My Oracle Support Banner

OWSM Policy With Permission Class WSFunctionPermission And Filter On Composite Namespace Fails with WSM-00344 (Doc ID 2172745.1)

Last updated on MARCH 21, 2022

Applies to:

Oracle Web Services Manager - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Symptoms

PROBLEM DESCRIPTION
--------------------
While trying to configure policy authorization in SOA BPEL 12.2.1 using the OWSM policies:
oracle/wss_http_token_service_policy and wss_http_token_service_policy
the following error is encountered:

[2016-06-01T18:19:03.420+03:00] [soa_server1] [ERROR] [WSM-00006] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '51' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>]

[ecid: <ECID>] [APP: soa-infra] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: soa-infra] [J2EE_MODULE.name: fabric] [WEBSERVICE.name: <NAME>_client_ep] [WEBSERVICE_PORT.name: <NAME>_pt] [composite_name: <NAME>] [oracle.wsm.policy.name: oracle/binding_permission_authorization_policy] Error in receiving the request: oracle.wsm.security.SecurityException: WSM-00344 : Failed to authorize user request for Subject:[[
Principal: <PRINCIPAL>
Principal: authenticated-role
Principal: anonymous-role
Private Credential: <PRINCIPAL>
Private Credential: Subject:
Principal: <PRINCIPAL>
Private Credential: <PRINCIPAL>

. access denied ("oracle.wsm.security.WSFunctionPermission" "http://xmlns.oracle.com/<context>/<name>_client_ep#process" "invoke").
]]

 

 In the log there is an inconsistency . The resource url ("oracle.wsm.security.WSFunctionPermission" "http://xmlns.oracle.com/<context>/<name>_client_ep#process" "invoke") is not proper. 

On the server, the correct resource name is being displayed (http://xmlns.oracle.com/<context>/<name>_client_ep#processOrder).
The below snapshot shows it is configured correctly, but the log file shows the wrong resource.

 


A new group was created and a new policy was assigned, but issue still persists.

ENVIRONMENT
------------
12.2.1
OS: Oracle Linux 4/Oracle VM
product: SOA BPEL OWSM

STEPS
------
https://blogs.oracle.com/soaproactive/entry/how_to_configure_policy_authorization


Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.