4 Replies Latest reply: Mar 26, 2013 8:36 AM by 998626 RSS

    Platform.getService

    998626
      Hello forum

      I am trying to get the OIM Service from the Platform class within the OIM runtime context. I wrote a simple class to get the UserManager service and placed it under the <oim_server_home>/server/JavaTasks.

      I dd setup all the classpath entries below,

      /u01/app/oracle/product/fmw/IAM/server/apps/oim.ear/APP-INF/lib/*
      /u01/app/oracle/product/fmw/IAM/server/client/lib/*
      /u01/app/oracle/product/fmw/IAM/server/lib/*
      /u01/app/oracle/product/fmw/IAM/server/JavaTasks/*
      /u01/app/oracle/product/fmw/IAM/server/platform/*
      /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/*
      /u01/app/oracle/product/fmw/oracle_common/modules/oracle.mds_11.1.1/*
      /u01/app/oracle/product/fmw/oracle_common/inventory/Scripts/ext/jlib/*
      /u01/app/oracle/product/fmw/oracle_common/modules/oracle.jrf_11.1.1/*
      /u01/app/oracle/product/fmw/modules/*

      Running the client class with the JNDI specific argument as below,

      java -Djava.security.auth.login.config=/u01/app/oracle/product/IAM/server/config/authwl.conf -DXL.HomeDir=/u01/app/oracle/product/IAM/server -Djava.net.preferIPv4Stack=true -Doracle.security.jps.config=/u01/app/oracle/product/fmw/user_projects/domains/OIMdomain/config/fmwconfig/jps-config-jse.xml -Djava.naming.factory.initial=weblogic.jndi.WLInitialContextFactory -Djava.naming.provider.url=t3://192.168.33.129:14000/oim -Djava.naming.security.principal=xelsysadm -Djava.naming.security.credentials=<Password> -Dweblogic.Name=oim_server1 com.pwc.iam.services.user.UserServiceClient

      But I am getting the EJB Security Exception below, It sounds like the EJB User is not the one I am passing in the arguments but running as an <anonymous> user,

      Exception in thread "Main Thread" javax.ejb.EJBAccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=oim#11.1.2.0.0, module=iam-ejb.jar, ejb=UserManager, method=createx, methodInterface=Remote, signature={oracle.iam.identity.usermgmt.vo.User,java.lang.String}.
      at weblogic.ejb.container.internal.MethodDescriptor.checkMethodPermissionsBusiness(MethodDescriptor.java:581)
      at weblogic.ejb.container.internal.BaseRemoteObject.checkMethodPermissions(BaseRemoteObject.java:111)
      at weblogic.ejb.container.internal.BaseRemoteObject.preInvoke(BaseRemoteObject.java:274)
      at weblogic.ejb.container.internal.StatelessRemoteObject.__WL_preInvoke(StatelessRemoteObject.java:41)
      at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:24)
      at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.createx(Unknown Source)
      at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl_WLSkel.invoke(Unknown Source)
      at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:668)
      at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
      at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:523)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
      at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
      at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:119)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)


      Please help me if you have any suggestions for me to try.

      Regards
      Seetharaman J
        • 1. Re: Platform.getService
          oimcoder
          try this. it may get you a little close

          jndi.properties
          java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
          java.naming.security.credentials=xxxxx
          java.naming.provider.url=t3://localhost:14000
          java.naming.security.principal=xelsysadm
          java.security.auth.login.config=/javalibs/OIM11GR2Client/config/authwl.conf
          xl.HomeDir=/javalibs/OIM11GR2Client

          /javalibs/OIM11GR2Client = the designconsole directory copied from unix

          Class path
          C:\javalibs\OIM11GR2Client\lib>ls
          XellerateClient.jar xlDDM.jar
          iam-platform-auth-client.jar xlDataObjectBeans.jar
          iam-platform-context.jar xlDataObjects.jar
          iam-platform-pluginframework.jar xlFvcUtil.jar
          iam-platform-utils.jar xlGenConnector.jar
          oimclient.jar xlInputPreprocessor.jar
          xlAPI.jar xlRemoteManager.jar
          xlAdapterUtilities.jar xlRequestPreview.jar
          xlAttestation.jar xlScheduler.jar
          xlAuditor.jar xlUtils.jar
          xlBackOfficeBeans.jar xlVO.jar
          xlBackofficeClient.jar xlWSClient.jar
          xlCache.jar xlWSCustomClient.jar
          xlCopyUtil.jar xliGCProviders.jar

          C:\javalibs\OIM11GR2Client\ext>ls
          activation.jar jakarta-oro-2.0.8.jar oscache.jar
          commons-beanutils.jar javagroups-all.jar spring.jar
          commons-collections.jar jhall.jar wlfullclient.jar
          commons-digester.jar jrf-api.jar xalan.jar
          commons-logging.jar log4j-1.2.8.jar
          commons-validator.jar mail.jar

          /*
          * To change this template, choose Tools | Templates
          * and open the template in the editor.
          */

          package org.oimwrapper.api;

          import org.oimwrapper.exceptions.OIMHelperException;
          import Thor.API.Security.XLClientSecurityAssociation;
          import org.oimwrapper.oimutils.WebConfigLoader;
          import com.thortech.xl.client.dataobj.tcDataBaseClient;
          import com.thortech.xl.dataaccess.tcDataProvider;
          import java.util.Hashtable;
          import java.util.Properties;
          import javax.security.auth.login.LoginException;
          import oracle.iam.platform.OIMClient;
          import org.apache.log4j.Logger;

          /**
          *
          */
          public class OIMHelperClient {

          private static OIMClient client;
          private Logger logger = Logger.getLogger(this.getClass().getName());
          private String OIMUserName;
          private String OIMPassword;
          private String OIMURL;
          private String OIMInitialContextFactory;
          private String defaultConfigFile="jndi.properties";

          // sys props
          private String xlHomeDir;
          private String xlAuthLogin;

          private tcDataProvider dataBase;


          public void loginWithCustomEnv() throws OIMHelperException {

          logger.debug("Creating client....");

          if (!validate())
          throw new OIMHelperException("Invalid Connection Args");

          Hashtable env = new Hashtable();


          env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
          OIMInitialContextFactory);
          env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIMURL);
          System.setProperty("XL.HomeDir", xlHomeDir);
          System.setProperty("java.security.auth.login.config",xlAuthLogin);
          System.setProperty("weblogic.MaxMessageSize", "50000000");
          String type = System.getenv("APPSERVER_TYPE");
          logger.debug("APPSERVER_TYPE:" + type);
          if (type == null)
          logger.info("Expect the JRF error unless you add APPSERVER_TYPE to the OS env");
          //System.setProperty("APPSERVER_TYPE", "wls");


          /**
          * Passing environment in constructor disables lookup for environment in
          * setup. In any case, we can always enforce manual environment settings
          * by OIMClient.setLookupEnv(configEnv) method.
          */
          client = new OIMClient(env);
          logger.debug("Logging in");
          try {
          client.login(OIMUserName, OIMPassword.toCharArray());
          XLClientSecurityAssociation.setClientHandle(client);
          } catch (LoginException ex) {
          logger.error("LoginException",ex);
          throw new OIMHelperException("LoginException",ex);
          }
          logger.debug("Log in successful");

          }

          public void loadConfig(String fileName) throws OIMHelperException
          {
          if (fileName == null || fileName.trim().length() == 0)
          fileName = defaultConfigFile;

          WebConfigLoader configLoader = new WebConfigLoader();
          try
          {
          configLoader.getConfig(fileName);
          }
          catch(OIMHelperException ex)
          {
          logger.error("OIMHelperException",ex);
          return;
          }

          Properties props = configLoader.getConfigProps();
          logger.debug(props);
          setOIMInitialContextFactory(props.getProperty("java.naming.factory.initial"));
          setOIMPassword(props.getProperty("java.naming.security.credentials"));
          setOIMURL(props.getProperty("java.naming.provider.url"));
          setOIMUserName(props.getProperty("java.naming.security.principal"));
          setXlHomeDir(props.getProperty("xl.HomeDir"));
          setXlAuthLogin(props.getProperty("java.security.auth.login.config"));

          }

          public void setOIMInitialContextFactory(String OIMInitialContextFactory) {
          this.OIMInitialContextFactory = OIMInitialContextFactory;
          }

          public void setOIMPassword(String OIMPassword) {
          this.OIMPassword = OIMPassword;
          }

          public void setOIMURL(String OIMURL) {
          this.OIMURL = OIMURL;
          }

          public void setOIMUserName(String OIMUserName) {
          this.OIMUserName = OIMUserName;
          }

          public static OIMClient getClient() {
          return client;
          }

          public tcDataProvider getDataBase() {
          if (dataBase == null)
          dataBase = new tcDataBaseClient();
          return dataBase;
          }

          public void setXlHomeDir(String xlHomeDir) {
          this.xlHomeDir = xlHomeDir;
          }

          public void setXlAuthLogin(String xlAuthLogin) {
          this.xlAuthLogin = xlAuthLogin;
          }




          private boolean validate()
          {
          if (OIMPassword == null || OIMPassword.trim().length() == 0)
          return false;
          if (OIMUserName == null || OIMUserName.trim().length() == 0)
          return false;
          if (OIMURL == null || OIMURL.trim().length() == 0)
          return false;
          if (OIMInitialContextFactory == null || OIMInitialContextFactory.trim().length() == 0)
          return false;
          if (xlHomeDir == null || xlHomeDir.trim().length() == 0)
          return false;
          if (xlAuthLogin == null || xlAuthLogin.trim().length() == 0)
          return false;
          return true;
          }



          }
          • 2. Re: Platform.getService
            998626
            Thanks for the reply.

            I am able to get the OIM services from the OIMClient. I tested this and it is working properly.

            The error that I am facing is when I get the service from Platform class getService method without OIMClient object. I am passing all the possible JNDI parameters runtime but it is not passed or used internally when the EJB is invoked. I am not able to figure out if I need to set any config files or jars to set in the classpath to get this working.

            Regards
            Seetharaman J
            • 3. Re: Platform.getService
              Kevin Pinsky
              I don't know the specific terms, but if you aren't running it within the same place where oim is deployed on your app server, you won't be able to use just Platform. You can store credentials in the WebLogic Credential Store and use jps to retrieve your user information to login and get an instance of the client if you have to deploy custom code that requires getting the client instance.

              -Kevin
              • 4. Re: Platform.getService
                998626
                Kevin

                I tried your option, deployed the class as a jar inside the <oim.ear>/APP-INF/lib. I also made the <iam-ejb.jar> folder in class-path for the client class. One thing I noticed is the ejb invocation type is "remote" wherever I run the client class. I still get the same EJB Security Exception. Inside <iam-ejb.jar>/META-INF/ I see the weblogic-ejb-jar.xml with entries related to security, role and principal to run the EJBs, however I am not sure if it is from the classpath while invoking the EJBs.

                Regards
                Seetharaman J