Wednesday, July 31, 2013

wlsbjmsrpDataSource security policy: role must be ALSBSystem or Admin

A Monitoring WebApplication has to do a JNDI lookup for all Datasources in a WebLogic domain.

For wlsbjmsrpDataSource only I get this error message:
User <anonymous> does not have permission on wlsbjmsrpDataSource to perform lookup operation.
Looking in the JNDI tree of the server, I notice that only wlsbjmsrpDataSource has a security policy associated, to allow access only to ALSBSystem or Admin roles. All other Datasources are allowed to everyone.

I open the ear: /opt/oracle/fmw11_1_1_5/osb/lib/common/jmsreportprovider.ear

and peeping in the ejb-jar.xml I see

ejb-jar/enterprise-beans/message-driven/security-identity/run-as/role-name = ALSBSystem

and also in weblogic-ejb-jar.xml we have:

weblogic-ejb-jar/weblogic-enterprise-bean/run-as-principal-name = alsb-system-user

No comments: