Problem mapping LoginModule roles to ejb security roles

Similar Messages

• Mapping UME Roles to J2EE Engine Security Roles

  Hi all,
  is there a way to map the roles defined in UME which are used in a Web Dynpro application to those declared as part of an EJB descriptor?
  Any help is highly appreciated.
  Regards,
  Sebastian

  Hi Sebastian,
  yes, it is possible to do such mapping. And here how it works:
  1. define security roles in the ejb-jar.xml within the <security-role>. For example:
  <security-role>
       <role-name>test</role-name>
  </security-role>
  2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
  <security-permission>
     <security-role-map>
        <role-name>test</role-name>
        <server-role-name>myUMErole</server-role-name>
     </security-role-map>
  </security-permission>
  the myUMErole must be defined in the UME!
  Does this answer your question?

• How to map Application Roles to Enterprise Roles

  Hello,
  i am having a problem with mapping Application Roles (from ADF Security) to the corresponding Enterprise Roles. I have already seen that it is possible with a tool called Enterprise Manager, but what if i do not have it??
  Can i map the roles in WebLogic Server itself? I have searched for such ability and did not found it. Also have not seen any tutorial on the internet. Someone help me pls.
  The version i am using is 12.1.2.0.0.

  Application roles and permissions defined within WebCenter Portal are stored in its policy store and, consequently, apply to the WebCenter Portal application only.
  Application Roles : Application roles control the level of access a user has to information and services in WebCenter Spaces. Specifically, application roles determine what a user can see and do in their personal space.
  Application Permissions : Again every application role has specific, defined capabilities known as permissions. These permissions allow individuals to perform specific actions in their personal Portal.
  Enterprise roles are different. Enterprise roles are stored within the application's identity store and do not imply any permissions within WebCenter Portal.
  2. How and where do we create these 5 Application Roles in WC 11.1.1.8 version ?
  You can create an application role from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> Roles -> Create Role
  See : Managing Security Across Portals for more info :
  http://docs.oracle.com/cd/E29542_01/webcenter.1111/e27738/wcadm_ps_security.htm#WCADM398
  3. Last, where and how do we MAP these Application Roles TO Enterprise Roles in 11.1.1.8 version ?
  First, You can grant privileges to a specified group (say sales group) of users by granting Enterprise Roles in Enterprise LDAP.
  Next, Create custom application roles (say Contributor, Moderator, UIDesigner, Application Specialist, etc) and assign the appropriate permissions as explained above.
  Then, You can assign one or more Application Roles to a specified group (say sales group) from WebCenter Portal -> Portal Builder -> Administration tab -> Security -> users & Groups
  I hope it helps.

• Structural Authorisation & Position Based Role Mapping ( Indirect Roles)

  Hi
  I have few queries on Structural Authorization & Position Based Role Mapping (Indirect Role Assignment).
  This is a public sector implementation. We are migrating from the traditional based (assigning roles to users) to Indirect role assignment.
  1. Can we integrate both structural authorizations and position based role mapping in one system?
  2. If we implement structural authorizations and position based role mapping in a single system, then do we need to assign the role to the chief position or it would automatically have the authorizations which are assigned to the users below chief position.
  3. First step do we need to create the users in SU01 / SU10 or can we create the entries in PA30. Which one comes first or both independent.
  4. If the user moves from one position to the another position then there would need to be a grace period of shift over of Roles. Where do we maintain the shift over value of days. Do we need to maintain in both.
  Any help or suggestions on the above would be appreciated.
  Thanks and Regards
  Arun R

  Hi
  1. Can we integrate both structural authorizations and position based role mapping in one system?
  Yes you can.  Structural authorisations and position based role mapping can be assigned to the same org plan in SAP.
  2. If we implement structural authorizations and position based role mapping in a single system, then do we need to assign the role to the chief position or it would automatically have the authorizations which are assigned to the users below chief position.
  No, the SAP role is unique to the postion it is assigned to. But remember not all employees will be assigned to a position - in this case you have to assign the sap role directly to the user in SU01/SU01
  3. First step do we need to create the users in SU01 / SU10 or can we create the entries in PA30. Which one comes first or both independent.
  Create user in SU01.SU10 first before creating infotype 105 in PA30.
  4. If the user moves from one position to the another position then there would need to be a grace period of shift over of Roles. Where do we maintain the shift over value of days. Do we need to maintain in both.
  *When a users assignment in the org structure changes then you must run RHRPROFL0 to update the user assignment to the new position.   
  Also the number of days an employee can have access to their previous data is controlled by the parameter is called ADAYS - tx OOAC .  SAP currently defaults this to 15 days and this is used  to control the number of days that the employee can still access the data they created even though they are assigned to a different organisation with different authorisations.
  Hope this helps.
  Charmaine

• Can I map iwtUser-role to an attribute in external LDAP???

  Hi,
       I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

  Block off the default role if you don't want anyone going into that role but only
  the ones defined. You can do this by setting the filter to a value that will return
  nothing. (example, title=nonexistant), since the search filter will not return
  results, no one will be placed in that role (otherwise have to manually go into that
  role and 'move' users).
  Hope this helps,
  Manon
  Siva kancheti wrote:
  Hi,
  I am using external LDAP for authentication. In the Ext. LDAP I am using
  there is an attribute named title in every user cn. I want to use this
  attribute for portal to decide which role the user belongs to. I mapped
  iwtUser-role to title in Ext. LDAP configuration. When I go to console I
  see user(s) under the roles defined in title attribute(in Ext. LDAP).
  From console if I try to change the desktop profile of a role and check
  'apply changes to all subroles', it's not applying changes to all users
  who have the title as that role (even though when I go to that user(s),
  I see them under the right tole). However, when I look at the
  iwtUser-role attribute in profile LDAP using a LDAP browser it shows
  /domainname/defaultRole which is not the value mapped (in Ext. LDAP). Do
  you have any idea why it is happeing? I would like to know if mapping
  iwtUser-role to an attribute in Ext. LDAP is right thing in the first
  place (I am doing this because the Ext. LDAP is already populated, I
  have no roles in that, all users are at same level and I have permission
  to change title attribute only in Ext. LDAP).
  Thanks,
  Siva Kancheti.

• Map wls roles to application roles

  how can i map weblogic roles to my application roles ?
  already, i config db authentication in wls
  but how can i map it to jazen-data.xml file ?

  Hi,
  either you create the same roles in jazn-data.xml in which case they are automatically used after deployment or you have a look at how to map user groups (not application roles) created in jazn-data.xml to WLS groups using the weblogic.xml file
  Frank

• EJB security

  Hello !
  I read that controlled access to EJB methods can be achieved by mean of defining security roles (in the EJB deployment descriptors). I also read that each time an EJB method is called, the EJB client's Principal is forwarded to the EJB context. What I dont't know is how to establish a link between the client's principal and EBJ security roles ? I guess it should be possible. If not how should the method isCallerInRole work ? Can anyone help me ?
  Pascal.

  The primary concept for EJB security is that of "roles"
  A user may be in one or more roles. It is only roles that have particular access rights, not users. So for instance, the "administrator" role might have certain access right, that the "client" roles might not. If a user is switched from being a "client" to an "administrator" (or is given both roles), that user will then have access to all the methods accessible to the "administrator" role.
  Each method can be restricted based upon roles. The restrictions are listed in the <assembly-descriptor> tag. First of all, all roles must be listed. Then for each method, the access rights are listed by role. An example is shown below:
  <assembly-descriptor>
  <security-role>
  <role-name>administrator</role-name>
  </security-role>
  <security-role>
  <role-name>client</role-name>
  </security-role>
  <method-permission>
  <role-name>administrator</role-name>
  <role-name>client</role-name>
  <method>
  <ejb-name>StockQuotes</ejb-name>
  <method-name>buy</method-name>
  </method>
  <method>
  <ejb-name>StockQuotes</ejb-name>
  <method-name>getPrice</method-name>
  </method>
  </method-permission>
  </assembly-descriptor>
  Each method-permission tag may list one or more role names, followed by one or more methods that are accessible for that role. The "*" character may be used to specify method names (indicating all methods.) For multiple methods with the same name, the EJB specifications allow detailed parameter lists and interface type to identify methods uniquely, but this is outsie the scope of this tutorial -- check reference material if you need to do this.
  The actual mapping from user names to security roles, and the specification of user names and passwords is application-server dependent.
  Hope this helps

• Problem mapping USB external drive connected to Airport Extreme on my PC

  I am having a problem mapping my USB external drive in my PC running WIndows Vista.   Here is what I have so far:
  USB External Drive connected to my AirPort Extreme which is connected to my Century Link modem/router.
  I have installed the USB drive using the Airport Utility.  In the Disks section the Enable File Sharing is checked, Secure Shared Disks is set to With a Disk Password, I have entered the password in the next 2 rows, and finally AirPort Disks Gues Access is set to Not Allowed.  The section below named These Settings Configure Windows File Sharing is empty.  Am I supposed to put something here?
  I was also told I need to map the drive in my PC, but when I go to do that via the Computer and the Map Network Drive, I get stuck where it asks me to enter a folder name.  I read many of the posts which tell me I need to enter among other things the disk's ip address, but I am unable to find it anywhere.  Where do I find what to put here?
  Can someone please help this frustrated user?

  I had my USB drive on my APE working with Time Machine under 10.5.1 very reliably. A few days ago however, I needed to suspend a backup operation, and when I came back to restart it, time machine refused to mount the disk image on the drive. After several attempts to get it to connect with no luck I decided to delete the image (the sparce image file) and start over. Now TM refuses to create a new image.
  BTW, on the Mac OSX hints site there have been suggestions to start a backup with the drive directly connected, then stop the backup, move the sparce image file to the root of the drive, reconnect the drive to the APE base station to get it working. I tried this again, but I think Apple has changed something in 10.5.2, because when directly connected TM no longer creates a sparce image file.
  Anybody else seen this behavior after upgrading to 10.5.2?

• I have a problem when running my own EJB as a TUXEDO service using WTC.

  Hello,
  I have a problem when running my own EJB as a TUXEDO service using WTC. I am using TUXEDO 8.1 and WL 9.1.
  When I am trying to run my own EJB as a TUXEDO service error appears.
  TPENOENT(6):0:0:TPED_MINVAL(0):QMNONE(0):0:Could not find service TOUPPER
  at weblogic.wtc.gwt.WTCService.getImport(WTCService.java:4988)
  at weblogic.wtc.gwt.TuxedoConnection.getImport(TuxedoConnection.java:303)
  at weblogic.wtc.gwt.TuxedoConnection.tpcall(TuxedoConnection.java:1302)
  at examples.MyTestSessionBean.Toupper(MyTestSessionBean.java:102)
  at examples.TestSessionBean_knby6k_EOImpl.Toupper(TestSessionBean_knby6k_EOImpl.java:61)
  at net.roseindia.web.servlets.SessionTestServlet.doGet(SessionTestServlet.java:69)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:225)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:127)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:272)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:165)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3153)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:1973)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1880)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1310)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
  e8
  10
  java.rmi.RemoteException: EJB Exception: ; nested exception is:
  java.lang.NullPointerException
  at weblogic.ejb.container.internal.EJBRuntimeUtils.throwRemoteException(EJBRuntimeUtils.java:95)
  at weblogic.ejb.container.internal.BaseEJBObject.handleSystemException(BaseEJBObject.java:713)
  at weblogic.ejb.container.internal.BaseEJBObject.handleSystemException(BaseEJBObject.java:681)
  at weblogic.ejb.container.internal.BaseEJBObject.postInvoke1(BaseEJBObject.java:447)
  at weblogic.ejb.container.internal.StatelessEJBObject.postInvoke1(StatelessEJBObject.java:72)
  at weblogic.ejb.container.internal.BaseEJBObject.postInvokeTxRetry(BaseEJBObject.java:374)
  at examples.TestSessionBean_knby6k_EOImpl.Toupper(TestSessionBean_knby6k_EOImpl.java:75)
  at net.roseindia.web.servlets.SessionTestServlet.doGet(SessionTestServlet.java:69)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:225)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:127)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:272)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:165)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3153)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:1973)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1880)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1310)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
  Caused by: java.lang.NullPointerException
  at examples.MyTestSessionBean.Toupper(MyTestSessionBean.java:130)
  at examples.TestSessionBean_knby6k_EOImpl.Toupper(TestSessionBean_knby6k_EOImpl.java:61)
  ... 15 more
  Any clue on this.
  With Regards,
  MVS

  If you are trying to create a Tuxedo service in Java using WTC you need to develop an EJB that implements the TuxedoService interface and register its home in JNDI so WTC can look it up. Once that is done you can then export the service to a remote domain in the WTC configuration.
  Regards,
  Todd Little
  Oracle Tuxedo Chief Architect

• No mapping between account IDs and security was done

  I upgraded to Windows 8.1, it blew up my SQL Server Developer installation. So I traveled 400 miles to get my DVD and reinstall SQl Server. I saw on th eforum that several people had similar problems and they said selecting the repair option of the installation
  would fix it. So I tried but I can't get past the "No mapping between account names and security IDs was done" error.
  I suspected the login to be the issue from the beginning because the *&$%^$ Windows 8.1 update forced me to enter a new password as it didn't find my old one acceptable. Problem is, it didn't update it everywhere and I can't find where to change it for
  SQL Server in this worthless version of an operating system.
  I can't find the login for SQL Server in the the computer services anymore, it's gone from there. I used to be able to go in and manually start the service and change the password. But that great 8.1 update wiped all of that out and left me sitting high
  and dry.
  Does anyone know of a solution? I need to finish this project and my hands are tied at this point.

  Unless you used your own Windows user as the service account for SQL Server, the password change should not matter.
  You talk about "Computer services". The place where to make changes to the SQL Server services is the SQL Server Configuration Manager.
  You say that the SQL Server installation blew up. Is SQL Server not running (you can check this in the Configuration Manager) at all, or is the problem that you cannot log in?
  I was considering to update a small netbook that has Windows 8 to 8.1 the other day, but to get the "free" update, I was told to go the Microsoft Store. I did that the other day from my Surface RT and that was highly unpleasant as it hi-jacked
  by user id and replaced with a Microsoft account. So I am not making that mistake again. I looked at getting Windows 8.1 from MSDN, but then decided it's not worth it for a machine I only use for vacation trips. (All machines that I use for serious work
  do of course run Windows 7.)
  Erland Sommarskog, SQL Server MVP, [email protected]

• Wl5.1 ejb security checking is backwards

  In 5.1 for ejb security checking you seem to check for users first,
  then groups.
  ie:
  at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:1057)
  at
  weblogic.ejb.internal.SecurityRoleMapping.lookupPrincipal(SecurityRoleeMapping.java:236)
  I dont have a code, but from the stack I can see you first calling
  getUser, if its null, then calling getGroup.
  I think in 4.51 you checked groups first (I dont have the stack since
  its long gone, but I didnt have the sql im getting generated in 4.5.1).
  Since most people map ejbs to groups (mapping directly to users is
  inflexible), I think it would make sense from a performance perspective
  to check groups first, then look for users.
  Also, for compatibility sake, I would think such a change should be
  noted in the release notes.
  let me know if you agree, Ill open a case with support.
  -Joel

  In 5.1 for ejb security checking you seem to check for users first,
  then groups.
  ie:
  at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:1057)
  at
  weblogic.ejb.internal.SecurityRoleMapping.lookupPrincipal(SecurityRoleeMapping.java:236)
  I dont have a code, but from the stack I can see you first calling
  getUser, if its null, then calling getGroup.
  I think in 4.51 you checked groups first (I dont have the stack since
  its long gone, but I didnt have the sql im getting generated in 4.5.1).
  Since most people map ejbs to groups (mapping directly to users is
  inflexible), I think it would make sense from a performance perspective
  to check groups first, then look for users.
  Also, for compatibility sake, I would think such a change should be
  noted in the release notes.
  let me know if you agree, Ill open a case with support.
  -Joel

• Windows 8.1 "No mapping between account names and security IDs was done"

  Hi,
  A week ago, I had a problem with my laptop in which the explorer.exe was restarting itself, when I was trying to fix it, I ran the Sfc/scannow, and it turns out, there were some files broken, then, following the instructions here of how to replace the files
  manually, I get to the Command prompt, and used the command "takeown", but when continued to the "icacls" command, it shows the message:
  "No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files."
  I didn't understand what was that, and in the page didn't said anything about that message, I thought that the explorer.exe problem also corrupted this solution, in the end, turns out, it was a third party program which was incorrectly un-installed, I fixed
  and forget about the other problem, until today when I was trying to open Word, when it turns out, that Office was "installing", something that doesn't make sense as I already had it installed and worked on it in the past. But when it's close to
  the finish, it shows, Error 1920, and that I don't have the requeriment grants, later looking on the internet, there was this "solution" (since I couldn't test it, I don't know if it works) saying that I have to user the command "icacls",
  but any time that I try, it says "No mapping between accounts..." therefore, I couldn't solve it that way.
  I don't know what exactly to do, since I don't understand exactly what I broke, hope you can help me, and thanks in advance.

  Hi,
  According to your description, the current problem is your Office program.
  If I am right, there is no any other problem on your system. It narrows down to the Microsoft Office program issue.
  Please run with safe mode to troubleshoot:
  1.Click WIN+R;
  2.Type Winword.exe /safe;
  3.Press Enter.
  If the issue would be gone in safe mode, it indicates the issue is caused by add-ons, please disable the add-ons one by one to clarify which one is culprit.
  If the issue still persists, go Office forum for further help:
  http://social.technet.microsoft.com/Forums/office/en-US/home?category=officeitpro
  Meanwhile, I would like to suggest you use System Restore to roll back to a previous time when everything worked fine.
  How to  refresh, reset, or restore your PC
  http://windows.microsoft.com/en-IN/windows-8/restore-refresh-reset-pc
  If I misunderstanding, please correct me.
  Karen Hu
  TechNet Community Support

• Problem with passing exception with declarative security

  I am having a problem with passing exceptions with message security bunding enables. I have a JAXWS EJB 3.0 web service, The service defines methods which throw exceptions. The exceptions are passed correclty when there is no message security enabled. once the security is enabled and an exception is thrown, I get the stack trace below. Furthermore, the service with security enabled works fine as long as methods do not throw an exception. I am thinking that the JAXWS generated wrapped exception is not correctly handled by the message security provider in the server. Just a thought. Any help would be greatly appreciated.
  Stack trace:
  [#|2007-03-23T00:49:06.333-0600|WARNING|sun-appserver-pe9.0|javax.enterprise.sys
  tem.stream.err|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;_RequestID=64417
  ac0-ded8-474d-9066-5a97c8559b67;|
  ERROR: 'NAMESPACE_ERR: An attempt is made to create or change an object in a wa
  y which is incorrect with regard to namespaces.'|#]
  [#|2007-03-23T00:49:06.334-0600|SEVERE|sun-appserver-pe9.0|javax.xml.messaging.s
  aaj.soap|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;_RequestID=64417ac0-de
  d8-474d-9066-5a97c8559b67;|SAAJ0511: Unable to create envelope from given source
  |#]
  [#|2007-03-23T00:49:06.334-0600|INFO|sun-appserver-pe9.0|javax.enterprise.system
  .core.security|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;|SEC2003: Contai
  ner-auth: wss: Error securing response
  com.sun.enterprise.security.jauth.AuthException: Unable to create envelope from
  given source:
  at com.sun.xml.wss.provider.ServerSecurityAuthModule.secureResponse(Serv
  erSecurityAuthModule.java:129)
  at sun.reflect.GeneratedMethodAccessor237.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.sun.enterprise.security.jauth.AuthContext.invokePriv(AuthContext.
  java:128)
  at com.sun.enterprise.security.jauth.AuthContext$1.run(AuthContext.java:
  78)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.enterprise.security.jauth.AuthContext.invoke(AuthContext.java
  :75)
  at com.sun.enterprise.security.jauth.ConfigFile$ConfigServer.secureRespo
  nse(ConfigFile.java:662)
  at com.sun.enterprise.security.wss.WebServiceSecurity.secureResponse(Web
  ServiceSecurity.java:220)
  at com.sun.enterprise.security.wss.WebServiceSecurity.secureResponse(Web
  ServiceSecurity.java:197)
  at com.sun.enterprise.webservice.JAXWSSystemHandlerDelegateFactory$Servl
  etDelegate.processResponse(JAXWSSystemHandlerDelegateFactory.java:540)
  at com.sun.enterprise.webservice.monitoring.JAXWSEndpointImpl.processRes
  ponse(JAXWSEndpointImpl.java:121)
  at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOA
  PMessageDispatcher.java:148)
  at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
  at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3Me
  ssageDispatcher.java:160)
  at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3Messag
  eDispatcher.java:89)
  at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpo
  int(EjbWebServiceServlet.java:178)
  at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServ
  iceServlet.java:109)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.jav
  a:100)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:536)
  at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
  ava:182)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipe
  line.java:120)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
  ve.java:137)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:536)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:23
  1)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(
  ProcessorTask.java:667)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBloc
  ked(ProcessorTask.java:574)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(Proces
  sorTask.java:844)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTas
  k(ReadTask.java:287)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.jav
  a:212)
  at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:2
  52)
  at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThrea
  d.java:75)
  |#]
  [#|2007-03-23T00:49:06.335-0600|WARNING|sun-appserver-pe9.0|javax.enterprise.sys
  tem.core|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;_RequestID=64417ac0-de
  d8-474d-9066-5a97c8559b67;|Exception while tracing response : Unable to create e
  nvelope from given source: |#]
  [#|2007-03-23T00:49:06.336-0600|WARNING|sun-appserver-pe9.0|javax.enterprise.sys
  tem.stream.err|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;_RequestID=64417
  ac0-ded8-474d-9066-5a97c8559b67;|
  com.sun.enterprise.security.jauth.AuthException: Unable to create envelope from
  given source:
  at com.sun.xml.wss.provider.ServerSecurityAuthModule.secureResponse(Serv
  erSecurityAuthModule.java:129)
  at sun.reflect.GeneratedMethodAccessor237.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.sun.enterprise.security.jauth.AuthContext.invokePriv(AuthContext.
  java:128)
  at com.sun.enterprise.security.jauth.AuthContext$1.run(AuthContext.java:
  78)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.enterprise.security.jauth.AuthContext.invoke(AuthContext.java
  :75)
  at com.sun.enterprise.security.jauth.ConfigFile$ConfigServer.secureRespo
  nse(ConfigFile.java:662)
  at com.sun.enterprise.security.wss.WebServiceSecurity.secureResponse(Web
  ServiceSecurity.java:220)
  at com.sun.enterprise.security.wss.WebServiceSecurity.secureResponse(Web
  ServiceSecurity.java:197)
  at com.sun.enterprise.webservice.JAXWSSystemHandlerDelegateFactory$Servl
  etDelegate.processResponse(JAXWSSystemHandlerDelegateFactory.java:540)
  at com.sun.enterprise.webservice.monitoring.JAXWSEndpointImpl.processRes
  ponse(JAXWSEndpointImpl.java:121)
  at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOA
  PMessageDispatcher.java:148)
  at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
  at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3Me
  ssageDispatcher.java:160)
  at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3Messag
  eDispatcher.java:89)
  at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpo
  int(EjbWebServiceServlet.java:178)
  at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServ
  iceServlet.java:109)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.jav
  a:100)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:536)
  at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
  ava:182)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipe
  line.java:120)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
  ve.java:137)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:536)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:23
  1)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(
  ProcessorTask.java:667)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBloc
  ked(ProcessorTask.java:574)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(Proces
  sorTask.java:844)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTas
  k(ReadTask.java:287)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.jav
  a:212)
  at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:2
  52)
  at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThrea
  d.java:75)
  |#]
  [#|2007-03-23T00:49:06.336-0600|SEVERE|sun-appserver-pe9.0|javax.enterprise.reso
  urce.webservices.jaxws.server.soapmd|_ThreadID=11;_ThreadName=httpWorkerThread-8
  080-0;_RequestID=64417ac0-ded8-474d-9066-5a97c8559b67;|Unable to create envelope
  from given source:
  com.sun.enterprise.security.jauth.AuthException: Unable to create envelope from
  given source:
  at com.sun.xml.wss.provider.ServerSecurityAuthModule.secureResponse(Serv
  erSecurityAuthModule.java:129)
  at sun.reflect.GeneratedMethodAccessor237.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.sun.enterprise.security.jauth.AuthContext.invokePriv(AuthContext.
  java:128)
  at com.sun.enterprise.security.jauth.AuthContext$1.run(AuthContext.java:
  78)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.enterprise.security.jauth.AuthContext.invoke(AuthContext.java
  :75)
  at com.sun.enterprise.security.jauth.ConfigFile$ConfigServer.secureRespo
  nse(ConfigFile.java:662)
  at com.sun.enterprise.security.wss.WebServiceSecurity.secureResponse(Web
  ServiceSecurity.java:220)
  at com.sun.enterprise.security.wss.WebServiceSecurity.secureResponse(Web
  ServiceSecurity.java:197)
  at com.sun.enterprise.webservice.JAXWSSystemHandlerDelegateFactory$Servl
  etDelegate.processResponse(JAXWSSystemHandlerDelegateFactory.java:540)
  at com.sun.enterprise.webservice.monitoring.JAXWSEndpointImpl.processRes
  ponse(JAXWSEndpointImpl.java:121)
  at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOA
  PMessageDispatcher.java:148)
  at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
  at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3Me
  ssageDispatcher.java:160)
  at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3Messag
  eDispatcher.java:89)
  at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpo
  int(EjbWebServiceServlet.java:178)
  at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServ
  iceServlet.java:109)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.jav
  a:100)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:536)
  at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
  ava:182)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipe
  line.java:120)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
  ve.java:137)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:536)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:23
  1)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(
  ProcessorTask.java:667)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBloc
  ked(ProcessorTask.java:574)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(Proces
  sorTask.java:844)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTas
  k(ReadTask.java:287)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.jav
  a:212)
  at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:2
  52)
  at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThrea
  d.java:75)
  |#]
  [#|2007-03-23T00:49:06.338-0600|WARNING|sun-appserver-pe9.0|javax.enterprise.sys
  tem.stream.err|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;_RequestID=64417
  ac0-ded8-474d-9066-5a97c8559b67;|
  com.sun.enterprise.security.jauth.AuthException: Unable to create envelope from
  given source:
  at com.sun.xml.wss.provider.ServerSecurityAuthModule.secureResponse(Serv
  erSecurityAuthModule.java:129)
  at sun.reflect.GeneratedMethodAccessor237.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  sorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.sun.enterprise.security.jauth.AuthContext.invokePriv(AuthContext.
  java:128)
  at com.sun.enterprise.security.jauth.AuthContext$1.run(AuthContext.java:
  78)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.enterprise.security.jauth.AuthContext.invoke(AuthContext.java
  :75)
  at com.sun.enterprise.security.jauth.ConfigFile$ConfigServer.secureRespo
  nse(ConfigFile.java:662)
  at com.sun.enterprise.security.wss.WebServiceSecurity.secureResponse(Web
  ServiceSecurity.java:220)
  at com.sun.enterprise.security.wss.WebServiceSecurity.secureResponse(Web
  ServiceSecurity.java:197)
  at com.sun.enterprise.webservice.JAXWSSystemHandlerDelegateFactory$Servl
  etDelegate.processResponse(JAXWSSystemHandlerDelegateFactory.java:540)
  at com.sun.enterprise.webservice.monitoring.JAXWSEndpointImpl.processRes
  ponse(JAXWSEndpointImpl.java:121)
  at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOA
  PMessageDispatcher.java:148)
  at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
  at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3Me
  ssageDispatcher.java:160)
  at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3Messag
  eDispatcher.java:89)
  at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpo
  int(EjbWebServiceServlet.java:178)
  at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServ
  iceServlet.java:109)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.jav
  a:100)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:536)
  at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
  ava:182)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipe
  line.java:120)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
  ve.java:137)
  at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.j
  ava:566)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:536)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
  at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:23
  1)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(
  ProcessorTask.java:667)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBloc
  ked(ProcessorTask.java:574)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(Proces
  sorTask.java:844)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTas
  k(ReadTask.java:287)
  at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.jav
  a:212)
  at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:2
  52)
  at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThrea
  d.java:75)
  |#]

  Hi,
  Thanks for the reply. I read the weblog and posted a reply to it already.
  History:
  I actually have a web service where I have message level security enabled and it works great. I had some issues early on with descriptor but those are worked out. As I was testing, I created a test case that throws an exception. That is when I get the NAMESPACE_ERROR, jauth exceptions , etc.
  Attempt to find issue:
  Glassfish: V1 (glassfish-installer-9.0-b48.jar), jdk1.5.0_11
  Code: EJB tech tip EJB30 web service
  Security: message security, specified almost verbatim to how it is done in the link you mention.
  Sample works fine until I modify the web service to throw an exception. Once I do that, I get the NAMESPACE_ERROR stack trace I posted in original message. The sample in the tech tip uses the embedded app-client.
  Thanks for helping with this.

• Problem generating stubs for Java EJB web service deployed in OAS

  I created an EJB web service and I've successfully deployed it in my Oracle App Server. Some of the methods work fine but others produce the ff error:
  org.apache.soap.SOAPException - java.lang.IllegalArgumentException: No Serializer found to serialize [classname] using encoding style [encoding]It seems that the objects specified as parameters in the web service methods exposed are the only ones that had stubs generated for them. Other objects I use, which are usually wrapped inside a Vector, did not have generated stubs.
  Example:
       public String loginUser(UserDTO userDTO) throws RemoteException, NamingException, SQLException;
  public String addItems (Vector vecItems) throws RemoteException, NamingException, SQLException; // where vecItems is a collection of ItemDTO objects     In this scenario, stubs were generated for the UserDTO class, but not for the ItemDTO class. In effect, calling the addItems method resulted to the exception I mentioned above.
  I did a workaround wherein I declared a dummy method which accepted all the types of objects I needed as parameters so all the necessary stubs can be generated, but this fix doesn't feel like it's the proper solution to my problem.
  If anyone can help me, it would be greatly appreciated. Thanks!

  Crossposted:
  Problem generating stubs for Java EJB web service deployed in OAS

• Group Policy won't apply, No mapping between account names and security IDs was done.

  I am using Group Policy Preferences to remove users from the local admin group and add a local admin account.  This GPO is working on 90% of the Win7 machines on the network, but three laptops are not accepting the GPO.  I get the following error:
  Log Name:      Application
  Source:        Group Policy Local Users and Groups
  Date:          6/24/2014 8:49:28 AM
  Event ID:      4098
  Task Category: (2)
  Level:         Warning
  Keywords:      Classic
  User:          SYSTEM
  Computer:      laptop1.internal.com
  Description:
  The user 'Administrators' preference item in the 'Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}' Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security
  IDs was done.' This error was suppressed.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Group Policy Local Users and Groups" />
      <EventID Qualifiers="34305">4098</EventID>
      <Level>3</Level>
      <Task>2</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-06-24T13:49:28.000000000Z" />
      <EventRecordID>68771</EventRecordID>
      <Channel>Application</Channel>
      <Computer>laptop1.internal.com</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data>user</Data>
      <Data>Administrators</Data>
      <Data>Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}</Data>
      <Data>0x80070534 No mapping between account names and security IDs was done.</Data>
    </EventData>
  </Event>
  I've searched high and low for an answer and nothing I find on-line seems to apply.  I also notice that the option to 'Run as Administrator' does not work.  If I right-click on cmd.exe and select 'run as administrator', the command box opens but
  I am not prompted for credentials and the command box does not have admin rights.  Not sure if this is related or not.
  Any help on this would be greatly appreciated.
  Thanks,
  Joe

  Hi,
  Delete your  remove action from the GPP and push it again, does this issue still occur?
  If it still exists, let’s collect the GPP log for analysis:
  Group policy Preference debug logging policy settings are located under:
  Computer Configuration\Administrative Templates\System\Group Policy
  Click Logging and tracing, select local users and group preference logging and trace.
  Meanwhile, just a similar issue, but it is worth trying:
  A user is added to the wrong group on a client computer that is running Windows 7 or Windows Server 2008 R2
  http://support.microsoft.com/kb/2280515
  If you have any feedback on our support, please click
  here
  Alex Zhao
  TechNet Community Support