Request Membership to Group Space Fails with oracle.wsm.security.WSIdentityPermission Access Denied (Doc ID 1294755.1)

Last updated on AUGUST 08, 2016

Applies to:

Oracle WebCenter Portal - Version 11.1.1.3.0 and later
Information in this document applies to any platform.
Checked for relevance on 29-Jul-2014

Symptoms


Using WebCenter Spaces 11.1.1.3, requesting membership to a group space is not working. The request can be made by the user, the request is then seen by the approver, and the approver can approve/reject, however the actual process does not complete and the user never gains access to the group space.

The user sees an error in their workflow portlet stating there was an error processing their request and to try again.

In the SOA managed servers diagnostic log the following errors are seen:

"...
.
[2011-02-01T22:15:19.542-05:00] [WLS_SOA-02] [ERROR] [] [oracle.webcenter.spaces.ws.client] [tid: orabpel.engine.pool-5.thread-3] [ecid: 0000Ir^MlyJ7y0WVLy2VOA1DICd700003_,0:1:0x5f5e100:1:100000004] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: 430001] [composite_instance_id: 430001] [[
oracle.webcenter.spaces.ws.client.GroupSpaceWSException: javax.naming.NameNotFoundException; remaining name 'SpacesWebServiceEndpoint'
at oracle.webcenter.spaces.ws.client.GroupSpaceWSClient.getWebCenterURLFromConnectionsFile(GroupSpaceWSClient.java:281)
at oracle.webcenter.spaces.ws.client.GroupSpaceWSClient.<init>(GroupSpaceWSClient.java:323)
at orabpel.subscription.ExecLetBxExe1$1SpacesPrivilegedAction.run(ExecLetBxExe1.java:617)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:454)
at orabpel.subscription.ExecLetBxExe1.execute(ExecLetBxExe1.java:656)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELxExecWMP.__executeStatements(BPELxExecWMP.java:42)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:162)
at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2465)
at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1132)
at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:219)
at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:327)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4350)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4281)
at com.collaxa.cube.engine.CubeEngine._callbackPerformer(CubeEngine.java:1322)
at com.collaxa.cube.engine.CubeEngine.callbackPerformer(CubeEngine.java:1253)
at com.collaxa.cube.engine.delivery.DeliveryHelper.callbackPerformer(DeliveryHelper.java:636)
at com.collaxa.cube.engine.delivery.DeliveryService.handleCallback(DeliveryService.java:1027)
at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleCallback(CubeDeliveryBean.java:392)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
.....
]]
.
.
.
[2011-02-01T22:15:23.350-05:00] [WLS_SOA-02] [ERROR] [] [oracle.wsm.resources.security] [tid: orabpel.engine.pool-5.thread-3] [ecid: 0000Ir^MlyJ7y0WVLy2VOA1DICd700003_,0:1:0x5f5e100:1:100000004] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: 430001] [composite_instance_id: 430001]
[2011-02-01T22:15:23.352-05:00] [WLS_SOA-02] [ERROR] [WSM-00005] [oracle.wsm.resources.security] [tid: orabpel.engine.pool-5.thread-3] [ecid: 0000Ir^MlyJ7y0WVLy2VOA1DICd700003_,0:1:0x5f5e100:1:100000004] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: 430001] [composite_instance_id: 430001] Error in sending the request.
[2011-02-01T22:15:23.368-05:00] [WLS_SOA-02] [ERROR] [WSM-07607] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: 0000Ir^MlyJ7y0WVLy2VOA1DICd700003_,0:1:0x5f5e100:1:100000004] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: 430001] [composite_instance_id: 430001] [arg: {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates] [arg: oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor] Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.
[2011-02-01T22:15:23.369-05:00] [WLS_SOA-02] [ERROR] [WSM-07602] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: 0000Ir^MlyJ7y0WVLy2VOA1DICd700003_,0:1:0x5f5e100:1:100000004] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: 430001] [composite_instance_id: 430001] Failure in WS-Policy Execution due to exception.
[2011-02-01T22:15:23.390-05:00] [WLS_SOA-02] [ERROR] [WSM-07501] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-5.thread-3] [ecid: 0000Ir^MlyJ7y0WVLy2VOA1DICd700003_,0:1:0x5f5e100:1:100000004] [APP: soa-infra] [composite_name: CommunityWorkflows] [component_name: Subscription] [component_instance_id: 430001] [composite_instance_id: 430001] [arg: security] [arg: agent.function.client] [arg: soa-infra] [arg: null] [arg: http://oracle.webcenter.spaces.internal.view.ws/#wsdl.endpoint(SpacesWebService/SpacesWebServiceSoapHttpPort)] [arg: oracle/wss10_saml_token_with_message_protection_client_policy] [arg: 1] [arg: {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates] Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=soa-infra, composite=null, modelObj=http://oracle.webcenter.spaces.internal.view.ws/#wsdl.endpoint(SpacesWebService/SpacesWebServiceSoapHttpPort), policy=oracle/wss10_saml_token_with_message_protection_client_policy, policyVersion=1, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates.[[
oracle.wsm.common.sdk.WSMException: access denied (oracle.wsm.security.WSIdentityPermission resource=soa-infra assert)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.sendRequest(Wss10SamlWithCertsScenarioExecutor.java:141)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
......

... 81 more
Caused by: java.security.AccessControlException: access denied (oracle.wsm.security.WSIdentityPermission resource=soa-infra assert)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:378)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:438)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:460)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor$1.run(WssSamlTokenProcessor.java:332)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.getUserNameWhenSubjectIgnoredAfterCheckingPermission(WssSamlTokenProcessor.java:330)
... 84 more

Changes

Upgraded to PS2  (11.1.1.3)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms