Why am I writing this Article
My intention is to give new users a quick and dirty intro to OES. This whole procedure took about 7 minutes for me. This article shows you how to write a simple authorization policy and invoke authorization decisions from a Java application. Check out my video recordings which show these procedures in greater detail.
BTW, I will not be covering OES concepts in this article; it will be a blog post for another day.
Overview
Before running Hello OES World, you should have completed installation and setup of OES. This procedure will involve lot of mouse clicks in the UI, so it might be easier to understand the procedure by watching a video recording of the steps. Overview of tasks:
- Use installation worksheet to refer to old values that you filled in as part of installation and use Hello OES World Worksheet to record sample values that will be filling in now
- The procedure here is a continuation of Install steps
- Create a sample authorization policy
- Create a Java SM instance (i.e. SM configuration)
- Write a sample Java App
- Build and run the sample Java App
- Modify the policy and verify that authorization decision changes accordingly
Creating OES Administration Policies
Let us create an authorization policy which gives a simple permit. This policy gives user weblogic privilege to perform write on MyResource. I choose user weblogic because it is automatically created as part of installing WebLogic. I will have another blog post about how to wire an identity store to OES. MyResource is the object/server/business process which you are trying to protect. High level steps:
- Log into OES Admin
- Create a new Application
- Create a new Resource Type
- Create a new Resource under the Resource Type
- Create a new Authorization Policy
- Define a new Security Module (SM) in OES Admin UI (this is just SM definition, we will create a real one later)
- Bind the application to previously created SM. SM definition is similar to a cluster definition. Just as you bind different applications to a cluster, you can bind applications to an SM
- Distribute policy changes
Let’s dive into the actual procedure
- If you need to start OES Admin, CD to “Oracle-Home/Middleware/user_projects/domain/oes_admin” and run “./startWeblogic.sh”
- Log into OES Admin UI (for e.g. http://OES-admin-host:7001/apm).
- Click on “Create – Application”
- Fill-in “HelloOESworld” for Display Name and Name. Then click “Save”
- Go to “HelloOESworld” tab on the top and click on “x” to close it
- You will see the dashboard show below. We will be using this dashboard for rest of the procedure
- Click on “Resource Type – New”
- For Display Name and Name fill-in “MyResourceType”
- To add actions, click on “New”
- Type “write” and click on “Save” on the pop up
- Click on “Save” on the top right
- Click on “x” on the tab MyResourceType
- You should see the main dashboard. Click on “Resources – New”
- Fill-in “MyResource” for Name and Display Name and click on Save
- Go to tab “MyResource” and click on “x”
- You will see the main dashboard. Click on “Authorization Policies – New”
- Fill-in “MyAuthorizationPolicy” for Name and Display Name
- Click on “+” next to Principals
- On the pop-up, click on “Users”
- Click on Search
- Click on weblogic and click on “Add Selected”
- Click on “Add Principals”
- Click on “+” next to targets
- Click on Resources tab
- Click on Search
- You will see only one resource, click on “Add all”
- Click on Add Targets
- Click on triangle left of “MyResource”, it will show you all the actions defined for this resource
- Click on “write” (you may have to move the scroll bar down to see the actions)
- Click on Save
- Click “x” on MyAuthorizationPolicy tab and close it
- We have created the required policy, next we need to define an SM. Click on “System Configuration” tab on the top.
- Fill-in “Sample-SM” for Name and Display Name, then click Save
- Now that we have defined an SM, we need to bind our application to this SM. Click on “+ Add”
- Click on Search (it is the Blue round button with a triangle on it)
- Select your application and click on “Add”
- Click on “Authorization Management” tab on the top left
- Click on the triangle left of Application (this is in the left frame)
- Double click on your application
- Click on Policy Distribution Tab
- Click on “Sample-SM”, then click on “Distribute”
- Click on Refresh, until Synced column is empty
We are done with creating policy, next we need to create an SM instance and run our sample app.
Creating an SM Instance
This procedure is also called as “Configuring SM”.
- Log into the machine where you installed OES SM
- CD to Oracle-Home/Middleware/oes_client/oessm/SMConfigTool
- Copy file smconfig.java.controlled.prp to my.prp
- Open my.prp in an editor
- Fill-in the OES Admin hostname for RegistrationServerHost “oracle.security.jps.runtime.pd.client.RegistrationServerHost=localhost”
- Fill-in the OES Admin SSL port number (this is one higher than regular http port number) for RegistrationServerPort “oracle.security.jps.runtime.pd.client.RegistrationServerPort=7002”
- Save and close the file
- CD to Oracle-Home/Middleware/oes_client/oessm/bin and run “./config.sh –smConfigId Sample-SM –prpFileName ../SMConfigTool/my.prp”
- At prompt “Enter password for key store”, fill in the new password you want to use for encrypting local keystore.
- Give OES Admin Server user name and password (you filled these values while creating OES Admin Server domain during “Configuring OES Administration Console” of the installation procedure)
- CD to Oracle-Home/Middleware/oes_client/oes_sm_instances
- Run “ls”, you should find the SM instance directory Sample-SM
- CD to Sample-SM
- Create HelloOESworld.java (you can find source here)
- Set JAVA_HOME and PATH based on your JVM location
- Set your Classpath to include “Oracle-Home/Middleware/oes_client/modules/oracle.oes.sm_11.1.1/oes-client.jar”
- Export Classpath
- To compile the sample run “javac HelloOESworld.java”.
- Run the program “java -Doracle.security.jps.config=Your-SM-Instance-dir/config/jps-config.xml HelloOESworld”
- The very first time you start an SM, you will see “deny” while the policy cache warms up. From then onwards, you will see the correct authorization response. Keep the sample running
- Modify the authorization policy to take away the grant and then distribute the policy
- You will see in the application window that authorization decision has changed accordingly.
Subbu, This is a great OES guide. You literally saved hours of time for my team who earlier had no clue about configuring and connecting to our OES servers.
You are welcomed !
Subbu,
This is a great post and the step by step instructions were really helpful.
I created a Java Security Module the way you explained and was able to distribute policy to the SM and view the access decisions.
However, I need to create a Webservice Security Module. I have setup the SM and pushed the policies from the PAP to the SM. I started the SM using the script file startWSServer.sh
Now, I am trying to access the Webservices using SOAPUI. I am able to discover the Authorization service using the ServiceRegistry (http://host:port/ServiceRegistry). However, I am not able to use the isAccessAllowed operation of the Authorization server. The problems that I have is that I am not sure about what values need to be provided for the following tags –
Any help would be highly appreciated. Thanks.
The tags for which I need help are below. The tags have mysteriously disappeard from my prev. post.
ssm:IdentityAssertion
ssm:RuntimeResource – ssm:AuthorityName
ssm:AppContext
ssm:AtzDirection
Karthik,
Thanks for your complements!
OES 11g offers two forms of Web Services.
1) Proprietary interface
2) Standards based XACML request/response interface
The proprietary interface is mainly for backward compatibility with older versions of OES and sometimes it is used under the covers for OES internal use.
Customers who want to make direct (raw) Web Services requests are encouraged to use XACML request/response. The obvious benefit is that your applications will use standards based mechanisms and so have better interoperability.
“isAccessAllowed” is part of the proprietary interface, what you have to use is XACML request/response. I will post an article this week about how to use XACML request/response with OES.
Bye,
Subbu Devulapalli
[…] In the Hello OES World, you saw how to write a simple Java SE app to call OpenAz PEP Decision API. Now let us take a step […]
[…] which invokes authorizations. As you can see the code here is very similar to what we had used for Hello OES World. Also we will reuse the policies for part 1. OES strives to provide you with a simple OOTB […]
[…] Before executing these steps make sure that you have completed Hello OES World. […]
[…] into this problem, contact Oracle support for a patch. To keep things simple, let us use Java SM (Hello OES World) to get started. Run the Hello OES World Java SM application and make sure that you see a Permit. […]
Hello Subbu
i was trying to run the HelloOESworld.java example, according your instructions, i followed all the steps on APM and configure a Java SM, and in the compile step, running “javac HelloOESworld.java” I need to know, beside to include “Oracle-Home/Middleware/oes_client/modules/oracle.oes.sm_11.1.1/oes-client.jar” to Class path, what another jar’s i need to add to compile successfully?
thanks
Romina
Hi Romina,
oes-client.jar should be sufficient. When running the application remember to include the directory which includes HelloOESworld.class file
Bye,
Subbu Devulapalli
Hi,
First of all thanks for your valuable information about OES. well, i followed every step for this helloworld example but at stage # CD to Oracle-Home/Middleware/oes_client/oessm/bin and run “./config.sh –smConfigId Sample-SM –prpFileName ../SMConfigTool/my.prp” i got an error saying value missing or corrupt -smCofigID.
PLEASE share the reason behind this.
would like to tell you that i had made chages to my.prp host name and port address…… still getting that message……..
Thanks in advance !!!!!
I am happy to know that you found this blog useful.
You need to watch out for character substitutions. WordPress blogging software, MS-word substitute characters like ” and – with different ones. I think you picked up some special character. Can you type the full command by hand (do not copy-paste) and see if it makes a difference
Thanks for reply.
well at CD to Oracle-Home/Middleware/oes_client/oessm/bin and run “./config.sh –smConfigId Sample-SM –prpFileName ../SMConfigTool/my.prp”
It says that …./oracle.jps-11.11/client-config/jps-config-jse.xml is not found…. i also found that even client-config folder was also not created by default .. please share your view about the reason behind this file and their creation…
Thanks in advance !!!!!1
Hi Prem
can you do a find for file “jps-config-jse.xml” in directory Oracle/Middleware , you should see the following files
./oes_client/modules/oracle.jps_11.1.1/client_config/jps-config-jse.xml
./user_projects/domains/oes_admin/config/fmwconfig/jps-config-jse.xml
./oracle_common/modules/oracle.jps_11.1.1/domain_config/jps-config-jse.xml
what do you see ?
Bye,
Subbu Devulapalli
Hi, while Configuring Java Security Module in a Controlled Mode .
at time of running 2.Run the config.sh (Located at OES_CLIENT_HOME/oessm/bin on UNIX) or config.cmd (Located at OES_CLIENT_HOME\oessm\bin on Windows) as follows:
, we got an Exception in thread “main” java.io.FileNotFoundException: /home/labuser/Oracle/Middleware/Oracle_IDM1/modules/oracle.jps_11.1.1/client_config/jps-config-jse.xml (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.(FileInputStream.java:106)
at oracle.security.oes.tools.Util.copyFile(Util.java:451)
at oracle.security.oes.tools.SMDirectoryTool.configJpsConfigFiles(SMDirectoryTool.java:142)
at oracle.security.oes.tools.SMDirectoryTool.createOESSMDirectoryAndFiles(SMDirectoryTool.java:99)
at oracle.security.oes.tools.SMConfigTool.run(SMConfigTool.java:316)
at oracle.security.oes.tools.SMConfigTool.main(SMConfigTool.java:301)
,please help me to figure out root cause of the exception and how to sort such error in OES……. thanks !!!!!!
Hi Prem,
I think this problem is related to your earlier exception. Just curious, what OS/Platform are you using. I think first you need to make sure that your installation is fine. Then we can debug further. Also did you see any error when starting up OES Admin
BTW, if you open SR (Oracle trouble ticket), a support engineer will talk to you over the phone and provide assistance.
Bye,
Subbu Devulapalli
Hi
I was facing same issue and we have resolved the issue after I Opened a SR.But after deleting the SM-Sample and when I was trying to recreate the instance,I faced same issue.
Config command didn’t work successfully.Make sure you run the command and “Enrolment Got Successful”.
Advice : Please do not use Windows platform ( even it is not certified such as Windows XP , Windows 7 ), but we have successfully completed this steps in Windows XP ).
Use Linux and/or supported OS ( Set CLASS-PATH, Set PATH, set JAVA_HOME ) .In Linux this are pretty cool and In windows
Question to Subbu :
Subbu: I would like to integrate OES with Web Center Consumer Application, Can you please let me know , what will be High level step to do it
#Install and Configure OES Admin console
# Create a SM-instance
# Create Application , Resource, Resource,Authorization Policies
# How to enforce the Authorization policies on Consumer Application (at
object level )? Let say A user belong to London and he has access to
specific service/application at his Iphone, when he is a roaming user as we
will change the content dynamically,he will not have access on that
application )?
Hi subbu…
Thanks very much for your timely response….
while ….
javac HelloOESworld.java
———-
1. ERROR in HelloOESworld.java (at line 2)
import com.bea.security.*;
^^^
The import com cannot be resolved
———-
2. ERROR in HelloOESworld.java (at line 3)
import weblogic.security.principal.*;
^^^^^^^^
The import weblogic cannot be resolved
———-
3. ERROR in HelloOESworld.java (at line 6)
import oracle.security.jps.openaz.pep.*;
^^^^^^
The import oracle cannot be resolved
———-
4. ERROR in HelloOESworld.java (at line 7)
import org.openliberty.openaz.azapi.pep.*;
^^^^^^^^^^^^^^^
The import org.openliberty cannot be resolved
———-
5. ERROR in HelloOESworld.java (at line 16)
Principal p = new WLSUserImpl(“weblogic”);
well, i read your response to Romania……
but still not able to sort out the problem….
Looking for your valuable guidance…….
Prem,
most likely you forgot to export classpath. Can you please double check.
Bye,
Subbu Devulapalli
Hi,
when i unzip oes-client.jar i found only MANIFEST.MF file….. for such issue….. where was one wrong..and what one should do ?
Hi subbhu,
Please elaborate more about oes-client.jar ,do we need to change the classpath appeared in the MANIFEST.MF file TO run this java application on LINUX server. i am trying to sort out this problem , but all in vain…. looking for your valuable guidance…
thanks in advance …
Prem,
you should leave oes-client.jar as it is. If future, contents of this file might change. As I said earlier, you probably forgot to export the classpath.
Bye,
Subbu Devulapalli
Hi ,
Please don’t open the manifest file. Including oes-client.jar in classpath should address the issue. Looks like for some reason JVM is unable to find oes-client.jar file
Bye,
Subbu
Prem
I have recently resolved the issue
1.Please add your HelloOESworld.class folder in your CLASSPATH
2. Set JAVA_HOME=C:\…\jdk160_26 NOT jdk\bin
The problem will 100% Resolve
and Run
java -Doracle.security.jps.config=”Your-SM-Instance-dir/config/jps-config.xml” HelloOESworld
Try with
java -classpath -Doracle.security.jps.config=”Your-SM-Instance-dir/config/jps-config.xml” HelloOESworld
[…] of policy modeling. Before you start please make sure that you have run Java SM example described here. WebLogic SM is different from Java, Web Services and RMI SMs because multiple applications can […]
[…] authorization policies. This article is not for the faint hearted. If you are new to OES try Hello OES World. I will presume that you already know how to create basic OES policy objects which were covered in […]
Hi subbu,
To compile the HelloOESworld.java, i had to
export PATH=/usr/lib/qt-3.3/bin
export PATH=$PATH:/usr/kerberos/sbin
export PATH=$PATH:/usr/kerberos/bin
export PATH=$PATH:/usr/local/sbin
export PATH=$PATH:/usr/local/bin
export PATH=$PATH:/sbin
export PATH=$PATH:/bin
export PATH=$PATH:/usr/sbin
export PATH=$PATH:/root/bin
export PATH=$PATH:/home/labuser/Oracle/Middleware/jdk160_24/bin
export PATH=$PATH:/usr/bin
export JAVA_HOME=/home/labuser/Oracle/Middleware/jdk160_24/
CLASSPATH=/home/labuser/oracle/product/11.1.1/oes_client/modules/oracle.oes.sm_11.1.1/oes-client.jar
export CLASSPATH
then javac HelloOESworld.java
and to run , i had to write-
java -classpath ./:/home/labuser/oracle/product/11.1.1/oes_client/modules/oracle.oes.sm_11.1.1/oes-client.jar -Doracle.security.jps.config=/home/labuser/oracle/product/11.1.1/oes_client/oes_sm_instances/Sample-SM/config/jps-config.xml HelloOESworld
It gives me following output:
Request:{weblogic,write,HelloOESworld/MyResourceType/MyResource)
Result:false
sleeping 5 sec. Hit Ctrl-c to quit
Sep 7, 2011 4:55:38 PM com.sun.xml.internal.ws.protocol.soap.MUTube getMisUnderstoodHeaders
INFO: Element not understood={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
Request:{weblogic,write,HelloOESworld/MyResourceType/MyResource)
Result:false
sleeping 5 sec. Hit Ctrl-c to quit
com.sun.xml.internal.ws.protocol.soap.MUTube getMisUnderstoodHeaders
INFO: Element not understood={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
Please guide me where i could be wrong.
Thanks in advance !!!!
Hi Prem,
I think your SM did not get the authorization policies. Can you try the following
1) Delete SM policy cache
2) Do an additional policy distribution
Restart the SM and see what happens
Bye,
Subbu Devulapalli
Hi Subbu,
Thansk for your response,
Well, i deleted the application and SM and create new application with the same parameters and follow same procedure , but still the result is stil same : com.sun.xml.internal.ws.protocol.soap.MUTube getMisUnderstoodHeaders
INFO: Element not understood={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
Request:{weblogic,write,HelloOESworld/MyResourceType/MyResource)
Result:false
sleeping 5 sec. Hit Ctrl-c to quit
please guide me what should i do to successfully execute this… I would like to chat with you about the OES , if you have time. My personal id mentioned in Email , please take a look and add me in your gtalk id. Waiting for your valuable guidance.
Thanks in advance !!!
Hi Prem,
can you open an Oracle SR. Support will be able talk to you on the phone and provide assistance. The support team will contact me if they need assistance
Thanks,
Subbu Devulapalli
Hi Subbu,
This time I created DemoOES application and Demo-SM.
and tried to run using
java -classpath ./:/home/labuser/oracle/product/11.1.1/oes_client/modules/oracle.oes.sm_11.1.1/oes-client.jar -Doracle.security.jps.config=/home/labuser/oracle/product/11.1.1/oes_client/oes_sm_instances/Demo-SM/config/jps-config.xml HelloOESworld
got the same output
Request:{weblogic,write,HelloOESworld/MyResourceType/MyResource)
Result:false
sleeping 5 sec. Hit Ctrl-c to quit
Sep 8, 2011 6:39:37 PM com.sun.xml.internal.ws.protocol.soap.MUTube getMisUnderstoodHeaders
INFO: Element not understood={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
Request:{weblogic,write,HelloOESworld/MyResourceType/MyResource)
Result:false
sleeping 5 sec. Hit Ctrl-c to quit
Request:{weblogic,write,HelloOESworld/MyResourceType/MyResource)
Result:false
sleeping 5 sec. Hit Ctrl-c to quit
Please guide me, how to successfully run HelloOESworld on OES .
please accept my gtalk request and thanks for adding me on linkedin network.
Thank in advance !!!!
I am facing the same issue..
Ok. Worked. Tried “Distribute” button few times, till it shows up with green check mark.
Hi Subbu Devulapalli:
I am new in this forum and your article is great, i have been working with OES some tiame ago, but i have a problem now and maybe you could help me.
My situation is the next: i want to delete all the policies then i was generated for my system, but only the policies, not the user, groups, actions, resources, etc, only policies, but i have around 1800 policies and is very dificult delete one by one, do you know any form to delete all the policies easier than one by one??
A lot of thanks
Hi Alan,
I am happy to know that you enjoy articles on this blog.
You will have use OES Management API (aka MAPI). First you will need to search for all policies which match your criteria and then invoke delete operation on the required set of policies. Are you using OES 11g or OES 10g
Thanks,
Subbu Devulapalli
Hello,
i recived 2 Exceptions one by one:
1. “EJB Exception: : java.lang.NoSuchFieldError: OPENAZ
at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.<clinit>(PepRequestFactoryImpl.java:86) …”
2. “EJB Exception: : java.lang.NoClassDefFoundError: Could not initialize class oracle.security.jps.openaz.pep.PepRequestFactoryImpl at …”
Exception rised by “PepRequestFactoryImpl.getPepRequestFactory().newP…”
Could you help me?
Hi Valentin,
can you give me more information.
1) Are you running into these exceptions when following steps in this blog ?
2) Can you tell me which step is giving this error
3) Can you copy/paste the full output along with the command your are executing.
Thanks,
Subbu Devulapalli
Hi,
I can,
I catch this Exceptions by running example, when initializing class PepResponse.
My Example is not like yours, i’m running it on Windows.
And, may be it is reason, on previous version of WebLogic (not 10.3.5)
Hi Valentin,
can you try using WebLogic 10.3.5. OES 11gR1 is only certified with WebLogic 10.3.5. Primarily I use a Linux VM to play around with OES, so my instructions might have some mistake. BTW, OES 10gR3 supports Older version of WebLogic. So if you need support for WebLogic 10.3.4, then you can use OES 10gR2
Bye,
Subbu Devulapalli
EJB Exception: : java.lang.NoSuchFieldError: OPENAZ
at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.<clinit>(PepRequestFactoryImpl.java:86)
at ru.alfabank.ws.cs.ps.wsclickpaymenttest10.WSClickPaymentTestPortTypeImpl.wsClickPaymentTestCheck(WSClickPaymentTestPortTypeImpl.java:164)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
Hi Subbu Devulapalli:
I am using Oracle 10g, and i want to delete all the poilicies without a criteria, i want erase all, but only policies. I am not at all familiarized with the use of OES Management API (aka MAPI) and how to use it to delete, can you recomend me a tutorial or something like that?
In advaice a lot of thanks
Hi Alan,
If this is a new project, I strongly recommend that you use OES 11g.
OES 10g ships with a MAPI sample. I have some problems logging into my reference system, so I don’t have the exact directory names. But I remember that under ales32-admin/examples, there is a BLM sample directory. This shows you how to query policies and make changes.
Bye,
Subbu Devulapalli
Unafortunatly this is no a new project and due to other products and programs we can not update to the OES 11g 😦
I have reading and i found the example necesary but following the readme.txt and when i tied to execute the example the OES say me an error that is:
Exception in thread “main” java.lang.NoClassDefFoundError: com/bea/asi/examples/policymgtapi/BLMAPIExample
Caused by: java.lang.ClassNotFoundException: com.bea.asi.examples.policymgtapi.BLMAPIExample
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
Could not find the main class: com.bea.asi.examples.policymgtapi.BLMAPIExample. Program will exit.
A lot of thanks in advaice
Hi Alan,
The sample is failing to start. Just looking at the stack trace, it appears that classpath was not set correctly. But I suspect that there is some other issue. Most probably you have forgotten to set one of the parameters in the properties file or in a .sh/.bat script. If you find the source of the problem, remember to run “ant clean” first, this will reset all generated files.
Unfortunately, I don’t have access to an OES 10g reference server. Can you open a support SR,
Bye,
Subbu Devulapalli
Hi.
A lot of thanks i have solved my problem. A lot of thanks.
Keep in touch.
anything i let you my gtalk
thanks
Hi Alan,
I use linkedin
http://www.linkedin.com/in/subbudevulapalli
Bye,
Subbu
Hi i am Alan and i wrote in other days but now have another problem and i hope you can help me.
i have my wls protected in dicovery mode and I erase the state.chk file in my instance an too delete the deployment in the asi console and my WLS starts with any problem, but when i dsiable the discovery mode the WLS can not start and it say me the next: “User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.” can you help me??
Thanks in advance
Hi Alan,
I presume you are asking this question about OES 10g. When WLS is starting up it has an explicit check to see if the user belongs to an LDAP group “Administrators”. I think you are running into this issue.
I see in your later note that you solved this problem. Would mind telling us how you fixed this problem
Thanks,
Subbu Devulapalli
Hi Subbu,
I have developed an ADF application and is deployed on a domain, then I have installed the OES client and when I tried to extend it i get an error. After that, I was investigating on the documentation and I found that I can’t extend a JRF domain, and our ADF application uses JRF. Do you know any way to integrate our existing ADF application with OES?
Thanks in advance,
Leandro.
Hi Leandro,
This functionality will be available very soon. Unfortunately I cannot give out dates on a public blog. Please contact me or others on the OES team and we can give you more info.
Thanks,
Subbu Devulapalli
Hi Subbu:
I have solved my problem but now i have a new doubt, i want to replace the certificate in the peer.jks keystore for my owns, do you know the password of the peer,jks keystore??
Thanks in advance
Hi Alan,
peer.jks is part of our crypt/trust framework. We normally don’t give out public info about how crypto/trust works within the product. Can you open a Support SR and they can provide you the required info.
Thanks,
Subbu Devulapalli
Hi Subbu,
thank you for you posts. I got everything installed OK, but I’m getting a bit stuck trying to run the Hello World example, specifically the “Creating an SM Instance” step:
$ ./config.sh “-smConfigId Sample-SM -prpFileName ../SMConfigTool/my.prp”
Exception in thread “main” java.lang.NoClassDefFoundError: DB
Caused by: java.lang.ClassNotFoundException: DB
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
Could not find the main class: DB. Program will exit.
..I was able to resolve the issue I reported above. I installed Berkeley XML DB a few days ago and it set a CLASSPATH Windows environment variable with a bunch of whitespaces in it. The script failed because it included this classpath.
Hi Andres,
thanks for letting me know how you fixed the problem
Bye,
Subbu Devulapalli
Hi Subbu,
I am getting the following error when run the config command….
C:\Oracle\Middleware\Oracle_OESClient\oessm\bin>set JAVA_HOME=”C:\Program Files\
Java\jdk1.6.0_27″
C:\Oracle\Middleware\Oracle_OESClient\oessm\bin>config.cmd -smConfigId Sample-SM
-prpFileName ../SMConfigTool/my.prp
Exception in thread “main” java.lang.NoClassDefFoundError: Files\Java\jre7\lib\e
xt\QTJava/zip
Caused by: java.lang.ClassNotFoundException: Files\Java\jre7\lib\ext\QTJava.zip
at java.net.URLClassLoader$1.run(URLClassLoader.java:
Resolved the above issue. Windows 7 has c:\program Files\Java\jre7\lib\ext\QTJava.zip in the classpath. removed.
Hi Subbu,
could u please let me know , 1)how do we know that whether OES admin server is running.
2) How can we backup and restore OES 10G
THANKS
prem…..
Hi Prem,
OES Admin is just a regular Web App deployed in a WLS container. You can standard ways to see the app is running. One simple option is to make a HTTP request for OES Admin URL and see if it is available
Bye,
Subbu
Hi Prem,
sorry I missed your 2nd question. The simplest way to backup OES 10g is to
0) Make sure that your installation is working correctly. You don’t have to shutdown OES Admin & SM during backup. But don’t make any changes during this time.
1) Backup OES DB schema
2) Backup OES Admin (the best option is to back up the full BEA-Home)
3) Backup all the OES SM instances (the best option is to back up all BEA-Homes which have SM)
Doing a full backup makes your restore procedure simple. Turning on incremental backup automatically skips static files which don’t change (such as binaries) saving you disk space.
Bye,
Subbu
Hi Subbu,
This is Mahendra. I just have a question on policies distribution. Over what protocol/port does OES distributes policies to the Applications.
Basically, we will be using Multi-protocol SSM for calling our web services. Thanks in advance for your help.
Thanks,
Mahendra.
Hi Mahendra,
Policy distribution is done using Web Services over 2-way SSL
Bye,
Subbu Devulapalli
Hi Subbu,
I am new in this forum & your article is great,i am also new to OES & maybe you could help
me with following scenario
I have a task of OES-Sharepoint integration,following is my installation description
I have installed Weblogic server 10.3 on VM.
I follwed steps from oracle site for installation of OES,then i faced problem where after
logging into Entitlements Administration the page goes blank,so i installed CP6 patch & now its working fine.
It was time to install SSM,but i was confused regarding where to install SSM on VM or on
the Windows machine where sharepoint is installed,though i installed it on VM .
Can u guide me where SSM should be installed i.e on VM or on Windows machine where sharepoint is installed,also can u provide me some usecase for OES-Sharepoint integration.
Thank-You
Rahul Shah
Hi Rahul,
Unfortunately, I have not setup OES 10g SharePoint SM. So I cannot provide you much assistance. Can you open an SR (with Oracle Support) and see if they can help you out.
Thanks,
Subbu Devulapalli
Hi Subbu,
Thanks for your valuable response..
Could you please throw some light on creating instance on websphere SSM.
As you know that, by using ./instancewizard.sh we can create instance in SSM where we need to provide Instance Name, port and configuration ID.
May i know , how many instance we can create and is these instance are different from each other ?
THANKS IN ADVANCE !!!
Regards,
Prem……
Hi Prem,
are you using OES 10gR3 or OES 11gR1
Bye,
Subbu Devulapalli
HI Subbu,
I am using OES 10gR3.
well, please tell us the difference between these two versions for creating the instance.
thanks in adavance !!!!
Regards,
Prem
Hi Prem,
OES 10gR3 uses BEA style tool set and OES 11gR3 uses Oracle style tool set. So between these two releases configuration procedures are pretty different. Personally, I have not yet setup a WebSphere SM. So I cannot provide you much assistance. There are several customers using OES 10gR3 with WebSphere. Support should be able to help you out.
Bye,
Subbu Devulapalli
Hi Subbu,
could u please let us know the significance of instance when configuring oes 10 r3 with websphere 6.1 ….what this instance really does? and what is the meaning of ARME port which we need in OES 10 g r3 ..
thanks in advance !!!!
Regards,
Prem
Hi friends,
could anybody please let me know the meaning of ” Provisioning Failed due to OES Database connetion pool exhausted ” and solution for this… i am talking about OES 10gR3.
Thanks in advance !!!
Regards,
Prem
Hi Prem,
there wasa recent discussion about similar error on OES 10gR3 admin server/BLM. Can you contact support, they might have a workaround
Bye,
Subbu Devulapalli
Provisioning Failed due to OES Database connetion pool exhausted …….. meaning a connection leak ? do we need to grow connection pool size ????
Please share your view in this.
Regards,
Prem…..
Hi Prem,
I recently heard about a similar issue which had to with persistence library. Increasing the connection pool will probably help, but talk to support team and see if they can help.
Bye,
Subbu Devulapalli
Thanks subbu,
Could you throw some light on how many instance we can create and is they different from each other, according to me, all this instance uses different arme port but refer same scm port and even same config signer, ….. please discuss that, should we consider them independent to each other ?
Thanks in advance !!!
Regards,
Prem
Prem,
I don’t understand you question. Each SM instance has a unique listener port. When you start an SM, it registers its with PD (Admin).
Bye,
Subbu
Hi Subbu,
Thanks for your response..
Could you please reply to me at linkedin ?
thanks
Regards,
Sangha (prem)
Hi Subbu,
I have tried running the Hello world example as explained in your blog. I am getting the error while doing so. Please find the below logs.
[tmweb@app4.id.vendor1.coresys.tmcs LnOesSM]$ java -Doracle.security.jps.config=/app/shared/home/tmweb/Oracle/Middleware_Dev4/Oracle_IAM1/oes_sm_instances/LnOesSM/config/jps-config.xml HelloOESworld
Request: {weblogic, read, LnOes/LnOesResourceType/LnOesResource}
Result: false
sleeping 5 sec. Hit Ctrl-C to quit
Exception in thread “Thread-2” java.lang.ExceptionInInitializerError
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:107)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy67.accept(Unknown Source)
at oracle.security.jps.remote.pd.server.RemotePDPRegister.sendData(RemotePDPRegister.java:155)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.register(PDPRegister.java:113)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.run(PDPRegister.java:135)
Caused by: java.lang.ClassCastException: com.sun.xml.bind.v2.runtime.JAXBContextImpl
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.(SOAPFaultBuilder.java:533)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:107)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy67.accept(Unknown Source)
at oracle.security.jps.remote.pd.server.RemotePDPRegister.sendData(RemotePDPRegister.java:155)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.register(PDPRegister.java:114)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.run(PDPRegister.java:136)
Request: {weblogic, read, LnOes/LnOesResourceType/LnOesResource}
Result: false
sleeping 5 sec. Hit Ctrl-C to quit
Request: {weblogic, read, LnOes/LnOesResourceType/LnOesResource}
Result: false
sleeping 5 sec. Hit Ctrl-C to quit
[tmweb@app4.id.vendor1.coresys.tmcs LnOesSM]$
I have tried with different actions and different applications and different SM instance names too. The SM instance and OES Server are on same machine and I am executing the java code also from same OES server machine.
Please find the environment variables set.
[tmweb@app4.id.vendor1.coresys.tmcs LnOesSM]$ echo $PATH
:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/app/shared/home/tmweb/bin:/app/shared/bin:/app/shared/home/tmweb/jrockit-jdk1.6.0_29-R28.1.5-4.0.1/bin
[tmweb@app4.id.vendor1.coresys.tmcs LnOesSM]$ echo $CLASSPATH
/app/shared/home/tmweb/Softwares/AccessSDK11g/oamasdk-api.jar:/app/shared/home/tmweb/jrockit-jdk1.6.0_29-R28.1.5-4.0.1/lib:/app/shared/home/tmweb/Oracle/Middleware_Dev4/Oracle_IAM1/modules/oracle.oes.sm_11.1.1/oes-client.jar:.
Can you please direct me where I am doing wrong?
Thanks
Mahendra.
I have this problem too.
Did anyone ever found out what this issue was? I have the same problem as well…
Eric,
can you apply OES 11gR1 BP01 (or Bundled Patch 1). Some time back I got an error with a similar stack trace and applying BP01 cleared the problem. You can get BP01 from Oracle Support web site.
Bye,
Subbu
Problem resolved. I was working remotely yesterday and had a different IP address on my OES server (than the one I had at install time).
Everything is fine now.
Thanks for the quick response Subbu.
Eric,
thanks very much for letting me know. Normally OES components do not depend on numeric IP addresses, instead they use host-names. I think moving between networks might have messed up the host-names.
Bye,
Subbu
Unfortunately I have the same problem which I cannot solve by the Eric’s provided solution (wrong IP address). I am running everything on one machine and using localhost, is there a way I could check whether I am doing something wrong with my ip address settings? I have installed the latest patch (14009718) and created the SM instance using localhost:7002.
Executing the HelloOESworld results in the same error and returning false after every five seconds.
Hi Subbu,
While Creating SM instance when i enter username and password for OES Admin Server an exception occurs:
Exception in thread “main” java.lang.NoClassDefFoundError: oracle/security/jps/az/runtime/service/PDPServiceInternal
at oracle.security.oes.enroll.RuntimeUtil.(RuntimeUtil.java:68)
at oracle.security.oes.enroll.EnrollmentClient.enroll(EnrollmentClient.j
ava:121)
at oracle.security.oes.enroll.EnrollmentClient.main(EnrollmentClient.java:487)
at oracle.security.oes.tools.EnrollmentTool.doEnroll(EnrollmentTool.java:90)
at oracle.security.oes.tools.SMConfigTool.doEnrollment(SMConfigTool.java
:515)
at oracle.security.oes.tools.SMConfigTool.run(SMConfigTool.java:336)
at oracle.security.oes.tools.SMConfigTool.main(SMConfigTool.java:301)
Caused by: java.lang.ClassNotFoundException: oracle.security.jps.az.runtime.service.PDPServiceInternal
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
can you please help me to figure out this exception?
Hi,
this is a strange problem. The source of this issue is “Caused by: java.lang.ClassNotFoundException: oracle.security.jps.az.runtime.service.PDPServiceInternal”. This seems to indicate the installation bits were not laid out correctly. Couple of things come to my mind.
1) Did your installation complete without any errors
2) Make sure that you are using the right version of JDK (to be safe, you can re-use the JDK which shipped with WLS)
3) Double check the classpath
Bye,
Subbu
Hi Subbu,
My installation completed without any errors and the version of jdk that i am using on my 32-bit machine is jdk1.6.0_12 .
Hi,
I am not sure about what is causing this problem. Can you please open an Oracle Support SR and have someone debug your environment. Also I would greatly appropriate if you can post a comment here about the resolution.
Thanks,
Subbu
Hi Subbu,
I tried again creating SM instance and this time it worked properly.
I will definitely find the root of this problem and will post comment here.
Thanks
Thanks for letting me know. I am curious about the cause of the original problem. Please remember to post a comment if you find the source of the problem.
Bye,
Subbu
Hi Subbu,
In your Steps to deploy Sample Web App into Oracle Entitlements Server Admin Domain blog how will i find my application’s .ear file?
The name of my application is helloOES.
Hi,
This blog post only talks about invoking OES authorization services from JSE apps. There is another blog post which goes over using OES in JEE environments.
Bye,
Subbu
Hi Subbu,
If i have my weblogic running and for creating weblogic as SM can i extend the existing domain for creating WLS instance or i have to create a new domain for it?
Hi,
there is another blog post which goes over setting up Weblogic SM.
You should be able to extend an existing Weblogic domain with OES. But I think there might be a known issue. Can you check with Oracle support once.
Bye,
Subbu
Hi Subbu,
Great guide thanks!
I’m missing something though. I get an error when I try to distribute my policy.
I can see in my SM jps-config.xml that the DistributionServicePort is 53753, but I don’t see any process listening on that port.
The address https://xxxxx208163:53753/pd/PDClient that appears on the Policy Distribution tab doesn’t lead anywhere.
As a result, when I run the HelloOESWorld application, I always get denied access regardless of what my policy indicates.
Did I miss any step after creating my Sample-SM. Is there a step needed to actually start that new PDP process?
Errors in the logs:
[2012-03-13T16:34:55.813-04:00] [AdminServer] [WARNING] [JPS-03018] [oracle.jps.authorization] [tid: Thread-120] [userId: admin] [ecid: bd68499e03fce768:-7090db:1360d4f7293:-8000-000000000000060f,1:18095] [APP: oracle.security.apm#11.1.1.3.0] The authorization result is ignoring policies from application SystemPolicy as the application is not available
[2012-03-13T16:34:55.814-04:00] [AdminServer] [WARNING] [JPS-03018] [oracle.jps.authorization] [tid: Thread-120] [userId: admin] [ecid: bd68499e03fce768:-7090db:1360d4f7293:-8000-000000000000060f,1:18095] [APP: oracle.security.apm#11.1.1.3.0] The authorization result is ignoring policies from application SystemPolicy as the application is not available
[2012-03-13T16:34:57.968-04:00] [AdminServer] [ERROR] [JPS-10606] [oracle.jps.policymgmt] [tid: Thread-120] [userId: admin] [ecid: bd68499e03fce768:-7090db:1360d4f7293:-8000-000000000000060f,1:18095] [APP: oracle.security.apm#11.1.1.3.0] Failed to distribute policy to pdp https://xxxxx208163.SSHA.CA:53753/pd/PDClient for catch exception oracle.security.jps.service.policystore.PolicyStoreException: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: java.net.ConnectException: Tried all: 2 addresses, but could not connect over HTTPS to server: xxxxx208163.xxxx.CA port: 53753.
[2012-03-13T16:34:57.968-04:00] [AdminServer] [ERROR] [JPS-10605] [oracle.jps.policymgmt] [tid: Thread-120] [userId: admin] [ecid: bd68499e03fce768:-7090db:1360d4f7293:-8000-000000000000060f,1:18095] [APP: oracle.security.apm#11.1.1.3.0] Failed to distribute policy for catch exception.[[
oracle.security.jps.service.policystore.PolicyStoreException: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: java.net.ConnectException: Tried all: 2 addresses, but could not connect over HTTPS to server: xxxxx208163.xxxx.CA port: 53753
Any idea?
Thanks.
Eric
Hi Eric,
Strange error. Can you double check that the SM is not listening at the required port-number. Another thing you can try is to change the SM port-number in jps-config.xml file and restart the SM. See if this makes a difference. BTW, I just created a new blog post about policy distribution.
Bye,
Subbu
Buyouts don’t happen until this summer, tim, when St127erglab;s an unrestricted free agent. My 2 buyouts would be Oduya & Montador because they have two years left on their deals after the 2012-13 season; Olesz has only one. Clearing longer-term obligations makes more sense, especially with the Hawks’ organizational depth on the blue line improving with Clendening in Rockford this year and (hopefully) Stephen Johns only 1-2 years away.
Hi,
Could anybody help me to sort out the following issue on OES10gR3. Well i am using WebSphere 6.1 .
0000003b WebApp E [Servlet Error]-[actions]: weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable
at com.bea.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:803)
and
0000003c SystemOut O 2012-04-03 16:11:44,279 [WebContainer : 1] ERROR com.bea.wles.management.console.actions.internal.WLESActionFilter – WLESActionFilter.init(): WLESActionFilter
and
SystemOut O 2012-04-03 16:08:37,745 [WebContainer : 0] ERROR com.bea.wles.management.console.actions.internal.WLESActionFilter – WLESActionFilter.init(): WLESActionFilter
thanks in advance
Regards,
Prem
Hi Prem,
sorry, it has been a while since I worked on OES 10g. You might want to start with the WAS sample which ships with the product. This way you can get some help from Oracle support.
Bye,
Subbu
Hi Sabbu,
I am getting the following exception:
Exception in thread “Thread-2” java.lang.ExceptionInInitializerError
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:107)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy67.accept(Unknown Source)
at oracle.security.jps.remote.pd.server.RemotePDPRegister.sendData(RemotePDPRegister.java:155)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.register(PDPRegister.java:113)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.run(PDPRegister.java:135)
Caused by: java.lang.ClassCastException: com.sun.xml.bind.v2.runtime.JAXBContextImpl cannot be cast to com.sun.xml.internal.bind.api.JAXBRIContext
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.(SOAPFaultBuilder.java:533)
… 7 more
Request: {weblogic, escribir, PruebaOES1/MiTipoRecurso/MiRecurso}
Result: false
sleeping 5 sec. Hit Ctrl-C to quit
Request: {weblogic, escribir, PruebaOES1/MiTipoRecurso/MiRecurso}
Result: false
sleeping 5 sec. Hit Ctrl-C to quit
Can you help me please?
Thanks in advance.
Regards,
Juan
I’m actually running into the same issue. Were you able to get any resolution on this?
Not yet. I managed to remove the first exception, i.e.
Exception in thread “Thread-2″ java.lang.ExceptionInInitializerError
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:107)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
at $Proxy67.accept(Unknown Source)
at oracle.security.jps.remote.pd.server.RemotePDPRegister.sendData(RemotePDPRegister.java:155)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.register(PDPRegister.java:113)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.run(PDPRegister.java:135)
Caused by: java.lang.ClassCastException: com.sun.xml.bind.v2.runtime.JAXBContextImpl cannot be cast to com.sun.xml.internal.bind.api.JAXBRIContext
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.(SOAPFaultBuilder.java:533)
… 7 more
But I still received the false message all the time, i.e.
Request: {weblogic, escribir, HelloOESworld/MyResourceType/MyResource}
Result: false
sleeping 5 sec. Hit Ctrl-C to quit
To remove the first exception I copy on my classpath the last version of cxf (v.2.6.0). If you executed the program after that, it will probably return you an exception about the SSL communication. You have to fix your client trust store, your client JVM cacerts file and your trust store on the server side.
To do that:
Export your client certicate file using your identity keystore (the one located in /security/identity.jks). Then add this certificate to your trust store (/security/trust.jks) and to your JVM cacerts, and to the WebLogic Server trust Store (By default it’s name is DemoTrust.jks).
Then generate the server certificate using WebLogic Server Identity Store (By default it’s name is DemoIdentity.jks). Add this certificate to your trust keystore (/security/trust.jks) and your your JVM cacerts.
If your managed to solve it, please reply how you did it. I’d do the same.
Regards,
Juan
Hi Subbu,
in order to make this Hello World example work, do I need to run/create any weblogic managed servers for this example or is it sufficient to just start the weblogic server (oes_domain created in setup chapter)?
Thanks!
Jacob
Subbu,
Thanks for the article. Its really good.
I have OES running on host1 and I need to integrate a java web application running on host2. Do I need to install oes_client on host2 or host1? Will appreciate if you throw some inputs for this integration
how to make a request to multiple resource?
HelloOESworld/MyResourceType/MyResource1 – action write
HelloOESworld/MyResourceType/MyResource2 – action read
Getting below error while excecuting java -Doracle…
Exception in thread “Thread-2” java.lang.NoClassDefFoundError: weblogic/wsee/util/MBeanUtil
at oracle.security.jps.remote.pd.client.WlsMbeanConverter.getWlsKeystoreConfiguration(WlsMbeanConverter.java:43)
at oracle.security.jps.remote.pd.server.RemotePDPRegister.initPort(RemotePDPRegister.java:177)
at oracle.security.jps.remote.pd.server.RemotePDPRegister.initPorts(RemotePDPRegister.java:115)
at oracle.security.jps.remote.pd.server.RemotePDPRegister.sendData(RemotePDPRegister.java:211)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.register(PDPRegister.java:143)
at oracle.security.jps.az.internal.runtime.pd.register.PDPRegister.run(PDPRegister.java:165)
Caused by: java.lang.ClassNotFoundException: weblogic.wsee.util.MBeanUtil
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
… 6 more
Hi Subbu,
Can you tell me how to integrate OES with OAG(Oracle API Gateway)?
If any documents please provide me.
Thanks
Satheesh
OES/OAG http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oes11g-integration-guide-1520074.pdf
When I call
config.cmd -smConfigId Sample-SM -prpFileName C:\oracle\product\11.1.1\as_1\oessm\SMConfigTool\smconfig.java.controlled.prp
I get these error:
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
at …
Can you help me to find a reason?
Hi Subbu,
I am new to OES, I have gone through the example u have given. USING OES 11g I wanted to develop java code which can run on different machine but same network, through which I can login in to OES with URL and password and create new policy, resources,application etc.. But I got confused by seeing the two different approaches one is JPSContextFactory another one OPENAZAPI. I was trying to use but no where the URL was specified and After running the file it seems like it was searching for some internal libraries with in the server or need to run on the server itself. Could you please help me on this?
Thank you,
Sail
Egor edit java/jre/lib security/java.security file and change the jdk.certpath.disabledAlgorithms=MD2, RSA keysize <1024
Hello Subbu,
This article really helped me a lot, i have a situation as having a child under Resource. Considering above example “HelloOESworld/MyResourceType/MyResource/child Resource”. so how can i create a chil resource under the MyResource?
Please Help
Wow! what an informative blog. Your blog had all the relevant points and useful information that was required for the same topic. It was really interesting. I’m thankful that you shared this blog and your knowledge with us. Here is a referred link same as yours oracle fusion scm training.