About Me

About Me
Working with SOA technologies , implementing solution using IBM BPM , IBM Integration Designer,IBM WODM and IBM DataPower

About me

View Mahesh Dondeti's profile on LinkedIn

upcoming posts on IBM Bluemix,Devops,Worklight,Node js.

Monday 30 September 2013

Security QOS Usage in BPM V7.5.1




Scenario:-

To demonstrate Security QOS  I had taken customer validation scenario.In this scenario customer details are sent to java component and its validates customer details based on customer name and send status back to BPEL.

 Security QOS have two options.





Security identity qualifier
The security identity qualifier is a privilege specification that you can use to provide a logical name for the identity under which the implementation executes at run time.

Location: A security identity qualifier is set on an implementation.

Security permission qualifier

The security permission qualifier specifies a role, which is a semantic grouping of permissions that a given type of users must have to use an operation in an interface.
Location: You can apply the qualifier at three levels of a component or import:
  • For all of its interfaces
  • For an individual interface
  • For an individual operation of an interface

Configuration for  security permission Qualifier:-
  

Here “Caller” is role name

Configuration for  security identity Qualifier:-



Then Save the flow and test it to then you got  the exception.like below

Error Message:-

[9/30/13 16:54:33:951 EDT] 00000078 FfdcProvider  W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on C:\IBM\WebSphere\AppServer\profiles\qbpmaps\logs\ffdc\server1_530053_13.09.30_16.54.33.9346667470257423067985.txt com.ibm.ws.container.security.AccessManagerImpl.checkAccess 157
[9/30/13 16:54:34:046 EDT] 00000078 FfdcProvider  W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on C:\IBM\WebSphere\AppServer\profiles\qbpmaps\logs\ffdc\server1_530053_13.09.30_16.54.33.9626253607128204352228.txt com.ibm.bpe.engine.BpelActivityKindInvoke.doActivate 1083
[9/30/13 16:54:34:217 EDT] 00000078 ProcessEngine I   CWWBE0057I: Activity 'Invoke' of processes '_PI:90030141.70a6a93f.3fbee53.36820073' has been stopped because of an unhandled failure.
        com.ibm.bpe.api.RuntimeFaultException: CWWBE0003E: A runtime fault was returned by the implementation of activity 'Invoke'.
        com.ibm.websphere.sca.ServiceRuntimeException: Permission denied: User “admin” is not in role:Caller and does not have permission to invoke the method
[9/30/13 16:54:34:301 EDT] 00000078 TomInterTrans W   CWWBB0699W: The content of the internal database cache for entity 'com.ibm.bpe.database.ScopedVariableInstanceB' with key '
SVIID                         = _SVI:90280141.70a6aa6a.3fbee53.36820082}' is not valid anymore.

If you observe the above message it was clear that username admin  have no permission to access component implementation .So to overcome this we need to follow below steps

  • Log on to admin console
  • Go to Websphere Enterprise Application.
  • Click on SecurityPOCApp and select “security role to user and GroupMapping “ as shown below.


              
  • Add  “admin” user to  Caller role as shown below .Select  Caller check box and click on Mapusers tab.
 

Test flow it works fine now.
 
Thanks for reading my post.
Please share you valuable suggestions and feedback to my mail id"mdondetisbit@gmail.com" to improve my self.

Please post any issues/querys related to BPM,WODM and DATAPOWER  to "mdondetisbit@gmail.com"