Friday, January 2, 2015

Credential Store Framework (CSF) API Example

Description: Shows how to use the Credential Store Framework (CSF) API to fetch credentials from the credential store.
References:
http://docs.oracle.com/cd/E40329_01/apirefs.1112/e27155/toc.htm
http://www.redheap.com/2013/06/secure-credentials-in-adf-application.html
https://thecattlecrew.wordpress.com/2013/12/17/using-credentials-store-when-communicating-with-oracle-human-workflow-api/
http://docs.oracle.com/cd/E23943_01/core.1111/e10043/devcsf.htm#JISEC3675

Adding Credentials to Store
1. Login to Oracle Enterprise Middleware Control (E.g. localhost:7001/em).


2. Expand WebLogic Domain, right click on the name of your domain, hover over to Security, and then click on Credentials.


3. Start adding keys to existing maps or create a new map with new keys. Each key can store credentials.




System Policies on Credential Store
You may need add a system policy in order to grant access for specific applications, JAR files, users or roles to read, write, or update the Credential Store.

1. Expand WebLogic Domain, right click on the name of your domain, hover over to Security, and then click on System Policies.


2. For this example, oiminternal is granted read access to all keys under a specific map. This is needed for the scheduled task code to work when running the job in OIM.



Permission Class: oracle.security.jps.service.credstore.CredentialAccessPermission
Resource Name: context=SYSTEM,mapName=oimScheduledTask,keyName=*
Permission Actions: read

Source Code
The plugin can be downloaded here.
package com.blogspot.oraclestack.scheduledtasks;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import oracle.core.ojdl.logging.ODLLevel;
import oracle.core.ojdl.logging.ODLLogger;
import oracle.iam.scheduler.vo.TaskSupport;
import oracle.security.jps.JpsContext;
import oracle.security.jps.JpsContextFactory;
import oracle.security.jps.JpsException;
import oracle.security.jps.service.JpsServiceLocator;
import oracle.security.jps.service.ServiceLocator;
import oracle.security.jps.service.credstore.Credential;
import oracle.security.jps.service.credstore.CredentialMap;
import oracle.security.jps.service.credstore.CredentialStore;
import oracle.security.jps.service.credstore.PasswordCredential;
/**
* Fetch credentials from the WebLogic Credential Store
* References:
* http://docs.oracle.com/cd/E40329_01/apirefs.1112/e27155/toc.htm
* http://www.redheap.com/2013/06/secure-credentials-in-adf-application.html
* https://thecattlecrew.wordpress.com/2013/12/17/using-credentials-store-when-communicating-with-oracle-human-workflow-api/
* http://docs.oracle.com/cd/E23943_01/core.1111/e10043/devcsf.htm#JISEC3675
*
* @author rayedchan
*/
public class FetchFromCredentialStore extends TaskSupport
{
// Logger
private static final ODLLogger LOGGER = ODLLogger.getODLLogger(FetchFromCredentialStore.class.getName());
@Override
public void execute(HashMap params)
{
LOGGER.log(ODLLevel.NOTIFICATION, "Enter execute() with parameters: {0}", new Object[]{params});
// Get values from scheduled task parameters
String map = (String) params.get("Map");
String key = (String) params.get("Key");
LOGGER.log(ODLLevel.NOTIFICATION, "Map: {0}, Key: {1}", new Object[]{map, key});
// Call method to get password from credential store
// PasswordCredential pwdCred = this.readCredentials(map, key);
// String userName = (pwdCred != null) ? pwdCred.getName().toString() : "";
// String password = (pwdCred != null) ? pwdCred.getPassword().toString() : "";
// LOGGER.log(ODLLevel.NOTIFICATION, "User Name: {0}, Password: {1}", new Object[]{userName, password});
// Call method to get credential from store
Map<String,String> cred = getCredentialsFromCSF(map, key);
LOGGER.log(ODLLevel.TRACE, "Fetch credentials: {0}", new Object[]{cred});
}
@Override
public HashMap getAttributes()
{
return null;
}
@Override
public void setAttributes()
{
}
/**
* Retrieves credentials from the Credential Store where the current
* application UID is used as the name of the credential map.
* This method must be called through AccessController.doPrivileged
* @param key name of the key in the credential map to retrieve
* @return PasswordCredential if exists, null otherwise
* @throws JpsException
*/
private PasswordCredential _readCredentials(String map, String key) throws JpsException
{
ServiceLocator locator = JpsServiceLocator.getServiceLocator();
CredentialStore store = locator.lookup(CredentialStore.class);
// always use application UID as name for the credential map to ensure
// each application uses its own map and credentials aren't shared
// String map = ADFContext.getCurrent().getADFApplicationUID();
return (PasswordCredential)store.getCredential(map, key);
}
/**
* Retrieves credentials from the Credential Store by invoking
* {@link #_readCredentials} as a privileged action.
* @param key name of the key in the credential map to retrieve
* @return PasswordCredential if exists, null otherwise
* @throws JpsException
*/
private PasswordCredential readCredentials(final String map, final String key)
{
PasswordCredential credentials;
PrivilegedExceptionAction<PasswordCredential> action = new PrivilegedExceptionAction<PasswordCredential>()
{
@Override
public PasswordCredential run() throws JpsException
{
return _readCredentials(map, key);
}
};
try
{
credentials = AccessController.doPrivileged(action);
}
catch (PrivilegedActionException e)
{
throw new RuntimeException(e);
}
return credentials;
}
/**
* Fetches credentials from WebLogic Credential Store.
* @param map Name of map where key is under
* @param key Name of key
* @return HashMap of connection information including
* <br/>username<br/>password<br/>description
*/
private HashMap<String, String> getCredentialsFromCSF(String map, String key)
{
LOGGER.log(ODLLevel.TRACE, "Enter getWavesetCredentialsFromCSF() with parameters: Map = {0}, Key = {1}", new Object[]{map, key});
HashMap<String, String> credentials = null;
try
{
String userName = "";
String password = "";
String description = "";
JpsContext ctx = JpsContextFactory.getContextFactory().getContext();
LOGGER.log(ODLLevel.TRACE, "Context: {0} ", new Object[]{ctx.getName()});
final CredentialStore cs = (CredentialStore) ctx.getServiceInstance(CredentialStore.class);
LOGGER.log(ODLLevel.TRACE, "Credential Store: {0}", new Object[]{cs.getName()});
CredentialMap cmap = cs.getCredentialMap(map);
LOGGER.log(ODLLevel.TRACE, "Credential Map: {0} ", new Object[]{cmap.toString()});
Credential cred = cmap.getCredential(key);
LOGGER.log(ODLLevel.TRACE, "Gathered Credential");
if(cred instanceof PasswordCredential)
{
PasswordCredential pcred = (PasswordCredential) cred;
char[] p = pcred.getPassword();
userName = pcred.getName();
password = new String(p);
description = pcred.getDescription();
credentials = new HashMap<String, String>();
credentials.put("username", userName);
credentials.put("password", password);
credentials.put("description", description);
}
}
catch (JpsException ex)
{
LOGGER.log(ODLLevel.SEVERE, "", ex);
}
catch(Exception ex)
{
LOGGER.log(ODLLevel.SEVERE, "", ex);
}
return credentials;
}
}
view raw FetchFromCredentialStore.java hosted with ❤ by GitHub
<?xml version='1.0' encoding='UTF-8'?>
<logging_configuration>
<log_handlers>
<log_handler name='FetchFromCredentialStoreST' level='TRACE:32' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/FetchFromCredentialStoreST.log'/>
<property name='useThreadName' value='true'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler>
<log_handler name='ProvAppInstPreEH' level='TRACE:32' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/ProvAppInstPreEH.log'/>
<property name='useThreadName' value='true'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler>
<log_handler name='console-handler' class='oracle.core.ojdl.logging.ConsoleHandler' level='WARNING:32' formatter='oracle.core.ojdl.weblogic.ConsoleFormatter'/>
<log_handler name='odl-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory' filter='oracle.dfw.incident.IncidentDetectionLogFilter'>
<property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/${weblogic.Name}-diagnostic.log'/>
<property name='maxFileSize' value='10485760'/>
<property name='maxLogSize' value='104857600'/>
<property name='encoding' value='UTF-8'/>
<property name='useThreadName' value='true'/>
<property name='supplementalAttributes' value='J2EE_APP.name,J2EE_MODULE.name,WEBSERVICE.name,WEBSERVICE_PORT.name,composite_instance_id,component_instance_id,composite_name,component_name,DSID'/>
</log_handler>
<log_handler name='wls-domain' class='oracle.core.ojdl.weblogic.DomainLogHandler' level='WARNING'/>
<log_handler name='owsm-message-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/owsm/msglogging'/>
<property name='maxFileSize' value='10485760'/>
<property name='maxLogSize' value='104857600'/>
<property name='encoding' value='UTF-8'/>
<property name='supplementalAttributes' value='J2EE_APP.name,J2EE_MODULE.name,WEBSERVICE.name,WEBSERVICE_PORT.name'/>
</log_handler>
<log_handler name='em-log-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory' level='NOTIFICATION:32' filter='oracle.dfw.incident.IncidentDetectionLogFilter'>
<property name='path' value='${domain.home}/servers/${weblogic.Name}/sysman/log/emoms.log'/>
<property name='format' value='ODL-Text'/>
<property name='useThreadName' value='true'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler>
<log_handler name='em-trc-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory' level='TRACE:32'>
<property name='logreader:' value='off'/>
<property name='path' value='${domain.home}/servers/${weblogic.Name}/sysman/log/emoms.trc'/>
<property name='format' value='ODL-Text'/>
<property name='useThreadName' value='true'/>
<property name='locale' value='en'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
<property name='encoding' value='UTF-8'/>
</log_handler>
<log_handler name='soa-tracking-trc-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='locale' value='en'/>
<property name='supplementalAttributes' value='J2EE_APP.name,J2EE_MODULE.name,WEBSERVICE.name,WEBSERVICE_PORT.name,composite_instance_id,component_instance_id,composite_name,component_name,SOA.toplink.session_name,SOA.logging.category,SOA.call_origin,SOA.call_origin_category'/>
<property name='encoding' value='UTF-8'/>
<property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/${weblogic.Name}-soa-tracking.trc'/>
<property name='format' value='ODL-Text'/>
<property name='useThreadName' value='true'/>
<property name='maxFileSize' value='5242880'/>
<property name='maxLogSize' value='52428800'/>
</log_handler>
</log_handlers>
<loggers>
<logger name="com.blogspot.oraclestack.adapters.ProcessTaskAdapters" level="TRACE:32" useParentHandlers="false">
<handler name="FetchFromCredentialStoreST"/>
</logger>
<logger name="com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore" level="TRACE:32" useParentHandlers="false">
<handler name="FetchFromCredentialStoreST"/>
</logger>
<logger name="com.blogspot.oraclestack.eventhandlers.ProvisionAppInstancePreProcess" level="TRACE:32" useParentHandlers="false">
<handler name="ProvAppInstPreEH"/>
</logger>
<logger name='' level='WARNING:1'>
<handler name='odl-handler'/>
<handler name='wls-domain'/>
<handler name='console-handler'/>
</logger>
<logger name='oracle' level='NOTIFICATION:1'/>
<logger name='oracle.adf'/>
<logger name='oracle.adf.desktopintegration'/>
<logger name='oracle.adf.faces'/>
<logger name='oracle.adf.controller'/>
<logger name='oracle.adfinternal'/>
<logger name='oracle.adfinternal.controller'/>
<logger name='oracle.jbo'/>
<logger name='oracle.adfdt'/>
<logger name='oracle.adfdtinternal'/>
<logger name='oracle.bam'/>
<logger name='oracle.bam.adapter'/>
<logger name='oracle.bam.common'/>
<logger name='oracle.bam.system'/>
<logger name='oracle.bam.middleware'/>
<logger name='oracle.bam.adc.security'/>
<logger name='oracle.bam.common.security'/>
<logger name='oracle.bam.adc.ejb.BamAdcServerBean'/>
<logger name='oracle.bam.reportcache.ejb.ReportCacheServerBean'/>
<logger name='oracle.bam.eventengine.ejb.EventEngineServerBean'/>
<logger name='oracle.bam.ems.ejb.EMSServerBean'/>
<logger name='oracle.bam.adc.api'/>
<logger name='oracle.bam.adc'/>
<logger name='oracle.bam.eventengine'/>
<logger name='oracle.bam.ems'/>
<logger name='oracle.bam.webservices'/>
<logger name='oracle.bam.web'/>
<logger name='oracle.bam.reportcache'/>
<logger name='oracle.bpm'/>
<logger name='oracle.bpm.analytics'/>
<logger name='oracle.integration'/>
<logger name='oracle.integration.platform.blocks.cluster'/>
<logger name='oracle.integration.platform.blocks.deploy.coordinator'/>
<logger name='oracle.integration.platform.blocks.event.saq'/>
<logger name='oracle.integration.platform.blocks.java'/>
<logger name='oracle.integration.platform.faultpolicy'/>
<logger name='oracle.integration.platform.testfwk'/>
<logger name='oracle.soa'/>
<logger name='oracle.soa.adapter'/>
<logger name='oracle.soa.b2b'/>
<logger name='oracle.soa.b2b.apptransport'/>
<logger name='oracle.soa.b2b.engine'/>
<logger name='oracle.soa.b2b.repository'/>
<logger name='oracle.soa.b2b.transport'/>
<logger name='oracle.soa.b2b.ui'/>
<logger name='oracle.soa.bpel'/>
<logger name='oracle.soa.bpel.console'/>
<logger name='oracle.soa.bpel.engine'/>
<logger name='oracle.soa.bpel.engine.activation'/>
<logger name='oracle.soa.bpel.engine.agents'/>
<logger name='oracle.soa.bpel.engine.bpel'/>
<logger name='oracle.soa.bpel.engine.compiler'/>
<logger name='oracle.soa.bpel.engine.data'/>
<logger name='oracle.soa.bpel.engine.delivery'/>
<logger name='oracle.soa.bpel.engine.deployment'/>
<logger name='oracle.soa.bpel.engine.dispatch'/>
<logger name='oracle.soa.bpel.engine.sensor'/>
<logger name='oracle.soa.bpel.engine.translation'/>
<logger name='oracle.soa.bpel.engine.ws'/>
<logger name='oracle.soa.bpel.engine.xml'/>
<logger name='oracle.soa.bpel.entity'/>
<logger name='oracle.soa.bpel.jpa'/>
<logger name='oracle.soa.bpel.system'/>
<logger name='oracle.soa.dvm'/>
<logger name='oracle.soa.management.facade.api'/>
<logger name='oracle.soa.mediator'/>
<logger name='oracle.soa.mediator.common'/>
<logger name='oracle.soa.mediator.common.cache'/>
<logger name='oracle.soa.mediator.common.error'/>
<logger name='oracle.soa.mediator.common.error.recovery'/>
<logger name='oracle.soa.mediator.common.message'/>
<logger name='oracle.soa.mediator.dispatch'/>
<logger name='oracle.soa.mediator.dispatch.resequencer.toplink'/>
<logger name='oracle.soa.mediator.filter'/>
<logger name='oracle.soa.mediator.instance'/>
<logger name='oracle.soa.mediator.management'/>
<logger name='oracle.soa.mediator.metadata'/>
<logger name='oracle.soa.mediator.monitor'/>
<logger name='oracle.soa.mediator.resequencer'/>
<logger name='oracle.soa.mediator.resequencer.besteffort'/>
<logger name='oracle.soa.mediator.resequencer.fifo'/>
<logger name='oracle.soa.mediator.resequencer.standard'/>
<logger name='oracle.soa.mediator.service'/>
<logger name='oracle.soa.mediator.serviceEngine'/>
<logger name='oracle.soa.mediator.transformation'/>
<logger name='oracle.soa.mediator.utils'/>
<logger name='oracle.soa.mediator.validation'/>
<logger name='oracle.soa.scheduler'/>
<logger name='oracle.soa.services.common'/>
<logger name='oracle.soa.services.identity'/>
<logger name='oracle.soa.services.notification'/>
<logger name='oracle.soa.services.rules'/>
<logger name='oracle.soa.services.rules.obrtrace'/>
<logger name='oracle.soa.services.workflow'/>
<logger name='oracle.soa.services.workflow.common'/>
<logger name='oracle.soa.services.workflow.evidence'/>
<logger name='oracle.soa.services.workflow.metadata'/>
<logger name='oracle.soa.services.workflow.persistency'/>
<logger name='oracle.soa.services.workflow.query'/>
<logger name='oracle.soa.services.workflow.report'/>
<logger name='oracle.soa.services.workflow.runtimeconfig'/>
<logger name='oracle.soa.services.workflow.soa'/>
<logger name='oracle.soa.services.workflow.task'/>
<logger name='oracle.soa.services.workflow.task.dispatch'/>
<logger name='oracle.soa.services.workflow.task.routing'/>
<logger name='oracle.soa.services.workflow.user'/>
<logger name='oracle.soa.services.workflow.verification'/>
<logger name='oracle.soa.services.workflow.worklist'/>
<logger name='oracle.soa.services.workflow.performance'/>
<logger name='oracle.soa.services.cmds'/>
<logger name='oracle.soa.wsif'/>
<logger name='oracle.soa.xref'/>
<logger name='oracle.ucs'/>
<logger name='oracle.sdp'/>
<logger name='oracle.sdpinternal'/>
<logger name='oracle.sdp.messaging'/>
<logger name='oracle.sdp.messaging.client'/>
<logger name='oracle.sdp.messaging.driver'/>
<logger name='oracle.sdp.messaging.engine'/>
<logger name='oracle.sdp.messaging.parlayx'/>
<logger name='oracle.sdp.messaging.server'/>
<logger name='oracle.wsm'/>
<logger name='oracle.wsm.msg.logging' level='NOTIFICATION:1' useParentHandlers='false'>
<handler name='owsm-message-handler'/>
<handler name='wls-domain'/>
</logger>
<logger name='oracle.sysman' level='NOTIFICATION:32' useParentHandlers='false'>
<handler name='em-log-handler'/>
<handler name='em-trc-handler'/>
</logger>
<logger name='oracle.adf.model.log.AMPoolLifecycle' useParentHandlers='true'/>
<logger name='oracle.adf.model.log.LobDomain' useParentHandlers='true'/>
<logger name='oracle.adf.model.log.SQLBuilder' useParentHandlers='true'/>
<logger name='oracle.adf.model.log.DataChangeEvent' useParentHandlers='true'/>
<logger name='oracle.adf.model.log.JPXSettings' useParentHandlers='true'/>
<logger name='oracle.adf.model.log.GlobalGroovyFunctions' useParentHandlers='true'/>
<logger name='oracle.adf.businesseditor.log.AllocationManagement' useParentHandlers='true'/>
<logger name='oracle.adf.model.log.FrameManagement' useParentHandlers='true'/>
<logger name='oracle.adf.model.log.BusEvent' useParentHandlers='true'/>
<logger name='oracle.adf.model.log.DefaultValueSerializer' useParentHandlers='true'/>
<logger name='oracle.webservices' level='WARNING' useParentHandlers='true'/>
<logger name='oracle.webservices.management' level='WARNING' useParentHandlers='true'/>
<logger name='oracle.j2ee.ws' level='WARNING' useParentHandlers='true'/>
<logger name='oracle.j2ee.ws.server' level='WARNING' useParentHandlers='true'/>
<logger name='oracle.fabric.common' level='WARNING' useParentHandlers='true'/>
<logger name='oracle.soa.b2b.fabric' useParentHandlers='true'/>
<logger name='oracle.soa.hc' useParentHandlers='true'/>
<logger name='oracle.soa.hc.apptransport' useParentHandlers='true'/>
<logger name='oracle.soa.hc.engine' useParentHandlers='true'/>
<logger name='oracle.soa.hc.repository' useParentHandlers='true'/>
<logger name='oracle.soa.hc.transport' useParentHandlers='true'/>
<logger name='oracle.soa.hc.ui' useParentHandlers='true'/>
<logger name='oracle.soa.hc.modelcfgfwk' useParentHandlers='true'/>
<logger name='oracle.soa.hc.fabric' useParentHandlers='true'/>
<logger name='oracle.soa.sql.trc.fabric' level='SEVERE' useParentHandlers='false'>
<handler name='soa-tracking-trc-handler'/>
</logger>
<logger name='oracle.adf.model.log.ApplicationScript' useParentHandlers='true'/>
<logger name='oracle.adf.share.diagnostics.versions' level='FINEST' useParentHandlers='true'/>
<logger name='oracle.adf.share.mds.MDSTransManager' useParentHandlers='true'/>
<logger name='oracle.adf.share.mds.MDSTransManagerClientExceptionLog' useParentHandlers='true'/>
</loggers>
</logging_configuration>
view raw logging.xml hosted with ❤ by GitHub
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
<plugin pluginclass="com.blogspot.oraclestack.eventhandlers.ProvisionAppInstancePreProcess" version="1.0" name="ProvisionAppInstancePreProcess"/>
</plugins>
</oimplugins>
view raw plugin.xml hosted with ❤ by GitHub
<?xml version="1.0" encoding="UTF-8"?>
<eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
<action-handler
entity-type="ApplicationInstance"
operation="PROVISION"
class="com.blogspot.oraclestack.eventhandlers.ProvisionAppInstancePreProcess"
name="ProvisionAppInstancePreProcess"
stage="preprocess"
order="1"
sync="TRUE"/>
</eventhandlers>
view raw ProvAppInstPreEHMetadata.xml hosted with ❤ by GitHub
[2015-06-19T00:27:26.751-04:00] [oim_server1] [NOTIFICATION] [] [com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [tid: OIMQuartzScheduler_Worker-8] [userId: oiminternal] [ecid: 0000Ks9rNy8Fw000jzwkno1LWsmQ000002,1:27651] [APP: oim#11.1.2.0.0] Enter execute() with parameters: {Key=admin, Map=oimScheduledTask}
[2015-06-19T00:27:26.751-04:00] [oim_server1] [NOTIFICATION] [] [com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [tid: OIMQuartzScheduler_Worker-8] [userId: oiminternal] [ecid: 0000Ks9rNy8Fw000jzwkno1LWsmQ000002,1:27651] [APP: oim#11.1.2.0.0] Map: oimScheduledTask, Key: admin
[2015-06-19T00:27:26.751-04:00] [oim_server1] [TRACE] [] [com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [tid: OIMQuartzScheduler_Worker-8] [userId: oiminternal] [ecid: 0000Ks9rNy8Fw000jzwkno1LWsmQ000002,1:27651] [APP: oim#11.1.2.0.0] [SRC_CLASS: com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [SRC_METHOD: getCredentialsFromCSF] Enter getWavesetCredentialsFromCSF() with parameters: Map = oimScheduledTask, Key = admin
[2015-06-19T00:27:26.751-04:00] [oim_server1] [TRACE] [] [com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [tid: OIMQuartzScheduler_Worker-8] [userId: oiminternal] [ecid: 0000Ks9rNy8Fw000jzwkno1LWsmQ000002,1:27651] [APP: oim#11.1.2.0.0] [SRC_CLASS: com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [SRC_METHOD: getCredentialsFromCSF] Context: default
[2015-06-19T00:27:26.751-04:00] [oim_server1] [TRACE] [] [com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [tid: OIMQuartzScheduler_Worker-8] [userId: oiminternal] [ecid: 0000Ks9rNy8Fw000jzwkno1LWsmQ000002,1:27651] [APP: oim#11.1.2.0.0] [SRC_CLASS: com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [SRC_METHOD: getCredentialsFromCSF] Credential Store: credstore.db
[2015-06-19T00:27:26.754-04:00] [oim_server1] [TRACE] [] [com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [tid: OIMQuartzScheduler_Worker-8] [userId: oiminternal] [ecid: 0000Ks9rNy8Fw000jzwkno1LWsmQ000002,1:27651] [APP: oim#11.1.2.0.0] [SRC_CLASS: com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [SRC_METHOD: getCredentialsFromCSF] Credential Map: oimScheduledTask
[2015-06-19T00:27:26.756-04:00] [oim_server1] [TRACE] [] [com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [tid: OIMQuartzScheduler_Worker-8] [userId: oiminternal] [ecid: 0000Ks9rNy8Fw000jzwkno1LWsmQ000002,1:27651] [APP: oim#11.1.2.0.0] [SRC_CLASS: com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [SRC_METHOD: getCredentialsFromCSF] Gathered Credential
[2015-06-19T00:27:26.756-04:00] [oim_server1] [TRACE] [] [com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [tid: OIMQuartzScheduler_Worker-8] [userId: oiminternal] [ecid: 0000Ks9rNy8Fw000jzwkno1LWsmQ000002,1:27651] [APP: oim#11.1.2.0.0] [SRC_CLASS: com.blogspot.oraclestack.scheduledtasks.FetchFromCredentialStore] [SRC_METHOD: execute] Fetch credentials: {username=xelsysadm, description=OIM Admin account, password=Password1}
view raw SampleLogs hosted with ❤ by GitHub


Troubleshooting
Exception: java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=* read)
Reason: Application or user may not have access to credential store.
Fix: You may need to add a system policy via EM console to manage access.
Posted by at
Labels: ,

6 comments:

  1. SwatiAugust 28, 2015 at 6:19 AM

    This comment has been removed by the author.

    ReplyDelete
  2. SwatiAugust 28, 2015 at 6:26 AM

    I am getting below exception :
    java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=* read)

    so do you know how to resolve this?

    ReplyDelete
    Replies
    1. UnknownJune 7, 2017 at 2:26 AM

      I am also getting same error... Let me know if you found solution for that

      Delete
  3. UnknownSeptember 29, 2017 at 4:15 PM

    I am also getting the same. Please mail me if you have soultion. sri.saileshkamma@gmail.com

    ReplyDelete
  4. rmouniakApril 27, 2018 at 5:16 AM

    Thanks for sharing this is amazing blog


    Oracle SOA Online Training

    ReplyDelete
  5. AnonymousAugust 2, 2018 at 9:33 AM

    Solution 100% works:

    a) Go to the oracle_common wlst command location, keep in mind that other wlst scripts available in other locations might not know about OPSS specific commands.

    cd $MW_HOME/oracle_common/common/bin


    b) Run wlst.sh or wlst.cmd script, depending if it is Windows or Unix
    > wlst.sh

    c) In prompt, connect to your domain:
    wls:/offline> connect()
    Please enter your username :
    Please enter your password :
    Please enter your server URL [t3://localhost:7001] :t3://:
    Connecting to t3://: with userid ...
    Successfully connected to Admin Server 'AdminServer' that belongs to domain 'domain'.

    Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead.

    d) Now, grant the credential by running in a single line, the grantPermission comand on the code source we determined in step 2, and specify the map, key and action as permTarget parameter with the following syntax.
    Make sure you run this command in one single line to avoid syntax errors.

    wls://serverConfig> grantPermission(permClass="oracle.security.jps.service.credstore.CredentialAccessPermission",permTarget="context=SYSTEM,mapName=oim,keyName=*",permActions="read")


    e) Stop WebLogic Domain

    f) As a recommendation, Clear or make backup of actual log files, in order to register the latest activities.

    g) Start WebLogic Domain

    h) Test again.

    ReplyDelete

Subscribe to: Post Comments (Atom)