• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • Protecting WebLogic Server application using Oracle Entitlement Server

    Posted by "" in "idm, installation, integration, security, weblogic" on 2010-02-19

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    This post talks about protecting a WebLogic server application using Oracle Entitlement Server. This means coarse grained access which is page level access based on user user roles. Though OES is meant for fine grained access, we will discuss how a basic WL app can be protected at first. Later if you want to provide ATN using OAM and ATZ using OES, you can follow this.

    I will talk about installing a WebLogic SSM, configuring the SSM and protecting sample WL app using SSM.

    Install WebLogic SSM: WL SSM is used only to protect weblogic apps.
    Run the installer and provide the following details.

    1. Select BEA Home (You can install SSM either in the same Admin home or in a different location)
    2. Select only OES SM For WLS [Notice OES SM Common is also selected ]
    3. Enter the SCM name if you want to associate the WL SSM to an SCM (optional)
    4. Enter the administration url eg., https://admin_host_name:port/
    5. Select the JDK (select latest version available in WebLogic server installation)

    After the installation is finished, click the Finish.

    Applying Patch:The latest SSM patch available is CP3.
    Extract the patch file and copy the patches folder to the $BEA_HOME/ales32-ssm
    Edit the ApplySsmPatch.sh and provide jdk and ssm directory locations.
    Run the patch as shown below. All OES servers has to be stopped before applying patch.

    To check status: ./ApplySsmPatch.sh status
    To upgrade SSM to CP3

    We will proceed to next step assuming the WebLogic domain is already created.

    Configure SSM: This step involves creating an WL SSM instance
    Edit the file myssm_config.properties for the following params.
    wls.domain.dir = weblogic_domain_directory
    ssm.conf.id = wlsapp (you will see )
    db.password = abcd1234 (oes database user password used while running DBConfigTool)
    ales.admin.password = abcd1234 (OES admin password)
    ssm.admin.name = weblogic (Weblogic domain username)
    ssm.admin.password = abcd1234
    arme.port = 8000
    ales.organization.scope = wlsapp_org (since CP3, Application scope is replaced with Organizational scope )
    ales.identity.dir =wlsapp_dir (identity directory where users for this application in OES are stored)
    db.jdbc.url = jdbc:oracle:thin:@db_server:1521:db_sid
    db.jdbc.driver = oracle.jdbc.driver.OracleDriver (uncomment this line)
    scm.name = adminconfig

    Run the ConfigTool as shown below.
    To check everything works: ./ConfigTool.sh -check myssm_config.properties (Advisory to run this command as it checks if there are any conflicts). The WebLogic server should be stopped before running this command.
    To process : ./ConfigTool.sh -process myssm_config.properties
    This will create the the WL SSM instance, organization with wlsapp in OES and policies.

    Open the OES EUI console and access the Resources. Traverse to the organization wlsapp->shared->server and create New AdminServer and map it as Resource. Distribute the policies. Policy distributed is crucial and missing this will not allow weblogic server to start (will throw Authentication failed at booting stage) .

    Start the WebLogic server.
    Access the WLS console and see the new realm created and marked as true (default realm). Check the providers, Database Authenticator where the OES will authenticate users against the DB using this Authenticator.

    Deploy WebLogic Application:

    Now deploy the weblogic application and test the application.

    Lets assume the app simply consists of welcome.jsp with ales tags as mentioned below.

    <!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”
    “http://www.w3.org/TR/html4/loose.dtd”>
    <%@ taglib prefix=”ales” uri=”http://www.bea.com/ales/tags”%>
    <%@ page language=”java” contentType=”text/html; charset=ISO-8859-1″
    pageEncoding=”ISO-8859-1″%>

    <html>
    <head>
    <meta http-equiv=”Content-Type” content=”text/html; charset=windows-1252″/>
    <title>welcome OES user</title>
    </head>
    <ales:setSecurityContext value=”/check”>
    <ales:attribute name=”foo” value=”1″/>
    </ales:setSecurityContext>
    <body>
    <ales:isAccessAllowed resource=”/isAllowed” action=”view”>
    <ales:then>You are allowed to see the secret text</ales:then>
    <ales:else>DenyReason: You are not valid user </ales:else>
    </ales:isAccessAllowed>

    </body>
    </html>

    Discovery Mode:

    The application has to be accessed by enabling discovery mode in weblogic server.

    Discovery mode will disable all the securities applied for the application. That is authentication, authorization based on groups/roles etc., Hence the user will not be challenged with any authentication when he access the application.

    To do so, stop the weblogic server and add/uncomment the following lines in set-wls-env.bat/sh


    com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.discoverymode=true
    com.bea.security.providers.authorization.asi.RoleProviderImpl.discoverymode=true


    Then start the weblogic server and access the application once again.

    47 Responses to “Protecting WebLogic Server application using Oracle Entitlement Server”

    1. jay says:

      Hi,
      Atul

      I really need your help.
      i am trying to clone a server. which 8i database & 11.5.9 application. & its os is windows 2000.
      when i run adcfgclone on dbTier it shows me following error.

      F:\applmgr\prddb\8.1.7\appsutil\clone\bin>perl adcfgclone.pl dbTier
      Enter the APPS password [APPS]:
      apps

      First Creating a new context file for the cloned system.
      The program is going to ask you for information about the new system:

      ..jrebinjava.exe: not found
      ..jlibxmlparserv2.zip: not found
      ..jlibclasses111.zip: not found
      ..jrelibrt.jar: not found
      C:toolsMKSmksntetcperllib: not found
      C:toolsMKSmksntetcperllibsite_perl: not found
      ERROR: Could not open

      plz help me body. bcause this cloning is very imp. for do some mejor R&D. so plz give any solution as soon as possible.

    2. Atul Kumar says:

      @ Jay,
      Which cloning document you are following ? Did you run pre clone steps on source instance before copy to target ?

    3. Alalasundaram Saravanan says:

      Dear friend

      Please mention which version of weblogic server you have used, also recommend where to get the SSM CP3 patch.

      with warm regards and thanks

      Alalasundaram Saravanan

    4. Javier says:

      Hi Atul

      In the path of wlsapp->shared->server, “server” is a level more or is a resource, can you add images to the post please.

      In Discovery Mode, how i can to import the policies once they was genereated in a domain home??

      Regards and thank you for your post

    5. Mahendra says:

      Hi Saravanan,

      I have used WebLogic Server 10.3.1 version. Having said, this version works though it’s not certified.

      Here are the patch no.s that you need to download from the metalink.

      Admin -CP3: 9171320
      SSM-CP3: 9171016

    6. Mahendra says:

      Hi Javier,

      I am actually in the process of updating the same post with more details. Something which I forgot to write up is that, after you create SSM instance using ConfigTool, you would need to create the resource AdminServer as Type Resource under wlsapp -> shared -> server. This is followed by save & Distribute and start the WLS SSM server. FYI, server is also a resource.

      When you run SSM in discovery mode, files such as object, rule, role etc., gets created under the location weblogic domain directory. Infact the actual names that gets created are AuthorizationProviderImpl.role and you would need to rename them as role respectively. You would have to modify the load.conf present in ales32-admin folder and run the policyloader. After that restart the WLS server. Check the policies for wlsapp in OES consoles. Hope this helps.

    7. Alalasundaram Saravanan says:

      Dear Mahendra

      Thanks for the response, after successfully creating the ssm instance and when I try to start the weblogic server I am facing below exception which prevents the Weblogic to start.

      Is it familier issue to you?

      Caused By: oracle.security.jps.JpsRuntimeException: No Default or LDAP Authenticator configured on WLS

      Alalasundaram Saravanan

    8. Mahendra says:

      Hi Saravanan,

      I want you to check few things.
      First, after SSM instance is created, did you goto OES console and to resource structure weblogic_app/shared/svr and created AdminServer resource? It looks to me that Authenticator might not have been configured for the ssm realm.

      So just to check that, goto config.xml and check the authenticator configured. If not, make myrealm as default and check the same.

      HTH.

      Mahendra.

    9. Alalasundaram Saravanan says:

      Dear Mahendra

      1.Please find attached (sent in mail)the configtool.log which shows some error during instance creation yesterday.

      Is it ok or I need to re create the ssm instance.

      2. Find attached the config.xml the default realm has been set with out the steps you have mentioned, should I still need to do the steps?

      with warm regards

      AlalasundaramSaravanan

    10. Mahendra says:

      Hi Saravanan,

      I have not received the log and config files through mail. Can you recheck that please?

    11. Alalasundaram Saravanan says:

      Dear Mahendra

      I could not send the file through mail, please note the extract below.

      Exceptions during ssm instanace creation

      2010-02-25 18:33:22,656 [C:/DOCUME~1/L
      ENOVO/LOCALS~1/Temp/AlesConfig.pe rformAlesChecks2885\
      CheckPassword.bat] DEBUG com.bea.security.SsmConfigTool.Daemon – stderr:
      … 44 more
      Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
      java.net.ConnectException: Connection refused: connect; No available router to destination
      at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:464)
      at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:315)
      at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:251)
      at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:194)
      at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
      2010-02-25 18:33:23,172 [C:/DOCUME~1/LENOVO/LOCAL
      S~1/Temp/AlesConfig.performAlesChecks2885\CheckPassword
      .bat] DEBUG com.bea.security.SsmConfigTool.Daemon – stdout: Server not running
      Exception string: Error occured while performing connect : Er
      ror getting the initial context. There is no server running at t3://localhost:7101
      Use dumpStack() to view the full stacktrace

      some exceptions during start of weblogic server

      Caused By: oracle.security.jps.JpsRuntimeException: No Default or LDAP Authenticator configured on WLS
      at oracle.security.jps.wls.internal.idstore.WlsLdap
      IdStoreConfigProvider$WlsLdapIdStoreDescriptor.(WlsLdapIdStoreConfigProvider.java:87)
      at oracle.security.jps.wls.internal.idstore.W
      lsLdapIdStoreConfigProvider.getIdentityStoreConfig(WlsLdapIdStoreConfigProvider.java:74)
      at oracle.security.jps.internal.idstore.ldap.LdapId
      entityStoreProvider.getIdStoreConfig(LdapIdentityStoreProvider.java:217)
      at oracle.security.jps.internal.idstore.ldap.LdapIdent
      ityStoreProvider.getInstance(LdapIdentityStoreProvider.java:108)
      at oracle.security.jps.internal.idstore.ldap.LdapIdentitySt
      oreProvider.getInstance(LdapIdentityStoreProvider.java:59)
      at oracle.security.jps.internal.core.runtime.ContextFactoryIm
      pl.findServiceInstance(ContextFactoryImpl.java:139)
      at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
      at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
      at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:129)
      at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:124)
      at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:628)
      at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:622)
      at java.security.AccessController.doPrivileged(Native Method)
      at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:622)
      at oracle.security.jps.internal.policystore.PolicyDelegationController.(PolicyDelegationController.java:254)
      at oracle.security.jps.internal.policystore.PolicyDelegationController.(PolicyDelegationController.java:248)
      at oracle.security.jps.internal.policystore.JavaPolicyProvider.(JavaPolicyProvider.java:130)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      at java.lang.Class.newInstance0(Class.java:355)
      at java.lang.Class.newInstance(Class.java:308)
      at weblogic.security.service.CommonSecurityServiceManagerDelegateImp
      l.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1312)
      at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initia
      lize(CommonSecurityServiceManagerDelegateImpl.java:1018)
      at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
      at weblogic.security.SecurityService.start(SecurityService.java:141)
      at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

      with warm regards

      AlalasundaramSaravanan

    12. Mahendra says:

      Hi Saravanan,

      Is SSM located in seperate machine from Admin server? If so, is connectivity working. Please check if Admin and SCM are up and running. You can also check by accessing the consoles.
      Is this the fresh instance creation soon after SSM install? Or something else is working fine?

      Please remember while running ConfigTool, it is recommended to run this using -check first and then with -process. The option -check will not create SSM instance or policies, it just checks whether all the config details provided are fine or not.

    13. Javier says:

      Hi Mahendra

      Hi again, i new in tecnology OES, this post it’s very helpful, but i have many questions about before and after of protecting weblogic.

      Before of executing the config tool it’s necessary execute an enrollment and asi password??
      After of executing the discovery mode when i modify the load.conf where i would modify the file load.conf in SSM instance or in OES instance?? I have two separated instances one contains a OES server and another have a SSM whith a weblogic, i don’t know where is necessary execute the policyloader??
      i apologize for my poor english

    14. Mahendra says:

      Hi Javier,

      You would need to run enroll.sh and asipassword.sh if you have SSM in different instance from Admin server, otherwise its not needed. The policy loader will be present in Admin server instance along with the load.conf.

      Does it answer your question?

      -Mahendra.

    15. Javier says:

      Hi Mahendra

      Thank you for your answer and thank you for your patience. Your answer help me to understand better the process of protect the weblogic server.

    16. Mahendra says:

      You’re welcome Javier. Good Luck :)

    17. Javier says:

      Hi Mahendra

      Can you help me to resolve an issue occurs when i run the policyloader.

      When i execute ./policyloader.sh load.conf the log send me this error:

      Start loading Rule, time is: vie mar 5 2010 12:24:16 EST
      loading policy from file /u01/oracle/product/weblogi
      c/ales32-admin/examples/policy/rule.1

      Number of Authorization and Role Mapping Rules processed : 1, time is: vie mar 5 2010 12:24:16 EST
      BLM Syntax Exception : privilege in action must be in DB://priv/RootOrg!ultraAppOrg!shared!reserve
      ———The input data = : grant(//priv/RootOrg!ultr
      aAppOrg!shared!reserve,//app/policy/RootOrg/ultraAppOrg/shared/jd
      bc/ConnectionPool/negocioDataSource,//role/Everyone) if true; : line No.1
      BLM Syntax Exception : privilege in action must be in DB:
      //priv/RootOrg!ultraAppOrg!shared!reserve
      ———The input data = : grant(//priv/RootOrg!ultr
      aAppOrg!shared!reserve,//app/policy/RootOrg/ultraAppOrg/shared/j
      dbc/ConnectionPool/negocioDataSource,//role/Everyone) if true; : line No.1

      End loading Rule, time is: vie mar 5 2010 12:24:16 EST

      Rollingback 1 BLM transactions due to an error.
      The Policy loader transaction has been rolled back, please refer to the BLM Server logs for details.

      The Policy loader transaction has been rolled back, please refer to the BLM Server logs for details.

      ASI shutting down
      disabling policy cache invalidator
      PolicyCacheInvalidator thread is stopping
      ASI shutdown complete
      Policy Loader has terminated! Please check the log file to see if there is any error messages.

      I generated a new resource shared>jdbc>ConectioPool>n
      egocioDataSource but it don’t works, do you have any idea or suggestion for fix this issue.

      Thank you in advance

      Regards

    18. Mahendra says:

      Hi Javier,

      First of all, you have to run policyloader.sh after you run the application in discovery mode. So when you run application (i mean weblogic server) in discovery mode, files such as policy, roles, rules, privileges etc., gets created under weblogic domain directory. You have to verify the files and remove unnecessary lines (you can make if anything is not pertaining to your application).

      Then you have to copy all those files to a location and should specify that directory in load.conf file.

      If you have followed the above said approach, then the author policies, roles, role policies, actions etc., gets created. (remember these are like basic policies that gets created)

      Then you can add your actual policies etc., in OES console.

      So in your case, you said you are trying to connection pool resource, so you have to ensure where exactly that resource should be.

      You have to create that resource manually and should create policies etc., later on. What you are doing may not be possible in ideal scenarios. Therefore, first run policy loader to create all basic stuff, create connection pool, create policies..

      HTH.

      Mahendra.

    19. Javier says:

      Hi Mahendra

      I have a new issue about the import policies.

      I can import the policies and the log don’t send me any error but when i go to EUI Admin console the app not have rule or policy in the resource tab, I mean the org and app it’s fine but no have any policies or rule associated with the resources.

      I don’t know if it’s right or i missing a step after or before.

      I follow your tips and the install, configuration and discovery mode works fine but i can’t load the policies appropriately.

      Do you have any recommendation??

      Thanks

    20. Mahendra says:

      Hi Javier,

      I presume you would have got policies in your file policy as //role/anyone etc., so that all resources should have that anyone access.

      This means after you finish policy loading, you have to uncomment two lines added for discovery mode.

      Looks like it seems fine to me.
      After this, you manually add policies, roles in your OES console.

      Makes sense ?

      -M

    21. Jay Bautista says:

      Hi Mahendra,

      we are facing issues on accessing an application deployed on the weblogic domain that is being protected by OES SSM (wls-ssm). when i access the application, a login popup window appears, and even if i login as weblogic it still shows that the page is forbidden.

      how do we configure the resources of the application we want to protect in OES? and how is the mapping/binding being done from resources configured in OES to the actual resources deployed in the WLS server?

      thanks,
      jay

    22. Mahendra says:

      Hi Jay,

      The behaviour appears as expected. This is because you may not have created any roles or policies in OES and assigned it to that specific resource. Is this true?

      If not, please check the OES logs what does it say ?

      -Mahendra

    23. Mahendra says:

      Hi Jay,

      In order to login as weblogic, please check if that application/resource has authorization provided for weblogic user. If you have deployed the application using discovery mode, then you have to create roles, policies externally (if you have not defined them in files roles, policies etc., ). If you have not run weblogic app in discovery mode, then please do it. Please check for above chain for further details.

      Does this help.

    24. Jay Bautista says:

      Hi Mahendra,

      Thanks for your reply.

      Are the roles and policies you are referring to, different to those that were created from the config tool?

      After running the config tool, i have added AdminServer (resource) in wlsapp_org_190310_1 > shared > svr (resource). i have also created autorization policies for the “weblogic” user for wlsapp_org_190310_1, wlsapp_org_190310_1/shared, and wlsapp_org_190310_1/shared/svr/AdminServer resources. i also tried adding the application through the OES EUI but with no success.

      after deploying the application in my wls domain, is there anything that i should do in OES admin? like, define the application resource in OES? I ask this because i am wondering on how i could define the level of security i can put in my application. How do i define the application resources in OES admin and how are they being mapped back to the actual application deployed in the wls domain? and do we need to define every single folder and jsp in OES manually?

      below is the log from \ales32-ssm\wls-ssm\instance\wlsapp_inst_190310_1\log\system_console.log after i start my wls domain and try to access the web application:

      ====================
      2010-03-23 18:00:11,609 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] ERROR com.bea.security.providers.authorization.asi.PatternClassLoader – Missing JAR file: C:\OES\OES_WLS1030_190310_1\ales32-ssm\wls-ssm\lib\providers\wls\v9\jdbc2_0-stdext.jar
      2010-03-23 18:00:13,609 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] WARN com.bea.security.providers.authorization.asi.RbacAttributeRetriever – getAllSupportedAttributes(): Can not get IdentityQuery object. Make sure your metadirectory is properly configured.
      2010-03-23 18:00:14,297 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] WARN com.bea.security.providers.authorization.asi.ARME.soap.PolicyUpdateService – no host specified in the ARME configuration, attempting to determine host name…
      2010-03-23 18:00:16,109 [Thread-16] WARN com.bea.security.providers.authorization.asi.ARME.soap.PDClient – no host specified in the ARME configuration, attempting to determine host address…
      2010-03-23 18:00:20,922 [Thread-16] WARN org.apache.axis.transport.http.HTTPSender – The headers do not contain element content-length.
      2010-03-23 18:00:21,891 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] ERROR com.bea.security.providers.authorization.asi.PatternClassLoader – Missing JAR file: C:\OES\OES_WLS1030_190310_1\ales32-ssm\wls-ssm\lib\providers\wls\v9\jdbc2_0-stdext.jar
      2010-03-23 18:00:22,266 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] WARN com.bea.security.providers.authorization.asi.RbacAttributeRetriever – getAllSupportedAttributes(): Can not get IdentityQuery object. Make sure your metadirectory is properly configured.
      2010-03-23 18:00:25,266 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:00:25,266 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/svr/AdminServer
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/weblogic/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/Administrators/ //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Administrators //role/RootOrg!wlsapp_org_190310_1!shared!Admin //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Administrators
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/Administrators/
      Constraints: NONE
      Delegator: null

      2. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Admin
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/Administrators/
      Constraints: NONE
      Delegator: null

      3. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/svr/AdminServer
      Subject: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/weblogic/
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:00:25,266 SGT) ==========

      2010-03-23 18:01:43,094 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – Reource found: //app/policy/RootOrg/wlsapp_org_190310_1/shared/adm/Configuration
      2010-03-23 18:01:43,094 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryRoles: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:01:43,94 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/adm/Configuration
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies: NONE
      ========== END Policy Evaluation (2010-03-23 18:01:43,94 SGT) ==========

      2010-03-23 18:01:48,438 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:01:48,422 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:01:48,422 SGT) ==========

      2010-03-23 18:01:48,438 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:01:48,438 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:01:48,438 SGT) ==========

      2010-03-23 18:01:48,578 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:01:48,578 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:01:48,578 SGT) ==========

      2010-03-23 18:02:48,469 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========

      2010-03-23 18:02:48,469 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========

      2010-03-23 18:02:48,469 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========

      2010-03-23 18:03:48,469 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========

      2010-03-23 18:03:48,469 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========

      2010-03-23 18:03:48,469 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========

      2010-03-23 18:03:48,594 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========

      2010-03-23 18:03:48,594 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========

      2010-03-23 18:03:48,594 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========

      2010-03-23 18:03:48,609 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========

      2010-03-23 18:03:48,609 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,609 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,609 SGT) ==========

      2010-03-23 18:03:48,609 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,609 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,609 SGT) ==========

      2010-03-23 18:04:48,609 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,609 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,609 SGT) ==========

      2010-03-23 18:04:48,609 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,609 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,609 SGT) ==========

      2010-03-23 18:04:48,625 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========

      2010-03-23 18:04:48,625 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========

      2010-03-23 18:04:48,625 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========

      2010-03-23 18:04:48,625 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========

    25. Jay Bautista says:

      Hi Mahendra,

      Thanks for your reply.

      Are the roles and policies you are referring to different to those that were created from the config tool?

      After running the config tool, i have added AdminServer (resource) in wlsapp_org_190310_1 > shared > svr (resource). i have also created autorization policies for the “weblogic” user for wlsapp_org_190310_1, wlsapp_org_190310_1/shared, and wlsapp_org_190310_1/shared/svr/AdminServer resources. i also tried adding the application in OES EUI but with no success.

      after deploying the application in my wls domain, is there anything that i should do in OES admin? like, define the application resource in OES? I ask this because i am wondering on how i could define the level of security i can put in my application. How do i define the application resources in OES admin and how are they being mapped back to the actual application deployed in the wls domain? and do we need to define every single folder and jsp in OES manually?

      below is the log from \ales32-ssm\wls-ssm\instance\wlsapp_inst_190310_1\log\system_console.log after i start my wls domain and try to access the web application:

      ====================
      2010-03-23 18:00:11,609 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] ERROR com.bea.security.providers.authorization.asi.PatternClassLoader – Missing JAR file: C:\OES\OES_WLS1030_190310_1\ales32-ssm\wls-ssm\lib\providers\wls\v9\jdbc2_0-stdext.jar
      2010-03-23 18:00:13,609 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] WARN com.bea.security.providers.authorization.asi.RbacAttributeRetriever – getAllSupportedAttributes(): Can not get IdentityQuery object. Make sure your metadirectory is properly configured.
      2010-03-23 18:00:14,297 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] WARN com.bea.security.providers.authorization.asi.ARME.soap.PolicyUpdateService – no host specified in the ARME configuration, attempting to determine host name…
      2010-03-23 18:00:16,109 [Thread-16] WARN com.bea.security.providers.authorization.asi.ARME.soap.PDClient – no host specified in the ARME configuration, attempting to determine host address…
      2010-03-23 18:00:20,922 [Thread-16] WARN org.apache.axis.transport.http.HTTPSender – The headers do not contain element content-length.
      2010-03-23 18:00:21,891 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] ERROR com.bea.security.providers.authorization.asi.PatternClassLoader – Missing JAR file: C:\OES\OES_WLS1030_190310_1\ales32-ssm\wls-ssm\lib\providers\wls\v9\jdbc2_0-stdext.jar
      2010-03-23 18:00:22,266 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] WARN com.bea.security.providers.authorization.asi.RbacAttributeRetriever – getAllSupportedAttributes(): Can not get IdentityQuery object. Make sure your metadirectory is properly configured.
      2010-03-23 18:00:25,266 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:00:25,266 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/svr/AdminServer
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/weblogic/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/Administrators/ //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Administrators //role/RootOrg!wlsapp_org_190310_1!shared!Admin //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Administrators
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/Administrators/
      Constraints: NONE
      Delegator: null

      2. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Admin
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/Administrators/
      Constraints: NONE
      Delegator: null

      3. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/svr/AdminServer
      Subject: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/weblogic/
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:00:25,266 SGT) ==========

      2010-03-23 18:01:43,094 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – Reource found: //app/policy/RootOrg/wlsapp_org_190310_1/shared/adm/Configuration
      2010-03-23 18:01:43,094 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryRoles: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:01:43,94 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/adm/Configuration
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies: NONE
      ========== END Policy Evaluation (2010-03-23 18:01:43,94 SGT) ==========

      2010-03-23 18:01:48,438 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:01:48,422 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:01:48,422 SGT) ==========

      2010-03-23 18:01:48,438 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:01:48,438 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:01:48,438 SGT) ==========

      2010-03-23 18:01:48,578 [[STANDBY] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:01:48,578 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:01:48,578 SGT) ==========

      2010-03-23 18:02:48,469 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========

      2010-03-23 18:02:48,469 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========

      2010-03-23 18:02:48,469 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:02:48,469 SGT) ==========

      2010-03-23 18:03:48,469 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========

      2010-03-23 18:03:48,469 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========

      2010-03-23 18:03:48,469 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,469 SGT) ==========

      2010-03-23 18:03:48,594 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========

      2010-03-23 18:03:48,594 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========

      2010-03-23 18:03:48,594 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========

      2010-03-23 18:03:48,609 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,594 SGT) ==========

      2010-03-23 18:03:48,609 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,609 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,609 SGT) ==========

      2010-03-23 18:03:48,609 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:03:48,609 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:03:48,609 SGT) ==========

      2010-03-23 18:04:48,609 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,609 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,609 SGT) ==========

      2010-03-23 18:04:48,609 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,609 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,609 SGT) ==========

      2010-03-23 18:04:48,625 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========

      2010-03-23 18:04:48,625 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========

      2010-03-23 18:04:48,625 [[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========

      2010-03-23 18:04:48,625 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] DEBUG com.wles.util.DebugStore – queryAccess: DebugStore:
      ========== BEGIN Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========
      RequestResource is: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue
      UserInfo:
      Name: //user/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/anonymous/
      Groups: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Resource Present: true
      Roles Granted: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Role Mapping Policies:
      1. Result: true; Policy Type: grant
      Role: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared
      Subject: //sgrp/RootOrg!wlsapp_org_190310_1!wlsapp_dir_190310_1/allusers/
      Constraints: NONE
      Delegator: null

      ATZ Policies:
      1. Result: true; Policy Type: grant
      Privilege: any
      Resource: //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi
      Subject: //role/RootOrg!wlsapp_org_190310_1!shared!Everyone
      Constraints: NONE
      Delegator: null

      ========== END Policy Evaluation (2010-03-23 18:04:48,625 SGT) ==========

    26. Jay Bautista says:

      Hi Mahendra,

      Thanks for your reply.

      Are the roles and policies you are referring to different to those that were created from the config tool?

      After running the config tool, i have added AdminServer (resource) in wlsapp_org_190310_1 > shared > svr (resource). i have also created autorization policies for the “weblogic” user for wlsapp_org_190310_1, wlsapp_org_190310_1/shared, and wlsapp_org_190310_1/shared/svr/AdminServer resources. i also tried adding the application in OES EUI but with no success.

      after deploying the application in my wls domain, is there anything that i should do in OES admin? like, define the application resource in OES? I ask this because i am wondering on how i could define the level of security i can put in my application. How do i define the application resources in OES admin and how are they being mapped back to the actual application deployed in the wls domain? and do we need to define every single folder and jsp in OES manually?

    27. Jay Bautista says:

      sorry for the flooding of my messages. i thought my post was unsuccessful due to some errors i found in my browser. :P

    28. Mahendra says:

      Hi Jay,

      After you deploy the app in WLS domain, you have run app in Discovery mode.Check this
      http://fusionsecurity.blogspot.com/2010/01/oes-discovery-mode.html

      Then you will see the resource structure in your OES console.

      Also you would not need to perform this step as you said “i have also created autorization policies for the “weblogic” user for wlsapp_org_190310_1, wlsapp_org_190310_1/shared, and wlsapp_org_190310_1/shared/svr/AdminServer resources” .

      Then you remove the discovery mode, restart WLS server, and then create your own roles and policies and assign it to resources.

      This is till page level protected.

      If you want data level protection, then create your specific privileges, actions etc. in OES console. and make specific code changes in your app using OES API.

    29. Mahendra says:

      Hi Jay,

      Yes, the roles and policies are different from those that you see while running config tool.

      I think you missing some steps.
      Follow this.

      Create SSM instance using config tool.
      Start WLS domain
      Add the AdminServer under shared/svr in OES console (as u did already)
      Deploy application in WLS domain
      Stop WLS Server, enable discovery mode.

      You should see some files in domain directory.
      Edit files and remove unwanted data except your application specific data.
      Modify load.conf and run policy loader.
      Start WLS Server.

      You should be able to see some default policies with allow all for all the resources in OES console.
      Now define your own roles.
      Create atz policies and assign to the resources.

      If you want to authenticate your app using any ldap server or so, then add the groups or specific users in OES identity directory.
      If you want to protect data in ur page, then create specific actions in OES console.
      Modify your code, and use OES API to protect your granular elements defined for a resource.

      You should now be able to access your app protected by OES.

      Does this help

    30. Jay Bautista says:

      Hi Mahendra,

      I have modified the set-wls-env.bat and restarted WLS server, and I am now able to access the application in discovery mode and the following files were created in the WLS Domain folder:
      providerdiscovery.RoleProviderImpl.decl
      providerdiscovery.RoleProviderImpl.log
      providerdiscovery.RoleProviderImpl.object
      providerdiscovery.RoleProviderImpl.priv
      providerdiscovery.RoleProviderImpl.privbinding
      providerdiscovery.RoleProviderImpl.privgrp
      providerdiscovery.RoleProviderImpl.role
      providerdiscovery.RoleProviderImpl.rule
      providerdiscovery.AuthorizationProviderImpl.decl
      providerdiscovery.AuthorizationProviderImpl.log
      providerdiscovery.AuthorizationProviderImpl.object
      providerdiscovery.AuthorizationProviderImpl.priv
      providerdiscovery.AuthorizationProviderImpl.privbinding
      providerdiscovery.AuthorizationProviderImpl.privgrp
      providerdiscovery.AuthorizationProviderImpl.role
      providerdiscovery.AuthorizationProviderImpl.rule

      however:
      1. in your statement “Edit files and remove unwanted data except your application specific data.”, what do yo uactually mean by this? which files/data to remove?
      i.e. in providerdiscovery.RoleProviderImpl.object:
      //app/policy/RootOrg O
      //app/policy/RootOrg/wlsapp_org_190310_1 O
      //app/policy/RootOrg/wlsapp_org_190310_1/shared A
      //app/policy/RootOrg/wlsapp_org_190310_1/shared/svr O
      //app/policy/RootOrg/wlsapp_org_190310_1/shared/svr/AdminServer O
      //app/policy/RootOrg/wlsapp_org_190310_1/shared/adm O
      //app/policy/RootOrg/wlsapp_org_190310_1/shared/adm/Configuration O
      //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi O
      //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic O
      //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee O
      //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue O
      //app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation A
      //app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation/url O
      //app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation/url/jsf-datavalidation O
      //app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation/url/jsf-datavalidation/form.faces O
      //app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation/url/jsf-datavalidation/styles.css O
      — so i remove everything except for those with “jsf-datavalidation”?

      how about for providerdiscovery.AuthorizationProviderImpl.rule:
      #//priv/boot on //app/policy/RootOrg/wlsapp_org_190310_1/shared/svr/AdminServer with input attributes:
      grant(//priv/boot,//app/policy/RootOrg/wlsapp_org_190310_1/shared/svr/AdminServer,//role/Everyone) if true;

      #//priv/lookup on //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic with input attributes:
      grant(//priv/lookup,//app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic,//role/Everyone) if true;

      #//priv/lookup on //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee with input attributes:
      grant(//priv/lookup,//app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee,//role/Everyone) if true;

      #//priv/lookup on //app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue with input attributes:
      grant(//priv/lookup,//app/policy/RootOrg/wlsapp_org_190310_1/shared/jndi/weblogic/wsee/DefaultQueue,//role/Everyone) if true;

      #//priv/GET on //app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation/url/jsf-datavalidation/form.faces with input attributes:
      grant(//priv/GET,//app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation/url/jsf-datavalidation/form.faces,//role/Everyone) if true;

      #//priv/GET on //app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation/url/jsf-datavalidation/styles.css with input attributes:
      grant(//priv/GET,//app/policy/RootOrg/wlsapp_org_190310_1/jsf-datavalidation/url/jsf-datavalidation/styles.css,//role/Everyone) if true;

      2. i am not able to locate the load.conf in \ales32-admin\bin folder. i tried searching for it in the folder as well but there are lots of load.conf found and only 1 is under the ales32-admin (which is under the examples folder). am i looking at the wrong location? please avdice

      thanks for all your help on this..

      regards,
      jay

    31. Jay Bautista says:

      Hi Mahendra,

      I created the load.conf and executed policyloader but it seems that it was not able to read the files.

      You mentioned that the files need to be renamed, what should be the new fielname format then?

      I have sent you the load.conf and load-error.log via email.

      Thanks,
      Jay

    32. arvind says:

      Hi,

      I need to know what are the changes required in oracle database as well as oracle application side if we change the domain name for a server(DNS change).

      I’ve some idea as we need to re-configure the workflow but apart from that I’ve no idea.

      please share your views.

    33. Mahendra says:

      Hi Arvind,

      Is this question related to OES and WebLogic server integration?

    34. arvind says:

      I guess I’ve kept my concerns in a wrong catagory……Let me re-upload it to right catagory.

    35. smanchikanti says:

      Hi Mahinder,

      After installation and configuration of SSM (CP2 installed) and protecting the weblogic server.

      I am able to start the server and everything is fine.

      I have deployed an web application to the secured domain and created a policy to page level to the weblogic user.

      Now when i am able to hit the application, it was asking the Basic Authentication, and authentication is success for “weblogic” user.

      How to remove the basic authentication. I have login page as the initial page which should be accessed by everyone. Also what other API should i use to protect the page level.

      Appreciate for your kind help.

      Thanks and Regards,
      Sridhar

    36. Mahendra says:

      Hi Sridhar,

      No need of API for protecting the page level. You can just specify the atz or role policies for your page in the resource structure. I presume that the authentication mechanism should work with the way make WLS app work with form login. So you can try making your app working with form login. In the OES resource structure, give access to anyone for the form login. I believe this should work.

    37. smanchikanti says:

      HI Mahender,

      I have access to the login page as “everyone”, but i hit the application it still prompts me as

      The server localhost at WebLogic Server requires a username and password.

      “Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).”

      When i enter the credential it is alloswed.

      Please advice.

      Thanks and Regards,
      sridhar

    38. smanchikanti says:

      HI Mahender,

      I have give access to the login page as “everyone”, but i hit the application it still prompts me as

      The server localhost at WebLogic Server requires a username and password.

      “Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).”

      When i enter the credential it is alloswed.

      Please advice.

      Thanks and Regards,
      sridhar

    39. Mahendra says:

      Sridhar,

      Before configuring the WLS App in WLS SSM, were you able to test the app using form based authentication with login page and was it working fine?

    40. smanchikanti says:

      HI Mahendra,

      Yes i have tested the application, It was working fine (i.e it does not prompt me for any authentication). Now when have configured in WLS SSM, it prompts me as since it is protected,

      But as per ur advice i have given access to “Everyone” , but it still prompt me as
      The server localhost at WebLogic Server requires a username and password.

      “Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).”

      Any thing i am missing.

      Regards,
      Sridhar

    41. smanchikanti says:

      HI Mahendra,

      We have resolved this issue by explicitly changing the web.xml for form based.

      Regards,
      Sridhar

    42. omar says:

      “Hi there Chris, I’ve already red the whole workarounds about the problem I’m facing, but I’m still stucked in the following error when I try to boot my WLS. I’d tried your solution too but it did’t work.I mean, I can boot the server if I change -Myapp- to -myrealm- and I make all the changes but it did’t work. I’m using OES 10.1.4.3 with patch 4, WLS 10.3.0 and SSM 10.1.4.3 with patches 2,3 and 4. I would really apreciate if you give me some light here. Thanks in advance

      (2010-10-14 18:26:00,823 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] ERROR com.bea.security.providers.authorization.asi.AuthorizationProviderImpl – com.bea.security.providers.authorization.asi.InvocationException: ArmeNOTREADY Exception: Engine did not recieve initial policy


      “)

    43. omar says:

      Sorry, for the name Mahendra, my mistake

    44. mahendra says:

      Omar,

      Did you see any errors while configuring WebLogic SSM? It appears to me that the policies are not distributed to the SSM while configuring it. So,login to OES administration console and try to distribute policies to the SSMs. If you see a negative value for id, then policies are not distributing properly. Is WebLogic Admin and SSM residing on different machines?

      -Mahendra

    45. Alan Flores says:

      Hi Mahendra: I am new in this forum but it is grea. I have e problem with the OES and i hope you can help me, in one machine we have an application web in a server where we have a SSM module, in other machin we have the OESadmin, the application sometimes makes a connection to the OES through the API in order to registrer users in the OES, but we have the problem that sometimes the OES doesn´ t work and the application doesn´t work because it can not registrer users in the OES, the unique form to solve the problem is restaring the OESadmin and the OESSCM. Do you know what could be the problem.

    46. Mahendra says:

      Hi Alan,

      Is there any firewall between those 2 machines? If not, I have not seen such problem arising.

      -Mahendra.

    47. Alan Flores says:

      Hi Mahendra:
      Yes, there is a firewall between the machines, but the strange is that sometime the conection between aplication web and OES admin is correct and sometimes the aplicattion web can not connect to the OES admin and restarting the OES all works fine.
      Do you think that is about the firewalls, do you have an advaice for solve that problem??
      A lot of thanks in advaice

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP