My Oracle Support Banner

Request Membership to Group Space Fails with oracle.wsm.security.WSIdentityPermission Access Denied (Doc ID 1294755.1)

Last updated on AUGUST 06, 2024

Applies to:

Oracle WebCenter Portal - Version 11.1.1.3.0 to 11.1.1.4.0 [Release 11g]
Information in this document applies to any platform.

Symptoms


Using WebCenter Spaces 11.1.1.3, requesting membership to a group space is not working. The request can be made by the user, the request is then seen by the approver, and the approver can approve/reject, however the actual process does not complete and the user never gains access to the group space.

The user sees an error in their workflow portlet stating there was an error processing their request and to try again.

In the SOA managed servers diagnostic log the following errors are seen:

"...
.
[2011-02-01T22:15:19.542-05:00] [WLS_SOA-02] [ERROR] [] [oracle.webcenter.spaces.ws.client] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] [[
oracle.webcenter.spaces.ws.client.GroupSpaceWSException: javax.naming.NameNotFoundException; remaining name 'SpacesWebServiceEndpoint'
at oracle.webcenter.spaces.ws.client.GroupSpaceWSClient.getWebCenterURLFromConnectionsFile(GroupSpaceWSClient.java:281)
at oracle.webcenter.spaces.ws.client.GroupSpaceWSClient.<init>(GroupSpaceWSClient.java:323)
at orabpel.subscription.ExecLetBxExe1$1SpacesPrivilegedAction.run(ExecLetBxExe1.java:617)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:454)
at orabpel.subscription.ExecLetBxExe1.execute(ExecLetBxExe1.java:656)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELxExecWMP.__executeStatements(BPELxExecWMP.java:42)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:162)
at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2465)
at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1132)
at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:219)
at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:327)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4350)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4281)
at com.collaxa.cube.engine.CubeEngine._callbackPerformer(CubeEngine.java:1322)
at com.collaxa.cube.engine.CubeEngine.callbackPerformer(CubeEngine.java:1253)
at com.collaxa.cube.engine.delivery.DeliveryHelper.callbackPerformer(DeliveryHelper.java:636)
at com.collaxa.cube.engine.delivery.DeliveryService.handleCallback(DeliveryService.java:1027)
at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleCallback(CubeDeliveryBean.java:392)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
.....
]]
.
.
.
[2011-02-01T22:15:23.350-05:00] [WLS_SOA-02] [ERROR] [] [oracle.wsm.resources.security] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>]
[2011-02-01T22:15:23.352-05:00] [WLS_SOA-02] [ERROR] [WSM-00005] [oracle.wsm.resources.security] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] Error in sending the request.
[2011-02-01T22:15:23.368-05:00] [WLS_SOA-02] [ERROR] [WSM-07607] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] [arg: {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates] [arg: oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor] Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.
[2011-02-01T22:15:23.369-05:00] [WLS_SOA-02] [ERROR] [WSM-07602] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] Failure in WS-Policy Execution due to exception.
[2011-02-01T22:15:23.390-05:00] [WLS_SOA-02] [ERROR] [WSM-07501] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] [arg: security] [arg: agent.function.client] [arg: soa-infra] [arg: null] [arg: http://oracle.webcenter.spaces.internal.view.ws/#wsdl.endpoint(SpacesWebService/SpacesWebServiceSoapHttpPort)] [arg: oracle/wss10_saml_token_with_message_protection_client_policy] [arg: 1] [arg: {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates] Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=soa-infra, composite=null, modelObj=http://oracle.webcenter.spaces.internal.view.ws/#wsdl.endpoint(SpacesWebService/SpacesWebServiceSoapHttpPort), policy=oracle/wss10_saml_token_with_message_protection_client_policy, policyVersion=1, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates.[[
oracle.wsm.common.sdk.WSMException: access denied (oracle.wsm.security.WSIdentityPermission resource=soa-infra assert)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.sendRequest(Wss10SamlWithCertsScenarioExecutor.java:141)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
......

... 81 more
Caused by: java.security.AccessControlException: access denied (oracle.wsm.security.WSIdentityPermission resource=soa-infra assert)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:378)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:438)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:460)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor$1.run(WssSamlTokenProcessor.java:332)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.getUserNameWhenSubjectIgnoredAfterCheckingPermission(WssSamlTokenProcessor.java:330)
... 84 more

Changes

Upgraded to PS2  (11.1.1.3)

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.