Java.lang.SecurityException: Invalid Subject: principals on ic.lookup

          Weblogic 7.0.1
          I establish two initialContext objects with credential like so:
          InitialContext ic = getInitialContext("t3://<ip>:<port>", "<username>",
          "<password>");
          InitialContext ic2 = getInitialContext("t3://<sameip>:<differentport>",
          "<username>", "<differentpassword>");
          protected InitialContext getInitialContext(String url, String user, String
          password) throws NamingException
          Hashtable env = new Hashtable();
          env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
          env.put(Context.PROVIDER_URL, url);          
          env.put(Context.SECURITY_PRINCIPAL, user);
          env.put(Context.SECURITY_CREDENTIALS, password);
          return new InitialContext(env);
          Each of these servers has a jms queue I want to context to. When I try to do
          a lookup like this (ic):
          qconFactory = (QueueConnectionFactory) ic.lookup("my/Queue");
          I get this exception:
          java.lang.SecurityException: Invalid Subject: principals=[system2, Administrators]
          at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:943)
          at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:147)
          at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:309)
          at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
          at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)
          End server side stack trace
          Here is the bad issue. The second lookup works (ic2):
          qconFactory = (QueueConnectionFactory) ic2.lookup("my/Queue");
          As a matter of fact if I try to create more contexts the last context always seems
          to work. Also if I do each of these lookups in a separate application they both
          work. Any ideas?
          

Hi John,
          There may be a bug, but the fact that some code works in a previous
          version does not necessarily make this a given. For example, a new
          release may restrict applications based on a refinement or clarification
          in a J2EE spec. (Although in general, we try to make such changes
          without breaking current customer code.) Another example is an
          application that unknowingly depends on a bug that was in the previous
          version. That said, this is unrelated to JMS, as the exception occurs
          on a jndi lookup before any JMS code is invoked - I suggest posting to
          the security newsgroup and perhaps raising the issue with customer
          support.
          Tom, BEA
          john hutchinson wrote:
          > The code below works with other versions of WebLogic. It just doesn't work with
          > WebLogic7.0. I don't understand what one context object has to do with another.
          > The code below indicates two different context object. I can also catch the
          > exception when it is thrown re-establish the first context after the second works
          > and use then use the first so that would be useless security. So either there
          > is a bug in WebLogic's use of contexts or there is a bug in there security model.
          > If it works I've attached a sample application that does this.
          >
          >
          > Tom Barnes <[email protected]> wrote:
          >
          >>As with all versions of WebLogic, the security context is
          >>associated with the thread. So establishing a new one
          >>will replace the previous context associated with
          >>the thread. For more detailed information
          >>post to the weblogic.developer.interest.security newsgroup.
          >>
          >>Tom, BEA
          >>
          >>john hutchinson wrote:
          >>
          >>>Weblogic 7.0.1
          >>>
          >>>I establish two initialContext objects with credential like so:
          >>>
          >>> InitialContext ic = getInitialContext("t3://<ip>:<port>",
          >>
          >>"<username>",
          >>
          >>>"<password>");
          >>> InitialContext ic2 = getInitialContext("t3://<sameip>:<differentport>",
          >>>"<username>", "<differentpassword>");
          >>>
          >>> protected InitialContext getInitialContext(String url, String user,
          >>
          >>String
          >>
          >>>password) throws NamingException
          >>> {
          >>> Hashtable env = new Hashtable();
          >>> env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
          >>> env.put(Context.PROVIDER_URL, url);          
          >>> env.put(Context.SECURITY_PRINCIPAL, user);
          >>> env.put(Context.SECURITY_CREDENTIALS, password);
          >>> return new InitialContext(env);
          >>> }
          >>>
          >>>Each of these servers has a jms queue I want to context to. When I
          >>
          >>try to do
          >>
          >>>a lookup like this (ic):
          >>>qconFactory = (QueueConnectionFactory) ic.lookup("my/Queue");
          >>>
          >>>I get this exception:
          >>>
          >>>java.lang.SecurityException: Invalid Subject: principals=[system2,
          >>
          >>Administrators]
          >>
          >>> at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:943)
          >>> at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:147)
          >>> at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:309)
          >>> at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
          >>> at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
          >>> at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)
          >>>End server side stack trace
          >>>
          >>>Here is the bad issue. The second lookup works (ic2):
          >>>qconFactory = (QueueConnectionFactory) ic2.lookup("my/Queue");
          >>>
          >>>As a matter of fact if I try to create more contexts the last context
          >>
          >>always seems
          >>
          >>>to work. Also if I do each of these lookups in a separate application
          >>
          >>they both
          >>
          >>>work. Any ideas?
          >>>
          >>
          

Similar Messages

  • Java.lang.SecurityException: invalid SHA1 signature file digest for com/cry

    While running AVK I've got following error reported on 3d party code we are using. Is there anything that I can do to resolve this issue?
    Thank you in advance,
    Irena
         Error Name : com.sun.enterprise.tools.verifier.tests.web.WebArchiveClassesLoadable
         Error Description : java.lang.SecurityException: invalid SHA1 signature file digest for com/crystaldecisions/MetafileRenderer/DeviceContext$GDIState.class
         at sun.security.util.SignatureFileVerifier.verifySection(SignatureFileVerifier.java:390)
         at sun.security.util.SignatureFileVerifier.process0(SignatureFileVerifier.java:241)
         at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:191)
         at java.util.jar.JarVerifier.processEntry(JarVerifier.java:235)
         at java.util.jar.JarVerifier.update(JarVerifier.java:190)
         at java.util.jar.JarFile.initializeVerifier(JarFile.java:304)
         at java.util.jar.JarFile.getInputStream(JarFile.java:366)
         at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:119)
         at java.net.URL.openStream(URL.java:913)
         at java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:997)
         at com.sun.enterprise.tools.verifier.apiscan.classfile.BCELClassFileLoader.load(BCELClassFileLoader.java:69)
         at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:170)
         at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:176)
         at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:176)
         at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:176)
         at com.sun.enterprise.tools.verifier.apiscan.classfile.ClosureCompilerImpl.buildClosure(ClosureCompilerImpl.java:133)
         at com.sun.enterprise.tools.verifier.tests.web.WebArchiveClassesLoadable.check(WebArchiveClassesLoadable.java:53)
         at com.sun.enterprise.tools.verifier.tests.web.WebTest.check(WebTest.java:46)
         at com.sun.enterprise.tools.verifier.CheckMgr.check(CheckMgr.java:76)
         at com.sun.enterprise.tools.verifier.web.WebCheckMgrImpl.check(WebCheckMgrImpl.java:32)
         at com.sun.enterprise.tools.verifier.BaseVerifier.verify(BaseVerifier.java:86)
         at com.sun.enterprise.tools.verifier.web.WebVerifier.verify(WebVerifier.java:43)
         at com.sun.enterprise.tools.verifier.VerificationHandler.runVerifier(VerificationHandler.java:136)
         at com.sun.enterprise.tools.verifier.VerificationHandler.verifyArchive(VerificationHandler.java:82)
         at com.sun.enterprise.tools.verifier.Verifier.verify(Verifier.java:75)
         at com.sun.enterprise.tools.verifier.Verifier.main(Verifier.java:53)

    could you solve the problem? while I'm connecting to sql server , I get the same error. in fact, i can connect to server through eclipse ide but when i export my application into a jar and try connecting to server through the jar, this problem occurs.
    I thought, you can give me a idea. I don't know where I should start. please, help me..
    Exception in thread "main" java.lang.SecurityException: invalid SHA1 signature f
    ile digest for com/microsoft/sqlserver/jdbc/SQLServerException.class
    at sun.security.util.SignatureFileVerifier.verifySection(Unknown Source)
    at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source)
    at sun.security.util.SignatureFileVerifier.process(Unknown Source)
    at java.util.jar.JarVerifier.processEntry(Unknown Source)
    at java.util.jar.JarVerifier.update(Unknown Source)
    at java.util.jar.JarFile.initializeVerifier(Unknown Source)
    at java.util.jar.JarFile.getInputStream(Unknown Source)
    at sun.misc.URLClassPath$JarLoader$2.getInputStream(Unknown Source)
    at sun.misc.Resource.cachedInputStream(Unknown Source)
    at sun.misc.Resource.getByteBuffer(Unknown Source)
    at java.net.URLClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.access$000(Unknown Source)
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClassInternal(Unknown Source)

  • SecurityException (Invalid Subject) with custom database authentication provider WLS 7.0

    Hello
    I have implemented a custom authentication provider using a
    database. The login module works fine. It check the username and
    password, add the user as a WLSUser-principal and add the groups
    relatated to the user as WLSGroup-principals to the subject. I
    am able to start the WLS only using my authentication provider,
    but if i want to login into the console i get following
    SecurityException:
    java.lang.SecurityException: Invalid Subject: principals=
    [system, Administrators]
    at weblogic.security.service.SecurityServiceManager.seal
    (SecurityServiceManager.java:893)
    at weblogic.security.service.RoleManager.getRoles
    (RoleManager.java:269)
    at
    weblogic.security.service.AuthorizationManager.isAccessAllowed
    (AuthorizationManager.java:608)
    at
    weblogic.servlet.security.internal.WebAppSecurity.hasPermission
    (WebAppSecurity.java:370)
    at
    weblogic.servlet.security.internal.SecurityModule.checkPerm
    (SecurityModule.java:125)
    at
    weblogic.servlet.security.internal.FormSecurityModule.checkUserPe
    rm(FormSecurityModule.java:328)
    at
    weblogic.servlet.security.internal.SecurityModule.beginCheck
    (SecurityModule.java:179)
    at
    weblogic.servlet.security.internal.FormSecurityModule.checkA
    (FormSecurityModule.java:167)
    at
    weblogic.servlet.security.internal.ServletSecurityManager.checkAc
    cess(ServletSecurityManager.java:185)
    at
    weblogic.servlet.internal.WebAppServletContext.invokeServlet
    (WebAppServletContext.java:2960)
    at weblogic.servlet.internal.ServletRequestImpl.execute
    (ServletRequestImpl.java:2466)
    at weblogic.kernel.ExecuteThread.execute
    (ExecuteThread.java:152)
    at weblogic.kernel.ExecuteThread.run
    (ExecuteThread.java:133)
    Seems to me, that the default role manager does not map the
    group Administrators to the role Admin, which is allowed to
    access the resource console. So, what i do wrong? Must i set
    additional credentials to the subject? Or must i use a special
    Principal class? Who can help me?
    Thanks in advance & greetings
    Dirk Fellenstein

    I have solved it. The Problem was that the two Principal implementations, one that
    implements WLSGroup and one that implements WLSUser, need a common principal base
    class. The principal validator class, method getPrincipalBaseClass() must then return
    the common principal base class.
    "Dirk Fellenstein" <[email protected]> wrote:
    >
    Hello
    I have implemented a custom authentication provider using a
    database. The login module works fine. It check the username and
    password, add the user as a WLSUser-principal and add the groups
    relatated to the user as WLSGroup-principals to the subject. I
    am able to start the WLS only using my authentication provider,
    but if i want to login into the console i get following
    SecurityException:
    java.lang.SecurityException: Invalid Subject: principals=
    [system, Administrators]
    at weblogic.security.service.SecurityServiceManager.seal
    (SecurityServiceManager.java:893)
    at weblogic.security.service.RoleManager.getRoles
    (RoleManager.java:269)
    at
    weblogic.security.service.AuthorizationManager.isAccessAllowed
    (AuthorizationManager.java:608)
    at
    weblogic.servlet.security.internal.WebAppSecurity.hasPermission
    (WebAppSecurity.java:370)
    at
    weblogic.servlet.security.internal.SecurityModule.checkPerm
    (SecurityModule.java:125)
    at
    weblogic.servlet.security.internal.FormSecurityModule.checkUserPe
    rm(FormSecurityModule.java:328)
    at
    weblogic.servlet.security.internal.SecurityModule.beginCheck
    (SecurityModule.java:179)
    at
    weblogic.servlet.security.internal.FormSecurityModule.checkA
    (FormSecurityModule.java:167)
    at
    weblogic.servlet.security.internal.ServletSecurityManager.checkAc
    cess(ServletSecurityManager.java:185)
    at
    weblogic.servlet.internal.WebAppServletContext.invokeServlet
    (WebAppServletContext.java:2960)
    at weblogic.servlet.internal.ServletRequestImpl.execute
    (ServletRequestImpl.java:2466)
    at weblogic.kernel.ExecuteThread.execute
    (ExecuteThread.java:152)
    at weblogic.kernel.ExecuteThread.run
    (ExecuteThread.java:133)
    Seems to me, that the default role manager does not map the
    group Administrators to the role Admin, which is allowed to
    access the resource console. So, what i do wrong? Must i set
    additional credentials to the subject? Or must i use a special
    Principal class? Who can help me?
    Thanks in advance & greetings
    Dirk Fellenstein

  • Getting java.lang.SecurityException while publishing the process

    I am getting the below error when I publish my project
    java.lang.SecurityException: Us
    er 'principals=[weblogic, CS_SWISS_TEST_PROTECTIONDOMAIN, CS_fsi_v1Server_SERVER
    , Administrators, CS_GROUP]' has administration role. All tasks by adminstrators
    must go through an Administration Port.
    I have a JMS and J2EE configuration defined in my external resources. Please let me know why I am getting this error.

    You've probably got more than one version of the javax.mail.* classes in your CLASSPATH.
    Look for multiple copies of mail.jar, or perhaps a j2ee.jar or javaee.jar that duplicates those
    classes.

  • Configuring basic authentication in Jboss - java.lang.SecurityException

    Hi All,
    I am a jboss newbie and need to a simple username/password challenge to pop up when someone accesses my web app deployed on jboss. I was looking at UsersRolesLoginModule. I am using jboss-3.2.3 with jetty-4.2.14.
    All I did was the following 3 things.
    1) server/MyServer/conf/login-conf.xml
    Code:
    <?xml version='1.0'?>
    <!DOCTYPE policy PUBLIC
    "-//JBoss//DTD JBOSS Security Config 3.0//EN"
    "http://www.jboss.org/j2ee/dtd/security_config.dtd">
    <policy>
    <application-policy name = "myUsersRolesModule">
    <authentication>
    <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
    flag = "true" >
    <module-option name="hashAlgorithm">MD5</module-option>
    </login-module>
    </authentication>
    </application-policy>
    </policy>
    2) Create a users.properties file in the conf folder with the following entry.
    anand=kasi.
    3) Create a roles.properties file in the conf folder with the following entry
    anand=admin
    When Jboss starts up, I get the following exception.
    22:15:35,255 ERROR [PersistenceManager] Starting failed
    java.lang.SecurityException: Invalid authentication attempt, principal=null
    at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubjec
    t(BaseConnectionManager2.java:647)
    at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateC
    onnection(BaseConnectionManager2.java:476)
    Where do I set the principal. Is that the same as username????
    What am I not doing or doing wrong?? Any suggestions/pointers are highly appreciated. Any alternate solutions?? The simpler the better.
    Regards.
    Andy.

    You missing a option
    <module-option name="unauthenticatedIdentity">Anonymous</module-option>
    .

  • Java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[

    HI,
    I am trying to monitor multiple weblogic servers, I am getting the exception when the program is trying to read multiple domains of the same weblogic server version 8.1.
    Can any one help me in getting this fix programatically using weblogic.management.*;
    I have searched all the sites where I got only a perticular solution which states to maintain the same domain level credentials.
    please reply me back if there is a programatical approach to fix this exception.
    The exception is given below:
    java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
         at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
         at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:138)
         at weblogic.management.internal.AdminMBeanHomeImpl_811_WLStub.getDomainName(Unknown Source)
         at MonitorServers.getDataWeblogic(MonitorServers.java:138)
         at MonitorServers.getServers(MonitorServers.java:89)
         at MonitorServers.main(MonitorServers.java:352)
    Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
         at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
         at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:181)
         at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:814)
         at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:299)
         at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:920)
         at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:841)
         at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:222)
         at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
         at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:570)
         at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
         at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
    Thanks in advance

    Hi,
    I think that if you don't specify the credentials, the current one will be used to connect to the server.
    Try to specify the guest identity by explicitely adding the following properties to override the current identity
                   properties.put(Context.SECURITY_PRINCIPAL, "");
    properties.put(Context.SECURITY_CREDENTIALS, "");
    Otherwise you will need to setup a trust between the servers.
    I Hope this helps.
    Giorgio Anastopoulos

  • Java.lang.SecurityException: Security: Invalid Subject: principals

    I am getting the following exception intermittently:
    java.lang.SecurityException: Security: Invalid Subject: principals=[XXX, Administrators]
    What i am doing is, i have two weblogic servers both running Weblogic 10.0 and running on different domains, a war is deployed on one server (server A) which sends a message to queue on another server (Server B), now everything works but if i restart B then A throws the above Security Exception while looking up the queue on Server B?? Any ideas why, i haven't configured any security credentials.
    If i restart A after restarting B then everything works again but restarting all the servers each time one gets restarted is cumbersome,so does someone knows answer to the question above?
    Edited by: user4828945 on Feb 11, 2009 5:41 PM

    If you dont require authentication, then enable the global trust between the domains.
    When this feature is enabled, identity is passed between WebLogic Server domains over an RMI connection without requiring authentication in the second domain. When inter-domain trust is enabled, transactions can commit across domains. A trust relationship is established when the Domain Credential for one domain matches the Domain Credential for another domain.
    By default, the Domain Credential is randomly generated and therefore, no two domains will have the same Domain Credential. If you want two WebLogic Server domains to interoperate, you need to replace the generated credential with a credential you select, and set the same credential in each of the domains.
    Link :[http://e-docs.bea.com/wls/docs100/ConsoleHelp/taskhelp/security/EnableGlobalTrustBetweenDomains.html]

  • Java.lang.SecurityException: [Security:090398]Invalid Subject: WEBLOGIC 9.1

    Hi
    I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
    I have enaled the trust between my two domains. Set the required class path settings.
    My client call is from a JSP , say client.jsp.
    Here I get remote object of the EJB and calls the required method
    Now
    1) My EJB calls are succesful when I DO NOT secure it
    2) but when I make it is secured , ie when I
    include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
    , it gives me the follwing error
    The stack trace is given below
    java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[[email protected], ess, everyone]
    at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
    at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
    at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
    Truncated. see log file for complete stacktrace
    Any idea why it is ?
    Please let me know
    Thanks
    Binu
    Edited by binurajkr at 01/25/2008 4:36 AM

    Hi. Contact official BEA Support. This is likely
    to be a known issue with a patch available to fix it.
    Joe
    binu raj wrote:
    Hi
    I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
    I have enaled the trust between my two domains. Set the required class path settings.
    My client call is from a JSP , say client.jsp.
    Here I get remote object of the EJB and calls the required method
    Now
    1) My EJB calls are succesful when I DO NOT secure it
    2) but when I make it is secured , ie when I
    include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
    , it gives me the follwing error
    The stack trace is given below
    java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[[email protected], ess, everyone]
    at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
    at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
    at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
    Truncated. see log file for complete stacktrace
    Any idea why it is ?
    Please let me know
    Thanks
    Binu
    Edited by binurajkr at 01/25/2008 4:36 AM

  • Java.lang.SecurityException: [Security:090398]Invalid Subject

    Hi
              I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
              I have enaled the trust between my two domains. Set the required class path settings.
              My client call is from a JSP , say client.jsp.
              Here I get remote object of the EJB and calls the required method
              Now
              1) My EJB calls are succesful when I DO NOT secure it
              2) but when I make it is secured , ie when I
              include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
              , it gives me the follwing error
              The stack trace is given below
              java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[[email protected], ess, everyone]
              at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
              at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
              at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
              at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
              at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
              Truncated. see log file for complete stacktrace
              Any idea why it is ?
              Please let me know
              Thanks
              Binu

    I got this issue resolved by setting
              Context.SECURITY_PRINCIPAL, "" , before the RMI ejb call
              Binu

  • Java.lang.SecurityException: [Security:090398]Invalid Subject - multithre..

    Hi
    I am getting java.lang.SecurityException: [Security:090398]Invalid Subject ... under the following scenario:
    - I have a simple dispatcher class which is starting a number of threads, every one of them sending messages to different Weblogic server.
    - The dispatcher class is a simple Java class, running from outside of Weblogic server; the authentication is done using the JNDI login.
    - The message sender threads create an InitialContext for each message being sent and the context is closed after succesfully sending the message.
    With just one message sender thread running, everything is OK.
    The problems appear when at least two threads run at the same time. What happens is that one of the threads sends messages successfully while the other ones fail with:
    java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[user1, role1, role2, role3, role4]
    at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
    at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:138)
    at weblogic.jms.dispatcher.DispatcherImpl_812_WLStub.dispatchSyncFuture(Unknown Source)
    at weblogic.jms.dispatcher.DispatcherWrapperState.dispatchSync(DispatcherWrapperState.java:339)
    at weblogic.jms.client.JMSConnection.createSessionInternal(JMSConnection.java:400)
    at weblogic.jms.client.JMSConnection.createTopicSession(JMSConnection.java:359)
    at com.delta.parser.test.TestMessageThread.sendMessage(TestMessageThread.java:54)
    at com.delta.parser.test.TestMessageThread.run(TestMessageThread.java:34)
    Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[user1, role1, role2, role3, role4]
    at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
    at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:182)
    at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:825)
    at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:300)
    at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:923)
    at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:844)
    at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:222)
    at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
    at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:570)
    at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
    The environment is Weblogic 8.1 (WebLogic Platform Developer license) running on Windows XP Professional.
    In the classpath I have the following weblogic jar files: weblogic.jar, wlclient.jar, wljmsclient.jar.
    The code that is generating the exceptions is:
    /****************** Dispatcher ************************/
    package test;
    public class TestThreadDispatcher {
    public TestThreadDispatcher() {
    public static void main(String[] args) {
    TestThreadDispatcher instance = new TestThreadDispatcher();
    instance.doTest();
    private void doTest() {
    TestMessageThread t1 = new TestMessageThread("weblogic.jndi.WLInitialContextFactory",
    "t3://pc10:7001",
    "user1",
    "passwd");
    t1.start();
    TestMessageThread t2 = new TestMessageThread("weblogic.jndi.WLInitialContextFactory",
    "t3://sjn:7001",
    "user1",
    "passwd");
    t2.start();
    TestMessageThread t3 = new TestMessageThread("weblogic.jndi.WLInitialContextFactory",
    "t3://pc99:7001",
    "user1",
    "passwd");
    t3.start();
    /****************** Message sender thread **************/
    package test;
    import java.util.*;
    import javax.jms.*;
    import javax.naming.*;
    import com.delta.parser.util.*;
    public class TestMessageThread extends Thread implements ParserConstants {
    private Hashtable environment;
    public TestMessageThread(String initialFactory,
    String url,
    String principal,
    String credentials) {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    initialFactory);
    env.put(Context.PROVIDER_URL,
    url);
    env.put(Context.SECURITY_PRINCIPAL,
    principal);
    env.put(Context.SECURITY_CREDENTIALS,
    credentials);
    environment = env;
    public void run() {
    int cnt = 0;
    while(true) {
    sendMessage("" + cnt++);
    try {
    sleep(500);
    } catch (InterruptedException iex) {
    private void sendMessage(String text) {
    try {
    Context ctx = new InitialContext(environment);
    TopicConnectionFactory factory = (TopicConnectionFactory)
    ctx.lookup("javax.jms.TopicConnectionFactory");
    TopicConnection connection = factory.createTopicConnection();
    TopicSession session = connection.createTopicSession(false,
    javax.jms.Session.AUTO_ACKNOWLEDGE);
    Topic topic = (Topic)ctx.lookup("FileTopic");
    TopicPublisher publisher = session.createPublisher(topic);
    TextMessage message = session.createTextMessage(text);
    publisher.publish(message);
    System.out.println("Message " + text + " sent to " +
    environment.get(Context.PROVIDER_URL));
    ctx.close();
    catch (JMSException jmsex) {
    jmsex.printStackTrace();
    catch (NamingException nex) {
    nex.printStackTrace();
    catch (SecurityException scex) {
    scex.printStackTrace();
    Any workarounds for this?
    BTW, I also tried using weblogic.jndi.Environment to obtain an InitialContext and wrapping the code inside thread's run() into Security.runAs(subject, new PrivilegedAction() { ....}, without success.
    Thanks in advance
    Mirel Rata

    Hi Kiran,
    Thank you for replying.
    Unfortunately the fix you suggested did not solve the problem. The server version I'm using is 8.1.
    The application I'm sending messages from is a standalone Java application, does not run from inside Weblogic server.
    Any thoughts?
    Regards,
    Mirel Rata

  • Java.lang.SecurityException: [Security:090398]Invalid Subject: admin

    I have a class that is used to check the status of all managed server in a domain. I use this class to check on the status of multiple domains.
    I have a for loop over all the domains and then invoke the method below, one for each domain (I instantiate the class anew for each domain)
    The 1st domain connects and returns the status properly. However on subsequent iterations thru the look I get the following SecuriyException below. I have tried a number of things such as setting MBeanHome to null etc but this error repeats anytime I connect to N+1 domains.
    Is there a fix for this.
    Note: I am using WLS 8.1 SP3 thru 5. And I know the username & pwd is correct cause I can connect using to the admin console using the same username & password and am part of the Administrators group.
    Exception on the client on N+1 connect attemp:
    java.lang.SecurityException: [Security:090398]Invalid Subject: admin
    at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.j
    ava:108)
    at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:137)
    at weblogic.management.internal.AdminMBeanHomeImpl_815_WLStub.getDomainN
    ame(Unknown Source)
    Exception on the server:
    ####<Mar 28, 2006 2:59:51 PM CST> <Warning> <RMI> <htx6056> <AdminServer> <Execu
    teThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <BEA-080003>
    <RuntimeException thrown by rmi server: [email protected]
    2 - hostID: '-4547912678907759832S:htx6056.cce.hp.com:[10250,10250,10251,10251,1
    0250,10251,-1,0,0]:arc_prd1:AdminServer', oid: '258', implementation: 'weblogic.
    [email protected]'
    java.lang.SecurityException: [Security:090398]Invalid Subject: admin.
    java.lang.SecurityException: [Security:090398]Invalid Subject: admin
    The code:
    public void checkWebLogicServerState( String user, String pass, String url ) throws Exception {
              MBeanHome home = Helper.getAdminMBeanHome( user, pass, url );
              Set beans = home.getMBeansByType( "Server", home.getDomainName( ));
              for( Iterator iter = beans.iterator( ); iter.hasNext( );){
                   WebLogicMBean bean = (WebLogicMBean)iter.next( );
                   WebLogicObjectName objName = bean.getObjectName( );
                   String serverName = objName.getName( );
                   String location = objName.getLocation( );
                   ServerRuntimeMBean serverRuntimeMBean = null;
                   try {
                        serverRuntimeMBean = (ServerRuntimeMBean)home.getMBean( serverName, "ServerRuntime", home.getDomainName( ), serverName);
                        String state = serverRuntimeMBean.getState( );
                        System.out.println( "\t[" + serverName + "] IS " + state + "." );
                   } catch( Exception ex ) {
                        System.out.println( "\t[" + serverName + "] IS NOT RUNNING." );
         }

    I worked around the problem by removing the usage of the weblogic.management.Helper and using standard JNDI lookups instead.
    Clearly there is a bug in the Helper class that stores securtiy information in a static variable since it cannot be re used within the same JVM/Classloader without sharing the security information.
    Used instead:
                   Environment env = new Environment();
                   env.setProviderUrl( url );
                   env.setSecurityPrincipal( user );
                   env.setSecurityCredentials( pass );
                   Context ctx = env.getInitialContext( );
                   home = (MBeanHome)ctx.lookup( MBeanHome.ADMIN_JNDI_NAME );

  • Solution to: javax.naming.AuthenticationException.  Root exception is java.lang.SecurityException: attempting to add an object which is not an instance of java.security.Principal to a Subject's Principal Set

    Hello world,
    To anybody who receives this irritating error in a Java client
    application attempting to access Weblogic Server 6.1 (and possibly
    weblogic server 6):
    javax.naming.AuthenticationException. Root exception is
    java.lang.SecurityException: attempting to add an object which is not
    an instance of java.security.Principal to a Subject's Principal Set
    The cause of your problem is having JAAS explicitly in your classpath.
    It somehow messes up authentication to WebLogic. Remove it and your
    problem will disappear.
    The complete exception was:
    javax.naming.AuthenticationException. Root exception is
    java.lang.SecurityException: attempting to add an object which is not
    an instance of java.security.Principal to a Subject's Principal Set
         at javax.security.auth.Subject$SecureSet.add(Subject.java:1098)
         at weblogic.common.internal.BootServicesStub.writeUserInfoToSubject(BootServicesStub.java:72)
         at weblogic.common.internal.BootServicesStub.authenticate(BootServicesStub.java:80)
         at weblogic.security.acl.internal.Security.authenticate(Security.java:108)
         at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:509)
         at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:364)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:336)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:208)
         at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
         at javax.naming.InitialContext.init(InitialContext.java:222)
         at javax.naming.InitialContext.<init>(InitialContext.java:198)
         at au.com.orrcon.orrconcentral.Application.<init>(Application.java:87)
         at au.com.orrcon.orrconcentral.Application.getApp(Application.java:52)
         at au.com.orrcon.orrconcentral.orrconCentral.<init>(orrconCentral.java:130)
         at au.com.orrcon.orrconcentral.orrconCentral.main(orrconCentral.java:219)

    Steve Wesemeyer <[email protected]> wrote:
    I have encountered the same problem and I do not have JAAS on my classpath
    at all (unless it's there by default). Are there any other possible
    causes for this?
    Cheers,
    SteveA note to all who read this thread:
    I also had to remove Sun's j2ee (version 1.2) from my client's classpath before
    the same problem went away. 1 programmer day down the drain....
    Regards,
    MG

  • Java.lang.SecurityException: while starting weblogic server

    Hi,
    I added a admin server on m/c 1 and a remote managed server on m/c 2. When i tried to start the admin server and the managed server and ping it using jmx, it get the following security error:
    Any help regd. this would be appreciated.
    Thanks,
    beauser2005
    <Oct 29, 2004 2:14:38 PM PDT> <Warning> <RMI> <BEA-080003> <RuntimeException thrown by rmi server: [email protected] - hostID: '-833462563406253632S:172.20.30.37:[7001,7001,-1,-1,7001,-1,-1,0,0]:mydomain10:myserver10', oid: '268', implementation: '[email protected]'
    java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators].
    java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
         at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:680)
         at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:187)
         at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:827)
         at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:300)
         at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:996)
         at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:917)
         at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:225)
         at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
         at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:742)
         at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
         at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

    was able to solve this
    there was corruption of reports config file

  • Java.lang.SecurityException: [Security:090398]

    Hi All,
    I am using Jdeveloper 11.1.1.3.
    I am running my application and it runs fine. But after a couple of clicks, I get the following exception. Tried googling and oracle-ing the exception but can't really understand what it is. If someone can provide a solution that would be AWESOME but even if someone can explain what the error is, that would be really really helpful.
    Oh and the WebLogic Server Version: 10.3.3.0 on server and client side.
    Here's the error...
    java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[jdoe11, EFormDefault]
    javax.el.ELException: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[jdoe11, EFormDefault]
         at com.sun.el.parser.AstValue.invoke(AstValue.java:161)
         at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
         at oracle.adf.controller.internal.util.ELInterfaceImpl.invokeMethod(ELInterfaceImpl.java:168)
         at oracle.adfinternal.controller.activity.MethodCallActivityLogic.execute(MethodCallActivityLogic.java:161)
         at oracle.adfinternal.controller.engine.ControlFlowEngine.executeActivity(ControlFlowEngine.java:989)
         at oracle.adfinternal.controller.engine.ControlFlowEngine.doRouting(ControlFlowEngine.java:878)
         at oracle.adfinternal.controller.engine.ControlFlowEngine.doRouting(ControlFlowEngine.java:777)
         at oracle.adfinternal.controller.engine.ControlFlowEngine.routeFromActivity(ControlFlowEngine.java:551)
         at oracle.adfinternal.controller.engine.ControlFlowEngine.performControlFlow(ControlFlowEngine.java:147)
         at oracle.adfinternal.controller.application.NavigationHandlerImpl.handleAdfcNavigation(NavigationHandlerImpl.java:109)
         at oracle.adfinternal.controller.application.NavigationHandlerImpl.handleNavigation(NavigationHandlerImpl.java:78)
         at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:130)
         at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
         at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:90)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:309)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:94)
         at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:97)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:90)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:309)
         at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:94)
         at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:91)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:812)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:292)
         at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
         at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:97)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
         at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
         at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
         at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:94)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:414)
         at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:138)
         at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[jdoe11, EFormDefault]
         at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:835)
         at weblogic.security.service.IdentityUtility.authenticatedSubjectToIdentity(IdentityUtility.java:30)
         at weblogic.security.service.RoleManager.getRoles(RoleManager.java:183)
         at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:375)
         at weblogic.rmi.provider.WorkContextAccessController.checkAccess(WorkContextAccessController.java:62)
         at weblogic.workarea.spi.WorkContextAccessController.isAccessAllowed(WorkContextAccessController.java:38)
         at weblogic.workarea.WorkContextLocalMap$WorkContextKeys.next(WorkContextLocalMap.java:356)
         at weblogic.wsee.jaxws.workcontext.WorkContextTube.hasContext(WorkContextTube.java:67)
         at weblogic.wsee.jaxws.workcontext.WorkContextClientTube.processRequest(WorkContextClientTube.java:38)
         at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
         at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
         at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
         at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
         at com.sun.xml.ws.client.Stub.process(Stub.java:259)
         at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
         at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
         at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
         at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
         at $Proxy157.retrieveForm(Unknown Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
         at $Proxy158.retrieveForm(Unknown Source)
         at gov.atf.eforms.FormBase.retrieveForm(FormBase.java:206)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.sun.el.parser.AstValue.invoke(AstValue.java:157)
         ... 62 more
    Edited by: HKG on Feb 25, 2011 8:01 AM

    Hi,
    difficult to say. From the error message it seems that there is something happening with the authenticated JAAS user. Does the problem reproduce in other applications (e.g. a test case ?)
    Frank

  • Java.lang.SecurityException

    Do anyone know what this exception is or when can it occur,
    java.lang.SecurityException: Authentication for user system denied in realm wl_realm
    at weblogic.security.acl.Realm.authenticate(Realm.java:212)
    at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
    at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
    at weblogic.security.acl.internal.Security.verify(Security.java:87)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:237)
    at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    Thanks
    Andri

    You have WLS on both sides, right?
              What's probably happening is that when you send a message, your sender's security context (the principals) is sent to the other WLS. The receiving WLS sees the principals but they were not validated by the receiving server so it complains.
              One way to solve it is to enable domain trust between the two domains. That way, both sides will be able to leverage the other's principals. However, BEA does not recommend domain trust for production systems.
              Another way is to look at how you're using JNDI on the sending side. JNDI uses a stack of security contexts. In your case, it seems to be picking up the current user which means you may not have set a username/password for JNDI when you make the call. If you were to set the username/password for a user known to the receiving side, your problem should go away.
              Mike
              Weblogic/J2EE Security Blog: http://monduke.com

Maybe you are looking for