My Oracle Support Banner

OWSM Policy With Permission Class WSFunctionPermission And Filter On Composite Namespace Fails with WSM-00344 (Doc ID 2172745.1)

Last updated on MARCH 21, 2022

Applies to:

Oracle Web Services Manager - Version and later
Information in this document applies to any platform.


While trying to configure policy authorization in SOA BPEL 12.2.1 using the OWSM policies:
oracle/wss_http_token_service_policy and wss_http_token_service_policy
the following error is encountered:

[2016-06-01T18:19:03.420+03:00] [soa_server1] [ERROR] [WSM-00006] [] [tid: [ACTIVE].ExecuteThread: '51' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>]

[ecid: <ECID>] [APP: soa-infra] [partition-name: DOMAIN] [tenant-name: GLOBAL] [ soa-infra] [ fabric] [ <NAME>_client_ep] [ <NAME>_pt] [composite_name: <NAME>] [ oracle/binding_permission_authorization_policy] Error in receiving the request: WSM-00344 : Failed to authorize user request for Subject:[[
Principal: <PRINCIPAL>
Principal: authenticated-role
Principal: anonymous-role
Private Credential: <PRINCIPAL>
Private Credential: Subject:
Principal: <PRINCIPAL>
Private Credential: <PRINCIPAL>

. access denied ("" "<context>/<name>_client_ep#process" "invoke").


 In the log there is an inconsistency . The resource url ("" "<context>/<name>_client_ep#process" "invoke") is not proper. 

On the server, the correct resource name is being displayed (<context>/<name>_client_ep#processOrder).
The below snapshot shows it is configured correctly, but the log file shows the wrong resource.


A new group was created and a new policy was assigned, but issue still persists.

OS: Oracle Linux 4/Oracle VM
product: SOA BPEL OWSM



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.