PI 7.11 JMS adapter using JNDI weblogic server connection issue

Dear colleagues, we are facing an issue using PI711 JMS Receiver adapter when accessing Weblogic 10.3.4. (server).

For info: PI 7.11 SP8.

We need to send JMS messages to:
1. Weblogic (10.3.4) Application

So far the drivers deployment includes:

• Weblogic driver (wlfullclient.jar)

SAPJVM5 is used. We used wlfullclient.jar delivered for JDK 1.5.

We followed the SAP indications for deploying a JMS driver.

The issuefaced is:

Message processing failed. Cause:
com.sap.aii.adapter.jms.api.connector.ConnectorException: Connector for
ConnectionProfile of channel: JMS_Receiveron node: 641513250 having
object id: 577b15909f13373cb166100f7340eaee encountered error: Access
denied to resource: type=<jms>, application=Exposition-JMS-module,
destinationType=queue, resource=<xxxxxxxxx>,
action=send in sending to destination
Exposition-JMS-module.<xxxxxxxxxxx>, the message
message: TextMessage[null, <?xml version="1.0" encoding="...]:
weblogic.jms.common.JMSSecurityException: Access denied to resource:
type=<jms>, application=Exposition-JMS-module,
destinationType=queue, resource=<xxxxxxxxxxxxxxx>,
action=send

where xxxxxxx is the resource name.

The java error met using JNDI is:

javax.naming.NoPermissionException: User <anonymous> does not have permission on StringJndiName to perform modify operation. [Root exception is javax.naming.NoPermissionException: User <anonymous> does not have permission on StringJndiName
to perform modify operation.]

at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)

at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)

Although credential provided on JMS receiver adapter adapter.

On another hand, Here is what we can notice in XACML logs (on Weblogic server side):

      
1 - When PI sends JMS messages, following objects are not populated: WLSUserImpl, WLSGroupImpl
    
2-  When a Eclipse client sends message, those objects are populated
               Principal = class weblogic.security.principal.WLSUserImpl("weblogic")                   
               Principal = class weblogic.security.principal.WLSGroupImpl("Administrators")

See logs below:

========================================
LOGS Sending message JMS VIA SAP PI
========================================

<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Subject: 0>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Roles:Anonymous>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Resource: type=<jndi>, application=,
path={weblogic,wsee,DefaultQueue}, action=lookup>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Direction: ONCE>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Context Handler: >
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=everyone>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(everyone,everyone) -> true>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <primary-rule evaluates to Permit>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<urn:bea:xacml:2.0:entitlement:resource:type@E@Fjndi@G, 1.0 evaluates to
Permit>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <XACML Authorization isAccessAllowed(): returning PERMIT>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed
AccessDecision returned PERMIT>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: true>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<AuthorizationManager will use common security for ATZ>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<weblogic.security.service.WLSAuthorizationServiceWrapper.isAccessAllowed>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed
Identity=Subject: 0>

<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Roles=[ "Anonymous" ]>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed
Resource=type=<jms>, application=TubeJMSModule, destinationType=queue,
resource=TubeXAQueue, action=send>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed
Direction=ONCE>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Subject: 0>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Roles:Anonymous>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Resource: type=<jms>,
application=TubeJMSModule, destinationType=queue, resource=TubeXAQueue,
action=send>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Direction: ONCE>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> < Context Handler: >
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:1.0:subject:subject-id,
Value=<empty>>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(weblogic,<empty>) -> false>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<urn:bea:xacml:2.0:entitlement:resource:type@E@Fjms@G@M@Oapplication@ETubeJMSModule@M@OdestinationType@Equeue@M@Oresource@ETubeXAQueue,
1.0 evaluates to Deny>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000> <XACML Authorization isAccessAllowed(): returning DENY>
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed
AccessDecision returned DENY> 
<27 mai 2013 19 h 12 CEST> <Debug> <SecurityAtz> <BEA-000000>
<com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed
returning adjudicated: false>

Thank you in advance for your help.

Christophe.