Whoa! If specify custom Policy Provider, then JVM has no ProtectionDomain!!

What is going on here?
I copied the sun.security.provider.PolicyFile class into another folder and then used -Xbootclasspath to specify that folder, and then in java.security I said to use that one as the provider. When I do that, then AccessController's context is null!! But if I don't specify a provider (and use default), then context is not null!!
What gives?

solved it!
The problem was that my test classes were all in the same path as the Policy class, so they were in the bootclasspath and thus had no classloader.

Similar Messages

  • Where to upload custom JACC provider jar for AS9.1 (Glassfish V2 Beta 1)?

    Hello,
    as I do have some issues with SOAPMessage object on AS9.0U1 as described here: http://forum.java.sun.com/thread.jspa?threadID=5162508
    I'm also trying to duplicate this issue on AS9.1 (Glassfish V2 Beta 1). At the first I need to deploy our custom JACC provider. I've provided correct setup in admin console Configuration -> Security -> JACC providers, I've also switched to use this provider and as I'm used to, I've uploaded JACC provider jar file to the domains/domain1/lib directory. The problem is, it's not working since starting AS9.1 complains about not found class of my provider. As I said, this is exactly how it's working for me on AS9.0U1. Anyway, I've tried to upload the jacc provider jar file to domains/domain1/lib/ext, but then starting AS9.1 complains about missing javax/security/jacc/PolicyContextException. Whole error message in the server log looks like:
    [#|2007-04-20T10:12:52.015+0200|INFO|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=10;_ThreadName=main;com.objectsecurity.openpmf.jacc.Policy;|SEC1143: Loading policy provider com.objectsecurity.openpmf.jacc.Policy.|#]
    [#|2007-04-20T10:12:52.031+0200|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=822161e0-8f06-433a-b052-fb42afffb14a;|java.lang.reflect.InvocationTargetException
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:585)
         at com.sun.enterprise.server.PELaunch.main(PELaunch.java:272)
    Caused by: java.lang.NoClassDefFoundError: javax/security/jacc/PolicyContextException
         at java.lang.Class.forName0(Native Method)
         at java.lang.Class.forName(Class.java:164)
         at com.sun.enterprise.security.PolicyLoader.loadPolicy(PolicyLoader.java:133)
         at com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:96)
         at com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:240)
         at com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:93)
         at com.sun.enterprise.server.PEMain.run(PEMain.java:316)
         at com.sun.enterprise.server.PEMain.main(PEMain.java:260)
         ... 5 more
    Please note that com.objectsecurity.openpmf.jacc.Policy is a Policy provider of our own JACC provider.
    My question is: where exactly to upload JACC provider jar file in order to have it working correctly?
    Thanks!
    Karel

    Did you solve this problem? I've been spinning my head over this. I reinstalled my jdk, reinstalled glassfish, and updated my java.policy file and I still get the same problem.

  • OPSS java security policy provider error

    hi am geting the security error when deploying application my logs is
    *** Using HTTP port 7101 ***
    *** Using SSL port 7102 ***
    "C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\bin\startWebLogic.cmd"
    [waiting for the server to complete its initialization...]
    JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m
    WLS Start Mode=Development
    CLASSPATH=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\oracle\MIDDLE~1\JDK160~1\lib\tools.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\oracle\MIDDLE~1\modules\features\weblogic.server.modules_10.3.5.0.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\webservices.jar;C:\oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\common\derby\lib\derbyclient.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\xqrl.jar
    PATH=C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\native;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\native;C:\oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32;C:\oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\oracle\MIDDLE~1\JDK160~1\jre\bin;C:\oracle\MIDDLE~1\JDK160~1\bin;C:\forms;C:\product\11.2.0\dbhome_1\bin;C:\product\11.2.0\dbhome_1;C:\DevSuiteHome_1\BIN;C:\DevSuiteHome_1\jlib;C:\Program Files\PHP;C:\Program Files\PC Connectivity Solution\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\DivX Shared;c:\Program Files\Java\jdk1.6.0_21\bin;C:\product\11.2.0\dbhome_1\BIN;C:\DevSuiteHome_1;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\mywls;C:\mydomain\base_domain\bin;C:\Program Files\Java\jre6\bin\client;C:\Program Files\Java\jre6\bin;C:\Program Files\Java\jdk1.6.0_21\jre\bin;C:\Program Files\Java\jdk1.6.0_21\bin;C:\Program Files\Java\jdk1.6.0_21;C:\Program Files\Java\jre6;C:\DevSuiteHome_1\forms;C:\DevSuiteHome_1\cgenf61\admin;C:\DevSuiteHome_1\forms;C:\forms\sms_code.pll;C:\mywls\wlserver\bin;C:\Java\jdk1.6.0_21;C:\oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32\oci920_8
    * To start WebLogic Server, use a username and *
    * password assigned to an admin-level user. For *
    * server administration, use the WebLogic Server *
    * console at http:\\hostname:port\console *
    starting weblogic with Java version:
    java version "1.6.0_24"
    Java(TM) SE Runtime Environment (build 1.6.0_24-b50)
    Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode)
    Starting WLS with line:
    C:\oracle\MIDDLE~1\JDK160~1\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=DefaultServer -Djava.security.policy=C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -Djavax.net.ssl.trustStore=C:\DOCUME~1\Desmond\LOCALS~1\Temp\trustStore8732822766352054612.jks -Djbo.debugoutput=silent -Doracle.jdeveloper.adrs=true -Dweblogic.nodemanager.ServiceEnabled=true -Xverify:none -da -Dplatform.home=C:\oracle\MIDDLE~1\WLSERV~1.3 -Dwls.home=C:\oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\oracle\MIDDLE~1\WLSERV~1.3\server -Djps.app.credential.overwrite.allowed=true -Dcommon.components.home=C:\oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1 -Djrockit.optfile=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\servers\DefaultServer -Doracle.domain.config.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1 -Digf.arisidbeans.carmlloc=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\arisidprovider -Doracle.security.jps.config=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\servers\DefaultServer\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\oracle\store\gmds -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\sysext_manifest_classpath;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\sysext_manifest_classpath weblogic.Server
    <22 Dec 2011 10:11:07 AM> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
    <22 Dec 2011 10:11:07 AM> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
    <22 Dec 2011 10:11:07 AM> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 19.1-b02 from Sun Microsystems Inc.>
    <22 Dec 2011 10:11:07 AM> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
    <22 Dec 2011 10:11:08 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
    <22 Dec 2011 10:11:08 AM> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
    <22 Dec 2011 10:11:08 AM> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
    <22 Dec 2011 10:11:08 AM> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log00004. Log messages will continue to be logged in C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log.>
    <22 Dec 2011 10:11:08 AM> <Notice> <Log Management> <BEA-170019> <The server log file C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log is opened. All server side log events will be written to this file.>
    oracle.security.jps.JpsRuntimeException: Cannot read from policy store.
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:440)
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:227)
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:100)
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:74)
         at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
         at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
         at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
         at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
         at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
         at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:850)
         at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
         at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
         at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
         at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
         at java.lang.Class.newInstance0(Class.java:355)
         at java.lang.Class.newInstance(Class.java:308)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
         at weblogic.security.SecurityService.start(SecurityService.java:141)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: oracle.security.jps.JpsRuntimeException: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:166)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:187)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.loadXmlDataStore(XmlDataStore.java:418)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.<init>(XmlDataStore.java:283)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.getInstance(XmlDataStore.java:216)
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:436)
         ... 28 more
    Caused by: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
         at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:80)
         at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
         at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
         ... 34 more
    Caused by: javax.xml.stream.XMLStreamException: Premature end of file encountered
         at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:69)
         ... 37 more
    <22 Dec 2011 10:11:10 AM> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider>
    <22 Dec 2011 10:11:10 AM> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
    weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
         at weblogic.security.SecurityService.start(SecurityService.java:141)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:293)
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
         at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
         Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
         at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:899)
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
         at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
         Truncated. see log file for complete stacktrace
    Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
         at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
         Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
         at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:860)
         at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
         at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
         Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.JpsRuntimeException: Cannot read from policy store.
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:440)
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:227)
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:100)
         at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:74)
         at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
         Truncated. see log file for complete stacktrace
    Caused By: oracle.security.jps.JpsRuntimeException: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:166)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:187)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.loadXmlDataStore(XmlDataStore.java:418)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.<init>(XmlDataStore.java:283)
         Truncated. see log file for complete stacktrace
    Caused By: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
         at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:80)
         at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
         at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
         Truncated. see log file for complete stacktrace
    Caused By: javax.xml.stream.XMLStreamException: Premature end of file encountered
         at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:69)
         at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
         at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
         at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
         Truncated. see log file for complete stacktrace
    >
    <22 Dec 2011 10:11:10 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
    <22 Dec 2011 10:11:10 AM> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
    <22 Dec 2011 10:11:10 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
    Process exited.
    this is what i have try to do
    delete the jazn-data.xml file under the DefaultDomain
    and i try to in the folder of C:\Oracle\Middleware\user_projects\domains\UCM_dom ain\config\fmwconfig open cwallet.sso, go to properties of it and then security.Enable full control,modify,Read and execute,read and write permissions for the current user and apply it. but there is no security option when i right click cwallet.sso
    and my acess log is
    27.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432564240140&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
    127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
    127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
    127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432609646747&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
    127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
    127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
    127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432662731333&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
    127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
    127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
    Edited by: user603350 on 2011/12/22 12:04 PM
    Edited by: user603350 on 2011/12/22 12:17 PM
    Edited by: user603350 on 2011/12/22 1:12 PM

    The problem is that your WLS domain is created in a directory whose path contains blank spaces (e.g. "...\Document and Settings\...").
    Please, have a look at this message for a solution: {message:id=9588131}
    Dimitar

  • How to specify custom table name for subclasses in Kodo 3?

    I'm migrating our codes from Kodo 2.5.x to version 3.
    In Kodo 2.x, specifying the class/subclass table name uses the extension
    like this "@jdo.extension vendor-name="kodo" key="table"
    value="DyeStuffs"" when using XDoclet to generate the .jdo metadata files.
    It no longer works in Kodo 3. Following the Kodo's documentation, I have
    upgraded XDoclet to 1.2b3 and changed all doclet tags to the ones that
    XDoclet understands.
    I noticed in the documentation, to specify custom table mapping, it uses
    nested vendor extensions. E.g
    <extension vendor-name="kodo" key="jdbc-class-map" value="vertical">
    <extension vendor-name="kodo" key="table" value="TABLOID"/>
    <extension vendor-name="kodo" key="ref-column.JDOID"
    value="MAG_ID"/>
    </extension>
    So how do I specify nested extensions when using with XDoclet's tags?
    Need help as I have to complete the migration by end of the week.
    Thanks,
    Makas

    Abe White wrote:
    Makas Tzavellas wrote:
    Does it mean I have to map all classes and fields to the existing tables?As I tried to point out earlier, in 3.0 all mapping information must be
    explicit all the time. So basically everything is like mapping to an
    existing schema (only Kodo can generate those mappings for you... as
    long as you're not using XDoclet for all your mapping! :)
    It seems quite a pain to manually map all the existing tables and
    fields, especially when Kodo gave the table and field names. I don't
    mind mapping the tables, but mapping the fields will be a horror with
    105 tables. Have I missed out anything in the migration documentation
    that might help me with this process? Also does Kodo require the
    ..mapping file to work or having everything in .jdo file is sufficient
    (looking at the documentation it seems ok to have .jdo file only)?
    If I do, I prefer to regenerate all tables without the base table,
    basically having tables to include all the fields from the base table.
    And migrate all existing data to the new table structure.I'm not entirely clear on what you want. Are you saying that you want
    each subclass to have its own table and repeate the columns from its
    superclass table in its own?
    Yes, that is exactly what I want.
    If so, then this is not supported by Kodo (yet... we're working on it
    though).
    Ok, I'll settle having Kodo 3 to only map back to the original tables,
    as I believe Kodo 3 will provide some performance improvement as
    compared to 2.x.

  • Custom Parameter Provider in new WD template not working (NW04S SP11)

    Hi,
    We're attempting to use the Custom Parameter provider in our portal for many Web Dynpro iviews. In the end we will have from 100-300 SAP clients in the backendsystem and we need this functionality to dynamically route users to the correct backendsystem.
    Our problem is as follows:
    We intend to replace the suffix (clientnumber) for the "sap-wd-arfc-useSys" parameter in the iview property "Application Parameter" so that the value would look something like this:
    sap-wd-arfc-useSys=SAP_R3_Travel: SAP Application we see that the property is there (given in red font color) so I assume it's hidden from editing. How can we edit it or display it for editing? (Btw we have sent an OSS to SAP on the matter)
    One more thing:
    We tested our provider service on the old template and discovered that it only triggers on the iview properties and not the provider parameter that we have registered ("ervjcopostfix"). What are we doing wrong? To me it seems that it fails in the first run (find provider in registry) and jumps forward to the component profile (e.g. Iview properties).
    Why isn't the iview checking for our parameter in the registry? (of course we have verified that the parameter is in the registry and the service is up and running).
    Hope you can help.
    Best Regards,
    Hans Petter Bjørn

    This appears to be resolved... I think something got corrupted on my custom client settings after the mof import.   I deleted it and recreated a new client settings for our pcs.  I then re-enabled the hardware inventory for these 2 mof entries.
      I updated the policy and then did another hardware inventory cycle.  I now see the entry in the log and in resource explorer.

  • Custom authorization provider for WL7 problem (not getting all parameters from ContextHandler)

    I'm implementing a custom authorization provider for WebLogic 7.
    In my Access Decision isAccessAllowed method I need to check values of
    the parameters passed to an EJB method. Now, if an EJB method I have
    two parameters of the same type, for example int, when I get
    ContextElement array from ContextHandler and iterate through it to get
    names and values of the parameters I get the same value (value of the
    first int parameter) from both ContextElement's.
    Here is the code:
    String [] names = ch.getNames();
    for (int i = 0; i < names.length; i++)
    String name = names;
    System.out.println("name = " + name);//here it gets array of
    Strings, which contains two parameter names: "int","int",
    which are the types of EJB method parameters
    ContextElement[] ces= ch.getValues(names);
    for (int j = 0; j < ces.length; j++)
         ContextElement ce = ces[j];
         System.out.println(ce.getName()+ " = " + ce.getValue());
    //here if the value of the first int was 2 and the second 0,
    it would get 2 from both ContextElements (each of ContextElements will
    have name "int"
    If I try this with method parameters of different types, for example
    int with value 2 and long with value 0, then this code work fine -
    first ContextEleement has name int and value 2 and the second has name
    long and value 0.
    Thanks,
    -Oleg Kozlov.

    I'm implementing a custom authorization provider for WebLogic 7.
    In my Access Decision isAccessAllowed method I need to check values of
    the parameters passed to an EJB method. Now, if an EJB method I have
    two parameters of the same type, for example int, when I get
    ContextElement array from ContextHandler and iterate through it to get
    names and values of the parameters I get the same value (value of the
    first int parameter) from both ContextElement's.
    Here is the code:
    String [] names = ch.getNames();
    for (int i = 0; i < names.length; i++)
    String name = names;
    System.out.println("name = " + name);//here it gets array of
    Strings, which contains two parameter names: "int","int",
    which are the types of EJB method parameters
    ContextElement[] ces= ch.getValues(names);
    for (int j = 0; j < ces.length; j++)
         ContextElement ce = ces[j];
         System.out.println(ce.getName()+ " = " + ce.getValue());
    //here if the value of the first int was 2 and the second 0,
    it would get 2 from both ContextElements (each of ContextElements will
    have name "int"
    If I try this with method parameters of different types, for example
    int with value 2 and long with value 0, then this code work fine -
    first ContextEleement has name int and value 2 and the second has name
    long and value 0.
    Thanks,
    -Oleg Kozlov.

  • Renewed my subca now I get A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider

    Hello
    My subca certificate was about to expire so I renewed it with the same key and since then my wireless will not connect. I get the following error from NPS:
    Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    User:
    Security ID:
    AD\4411CB8CD34A2AA$
    Account Name:
    host/4411CB8CD34A2AA.ad.***.org
    Account Domain:
    AD
    Fully Qualified Account Name:
    AD\4411CB8CD34A2AA$
    Client Machine:
    Security ID:
    NULL SID
    Account Name:
    Fully Qualified Account Name:
    OS-Version:
    Called Station Identifier:
    f4-1f-c2-e6-0e-40:***-private
    Calling Station Identifier:
    e0-06-e6-c2-96-b7
    NAS:
    NAS IPv4 Address:
    10.0.2.85
    NAS IPv6 Address:
    NAS Identifier:
    DOM-WLC1
    NAS Port-Type:
    Wireless - IEEE 802.11
    NAS Port:
    13
    RADIUS Client:
    Client Friendly Name:
    NPS Proxy 1
    Client IP Address:
    10.0.2.12
    Authentication Details:
    Connection Request Policy Name:
    Wireless Clients
    Network Policy Name:
    Wireless Clients
    Authentication Provider:
    Windows
    Authentication Server:
    DOM-DC1.ad.****.org
    Authentication Type:
    EAP
    EAP Type:
    Microsoft: Smart Card or other certificate
    Account Session Identifier:
    Logging Results:
    Accounting information was written to the local log file.
    Reason Code:
    295
    Reason:
    A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
    How do i make the policy provider trust this new certificate that was created? When i renewed the certificate everything looks good on the subca and root ca. The new certificate is not in the nps servers so i tried manually importing it and that still did
    not work. I noticed when i open the wireless network policy properties under constraints and open the Microsoft: Smart Card or other certificate eap type the new certificate is not in there. Any suggestions? Thank you!

    can you copy client certificate to NPS server and run the following command against this certificate:
    certutil -verify -urlfetch path\clientcert.cer
    and show us the output.
    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell File Checksum Integrity Verifier tool.

  • Error while invoking webservice attached with custom policy

    I created a webservice in SOA 11g and attached a custom policy which is doing encryption(message protection) to its exposed service endpoint .This web service runs fine if i run it independently. Then i created a simple SOA process and call this web service.Then i am getting Fabric Invocation Exception.Can anyone tell me what can be the problem?

    I want to do the encyrpton only in secured webservice. I just want to invoke that web service from another process. In this case which policy can i attach in the reference of the SOA process which is calling secured web service?

  • How to specify custom SQL in polling db adapter with logical delete option

    Hi all,
    I am writing a SOA composite app using JDeveloper SOA Suite 11.1.1.4 connecting to a SQL Server db using a polling DB Adapter with the logical delete option to send data to a BPEL process.
    I have requirements which go beyond what is supported in the JDeveloper UI for DB Adapter polling options, namely:
    * update more than one column to mark each row read, and
    * specify different SQL for the logical delete operation based on whether bpel processing of the data polled was successful or not.
    A complicating factor is that the polling involves two tables. Here is my full use-case:
    1) Polling will select data derived from two tables: e.g. 'headers' and 'details' simplified for this example:
    table: headers
    hid - primary key
    name - data label
    status - 'unprocessed', 'processed', or 'error'
    processedDate - null when data is loaded, set to current datetime when row is processed
    table: details
    hid - foreign key pointed at header.hid
    attr - data attribute name
    value - value of data attribute
    2) There is a many:1 relationship between detail and header rows through the hid columns. The db adapter polling SELECT shall return results from an outer join consisting of one header row and the associated detail rows where header.status = 'unprocessed' and header.hid = details.hid. (This is supported by the Jdeveloper UI)
    3) The polled data will be sent to be processed by a bpel process:
    3.1) If the bpel processing succeeds, the logical delete (UPDATE) operation shall set header.status = 'processed', and header.processedDate = 'getdate()'.
    3.2) If bpel processing fails (e.g. hits a data error while processing the selected data) the logical delete (UPDATE) operation shall set header.status = 'failed', header.processedDate = 'getdate()', and header.errorMsg = '{some text returned from bpel}'.
    Several parts of #3 are not supported by the JDeveloper UI: updating multiple columns to mark the row processed, using getdate() to populate a value of one of those column updates, doing different update operations based on the results of the BPEL processing of the data (success or error), and using data obtained from BPEL processing as a value of those column updates (error message).
    I have found examples which describe specifying custom SQL using the polling delete option to create a template then modifying the toplink file(s) to specify custom select and update SQL to implement a logical delete. (e.g. http://dlimiter.wordpress.com/2009/11/05/advanced-logic-in-oracle-bpel-polling-database-adapter/ and http://myexperienceswithsoa.blogspot.com/2010/06/db-adapter-polling-tricks.html). But none of them match what I've got in my project, in the first case because maybe because I'm using a higher version of JDeveloper, and in the second I think because in my case two tables are involved.
    Any suggestions would be appreciated. Thanks, John

    Hi John,
    You've raised a good scenario.
    First of all let me say that the purpose of the DB polling transaction, is to have an option to initiate a process from a DB table/view and not to update multiple fields in a table (or have other complex manipulation on the table).
    So, when choose to update a field in a record, after reading it, you are "telling" the engine not to poll this record again. Sure, i guess you can find a solution/workaround for it, but I don't think this is the way....
    The question now is what to do?
    You can have another DB adapter where you can update the data after finishing the process. In that case, after reading the data (on polling transaction) - update the header.status = 'processed' for example, and after processing the selected data update the rest of the fields.
    Hope it make some sense to you.
    Arik

  • Retrieve Client IP Address in a Oracle WebServices Manager Custom Policy

    Hi everybody,
    For some reasons i had to implement a custom policy in the OWSM, to restrict the access to webservices by Client IP Addresses. I´ve been following the examples for custom policies mentioned in the books: "Oracle Web Services Manager, Oracle Web Services Manager" by Sitaraman Lakshminarayanan, and the "Oracle® Web Services Manager Extensibility Guide 10g (10.1.3.3.0)" by Oracle. I followed the examples mentioned in those books to implement my Custom policy, the policy is successfully deployed to OWSM and it works, only by the issue that when i want to retrieve the Client Ip address it returns null, and following the example by the Oracle Guide, the HttpServletRequest its also returns null, im desperated because in every site that i finally find some info about it, quotes any of these 2 examples in those books, and mine doesnt work! this is the code of the custom policy, i´ve combined the 2 aproaches:
    package project1;
    import com.cfluent.ccore.util.logging.ILogger;
    import com.cfluent.ccore.util.logging.Level;
    import com.cfluent.ccore.util.logging.LogManager;
    import com.cfluent.pipelineengine.container.MessageContext;
    import com.cfluent.policysteps.sdk.AbstractStep;
    import com.cfluent.policysteps.sdk.Fault;
    import com.cfluent.policysteps.sdk.IMessageContext;
    import com.cfluent.policysteps.sdk.IResult;
    import com.cfluent.policysteps.sdk.InvocationStatus;
    import com.cfluent.policysteps.sdk.Result;
    import java.util.HashMap;
    import java.util.Iterator;
    import java.util.Vector;
    import javax.servlet.http.HttpServletRequest;
    public class CustomPolicy extends AbstractStep {
    private static String CLASSNAME = CustomPolicy.class.getName();
    private static ILogger LOGGER = LogManager.getLogger(CLASSNAME);
    private String allowedIpAddress = null;
    private String allowedRoleName = null;
    private String protectedServiceMethodName = null;
    public CustomPolicy() {
    public void init() throws IllegalStateException {
    // nothing to initialize
    public void destroy() {
    * This is the main method which will validate that the request is coming from
    * the correct IP Address and has permission to access the specified metod.
    public IResult execute(IMessageContext messageContext) throws Fault {
    LOGGER.entering(CLASSNAME, "execute");
    Result result = new Result();
    result.setStatus(IResult.FAILED); //initialize result
    String processingStage = messageContext.getProcessingStage();
    LOGGER.log(Level.INFO, "Processing stage is " + processingStage);
    HttpServletRequest httpServletRequest = (HttpServletRequest)
    messageContext.getProperty("javax.servlet.request");
    String remoteAddr = httpServletRequest.getHeader("Host");
    LOGGER.log(Level.SEVERE, "Dir IP:"+remoteAddr);
    String remoteHost = httpServletRequest.getRemoteHost();
    LOGGER.log(Level.INFO, "ADDR" + remoteAddr+ "HOST"+remoteHost);
    boolean isRequest =
    (IMessageContext.STAGE_REQUEST.equals(messageContext.getProcessingStage()) ||
    IMessageContext.STAGE_PREREQUEST.equals(messageContext.getProcessingStage()));
    //Execute the step Only when its a Request pipeline else return success
    if (!isRequest) {
    result.setStatus(IResult.SUCCEEDED);
    return result;
    MessageContext msgCtxt = (MessageContext)messageContext;
    String _MethodName = msgCtxt.getRequest().getMethodName();
    LOGGER.log(Level.INFO,
    "Writing Allowed IP Addr before creating SOAP header " +
    allowedIpAddress);
    LOGGER.log(Level.INFO,
    "Writing Remote IP Addr before creating SOAP header " +
    msgCtxt.getRemoteAddr());
    /*LOGGER.log(Level.INFO,
    "Writing Remote IP Addr before creating SOAP header " +
    remoteAddr);*/
    String cadTempo = allowedIpAddress;
    Vector vect = new Vector();
    for (int i = 0; i < allowedIpAddress.length(); i++) {
    if (cadTempo.indexOf(",") != -1) {
    //vect.add(cadTempo.substring(0, cadTempo.indexOf(",") - 1));
    vect.add(cadTempo.substring(0, cadTempo.indexOf(",")));
    cadTempo =
    cadTempo.substring(cadTempo.indexOf(",") + 1, cadTempo.length());
    LOGGER.log(Level.INFO,
    "AQUI111");
    } else {
    if (!cadTempo.equalsIgnoreCase("")) {
    vect.add(cadTempo);
    LOGGER.log(Level.INFO,
    "AQUI222");
    break;
    for(int i=0;i<vect.size();i++){
    String temp = (String)vect.get(i);
    if (temp.equals(msgCtxt.getRemoteAddr()) &&
    _MethodName.equals(protectedServiceMethodName)) {
    LOGGER.log(Level.INFO,
    "AQUI333");
    result.setStatus(IResult.SUCCEEDED);
    break;
    } else {
    msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
    LOGGER.log(Level.INFO,
    "AQUI444");
    /*if(allowedIpAddress!=null){
    result.setStatus(IResult.SUCCEEDED);
    /*if (allowedIpAddress.equals(msgCtxt.getRemoteAddr()) &&
    _MethodName.equals(protectedServiceMethodName)) {
    result.setStatus(IResult.SUCCEEDED);
    } else {
    msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
    // Set the result to SUCCESS
    //result.setStatus(IResult.SUCCEEDED);
    return result;
    public String getIpAddress() {
    return allowedIpAddress;
    public void setIpAddress(String IpAddress) {
    this.allowedIpAddress = IpAddress;
    LOGGER.log(Level.INFO, "IP Address is.. " + allowedIpAddress);
    public String getServiceMethodName() {
    return protectedServiceMethodName;
    public void setServiceMethodName(String serviceMethodName) {
    this.protectedServiceMethodName = serviceMethodName;
    public String getRoleName() {
    return allowedRoleName;
    public void setRoleName(String roleName) {
    this.allowedRoleName = roleName;
    And the xml:
    <csw:StepTemplate xmlns:csw="http://schemas.confluentsw.com/ws/2004/07/policy"
    name="Custom authenticate step" package="project1"
    timestamp="Oct 31, 2005 05:00:00 PM" version="1"
    id="0102030405">
    <csw:Description>Custom step that authenticates the user against the
    credentials entered here. This step requires Extract
    credentials to be present before it in the request pipeline.</csw:Description>
    <csw:Implementation>project1.CustomPolicy</csw:Implementation>
    <csw:PropertyDefinitions>
    <csw:PropertyDefinitionSet name="Basic Properties">
    <csw:PropertyDefinition name="Enabled" type="boolean">
    <csw:Description>If set to true, this step is enabled</csw:Description>
    <csw:DefaultValue>
    <csw:Absolute>true</csw:Absolute>
    </csw:DefaultValue>
    </csw:PropertyDefinition>
    </csw:PropertyDefinitionSet>
    <csw:PropertyDefinitionSet name="Custom Access Rules">
    <csw:PropertyDefinition name="IpAddress" type="string" isRequired="true">
    <csw:DisplayName>IpAddress</csw:DisplayName>
    <csw:Description>IP Address that is allowed access</csw:Description>
    <csw:DefaultValue>
    <csw:Absolute>192.168.0.1</csw:Absolute>
    </csw:DefaultValue>
    </csw:PropertyDefinition>
    <csw:PropertyDefinition name="ServiceMethodName" type="string"
    isRequired="true">
    <csw:DisplayName>ServiceMethodName</csw:DisplayName>
    <csw:Description>Service Method Name that is Protected (Secured)</csw:Description>
    <csw:DefaultValue>
    <csw:Absolute>getTime</csw:Absolute>
    </csw:DefaultValue>
    </csw:PropertyDefinition>
    </csw:PropertyDefinitionSet>
    </csw:PropertyDefinitions>
    </csw:StepTemplate>
    Please any tip or idea is welcome, thanks in advance for the help.
    Carlos.

    Hi again
    copied your code for testing. And it works fine.
    So both the code and policy-step definition is fine, log output below.
    What is your log output?
    Using soapui to send the request will give the ip of my localhost, using the test client will give the ip of the server, because that is the actual client.
    I guess the server ip is 192.168.0.1 in your case, as you are testing from test console.
    <b>anyway, results from SOAPUI:</b>
    2009-05-19 09:52:15,096 FINE [HTTPThreadGroup-4] CSWComponent - Executing policy step. Policy='SID0003004', Step Name='Custom Policy Step', Step Class='com.*.soa.wsm.CustomPolicy'
    2009-05-19 09:52:15,096 FINER [HTTPThreadGroup-4] wsm.CustomPolicy - com.*.soa.wsm.CustomPolicy execute:ENTERING
    2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Processing stage is Request
    2009-05-19 09:52:15,096 SEVERE [HTTPThreadGroup-4] wsm.CustomPolicy - Dir IP:hostname.domain:8890
    2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - ADDRhostname.domain:8890HOST10.47.89.116
    2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - MethodName=getHostNameElement
    2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
    2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.89.116
    2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
    2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
    2009-05-19 09:52:15,097 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI333
    2009-05-19 09:52:15,097 FINER [HTTPThreadGroup-4] agent.Agent - com.cfluent.agent.Agent intercept:ENTERING
    <b>But if I use the test client the remote IP would be 10.47.137.50 and execution fails, as code is written</b>
    <i>
    2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
    2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.137.50
    2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
    2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
    2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
    2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
    2009-05-19 09:54:12,267 FINE [HTTPThreadGroup-4] CSWComponent - Step execution failed: Policy=[SID0003004] Pipeline=[Request] Step Name=[Custom Policy Step] Step Class=[com.tandberg.soa.wsm.CustomPolicy]
    2009-05-19 09:54:12,267 FINER [HTTPThreadGroup-4] common.PrepareForServiceStep - Step PrepareForServiceStep called
    </i>

  • Custom Policy vs. J2EE Security

    Hi there, Java Security architecture gurus,
    I am currently trying to find the best architecture for the new security framework for our company's application. The system requires instance based security. ACLs are stored in a database. JAAS's authentication is just fine, but its file based authorization is not sufficient for our needs. Access rights change during runtime and they should not be refreshed that inefficient way with Policy.refresh().
    The solution I would like to establish should cope with changing environments without the need to change the code that is using security checks. E.g. the app should be able to run as a stand-alone application or within J2EE application servers or servlet engines.
    I have looked at the Java 2 Security API and found out that implementing a customized version of the JAAS Policy class can be one approach. A good benefit is the tight integration with the Java Security framework and that it not necessary to reimplement things like the AccessController and privileged actions.
    Now, I have the following questions:
    - Is the custom Policy a common solution when the application is deployed on a J2EE appserver?
    - Is it possible to delegate permission checking of the system permissions (FilePermission, PropertyPermission, etc.) to the original Policy implementation? I would not really want to have to include all of these in the database table.
    The alternative approach would probably be J2EE security with the cost of restricting the app to the J2EE environment. To me it seems to be impossible to implement instance based security with role based descriptive J2EE security. With programatic EJB security, I would need to make isPrincipalInRole() completely dynamic to support it.
    I looked through the forum for quite a while without success but if you already discussed this topic I would really appreciate a pointer.
    Thanks,
    Christoph

    Chris,
    There is a very good article from IBM that implements the same thing you are trying to implement i.e. instance base security and also custom Policy(u may need this).
    http://www-106.ibm.com/developerworks/library/j-jaas/?n-j-442
    Now, I have the following questions:
    - Is the custom Policy a common solution when the application is deployed on a J2EE appserver?
    Custom policy is required primarily if you are going away from the default policy format that sun recommends. If you want to read your permissions from a database you may need to implement a custom Policy class.
    - Is it possible to delegate permission checking of the system permissions (FilePermission, PropertyPermission, etc.) to the original Policy implementation? I would not really want to have to include all of these in the database table.
    This is recommended by Sun. You may have to delegate the Permission checks that you know you cannot handle to default policy class.
    In your CustomPolicy.java getPermissions() method, the following code will code to the end of the function
    // If the permission is not found here then delegate it
    // to the standard java Policy class instance.
    java.security.Policy policy = java.security.Policy.getPolicy();
    return policy.getPermissions(codeSource);
    Hope this helps.

  • Custom security provider exception

    Good day, colleagues. I want to raise an old topic.
    I use custom security provider exceptions:
    -AccountExpiredException
    -AccountLockedException
    However, the login() method only captures FailedLoginException
    try
      CallbackHandler pwcall = new weblogic.security.URLCallbackHandler(user, pass.getBytes("UTF-8"));
      subject = weblogic.security.services.Authentication.login(pwcall);
      weblogic.servlet.security.ServletAuthentication.runAs(subject, request);
    catch (javax.security.auth.login.LoginException e) {
      e.printStackTrace();
    javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User ...
      at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:240)
      at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
      at java.security.AccessController.doPrivileged(Native Method)
    I found similar questions IdentityAssertion custom exception, FailedLoginException asked many years ago for WLS 9.2
    Their solution (wlp.propogate.login.exception.cause=true) does not work for WLS 10.3.
    How to propagate original LoginException?
    Or exception message only.

    I did it! look closely to source code:
    javax.security.auth.login.LoginContext:875
    if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) {
      // if REQUISITE, then immediately throw an exception
      if (methodName.equals(ABORT_METHOD) || methodName.equals(LOGOUT_METHOD)) {
           if (firstRequiredError == null)
                firstRequiredError = le;
      } else {
           throwException(firstRequiredError, le);
    } else if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) {
      // mark down that a REQUIRED module failed
      if (firstRequiredError == null)
           firstRequiredError = le;
    } else {
      // mark down that an OPTIONAL module failed
      if (firstError == null)
           firstError = le;
    javax.security.auth.login.LoginContext:922
    // we went thru all the LoginModules.
    if (firstRequiredError != null) {
      // a REQUIRED module failed -- return the error
      throwException(firstRequiredError, null);
    } else if (success == false && firstError != null) {
      // no module succeeded -- return the first error
      throwException(firstError, null);
    } else...
    I set Control flag: OPTION to DefaultAuth (was REQUIRED)
    and order it after my LoginModule. (restart required!)
    Now I catch my exceptions %)

  • How to use getContent() method in custom JSP Provider to display a HTML Pag

    Hi,
    If anybody knows how to use getContent() method to use in custom jsp providers (developed by ourselves) so that it can be used to retrieve a jsp page (a simple html page) ..
    I want the code in the provider java file to for the getContent method...
    Pls. get back to me asap....if any body has implemented a custom jsp provider...as it's urgent...
    I have alreday placed the JSP file in the directory structure /etc/opt/SUNWps/desktop/default/channel_dir..But still the jsp is not being displayed..
    Pls get me the getContent() method code to retrive the JSP file..
    satyabrata

    Hi,
    You don't have to do anything in the custom JSPProvider's getContent method except the call {  return super.getContent(request,response); } . If all you want is just to show your jsp, then create a channel from the default JSPProvider, and edit the property contentPage of that channel from samplecontent.jsp to your jsp name, save the changes and login again. You should see your JSP.
    Sanjeev.

  • Custom Policy Step calling EJB

    Hi there,
    I'm a newby to OC4J and need some help in regards to some library issues. I've created an EJB using spring and deployed it to the oc4j container. Then I created an owsm custom policy step which retrieves the EJB bean using spring and retrieves the custom security header, which I then add to the current SOAP header. I wasn't quite sure how to create the custom policy step jar as it contains my spring jar as well as my ejb jar, so I used maven to create the jar with all my dependent jars as well. Everything works great, as in, it retrieves the EJB calls the method on the EJB which will retrieve a value from LDAP and then uses that value to query our data store and then return the object, but when it returns the object it throws the following exception:
    java.lang.LinkageError: Class com/cochlear/erpsecurity/domain/ErpSoapHeader violates loader constraints
    Which is due to the fact that I have the ErpSoapHeader in my custom policy step jar as well as my ejb jar. When I don't include the ejb jar in my custom policy step jar however then it give a class not found exception when trying to load the ejb with spring. Then I tried something dodgy and added the ejb jar to my server.xml in oracle.wsm.gateway shared library, but this caused the linkage error as well.
    Any help on how I can resolve this library issue will be great appreciated.
    Thanks so much,
    Ida

    Here's an example on how to add a custom SOAP header to the request message inside a custom step.
    public IResult execute(IMessageContext messageContext) throws Fault {
    MessageContext msgCtxt = (MessageContext) messageContext;
    SOAPEnvelope senv = msgCtxt.getRequest().getAxisMessage().getSOAPEnvelope();
    ((org.apache.axis.message.SOAPEnvelope)senv).setDirty(true);
    Name header = factory.createName("CustomHeader", "http://foo.com/custom/header");
    SOAPHeaderElement headerElement = senv.getHeader().addHeaderElement(header);
    headerElement.addTextNode("My custom header data");
    OWSM uses AXIS implementation internally to represent the SOAP message.
    Cheers,
    Vikas Jain

  • Unable to create or update the Custom Data Provider WIS 10853

    Hi,
    I have created the universe in designer then I created QAAWS. In the web intelligence tool, clicked for new document and then chosen web services under other data sources. After giving webservices detailed, I encountered the following error.
    Error from Personal Datasource : Unable to create or update the Custom Data Provider: invalid information retrieved while trying to get the structure. (CDS 105109). (WIS 10853)
    Can anyone help abt this problem? I wud very thankful for them.

    Hi,
    Can you post the wsdl URL. It would be of great help if we could have a look at the wsdl schema. Not all schemas are supported at the moment and hence the error. You can have a look at the limitations section in the documentation guide.
    Regards
    Rahul

Maybe you are looking for

  • Report for gl accounts with reference to purchase order

    hi experts Is there any report which can give the gl accounts with reference to purchase order thnx

  • Link for Cost Center And Work Center.

    Dear Experts, Can you Provide me the Link for Cost Center And Work Center. Regads, Jyoshna

  • MCTC , MC(E and MC+Q Report

    Hi all, We are at final phage of implementation process, we are running report in MCTC , MC(E and MC+Q while executing this report system giving different options like in MCTC -- 1) Incoming Orders 2) Sales 3) open order quantity 4) Gross sales MC(E

  • System Copy for UCES

    Hello Experts, We have a ECC6.0 EHP2 (ABAP+Java) landscape was  previously installed by a vendor. UCES 6.0 was also installed on ECC Java stack by the vendor however going forward our plan is to publish UCES access to a wide range of utility customer

  • Wrong data export from ID to PS

    Hallo, I have a strange problem pasting placed eps images in ID back to PS. If I mark (correct name, path and image look) placed eps images in ID CS4 and paste them into a new file at PS wrong images show up! They exist in the same document but are o