6 Replies Latest reply: May 16, 2013 4:22 AM by murgir_jhol RSS

    Reading credential files store keys inside a BPEL process

    murgir_jhol
      Hi,
      Is it possible to read the values from the credential file store inside a BPEL process? I want a design a BPEL process which will be able to take a key, read the corresponding value from the CRF and return it to the caller.

      I took a look at the documentation where it says that the system-jazn-data.xml file has to be updated with an entry like below :-
      <jazn-policy>
      >> <grant>
      >> <grantee>
      >> <principals>...</principals>
      >><!-- This is the location of the jar -->
      >> <!-- as loaded with the run-time -->
      >> <codesource>
      >> <url>file:${oracle.deployed.app.dir}/<MyApp>${oracle.deployed.app.ext}</url>
      >> </codesource>
      >> </grantee>
      >> <permissions>
      >><permission>
      >><class>oracle.security.jps.service.credstore.
      >> CredentialAccessPermission</class>
      >><name>context=SYSTEM,mapName=myMap,keyName=myKey</name>
      >><!-- All actions are granted -->
      >><actions>*</actions>
      >></permission>
      >></permissions>
      >></grant>
      </jazn-policy>
      Now if I use a java embedding activity (embedding the code as described in the documentation) inside the BPEL to read the key values, what should the proper value be for the <codesource> tag above? Or is there any other way using which I can read the values from CSF?

      Any help is much appreciated.
      Cheers,
      Rahul

      Edited by: user11930797 on Jan 24, 2013 1:13 AM
        • 1. Re: Reading credential files store keys inside a BPEL process
          murgir_jhol
          Hi,
          After doing some research on the internet, I tried the following approach :-

          1.Uploaded my jar file that contains the code for reading the key as described in the documentation (http://docs.oracle.com/cd/E17904_01/core.1111/e10043/devcsf.htm#BABEADIA) to the directory ORACLE_HOME/ORACLE_SOA1/soa/modules/oracle.soa.ext_11.1.1. Following is the relevant portion of the java code :-
          public String getPwd() {
          String s="ppp";
          try{
          GenericCredential gc = null;
          JpsContextFactory ctxFactory=JpsContextFactory.getContextFactory();
          JpsContext ctx = ctxFactory.getContext();
          CredentialStore store =
          ctx.getServiceInstance(CredentialStore.class);
          gc=(GenericCredential)store.getCredential("MyDearestKeyStore","likeICare");
          System.out.println(gc.getCredential());
          s=(String)gc.getCredential();
          }catch(Exception e){
          e.printStackTrace();
          }
          return s;
          //return "h";
          }
          2. Invoked the code from a BPEL java embedding activity. I did not include the particular jar inside my <<AppHome>>/SCA-INF/lib to ensure the uploaded jar in the ORACLE_HOME/ORACLE_SOA1/soa/modules/oracle.soa.ext_11.1.1 is used.The embedding activity is calling the jar perfectly fine

          3. . I configured the system-jazn-data.xml file and rebooted the server. Following is the chunk that I added :-

          <jazn-data>
          .......
          .......
          .......
          <system-policy>
          ......
          <admin-policy>
          .........
          .......
          <jazn-policy>
          <grant>
          >> <grantee>
          >> <codesource>
          <url>file:${soa.oracle.home}/soa/modules/oracle.soa.ext_11.1.1/-</url>
          </codesource>
          </grantee>
          <permissions>
          <permission>
          <class>oracle.security.jps.service.credstore.CredentialAccessPermission</class>
          >> <name>context=SYSTEM,mapName=MyDearestKeyStore,keyName=likeICare</name>
          >> <actions>*</actions>
          >> </permission>
          >> </permissions>
          >> </grant>
               </jazn-policy>
          </admin-policy>
          </system-policy>
          </jazn-data>
          I added it under the system grants section as depicted above. I have configured a generic key. But when I test, I am getting the exception :-


          java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermissi
          d)
          at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
          at java.security.AccessController.checkPermission(AccessController.java:546)
          at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
          at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
          at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
          at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:643)
          at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:430)
          at com.bpm.deals.identity.utils.DealsBPMIdentityUtil.getPwd(DealsBPMIdentityUtil.java:256)
          at orabpel.bpelprocess1.ExecLetBxExe0.execute(ExecLetBxExe0.java:71)
          at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELxExecWMP.__executeStatements(BPELxExecWMP.java:42)
          at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:166)
          at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2687)
          at com.collaxa.cube.engine.CubeEngine._handleWorkItem(CubeEngine.java:1190)
          at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1093)
          at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandle
          at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:218)
          at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:297)
          at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4609)
          at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4540)
          at com.collaxa.cube.engine.CubeEngine._createAndInvoke(CubeEngine.java:713)
          at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:560)
          at com.collaxa.cube.engine.ejb.impl.CubeEngineBean.createAndInvoke(CubeEngineBean.java:103)
          at com.collaxa.cube.engine.ejb.impl.CubeEngineBean.syncCreateAndInvokeParticipate(CubeEngineBean.java:181)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.jav
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(Reflect
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.oracle.pitchfork.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationConte
          at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:113)
          at java.security.AccessController.doPrivileged(Native Method)
          at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
          at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
          at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:100)
          at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:154)
          at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:113)
          at sun.reflect.GeneratedMethodAccessor1176.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.jav
          at com.oracle.pitchfork.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:68)
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(Delegati
          at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingI
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
          at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallb
          at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocat
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(Delegati
          at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingI
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:
          at $Proxy303.syncCreateAndInvokeParticipate(Unknown Source)
          at com.collaxa.cube.engine.ejb.impl.bpel.BPELEngineBean_51369e_ICubeEngineLocalBeanImpl.__WL_invoke(Unknown
          at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
          at com.collaxa.cube.engine.ejb.impl.bpel.BPELEngineBean_51369e_ICubeEngineLocalBeanImpl.syncCreateAndInvoke
          at com.collaxa.cube.engine.delivery.DeliveryHandler.callCreateAndInvoke(DeliveryHandler.java:911)
          at com.collaxa.cube.engine.delivery.DeliveryHandler.initialRequestAnyType(DeliveryHandler.java:628)
          at com.collaxa.cube.engine.delivery.DeliveryHandler.initialRequest(DeliveryHandler.java:562)
          at com.collaxa.cube.engine.delivery.DeliveryHandler.request(DeliveryHandler.java:235)
          at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.request(CubeDeliveryBean.java:494)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.jav
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(Reflect
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.oracle.pitchfork.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationConte
          at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:113)
          at java.security.AccessController.doPrivileged(Native Method)
          at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
          at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
          at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:100)
          at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:154)
          at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:113)
          at sun.reflect.GeneratedMethodAccessor1176.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.jav
          at com.oracle.pitchfork.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:68)
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(Delegati
          at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingI
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
          at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallb
          at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocat
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(Delegati
          at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingI
          at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMetho
          at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:
          at $Proxy299.request(Unknown Source)
          at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unk
          at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
          at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.request(Unknown
          at oracle.fabric.CubeServiceEngine.request(CubeServiceEngine.java:400)
          at oracle.integration.platform.blocks.mesh.SynchronousMessageHandler.doRequest(SynchronousMessageHandler.ja
          at oracle.integration.platform.blocks.mesh.MessageRouter.request(MessageRouter.java:182)
          at oracle.integration.platform.blocks.mesh.MeshImpl.request(MeshImpl.java:154)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149
          at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:59)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
          at $Proxy317.request(Unknown Source)
          at oracle.integration.platform.blocks.soap.WebServiceEntryBindingComponent.doMessageProcessing(WebServiceEn
          at oracle.integration.platform.blocks.soap.WebServiceEntryBindingComponent.processIncomingMessage(WebServic
          at oracle.integration.platform.blocks.soap.FabricProvider.processMessage(FabricProvider.java:113)
          at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1187)
          at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1112)
          at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:581)
          at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:233)
          at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:193)
          at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:485)
          at oracle.integration.platform.blocks.soap.FabricProviderServlet.doPost(FabricProviderServlet.java:528)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
          at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
          at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
          at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
          at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
          at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
          at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
          at java.security.AccessController.doPrivileged(Native Method)
          at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
          at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
          at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
          at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
          at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
          at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
          at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
          at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
          at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java
          at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:369
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
          at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
          at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
          at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
          at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
          at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

          Is there any step that I am missing?
          Cheers,
          Rahul
          • 2. Re: Reading credential files store keys inside a BPEL process
            murgir_jhol
            An update. Now I am using the following java class for retrieving the key from CSF :-
            public class TestCsf
            {
            >> public String getPwd() {
            >> String s="default";
            >> try{
            >> GenericCredential gc = null;
            >> JpsContextFactory ctxFactory=JpsContextFactory.getContextFactory();
            >> JpsContext ctx = ctxFactory.getContext();
            >> CredentialStore store =
            >> ctx.getServiceInstance(CredentialStore.class);
            >> gc=(GenericCredential)store.getCredential("MyDearestKeyStore","likeICare");
            >>System.out.println(gc.getCredential());
            s=(String)gc.getCredential();
            >> }catch(Exception e){
            >> e.printStackTrace();
            >> }
            >> return s;
            }
            >> public String getPassword(){
            >> String p="";
            >> AccessController.doPrivileged(new PrivilegedAction<String>(){
            public String run(){
            >> String p=getPwd();
            >> return p;
            >> }
            >>
            >> });
            return p;
            }


            }
            Inside my BPEL process, I am calling the java code inside a java embedding activity like this :-
            TestCsf t=new TestCsf();
            String p=t.getPassword();
            addAuditTrailEntry(p);
            But I am still getting the same exception as mentioned earlier :( .
            Cheers,
            Rahul
            • 3. Re: Reading credential files store keys inside a BPEL process
              murgir_jhol
              Yahoo!!I have got it working at last! I award myself 10 points for solving it :)! There were two issues :-

              1. My initial java code was not correct.
              2. I had forgotten to remove the jar file from <<apphome>>/SCA-INF/lib; as a result, the BPEL java embedding code was referring to my library code rather than the uploaded jar under the oracle.soa.ext_11.1.1 folder.

              Cheers,
              Rahul
              • 4. Re: Reading credential files store keys inside a BPEL process
                903835
                Can you please post your solution, I am having the same requierments
                • 5. Re: Reading credential files store keys inside a BPEL process
                  user13059242
                  Hey Rahul,

                  I am also trying to achieve the same solution exactly like your, but no luck so far. It would be very great if you could explain something from your solution.

                  You said that you have removed the jar file from <<apphome>>/SCA-INF/lib and added the same JAR file under the oracle.soa.ext_11.1.1 folder. But how can you compile the BPEL process if you are not including the jar file in <<apphome>>/SCA-INF/lib. I couldn't compile the project unless I add the jar file in that <<apphome>>/SCA-INF/lib folder. Can you please explain how did you manage to compile and deploy the composite?

                  In other words, how did you import the jar file inside your BPEL process, which is in oracle.soa.ext_11.1.1 folder? Your help will be greatly appreciated as I stuck with this issue past 3+ days.

                  Regards
                  log
                  • 6. Re: Reading credential files store keys inside a BPEL process
                    murgir_jhol
                    Hi,
                    By removing the JAR, I meant I built the project and from the SAR file, I deleted the particular jar. I am planning to post the solution in a blog. Please bear with me till that time. I will share the link here once it is complete.
                    Thanks,
                    Rahul