OWSM Policy With Permission Class WSFunctionPermission And Filter On Composite Namespace Fails with WSM-00344
(Doc ID 2172745.1)
Last updated on MARCH 21, 2022
Applies to:
Oracle Web Services Manager - Version 12.2.1.0.0 and laterInformation in this document applies to any platform.
Symptoms
PROBLEM DESCRIPTION
--------------------
While trying to configure policy authorization in SOA BPEL 12.2.1 using the OWSM policies:
oracle/wss_http_token_service_policy and wss_http_token_service_policy
the following error is encountered:
[2016-06-01T18:19:03.420+03:00] [soa_server1] [ERROR] [WSM-00006] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '51' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>]
[ecid: <ECID>] [APP: soa-infra] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: soa-infra] [J2EE_MODULE.name: fabric] [WEBSERVICE.name: <NAME>_client_ep] [WEBSERVICE_PORT.name: <NAME>_pt] [composite_name: <NAME>] [oracle.wsm.policy.name: oracle/binding_permission_authorization_policy] Error in receiving the request: oracle.wsm.security.SecurityException: WSM-00344 : Failed to authorize user request for Subject:[[
Principal: <PRINCIPAL>
Principal: authenticated-role
Principal: anonymous-role
Private Credential: <PRINCIPAL>
Private Credential: Subject:
Principal: <PRINCIPAL>
Private Credential: <PRINCIPAL>
. access denied ("oracle.wsm.security.WSFunctionPermission" "http://xmlns.oracle.com/<context>/<name>_client_ep#process" "invoke").
]]
In the log there is an inconsistency . The resource url ("oracle.wsm.security.WSFunctionPermission" "http://xmlns.oracle.com/<context>/<name>_client_ep#process" "invoke") is not proper.
On the server, the correct resource name is being displayed (http://xmlns.oracle.com/<context>/<name>_client_ep#processOrder).
The below snapshot shows it is configured correctly, but the log file shows the wrong resource.
A new group was created and a new policy was assigned, but issue still persists.
ENVIRONMENT
------------
12.2.1
OS: Oracle Linux 4/Oracle VM
product: SOA BPEL OWSM
STEPS
------
https://blogs.oracle.com/soaproactive/entry/how_to_configure_policy_authorization
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |