Request Membership to Group Space Fails with oracle.wsm.security.WSIdentityPermission Access Denied
(Doc ID 1294755.1)
Last updated on OCTOBER 01, 2022
Applies to:
Oracle WebCenter Portal - Version 11.1.1.3.0 and laterInformation in this document applies to any platform.
Symptoms
Using WebCenter Spaces 11.1.1.3, requesting membership to a group space is not working. The request can be made by the user, the request is then seen by the approver, and the approver can approve/reject, however the actual process does not complete and the user never gains access to the group space.
The user sees an error in their workflow portlet stating there was an error processing their request and to try again.
In the SOA managed servers diagnostic log the following errors are seen:
"...
.
[2011-02-01T22:15:19.542-05:00] [WLS_SOA-02] [ERROR] [] [oracle.webcenter.spaces.ws.client] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] [[
oracle.webcenter.spaces.ws.client.GroupSpaceWSException: javax.naming.NameNotFoundException; remaining name 'SpacesWebServiceEndpoint'
at oracle.webcenter.spaces.ws.client.GroupSpaceWSClient.getWebCenterURLFromConnectionsFile(GroupSpaceWSClient.java:281)
at oracle.webcenter.spaces.ws.client.GroupSpaceWSClient.<init>(GroupSpaceWSClient.java:323)
at orabpel.subscription.ExecLetBxExe1$1SpacesPrivilegedAction.run(ExecLetBxExe1.java:617)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:454)
at orabpel.subscription.ExecLetBxExe1.execute(ExecLetBxExe1.java:656)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELxExecWMP.__executeStatements(BPELxExecWMP.java:42)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:162)
at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2465)
at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1132)
at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:219)
at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:327)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4350)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4281)
at com.collaxa.cube.engine.CubeEngine._callbackPerformer(CubeEngine.java:1322)
at com.collaxa.cube.engine.CubeEngine.callbackPerformer(CubeEngine.java:1253)
at com.collaxa.cube.engine.delivery.DeliveryHelper.callbackPerformer(DeliveryHelper.java:636)
at com.collaxa.cube.engine.delivery.DeliveryService.handleCallback(DeliveryService.java:1027)
at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleCallback(CubeDeliveryBean.java:392)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
.....
]]
.
.
.
[2011-02-01T22:15:23.350-05:00] [WLS_SOA-02] [ERROR] [] [oracle.wsm.resources.security] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>]
[2011-02-01T22:15:23.352-05:00] [WLS_SOA-02] [ERROR] [WSM-00005] [oracle.wsm.resources.security] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] Error in sending the request.
[2011-02-01T22:15:23.368-05:00] [WLS_SOA-02] [ERROR] [WSM-07607] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] [arg: {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates] [arg: oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor] Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.
[2011-02-01T22:15:23.369-05:00] [WLS_SOA-02] [ERROR] [WSM-07602] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] Failure in WS-Policy Execution due to exception.
[2011-02-01T22:15:23.390-05:00] [WLS_SOA-02] [ERROR] [WSM-07501] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: <ECID>] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: <CID>] [composite_instance_id: <CID>] [arg: security] [arg: agent.function.client] [arg: soa-infra] [arg: null] [arg: http://oracle.webcenter.spaces.internal.view.ws/#wsdl.endpoint(SpacesWebService/SpacesWebServiceSoapHttpPort)] [arg: oracle/wss10_saml_token_with_message_protection_client_policy] [arg: 1] [arg: {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates] Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=soa-infra, composite=null, modelObj=http://oracle.webcenter.spaces.internal.view.ws/#wsdl.endpoint(SpacesWebService/SpacesWebServiceSoapHttpPort), policy=oracle/wss10_saml_token_with_message_protection_client_policy, policyVersion=1, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates.[[
oracle.wsm.common.sdk.WSMException: access denied (oracle.wsm.security.WSIdentityPermission resource=soa-infra assert)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.sendRequest(Wss10SamlWithCertsScenarioExecutor.java:141)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
......
... 81 more
Caused by: java.security.AccessControlException: access denied (oracle.wsm.security.WSIdentityPermission resource=soa-infra assert)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:378)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:438)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:460)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor$1.run(WssSamlTokenProcessor.java:332)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.getUserNameWhenSubjectIgnoredAfterCheckingPermission(WssSamlTokenProcessor.java:330)
... 84 more
Changes
Upgraded to PS2 (11.1.1.3)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |