This discussion is archived
2 Replies Latest reply: Dec 3, 2012 2:00 AM by Erik Janssen RSS

Error while consuming secured portlets

669735 Newbie
Currently Being Moderated
Hi,

We have the following usecase:

- Producer - One taskflow which is given to anonymous role. Converted this task-flow to a portlet.
- Consumer - We need to consume this portlet in another ADF application which is unsecured.

Steps done:

1) Created an ADF application with this taskflow and converted to portlet.
2) Created a consumer application.
3) In the consumer app, created a WSRP connection for this portlet (to register the producer).
- In the "Configure Security Attributes" in the WSRP portlet producer wizard, we have selected the following:
- Token Profile: WSS 1.0 SAML Token with Message Protection
- Configuration: Default
- Default user: anonymous
4) Drag and drop the portlet on the consumer page and run.

With this i am encountering the following exception:

<WsmMessageLogger> <logSevere> Permissionjava.lang.Class required to switch the identity not granted to the resource. access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
<WsmMessageLogger> <logSevere> Error in sending the request.
<WsmMessageLogger> <logSevere> Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.
<WsmMessageLogger> <logSevere> Failure in WS-Policy Execution due to exception.
<WsmLogUtil> <log> Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=MyPortletConsumerApplication, composite=null, modelObj=default-service, policy=oracle/wss10_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates.
oracle.wsm.common.sdk.WSMException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
     at oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.sendRequest(Wss10SamlWithCertsScenarioExecutor.java:142)
     at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:598)
     at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
     at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:666)
     at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:342)
     at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:289)
...
Caused by: oracle.wsm.security.SecurityException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
     at oracle.wsm.security.policy.scenario.util.PermissionUtil.checkIdentityPermission(PermissionUtil.java:83)
     at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.getUserNameWhenSubjectIgnoredAfterCheckingPermission(WssSamlTokenProcessor.java:385)
...
Caused by: java.security.AccessControlException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
     at java.security.AccessController.checkPermission(AccessController.java:546)
     at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:379)
...
<PortletRenderer> <setErrorState> An error has occured for Portlet Binding portlet1.
oracle.fabric.common.PolicyEnforcementException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
     at oracle.fabric.common.AbstractSecurityInterceptor.processResult(AbstractSecurityInterceptor.java:239)
     at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:95)
     at oracle.integration.platform.common.InterceptorChainImpl$1.run(InterceptorChainImpl.java:187)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
......


Also where can i find a proper documentation about portlet security and consuming secured portlets?
  • 1. Re: Error while consuming secured portlets
    869016 Newbie
    Currently Being Moderated
    Hello

    Did you resolved this?

    I've deployed 11.1.1.6.0 and applied patch 14361677.

    I've deployed my portlet to a custom portal and using EM, attached the WSS 1.0 SAML Token with Message Protection Service policy. I registered the WRSP portlet and specified WSS 1.0 SAML Token with Message Protection under the security section.

    The portlet works fine in composer - it's when I save the page that I am finding problems.

    Once I saved the page and try to stress test the portlet (i.e., press the button twice for instance), an error page is displayed indicating a time out.
    If I navigate to another page and return to my page, the portlet does not render.
    When I log out of WebCenter, the exception described in your post is thrown.

    It would be great if Oracle provided documentation we are looking for.
  • 2. Re: Error while consuming secured portlets
    Erik Janssen Pro
    Currently Being Moderated
    Hello folks,

    You may want to post your question in the WebCenter Portal. You have currently posted it in the Oracle Portal forum, which is a different product.

    Thanks,
    EJ

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points