Wednesday, March 6, 2019

Oracle SOA 12c: How To Create READ-ONLY Access To The JMS Messages For Monitor User

Create a user who only can view the JMS Messages and can not create,  delete,  move or import JMS Messages, and can not monitor other resources.

The following are the steps to allow Non Admin role users to monitor JMS resources:

1. In the left pane, select Security Realm.
2. Select <your_realm_name>.
3. In "Configuration" tab, check "Use Authorization Providers to Protect JMX Access", click save and then activate changes.
4. Restart the server.
5. In the left pane, select Security Realm.
6. Select <your_realm_name>.
7. Go to "Users and Groups".
8. In users, create a new user (such as say "jmsmonitor")
9. Adding it to group "Monitors":
    a. Select <your_realm_name>.
    b. Select "Users and Groups".
    c. Click on user name, in right pane select "Groups".
    d. From Parent Groups, select monitors, click arrow pointing right side.
10. Go to "Roles and Policies" - > Realm Policies
11. In Policy table, select "JMX Policy Editor".
12. Select "Global Scope", click next.
13. From MBean Types, select "weblogic.management.runtime"
14. Select "JMSDestinationRuntimeMBean", click next.
15. In Attributes and Operations, expand "Operations: Permission to Invoke".
16. Select "getCursorEndPosition" operation.
17. Click on "Create Policy" button
18. Click on "Add Condition", Select "User" in "Predicate List", click next, type User Argument Name (jmsmonitor), say add. Click "Finish"
19. Click on "Add Condition", Select Role in "Predicate List", click next, type Role Argument Name (Admin), say add. Click "Finish"
20. Select "Or" between Role:Admin and User:jmsmonitor and Click "Save"
21. Repeat step 10~19 for set the following operations.
    a. getCursorSize
    b. getCursorStartPosition
    c. getItems
    d. getMessage
    e. getMessages
    f. getNext
    g. getPrevious 
    h. sort

22 - Logout weblogic user and login with the new user.
23 - Go to the created module and click on the created queue
24 - Click on Monitoring tab
25 - Click on the check box associated to the queue and them Show Message button

Friday, February 8, 2019

Oracle Customer Care and Billing 2.6 IWS Services to be accessed from SOA 11g running JDK 1.6


Oracle Customer Care and Billing 2.6 is deployed on WebLogic 12c. Weblogic 12c uses JDK 1.8, which uses TLS1.2 for Transport Level Security.

If the IWS services are used by composites running on SOA11g (11.1.1.5/11.1.1.7), if we use the JDK from Oracle Download Archives, we will get an SSL Handshake Exception.

The JSK1.6 does not support TLS 1.2 unless we use the upgrade JDK to 1.7 or


The following chart depicts the protocols and algorithms supported in each JDK version:

JDK 8
(March 2014 to present)
JDK 7
(July 2011 to present)
JDK 6
(2006 to end of public updates 2013)
TLS ProtocolsTLSv1.2 (default)
TLSv1.1
TLSv1
SSLv3
TLSv1.2
TLSv1.1
TLSv1 (default)
SSLv3

TLS v1.1 (JDK 6 update 111 and above)
TLSv1 (default)
SSLv3
JSSE Ciphers:Ciphers in JDK 8Ciphers in JDK 7Ciphers in JDK 6
Reference:JDK 8 JSSEJDK 7 JSSEJDK 6 JSSE
Java Cryptography Extension, Unlimited Strength (explained later)JCE for JDK 8JCE for JDK 7JCE for JDK 6



JDK 1.6 update 211 can be downloaded from https://support.oracle.com patch # 28414647


Oracle SOA 12c: How To Create READ-ONLY Access To The JMS Messages For Monitor User

Create a user who only can view the JMS Messages and can not create,  delete,  move or import JMS Messages, and can not monitor other resour...