| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Security error when mediation flow calls mediation flow |
« View previous topic :: View next topic » |
| Author |
Message
|
| petmor |
 Posted: Fri Apr 16, 2010 11:03 pm Post subject: Security error when mediation flow calls mediation flow |
 |
|
Apprentice
Joined: 20 Jun 2002
Posts: 45
Location: Pasadena, CA
|
Within a mediation "sub" flow, we are using the following code to expand a WPS environment variable:
install_root = (String) as.invoke((javax.management.ObjectName) result.iterator().next(), "expandVariable", new Object[] {"${"+"USER_INSTALL_ROOT"+"}"}, new String[] {"java.lang.String"});
This works fine when testing the mediation "sub" flow directly using the WID "Test component" utility. The variable expands and things work as expected.
We have made this mediation flow available to another "master" mediation flow by referencing it through a Library.
The "master" mediation flow has 4 nodes, export, mediation and two imports. We are able to test from the "master" mediation node with no errors ... the "sub" mediation flow is called successfully, and all is good. But when we test from the "master" mediation flow export node, or test from outside WID by sending a request to the "master" mediation using soapUI or LISA, we get the following error when we enter the "sub" mediation and attempt to expand a WPS environment variable:
CWSXM0201E: Exception returned by mediation flow for component ESBM_EIS_Utility in module ESBM_EIS_Utility: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the expandVariable operation on AdminOperations MBean because of insufficient or empty credentials.
Trace log provided the following message:
[4/16/10 23:42:11:501 PDT] 00000372 SystemOut O ESBM_EIS_Utility: Begin process for config file access
[4/16/10 23:42:11:501 PDT] 00000372 RoleBasedAuth A SECJ0305I: The role-based authorization check failed for admin-authz operation AdminOperations:expandVariable:java.lang.String. The user UNAUTHENTICATED (unique ID: unauthenticated) was not granted any of the following required roles: operator, administrator.
We found that we can eliminate the error by turning off Security using the Admin console, but we don't want to turn off security at the server level.
Are there any properties or settings we can modify to allow our "sub" mediation to do it's job when called by another mediation? Not sure if we need to grant "operator" role to the "master" mediaton or the "sub" mediation, or how we would go about doing it.
We are running WID/WPS 6.2 and have the mediation flows built within separate mediation modules. We are experienced with Message Broker but new to WID. Any help would be appreciated. Thanks!
Peter |
|
| Back to top |
|
 |
| autorun |
| Posted: Fri Apr 23, 2010 3:11 pm Post subject: Revolved |
|
|
Apprentice
Joined: 02 Feb 2002
Posts: 29
|
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
