0 Replies Latest reply: Jan 14, 2013 7:47 PM by Snowy RSS

    Unable to use IDM store for user/group lookups

    Snowy
      I encounter the following error when using my deployed ADF application on the Java Cloud Service:
      oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.security.idm.OperationFailureException, msg=javax.naming.CommunicationException: idstores.cloud.oracle.com:3060 [Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission 144.23.173.45:3060 connect,resolve)]
      ...
      Caused by: oracle.security.idm.OperationFailureException: javax.naming.CommunicationException: idstores.cloud.oracle.com:3060 [Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission 144.23.173.45:3060 connect,resolve)]
      ...
      I imagine the security features of Cloud prevents this for obvious reasons, however my application relies on looking at the roles assigned to the logged in user in order to initialise their database session. Below is where my code throws this error:
      String userName = ((SessionImpl)getDBTransaction().getSession()).getUserPrincipalName();
      JpsContextFactory jps = JpsContextFactory.getContextFactory();
      JpsContext jpsContext = jps.getContext();
      IdentityStoreService storeService = jpsContext.getServiceInstance(IdentityStoreService.class);
      IdentityStore identityStore = storeService.getIdmStore();
      User user = identityStore.searchUser(userName);  // This is throwing the error
      My question: is there an alternate API that I can use to:

      a) Get the list of roles assigned to the current user.
      b) Create roles.
      c) Grant/revoke roles from users.

      Because my application creates, grants and revokes roles, they cannot be explicitly defined in the jazn-data.xml file. It's fine that the roles are prefixed with the identity domain.