (***)
  *** note -- "roles" referenced within the OWSM policy configuration dialogs actually correspond to "groups" at the WebLogic Server level. A bit confusing at first but harmless.
  6) accessed the SOA service in the Fusion console (/em), clicked on the Policies tab and verified
  the myfirm/authorize_IdentityData policy is available for application to the SOA service (BUT DID
  NOT ATTACH IT HERE -- I'm trying to attach it at the "outer" layer in OSB, not SOA Suite)
  7) accessed the Service Bus console (/sbconsole), started a change session, selected the
  proxy service, then clicked on the Policies tab, then clicked the Add button in the
  Service Level Policies section
  At that point, the only services listed are the factory supplied oracle/********* policies. There are two pages listed and flipping between the two doesn't show any other policies other than the oracle/***** policies.
  I even tried stopping and starting the domain thinking maybe OSB caches all of the OWSM policies at startup rather than querying the mds_owsm schema dynamically to no avail. No myfirm/****** policies are displayed after a domain restart.
  Any insight?
  Thanks.

  Once again, I wound up opening a Support Request with the TAC for direction on this issue. The policies were not appearing for assignment to OSB proxy / business services because they were being created against the wrong type of object within OWSM.
  In a nutshell, policies in OWSM can be created to be applied against:
  * Components --- only usable against SOA services
  * Service Endpoints --- against URLs used as access points into services
  * Service Clients -- against consumers of services as identified by credentials
  * All -- all of the above
  However, policies built against Components can only be applied to SOA composite services. When I cloned the existing oracle/component_authorization_permitall Security policy to myfirm/authorize_IdentityData policy then limited it to the myfirmIdentityGroup group, that policy would only be assignable to SOA composities since it applied to only Components.
  To allow the group based authorization policy to be enforced in the outer OSB tier, the oracle/binding_authorization_permitall_policy was cloned to myfirm/authorize_IdentityGroup. That policy was defined to apply to endpoints and once saved, appeared in the GUI of the Service Bus console to assign to the proxy service for the service being implemented. A second component policy named myfirm/componentauthorize_IdentityGroup was cloned from oracle/component_authorize_permitall_policy to perform the group authorization at the SOA layer.
  A different issue is being encountered configuring the OSB business service to forward the OWSM headers from the outer proxy service to the SOA service so the authorization succeeds at the inner layer but that's a different problem. With the SOA layer authorization policy disabled, client tests to the proxy service function correctly with a userid in the myfirmIdentityGroup group and generate an authorization failure when another client credential is used that does not belong to myfirmIdentityGroup.

• Datasource pool issues in weblogic

  Frequently,I am coming accross this error in my weblogic server log:Any pointers on how to resolve this? any help on this
  Adminlog:
  <Oct 15, 2013 12:11:35 PM GMT> <Info> <JDBC> <EPGCRMITG1> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-1d42ac6e:1419df56d93:-8000-0000000000003906> <1381839095305> <BEA-001128> <Connection for pool "LifeCycleDataSource-rac0" has been closed.>
  ####<Oct 15, 2013 12:11:35 PM GMT> <Info> <JDBC> <EPGCRMITG1> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-1d42ac6e:1419df56d93:-8000-0000000000003906> <1381839095354> <BEA-001128> <Connection for pool "LifeCycleDataSource-rac0" has been closed.>
  ####<Oct 15, 2013 12:11:35 PM GMT> <Info> <JDBC> <EPGCRMITG1> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-1d42ac6e:1419df56d93:-8000-0000000000003906> <1381839095356> <BEA-001128> <Connection for pool "LifeCycleDataSource-rac0" has been closed.>
  ####<Oct 15, 2013 12:12:36 PM GMT> <Warning> <JDBC> <EPGCRMITG1> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-1d42ac6e:1419df56d93:-8000-0000000000003906> <1381839156379> <BEA-001129> <Received exception while creating connection for pool "LifeCycleDataSource-rac0": IO Error: The Network Adapter could not establish the connection.>
  ####<Oct 15, 2013 12:12:36 PM GMT> <Info> <JDBC> <EPGCRMITG1> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-1d42ac6e:1419df56d93:-8000-0000000000003906> <1381839156381> <BEA-001156> <Stack trace associated with message 001129 follows:
  java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection
      at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:482)
      at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:678)
      at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:238)
      at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:34)
      at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:567)
      at weblogic.jdbc.common.internal.ConnectionEnvFactory.makeConnection(ConnectionEnvFactory.java:357)
      at weblogic.jdbc.common.internal.ConnectionEnvFactory.refreshResource(ConnectionEnvFactory.java:453)
      at weblogic.common.resourcepool.ResourcePoolImpl.refreshResource(ResourcePoolImpl.java:1841)
      at weblogic.common.resourcepool.ResourcePoolImpl.checkResource(ResourcePoolImpl.java:1741)
      at weblogic.common.resourcepool.ResourcePoolImpl.checkAndReturnResource(ResourcePoolImpl.java:1647)
      at weblogic.common.resourcepool.ResourcePoolImpl.checkAndReturnResource(ResourcePoolImpl.java:1636)
      at weblogic.common.resourcepool.ResourcePoolImpl.testUnusedResources(ResourcePoolImpl.java:2088)
      at weblogic.common.resourcepool.ResourcePoolImpl.access$1600(ResourcePoolImpl.java:41)
      at weblogic.common.resourcepool.ResourcePoolImpl$ResourcePoolMaintanenceTask.timerExpired(ResourcePoolImpl.java:2769)
      at weblogic.timers.internal.TimerImpl.run(TimerImpl.java:273)
      at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Caused By: oracle.net.ns.NetException: The Network Adapter could not establish the connection
      at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:398)
      at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:438)
      at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:711)
      at oracle.net.ns.NSProtocol.connect(NSProtocol.java:257)
      at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1222)
      at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:330)
      at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:678)
      at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:238)
      at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:34)
      at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:567)
      at weblogic.jdbc.common.internal.ConnectionEnvFactory.makeConnection(ConnectionEnvFactory.java:357)
      at weblogic.jdbc.common.internal.ConnectionEnvFactory.refreshResource(ConnectionEnvFactory.java:453)
      at weblogic.common.resourcepool.ResourcePoolImpl.refreshResource(ResourcePoolImpl.java:1841)
      at weblogic.common.resourcepool.ResourcePoolImpl.checkResource(ResourcePoolImpl.java:1741)
      at weblogic.common.resourcepool.ResourcePoolImpl.checkAndReturnResource(ResourcePoolImpl.java:1647)
      at weblogic.common.resourcepool.ResourcePoolImpl.checkAndReturnResource(ResourcePoolImpl.java:1636)
      at weblogic.common.resourcepool.ResourcePoolImpl.testUnusedResources(ResourcePoolImpl.java:2088)
      at weblogic.common.resourcepool.ResourcePoolImpl.access$1600(ResourcePoolImpl.java:41)
      at weblogic.common.resourcepool.ResourcePoolImpl$ResourcePoolMaintanenceTask.timerExpired(ResourcePoolImpl.java:2769)
      at weblogic.timers.internal.TimerImpl.run(TimerImpl.java:273)
      at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Caused By: java.net.SocketTimeoutException: connect timed out
      at java.net.PlainSocketImpl.socketConnect(Native Method)
      at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
      at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
      at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
      at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
      at java.net.Socket.connect(Socket.java:579)
      at oracle.net.nt.MetricsEnabledSocket.connect(TcpNTAdapter.java:631)
      at oracle.net.nt.TcpNTAdapter.connect(TcpNTAdapter.java:164)
  SOA Log:
  <BEA-001112> <Test "SELECT 1 FROM DUAL" set up for pool "ecoxproduct" failed with exception: "oracle.jdbc.xa.OracleXAException".>
  ####<Oct 16, 2013 3:53:48 PM GMT> <Info> <JDBC> <EPGCRMITG1> <soa_server1> <[ACTIVE] ExecuteThread: '62' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-3ffef6c2:141a29a60f1:-8000-00000000000ff280> <1381938828168> <BEA-001128> <Connection for pool "ecoxproduct" has been closed.>
  ####<Oct 16, 2013 3:53:48 PM GMT> <Warning> <JTA> <EPGCRMITG1> <soa_server1> <[ACTIVE] ExecuteThread: '62' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-3ffef6c2:141a29a60f1:-8000-00000000000ff280> <1381938828181> <BEA-110484> <The JTA health state has changed from HEALTH_OK to HEALTH_WARN with reason codes: Resource ecoxproduct_base_domain declared unhealthy.>
  ####<Oct 16, 2013 3:53:48 PM GMT> <Info> <JDBC> <EPGCRMITG1> <soa_server1> <[ACTIVE] ExecuteThread: '15' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-3ffef6c2:141a29a60f1:-8000-00000000000ff282> <1381938828653> <BEA-001128> <Connection for pool "AIAJMSDS-rac0" has been closed.>
  ####<Oct 16, 2013 3:53:54 PM GMT> <Error> <JDBC> <EPGCRMITG1> <soa_server1> <FabricScheduler_QuartzSchedulerThread> <<anonymous>> <> <0000K6YagLhE^M4pzSXBiW1ILeuk000002> <1381938834492> <BEA-001112> <Test "SELECT 1 FROM DUAL" set up for pool "SOALocalTxDataSource" failed with exception: "java.sql.SQLRecoverableException: IO Error: Connection reset".>
  ####<Oct 16, 2013 3:53:54 PM GMT> <Info> <JDBC> <EPGCRMITG1> <soa_server1> <FabricScheduler_QuartzSchedulerThread> <<anonymous>> <> <0000K6YagLhE^M4pzSXBiW1ILeuk000002> <1381938834493> <BEA-001128> <Connection for pool "SOALocalTxDataSource" has been closed.>
  ####<Oct 16, 2013 3:53:58 PM GMT> <Error> <JDBC> <EPGCRMITG1> <soa_server1> <MDSPollingThread-[soa-infra, jdbc/mds/MDS_LocalTxDataSource]> <<anonymous>> <> <0000K6YagLhE^M4pzSXBiW1ILeuk000002> <1381938838392> <BEA-001112> <Test "SELECT 1 FROM DUAL" set up for pool "mds-soa" failed with exception: "java.sql.SQLRecoverableException: IO Error: Connection reset".>
  ####<Oct 16, 2013 3:53:58 PM GMT> <Info> <JDBC> <EPGCRMITG1> <soa_server1> <MDSPollingThread-[soa-infra, jdbc/mds/MDS_LocalTxDataSource]> <<anonymous>> <> <0000K6YagLhE^M4pzSXBiW1ILeuk000002> <1381938838393> <BEA-001128> <Connection for pool "mds-soa" has been closed.>
  ####<Oct 16, 2013 3:53:58 PM GMT> <Error> <JDBC> <EPGCRMITG1> <soa_server1> <MDSPollingThread-[owsm, jdbc/mds/owsm]> <<anonymous>> <> <0000K6YagLhE^M4pzSXBiW1ILeuk000002> <1381938838393> <BEA-001112> <Test "SELECT 1 FROM DUAL" set up for pool "mds-owsm" failed with exception: "java.sql.SQLRecoverableException: IO Error: Connection reset".>
  ####<Oct 16, 2013 3:53:58 PM GMT> <Info> <JDBC> <EPGCRMITG1> <soa_server1> <MDSPollingThread-[owsm, jdbc/mds/owsm]> <<anonymous>> <> <0000K6YagLhE^M4pzSXBiW1ILeuk000002> <1381938838394> <BEA-001128> <Connection for pool "mds-owsm" has been closed.>
  ####<Oct 16, 2013 3:53:58 PM GMT> <Info> <JDBC> <EPGCRMITG1> <soa_server1> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6a64a370db9cb4a0:-3ffef6c2:141a29a60f1:-8000-00000000000ff284> <1381938838414> <BEA-001128> <Connection for pool "AIAJMSDS-rac0" has been closed.>
  ####<Oct 16, 2013 3:54:04 PM GMT> <Warning> <JDBC> <EPGCRMITG1> <soa_server1> <FabricScheduler_QuartzSchedulerThread> <<anonymous>> <> <0000K6YagLhE^M4pzSXBiW1ILeuk000002> <1381938844505> <BEA-001129> <Received exception while creating connection for pool "SOALocalTxDataSource": IO Error: The Network Adapter could not establish the connection.>
  ####<Oct 16, 2013 3:54:04 PM GMT> <Info> <JDBC> <EPGCRMITG1> <soa_server1> <FabricScheduler_QuartzSchedulerThread> <<anonymous>> <> <0000K6YagLhE^M4pzSXBiW1ILeuk000002> <1381938844506> <BEA-001156> <Stack trace associated with message 001129 follows:
  This my connection pool parameters for  "ecoxproduct":
  Initial Capacity:1
  Maximum Capacity:5
  Minimun Capacity:1
  Statement Cache Type:LRU
  Statement Cache Size: 10
  Test Reserved Connections: uncheked
  Test Frequnct:120
  Test Table Name:SQL SELECT 1 FROM DUAL
  Seconds to trust ldle Poolconnection :10
  Shrink Frequency:900 SEC
  Connection cretion retry Frequncy   0
  Inactiv Connection time out:0
  Mixmunwaiting connetion:2147483647
  Connection Reserve Timeout: 10 SEC
  Thanku  you
  ram

  Hi,
  The database going down is most unlikely to happen,
  Things to check here by DBA:-
  1) If the SERVICE_NAME used in the JDBC string - This service_name might be intermittently unregistering itself from database listener
  2) If the SID is used in the JDBC string - Check if you have used proper SID name in case of RAC
  3) if SCAN_NAME is used - The scan_name also intermittently breaks the client connection.

• OWSM: How to use Generic Key in Credential Store 11g

  Hi there,
  I am facing the following issue with the Weblogic Credential Store Framework (CSF):
  Context:
  I have a web service exposed somewhere in a Tomcat server. This service is not secured, initially it was, but the idea was to deport it to a mediator using OWSM WS policy . The service internally extracts the username from SOAP Header and perform some authorization checks prior performing some business logic.
  So our idea was first to configure a new authentication provider in the default Weblogic's realm to hit our LDAP system. When this was done, we created a simple composite to virtualize the web service and apply a WS Security with username. In order to do that, we did create a new key in the Credential Store under oracle.wsm.security.map and declare our username + password for a particular user in LDAP. We tested it and it works fine!
  Issue: Now we want to leverage this using any user from the authentication provider. We created a new key which has the type "Generic" on the entreprise manager. We don't know though what to do next to specify "every user in our authentication provider", the documentation here is very evasive and we are stick to guess the grammar the CSF expects. We saw that WSLT could be used too to create the key.
  Soa Suite version: 11.1.1.3
  Does anyone has a clue to solve this issue ?
  Thanks

  It is unclear where you are having a problem.  Is your issue at runtime (when the form runs in the browser) or when working in the Builder on the form?
  Also be aware that you will need to sign your jar and include some new manifest entries.  Refer to the Java 7u51 documentation and blogs that discuss the changes.
  https://blogs.oracle.com/java-platform-group/entry/new_security_requirements_for_rias
  http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html