Problem:

• Product Name: BES App Server
• Product Version: 6.0.x/6.5
• Product Component: Security
• Platform/OS Version: All

The CORBA.NO_PERMISSION exception is thrown when looking up database JNDI entries deployed in a DAR file, hosted in another partition. The caller is an EJB or WEB app. Both these partitions having SSL enabled (security profile changed from default to ssl_enabled ).

The exception in caller partition is

java.rmi.ServerException: Could not obtain DataSource: javax.naming.NamingException: java.rmi.AccessException: CORBA NO_PERMISSION 1447174401[]; nested exception is:
org.omg.CORBA.NO_PERMISSION: vmcid: 0x56422000 minor code: 257 completed: No; nested exception is:
javax.ejb.EJBException: Could not obtain DataSource: javax.naming.NamingException: java.rmi.AccessException: CORBA NO_PERMISSION 1447174401[]; nested exception is:
org.omg.CORBA.NO_PERMISSION: vmcid: 0x56422000 minor code: 257 completed: No
at com.inprise.ejb.EJBHome$RemoteStrategyImpl.getSystemException(EJBHome.java:881)

The exception in called partition is

00000012,11/25/05 7:25 PM,143.186.138.239,00002768,VBJ-Application,VBJ ThreadPool Worker id=0 se=iiop_tp scm=ssl,ALERT,Assertion refused for Subject:
Principal: anonymous
Private Credential: Destroyed authentication context for null
. Peer defaultuser@UserRealm is not trusted
00000013,11/25/05 7:25 PM,143.186.138.239,00002768,VBJ-Application,VBJ ThreadPool Worker id=1 se=iiop_tp scm=ssl,ALERT,Assertion refused for Subject:
Principal: anonymous
Private Credential: Destroyed authentication context for null

. Peer defaultuser@UserRealm is not trusted

Resolution:

Since you need called partition to "trust"" caller partition's assertion where as caller partition is running as defaultuser in UserRealm domain, what you need to do is adding a role (let"s say OrbUser) in the authorization domain of called partition (in this case, let's say, "default"). So open default.rolemap in ${BES}//var//security//profiles//ssl_enabled directory, add in these lines

----------------------------
OrbUser {

*(CN=defaultuser)

}
----------------------------

Then change the trust assertion to this:

vbroker.security.assertions.trust.1=OrbUser@default

Put the above assertion line into called partition's vbroker.properties file under ${BES}//var//domains//base//configurations//config-name//mos/partition-name//adm//properties and restart both partitions.