I do development for OIM so I asked my questions at Identitiy Management space initially but didn't get any response, so posting here as I wasn't able to post under Security space. I hope you can lit some light on my issue.
I developed a plugin which runs for OIM on a WebLogic, but the context for OIM shows that user is unauthenticated (anonymous user generated a request for self-registration). All subsequent actions in the system inherit that context. So when in my triggered plugin I try to read a CSF for some credentials, I get Access Exception.
My inquiry of a generic nature as I'd like to know if there is any way to overcome this limitation? My idea is based on the fact that a code (my plugin) runs on WebLogic server so it's kinda verified and should be allowed to read CS. I wonder if I need to do any type of additional configuration for that to happen.
As I'm a novice a little bit to WebLogic, please forgive me if a question looks silly.
Thanks in advance,
You should set a policy permission that grants your code access to the particular credential map in Credential Store (or at finer level - to a particular map and key). You should set a code source permission as explained in the documentation:
Do not forget to wrap your call to Credential Store API in AccessController.doPrivileged().