MBean operation access denied errors in SOA logs

Issue –> Admin/SOA domain server logs are filled with MBean attribute access denied warnings.

Error –>

<Jan 30, 2016 3:14:43 PM IST> <Error> <oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor> <J2EE JMX-46336> <MBean operation access denied.
  MBean: oracle.soa.config:name=soa-infra,j2eeType=CompositeLifecycleConfig,Application=soa-infra
  Operation: getDeployedComposites(java.lang.String, java.lang.String, java.lang.String)
  Detail: access denied (“oracle.fabric.permission.CompositePermission” “default” “read”)
java.security.AccessControlException: access denied (“oracle.fabric.permission.CompositePermission” “default” “read”)
Cause –> Only one server in the cluster is able to authenticate the user for SOA application.
Solution –>
# Login to WLS console
# select the domain -> security -> Embedded LDAP
# Make sure “Refresh Replica At Startup ” is enabled
# save changes & restart all servers

Passing HTTP Basic Authentication to secure Webservices With SOA Suite 11g BPEL

In this post we will see  how to use SOA 11g BPEL to pass a username & password pair to a webservice that was protected by HTTP basic authentication.

Below are steps for achieving this using 11g JDeveloper;
  1. Open your SOA composite and in your BPEL process add the partner link call to the remote secured webservice wsdl location.
  2. Once you’ve browsed for the wsdl, edit your projects composite.xml file via the Application Navigator on the left.
  3. Now right click on the external referenced service that you added and select ‘Configure WS policies’
  4. Within the Security tab, click the Add button and select oracle/wss_username_token_client_policy.
  5. Via the Property Inspector window click the ADD button under the Binding Properties tab.
  6. Now Open the property Inspector window and click the add button under Binding properties tab.
  7. Manually add oracle.webservices.auth.username and oracle.webservices.auth.password and their properties. ie: add two new properties, oracle.webservices.auth.username and a value, then another property – oracle.webservices.auth.password and a value.
  8. Compile and deploy the project to observe how those properties are now passed to the remote webservice.

Exception in HttpOutboundMessageContext.RetrieveHttpResponseWork.run: java.io.IOException: SocketMuxer detected socket closure while waiting for a response in OSB

Issue –> While calling an business service in OSB , i got the below error.

Error –>

Exception in HttpOutboundMessageContext.RetrieveHttpResponseWork.run: java.io.IOException: SocketMuxer detected socket closure while waiting for a response
Supplemental Detail java.io.IOException: SocketMuxer detected socket closure while waiting for a response
at weblogic.net.http.SocketClosedNotification.<clinit>(SocketClosedNotification.java:13)
at weblogic.net.http.AsyncResponseHandler$MuxableSocketHTTPAsyncResponse.handleError(AsyncResponseHandler.java:395)
at weblogic.net.http.AsyncResponseHandler$MuxableSocketHTTPAsyncResponse.hasException(AsyncResponseHandler.java:503)
at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:846)
at weblogic.socket.SocketMuxer.deliverHasException(SocketMuxer.java:780)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:957)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:916)
at weblogic.socket.NIOSocketMuxer.process(NIOSocketMuxer.java:596)
at weblogic.socket.NIOSocketMuxer.processSockets(NIOSocketMuxer.java:560)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:30)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:43)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:147)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:119)

Solution –>

This issue is resolved after changing the business service endpoint URL from load balancer URL to individual server URL.

Unable to Deploy from JDeveloper “Caller doesn’t have enough permission to call this method”

Issue –> When deploying a composite from jdeveloper got this error.

Error –>

java.lang.RuntimeException: java.rmi.RemoteException: EJB Exception: ; nested exception is:
  java.lang.RuntimeException: Caller doesn’t have enough permission to call this method.
  at oracle.soa.management.internal.facade.ServerManagerImpl.getPartitions(ServerManagerImpl.java:120)
  at oracle.tip.tools.ide.fabric.asbrowser.WeblogicSOAServer.initPartitions(WeblogicSOAServer.java:92)
  at oracle.tip.tools.ide.fabric.asbrowser.WeblogicSOAServer.(WeblogicSOAServer.java:68)
  at oracle.tip.tools.ide.fabric.asbrowser.ASBrowserHelper.listWeblogicSOAServers(ASBrowserHelper.java:275)
  at oracle.tip.tools.ide.fabric.asbrowser.ASBrowserHelper.listSOAServers(ASBrowserHelper.java:201)
  at oracle.tip.tools.ide.fabric.asbrowser.ASBrowserHelper$RunnableListSOAServers.run(ASBrowserHelper.java:333)
  at oracle.ide.dialogs.ProgressBar.run(ProgressBar.java:655)
  at java.lang.Thread.run(Thread.java:662)
Caused by: java.rmi.RemoteException: EJB Exception: ; nested exception is:
  java.lang.RuntimeException: Caller doesn’t have enough permission to call this method.
  at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
  at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
  at oracle.soa.management.internal.ejb.impl.FacadeFinderBean_4vacyo_FacadeFinderBeanImpl_1036_WLStub.getMBeanAttribute(Unknown Source)
  at oracle.soa.management.internal.facade.ServerManagerImpl.getPartitions(ServerManagerImpl.java:110)
  … 7 more

Solution –>

This issue was resolved after adding the SOA Operator role to the user.

The following Fault Message is received at the client side from the service:- Supplemental Detail FailedAuthentication : The security token cannot be authenticated..

Issue –> When invoking a secured webservice we will get this kind of errors .

Error –> 

The following Fault Message is received at the client side from the service:-
Supplemental Detail FailedAuthentication : The security token cannot be authenticated..

The client side policy is:-

The service endpoint url is:-

Keystore properties:-

Properties found in the message context (Partial list):-

PolicyReference OverrideProperty:
[OverrideProperty [name=csf-key, value=Service_key]]

Policy configuration properties (some of these may be overridden by the properties passed in the PolicyReference or message context, for details about the order of precedence of properties consult documentation):-
{csf-key=basic.credentials, role=ultimateReceiver}.

Other related information:-

Solution –> In this case the CSF key credentials are wrong , please update the CSF key with correct credentials..

Creating Inline Sub Process in Oracle SOA Suite

Inline sub process is a sub process that can resides in the same BPEL process. Inline sub process contains set of activities which can be used in the same BPEL process. We can use call activity to invoke a inline sub process. For converting to inline subprocess , all activities should be in same scope.

Creating an inline subprocess within an existing inline subprocess is not supported.

Now we will create a inline subprocess–>

I have created one test composite which will writes the data to a database table.

I have added the assign and invoke activity to write the data to DB table.

To create an inline subprocess , right click on the scope and click on “Convert to a subprocess”. Enter the name , label and comments and click on OK.

Once you click on OK, you scope will converted in to CALL and you can see this subprocess is visible in subprocesses of component palette.


How to use an Inline Subprocess –>

For using the inline subprocess , you have to drag the subprocess from component palate to your BPEL process.

Once we add the subprocess to our BPEL process, it adds one call activity to call that subprocess . We can change name of call as per our requirement.


That’s it deploy the jar to server and test it.


Creating Standalone Sub Process in Oracle SOA Suite

A stand alone sub process is a sub process which resides inside the same composite. Stand alone sub process contains activities that can be used inside the composite. We can use call activity to invoke a Standalone subprocess. We can see the standalone subprocess in components view.

we don’t have any restriction on one BPEL subprocess calling itself recursively. You must determine if you want to recursively call the same BPEL subprocess and the number of times the subprocess calls occur.

we can create and deploy a SOA composite application that contains only a standalone subprocess.

A standalone subprocess cannot be shared in the MDS Repository. But a BPEL process with call activities for calling the subprocess can be shared in the MDS Repository.

Now we will see how to create a standalone subprocess and use it.

Create a SOA composite with synchronous BPEL process.

Create a string variable(MainVar) and assign input to that string variable.


Now we will see how to create stand alone subprocess inside this composite.

For creating standalone subprocess right click on components -> Insert -> Subprocess


Provide the name for subprocess and click on OK.


Open the Stand alone subprocess and create a string variable(Subvar) and in assign action use an expression to concat the var with some text and SAVE.


Now in the composite editor right click on the BPEL process click on EDIT .

It will open the BPEL process , From the Oracle Extensions subsection, drag a call activity below the assign activity in Oracle BPEL Designer.


Double click the Call and select the subprocess, Click inside the Value column to invoke the Variable Chooser dialog, select the variable we have created (MainVar) and click on OK.


Deselect the checkbox for “Copy By Value” and click on OK.


From component palette drag an assign activity and place it after call activity and In the Copy Rules tab of the assign activity, update the output message with (MainVar), and click OK.


This BPEL process, the following logic is implemented:

string value in the input message in AssignIn is taken and assigned to MainVar in the call activity, to be passed by reference.

AssignOut takes MainVar and creates the response. The MainVar value is updated by the subprocess.


If you see the composite , you can see subprocess is wired to your BPEL process.


Now we will deploy the composite and test the results. You could see that standalone subprocess invoked from main BPEL process and the output has the response from subprocess.