History | Log In     View a printable version of the current page. Get help!  
Issue Details (XML | Word)

Key: HJMS-93
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Colin Crist
Reporter: Vlad
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.

Not Authorized to browse JMS Q in Oracle 10g Application Server

Created: 21/Apr/09 05:52 PM   Updated: 10/Jun/11 05:43 AM
Component/s: None
Affects Version/s: 1.13
Fix Version/s: 1.13

Environment: Development

 Description  « Hide
When trying to browse OAS JMS queue using OAS user other than oc4jadmin I' m getting the "Not Authorized"
User RTEUSER is granted following roles:ascontrol_appadmin, ascontrol_monitor, ascontrol_admin
Please, advise if I can use OAS account other than oc4jadmin?
I can browse JMS Q using Oracle EM with RTEUSER account, accessing it outside of Oracle EM using HERMES JMS is the problem
Please, advise if I can use OAS account other than oc4jadmin?
Error message:
avax.jms.JMSException: Lookup error: javax.naming.AuthenticationException: Not authorized; nested exception is:
javax.naming.AuthenticationException: Not authorized
at hermes.JNDIConnectionFactory.createConnection(JNDIConnectionFactory.java:85)
at hermes.impl.jms.ConnectionManagerSupport.createConnection(ConnectionManagerSupport.java:122)
at hermes.impl.jms.ConnectionManagerSupport.createConnection(ConnectionManagerSupport.java:92)
at hermes.impl.jms.ConnectionSharedManager.reconnect(ConnectionSharedManager.java:81)
at hermes.impl.jms.ConnectionSharedManager.connect(ConnectionSharedManager.java:91)
at hermes.impl.jms.ConnectionSharedManager.getConnection(ConnectionSharedManager.java:104)
at hermes.impl.jms.ConnectionSharedManager.getObject(ConnectionSharedManager.java:142)
at hermes.impl.jms.ThreadLocalSessionManager.connect(ThreadLocalSessionManager.java:190)
at hermes.impl.jms.ThreadLocalSessionManager.getSession(ThreadLocalSessionManager.java:570)
at hermes.impl.jms.AbstractSessionManager.getDestination(AbstractSessionManager.java:465)
at hermes.impl.DefaultHermesImpl.getDestination(DefaultHermesImpl.java:367)
at hermes.browser.tasks.BrowseDestinationTask.invoke(BrowseDestinationTask.java:141)
at hermes.browser.tasks.TaskSupport.run(TaskSupport.java:175)
at hermes.browser.tasks.ThreadPool.run(ThreadPool.java:170)
at java.lang.Thread.run(Thread.java:595)

 All   Comments   Change History      Sort Order:
Vlad [23/Apr/09 10:08 AM]
I found solution for this problem:

When using file-based authentication, each OC4J instance created needs a user created with appropriate privileges and the instance then must be restarted.
When creating a user at the top-level in OAS it does not scale down to all OC4J instances.
Therefore making a connection through JDeveloper to an instance where a user is not created result in the authentication error to occur.

Connect to OAS using specific roles
The following steps shows how to make a JDeveloper application server connection to an OAS OC4J
instance using non-oc4jadmin users:-

Here we will create a realm user on an OC4J container.

1. For Oracle Application Server 10.1.3.X proceed to Application Server Control.


2. After logging into ASC, select an OC4J instance i.e. Tars.
3. Select the Administration link.
4. In the Task Name section, under Security select the 'Go to Task' icon for Security Providers.
5. Press the button [Instance Level Security].
6. In the Instance Level Security screen, select the tab link Realms.
7. In the section Security Provider Attributes: File-Based Security Provider there is a realm
named jazn.com. Select the number under the Users column.
8. In the Users screen press the button [Create].
9. Add User screen, enter the following information.

Name field : enter a name i.e. "scott"
Password || Confirm Password fields : enter "welcome1"
In the Available Roles area, select ONLY the following roles
Move across to Selected Area.

Press [OK].

10. Restart OC4J container via ASC or use following commands.