2 Replies Latest reply: Dec 3, 2012 4:00 AM by Erik Janssen-Oracle RSS

    Error while consuming secured portlets

    669735
      Hi,

      We have the following usecase:

      - Producer - One taskflow which is given to anonymous role. Converted this task-flow to a portlet.
      - Consumer - We need to consume this portlet in another ADF application which is unsecured.

      Steps done:

      1) Created an ADF application with this taskflow and converted to portlet.
      2) Created a consumer application.
      3) In the consumer app, created a WSRP connection for this portlet (to register the producer).
      - In the "Configure Security Attributes" in the WSRP portlet producer wizard, we have selected the following:
      - Token Profile: WSS 1.0 SAML Token with Message Protection
      - Configuration: Default
      - Default user: anonymous
      4) Drag and drop the portlet on the consumer page and run.

      With this i am encountering the following exception:

      <WsmMessageLogger> <logSevere> Permissionjava.lang.Class required to switch the identity not granted to the resource. access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
      <WsmMessageLogger> <logSevere> Error in sending the request.
      <WsmMessageLogger> <logSevere> Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.
      <WsmMessageLogger> <logSevere> Failure in WS-Policy Execution due to exception.
      <WsmLogUtil> <log> Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=MyPortletConsumerApplication, composite=null, modelObj=default-service, policy=oracle/wss10_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates.
      oracle.wsm.common.sdk.WSMException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
           at oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.sendRequest(Wss10SamlWithCertsScenarioExecutor.java:142)
           at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:598)
           at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
           at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:666)
           at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:342)
           at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:289)
      ...
      Caused by: oracle.wsm.security.SecurityException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
           at oracle.wsm.security.policy.scenario.util.PermissionUtil.checkIdentityPermission(PermissionUtil.java:83)
           at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.getUserNameWhenSubjectIgnoredAfterCheckingPermission(WssSamlTokenProcessor.java:385)
      ...
      Caused by: java.security.AccessControlException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
           at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
           at java.security.AccessController.checkPermission(AccessController.java:546)
           at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:379)
      ...
      <PortletRenderer> <setErrorState> An error has occured for Portlet Binding portlet1.
      oracle.fabric.common.PolicyEnforcementException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
           at oracle.fabric.common.AbstractSecurityInterceptor.processResult(AbstractSecurityInterceptor.java:239)
           at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:95)
           at oracle.integration.platform.common.InterceptorChainImpl$1.run(InterceptorChainImpl.java:187)
           at java.security.AccessController.doPrivileged(Native Method)
           at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
      ......


      Also where can i find a proper documentation about portlet security and consuming secured portlets?
        • 1. Re: Error while consuming secured portlets
          869016
          Hello

          Did you resolved this?

          I've deployed 11.1.1.6.0 and applied patch 14361677.

          I've deployed my portlet to a custom portal and using EM, attached the WSS 1.0 SAML Token with Message Protection Service policy. I registered the WRSP portlet and specified WSS 1.0 SAML Token with Message Protection under the security section.

          The portlet works fine in composer - it's when I save the page that I am finding problems.

          Once I saved the page and try to stress test the portlet (i.e., press the button twice for instance), an error page is displayed indicating a time out.
          If I navigate to another page and return to my page, the portlet does not render.
          When I log out of WebCenter, the exception described in your post is thrown.

          It would be great if Oracle provided documentation we are looking for.
          • 2. Re: Error while consuming secured portlets
            Erik Janssen-Oracle
            Hello folks,

            You may want to post your question in the WebCenter Portal. You have currently posted it in the Oracle Portal forum, which is a different product.

            Thanks,
            EJ