OWSM Policy With Permission Class WSFunctionPermission And Filter On Composite Namespace Fails with WSM-00344

(Doc ID 2172745.1)

Last updated on AUGUST 18, 2016

Applies to:

Oracle Web Services Manager - Version and later
Information in this document applies to any platform.


While trying to configure policy authorization in SOA BPEL 12.2.1 using the OWSM policies:
oracle/wss_http_token_service_policy and wss_http_token_service_policy
the following error is encountered:

[2016-06-01T18:19:03.420+03:00] [soa_server1] [ERROR] [WSM-00006] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '51' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87616eab-f469-4e16-9072-173a48a1cfb5-000008f8,0] [APP: soa-infra] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: soa-infra] [J2EE_MODULE.name: fabric] [WEBSERVICE.name: sf2oa_utilservices_client_ep] [WEBSERVICE_PORT.name: sf2oa_UtilServices_pt] [composite_name: sf2oa_UtilServices] [oracle.wsm.policy.name: oracle/binding_permission_authorization_policy] Error in receiving the request: oracle.wsm.security.SecurityException: WSM-00344 : Failed to authorize user request for Subject:[[
Principal: Sf_SOA_None
Principal: authenticated-role
Principal: anonymous-role
Private Credential: Sf_SOA_None
Private Credential: Subject:
Principal: Sf_SOA_None
Private Credential: Sf_SOA_None

. access denied ("oracle.wsm.security.WSFunctionPermission" "http://xmlns.oracle.com/sf2oa_UtilServices/sf2oa_UtilServices/sf2oa_UtilServices/sf2oa_utilservices_client_ep#process" "invoke").



In the log there is an inconsistency . The resource url ("oracle.wsm.security.WSFunctionPermission" "http://xmlns.oracle.com/sf2oa_UtilServices/sf2oa_UtilServices/sf2oa_UtilServices/sf2oa_utilservices_client_ep#process" "invoke") is not proper.  On the server, the correct resource name is being displayed (http://xmlns.oracle.com/sf2oa_UtilServices/sf2oa_UtilServices/sf2oa_UtilServices/sf2oa_utilservices_client_ep#processOrder).
The below snapshot shows it is configured correctly, but the log file shows the wrong resource.

A new group was created and a new policy was assigned, but issue still persists.

OS: Oracle Linux 4/Oracle VM
product: SOA BPEL OWSM



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms