Weblogic.security.X509 API

Hello All,
Is the API documentation for the weblogic.security.X509 class, or for
that matter the entire package, documented somewhere?
Thanks,
Dan
[dan.vcf]

Hello All,
I would like a client java program to communicate with a WLS over a t3s
connection with two-way SSL.
We have generated certificates for browsers that work fine for the two-way SSL.
I have access to the base 64 encoded certificate that the java client program
can use. I am assuming I need a private key also for use in the
setSSLClientCertificate(InputStream[] chain) method for decryption of data
coming to to the client. For a WLS server, this is no problem.
Question(s): Am I correct in this private key assumption? If I do need the
private key, how could I get it.
Thanks
[dan.vcf]

Similar Messages

Weblogic.security.X509 alternative in WLS 9.1

Hi All
We have setup IIS 5.0 with 2 way SSL for client connection. We have also configured IIS weblogic proxy for Weblogic 9.1 using iisproxy.dll. The connection between IIS and WebLogic 9.1 is HTTP based. We are trying to get the client certificate in Weblogic 9.1 using the following code
java.security.cert.X509Certificate certs [];
certs = (java.security.cert.X509Certificate [])
request.getAttribute("javax.servlet.request.X509Certificate");
However the returned certificates are NULL.
We have also enabled Client Cert Proxy and Weblogic Plug-in in Weblogic 9.1 configuration.
We are trying to migrate from weblogic 8 to 9.1 and our previous code was as follows
weblogic.security.X509 [] certs = (weblogic.security.X509[])req.getAttribute("javax.net.ssl.peer_certificates");
This code work fine with the same IIS setup. Since weblogic.security.X509 is removed in WLS 9.1 we are forced to change our code.
Please help!
Message was edited by:
rmkandan

hi
Currently I am using
req.getHeader("WL-Proxy-Client-Cert")
to get the client certificate and then i do the following to get the X509 cert format
     if (pemCert != null && pemCert.length() > 0 ){
          pemCertBuff.append("-----BEGIN CERTIFICATE-----");
          pemCertBuff.append(pemCert);
          pemCertBuff.append("-----END CERTIFICATE-----");
     System.out.println("CertificateUtil:getFingerPrint: pemCertBuff --"+pemCertBuff.toString());
     X509Certificate certs = null;
     try {
          CertificateFactory cf = CertificateFactory.getInstance("X.509");
          ByteArrayInputStream bis = new ByteArrayInputStream(pemCertBuff.toString().getBytes());
          weblogic.security.PEMInputStream pemIs = new weblogic.security.PEMInputStream(bis);
          BufferedInputStream bufis = new BufferedInputStream(pemIs);
          certs = (X509Certificate)cf.generateCertificate(bufis);
     } catch (CertificateException e) {
          // TODO Auto-generated catch block
          e.printStackTrace();
     } catch (IOException e) {
          // TODO Auto-generated catch block
          e.printStackTrace();
And I am able to get the certificate, but I need to know is there any other elegant way to get the certificate as we did using weblogic.security.X509 class?
Please help!!
Message was edited by:
rmkandan

Weblogic.security.KeyManagementException: java.io.EOFException

I am getting the following error when I am use the certificate
obtained from baltimore instead of the default provided by weblogic. I
used der2pem also to convert ".der" key file to ".pem" format - it
didn't work
I am running one-way SSL.
the configuration I have specified is:
Server Key File Name:                config/mydomain/privatekey.pem
Server Certificate File Name:          config/mydomain/DownloadCert.pem
Server Certificate Chain File
Name:     config/mydomain/DownloadCert_root.pem
<05-Mar-02 17:22:01 GMT> <Info> <Logging> <Only log messages of
severity "Error"
or worse will be displayed in this window. This can be changed at
Admin Console
mydomain> Servers> myserver> Logging> General> Stdout severity threshold>java.io.EOFException
at weblogic.security.Utils.inputByteArray(Utils.java:143)
at weblogic.security.ASN1.ASN1Utils.inputASN1Integer(ASN1Utils.java:120)
at weblogic.security.X509.input(X509.java:120)
at weblogic.security.X509.initialize(X509.java:81)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:09 GMT> <Alert> <WebLogicServer> <Inconsistent
security configu
ration, weblogic.security.KeyManagementException:
java.io.EOFException>
weblogic.security.KeyManagementException: java.io.EOFException
at weblogic.security.X509.initialize(X509.java:86)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <WebLogic Server
started>
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <ListenThread
listening on po
rt 7001>
Any help will be appriciated.
regards
sachin

I am getting the following error when I am use the certificate
obtained from baltimore instead of the default provided by weblogic. I
used der2pem also to convert ".der" key file to ".pem" format - it
didn't work
I am running one-way SSL.
the configuration I have specified is:
Server Key File Name:                config/mydomain/privatekey.pem
Server Certificate File Name:          config/mydomain/DownloadCert.pem
Server Certificate Chain File
Name:     config/mydomain/DownloadCert_root.pem
<05-Mar-02 17:22:01 GMT> <Info> <Logging> <Only log messages of
severity "Error"
or worse will be displayed in this window. This can be changed at
Admin Console
mydomain> Servers> myserver> Logging> General> Stdout severity threshold>java.io.EOFException
at weblogic.security.Utils.inputByteArray(Utils.java:143)
at weblogic.security.ASN1.ASN1Utils.inputASN1Integer(ASN1Utils.java:120)
at weblogic.security.X509.input(X509.java:120)
at weblogic.security.X509.initialize(X509.java:81)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:09 GMT> <Alert> <WebLogicServer> <Inconsistent
security configu
ration, weblogic.security.KeyManagementException:
java.io.EOFException>
weblogic.security.KeyManagementException: java.io.EOFException
at weblogic.security.X509.initialize(X509.java:86)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <WebLogic Server
started>
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <ListenThread
listening on po
rt 7001>
Any help will be appriciated.
regards
sachin

Weblogic.security.KeyManagementException: java.io.EOFExceptio

I am getting the following error when I am use the certificate obtained from baltimore
instead of the default provided by weblogic.
private key that was generated by the Certificate Servlet.
<05-Mar-02 17:22:01 GMT> <Info> <Logging> <Only log messages of severity "Error"
or worse will be displayed in this window. This can be changed at Admin Console
mydomain> Servers> myserver> Logging> General> Stdout severity threshold>java.io.EOFException
at weblogic.security.Utils.inputByteArray(Utils.java:143)
at weblogic.security.ASN1.ASN1Utils.inputASN1Integer(ASN1Utils.java:120)
at weblogic.security.X509.input(X509.java:120)
at weblogic.security.X509.initialize(X509.java:81)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:09 GMT> <Alert> <WebLogicServer> <Inconsistent security configu
ration, weblogic.security.KeyManagementException: java.io.EOFException>
weblogic.security.KeyManagementException: java.io.EOFException
at weblogic.security.X509.initialize(X509.java:86)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <WebLogic Server started>
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <ListenThread listening on
po
rt 7001>

I am getting the following error when I am use the certificate obtained from baltimore
instead of the default provided by weblogic.
private key that was generated by the Certificate Servlet.
<05-Mar-02 17:22:01 GMT> <Info> <Logging> <Only log messages of severity "Error"
or worse will be displayed in this window. This can be changed at Admin Console
mydomain> Servers> myserver> Logging> General> Stdout severity threshold>java.io.EOFException
at weblogic.security.Utils.inputByteArray(Utils.java:143)
at weblogic.security.ASN1.ASN1Utils.inputASN1Integer(ASN1Utils.java:120)
at weblogic.security.X509.input(X509.java:120)
at weblogic.security.X509.initialize(X509.java:81)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:09 GMT> <Alert> <WebLogicServer> <Inconsistent security configu
ration, weblogic.security.KeyManagementException: java.io.EOFException>
weblogic.security.KeyManagementException: java.io.EOFException
at weblogic.security.X509.initialize(X509.java:86)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.ja
va:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <WebLogic Server started>
<05-Mar-02 17:22:31 GMT> <Notice> <WebLogicServer> <ListenThread listening on
po
rt 7001>

Weblogic.security.CipherException: Incorrect block length 256 (modulus

Hi,
I have a stand alone java client which runs in the weblogic 8.1 server and when I tried to connect to the external site using the weblogic's HttpsURLConnection ,its throws the below exception.
weblogic.security.CipherException: Incorrect block length 256 (modulus length 128)
<Info> <Security> <BEA-090511> <The following exception has occurred:
weblogic.security.CipherException: Incorrect encrypted block
     at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:205)
     at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
     at weblogic.security.X509.verifySignature(X509.java:246)
     at weblogic.security.X509.verify(X509.java:176)
     at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:133)
     at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
     at weblogic.security.SSL.Handshake.input(Handshake.java:121)
     at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
     at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
     at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
     at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
     at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
     at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
     at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
     at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
     at weblogic.net.http.HttpClient.New(HttpClient.java:228)
     at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
     at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:319)
     at HttpsConnect.main(HttpsConnect.java:13)
<Info> <SSL> <000000> <weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate>
java.io.IOException: weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:172)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:359)
at HttpsConnect.main(HttpsConnect.java:13)
I verified the certifiate chain by using the weblogic's ValidateCertChain utility, and the output seems to be confusing for the intermediate site and the entity site.
java utils.ValidateCertChain -pem inter.cerCert[0]: CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/r
pa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Certificate chain is incomplete, can't confirm the entire chain is valid
Certificate chain appears valid
Any pointers will be appreciated.

This might be because Verisign has included anadditional intermediate certificate in its chain
You can find it here
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=search&viewlocale=en_US
Contact Verisign Support, u can chat with them even...
Let me know if you have any doubt.
Cheers!
Faisal
http://www.weblogic-wonders.com

Weblogic Security Programmatic Authentication API

Hi all,
I am trying to use weblogic authentication API with weblogic 11g and jdeveloper 11.1.1.2.
According to programming security document, we can use weblogic.security.SimpleCallbackHandler or weblogic.security.URLCallbackHandler class.
But i don't see any library to import those class.
where can i download those library?
With Regards,
Wai Phyo

Where can i get this Jar(com.bea.core.weblogic.security_2.0.1.0.jar). I have installed Weblogic10.3 on jdk1.6 and it has com.bea.core.weblogic.security_1.0.0.0_6-0-3-0.jar which does not have the weblogic.security.spi.AuthenticationProviderV2.
Any help on this will be really appreciated.
Thanks.
Ajay

Error:- weblogic.security.SecurityInitializationException: Authentication

Hi,
I am getting below error when ever i am trying to start the Managed server in cluster environment(unix).
I am able to start the server on local machine but in case of remote machine its not gettig started.
I have tried most of the steps as mentioned below:-
1) Changed the weblogic passowrd.
2) Delete boot.properties.
3) deleted $DOMAIN_DIR\servers\<admin-server-name>\data\ldap
4) Followed below post also but nothing worked:-
https://forums.oracle.com/forums/thread.jspa?threadID=956750&start=30&tstart=0
####<Nov 14, 2011 7:41:28 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888310> <BEA-000000> <WebLogic Server "soa_server2" version:
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Nov 14, 2011 7:41:28 PM IST> <Notice> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888419> <BEA-170019> <The server log file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/logs/soa_server2.log is opened. All server side log events will be written to this file.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888426> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Diagnostics> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888494> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3s" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "http" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "https" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888561> <BEA-002622> <The protocol "iiop" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "iiops" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldap" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888564> <BEA-002622> <The protocol "cluster" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888565> <BEA-002622> <The protocol "clusters" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "snmp" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "admin" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888569> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <RJVM> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888583> <BEA-000570> <Network Configuration for Channel "soa_server2"
Listen Address          172.17.103.42:8101
Public Address          N/A
Http Enabled          true
Tunneling Enabled     false
Outbound Enabled     false
Admin Traffic Enabled     true>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889336> <BEA-002609> <Channel Service initialized.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889410> <BEA-000436> <Allocating 4 reader threads.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889412> <BEA-000446> <Native IO Enabled.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <IIOP> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889612> <BEA-002014> <IIOP subsystem enabled.>
####<Nov 14, 2011 7:41:32 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279892649> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893102> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893224> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_qMT60FRl3kIPYftFoWhBFbhSxuY=>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893501> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893509> <BEA-090074> <Initializing Authorizer provider using LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893921> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-090827> <LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894250> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894251> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894265> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server soa_server2 for security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090082> <Security initializing using security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894594> <BEA-090403> <Authentication for user weblogic denied>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894596> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
     at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
     at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
     at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
     at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy28.login(Unknown Source)
     at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
     at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy46.authenticate(Unknown Source)
     at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
     at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000365> <Server state changed to FAILED>
####<Nov 14, 2011 7:41:34 PM IST> <Error> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894608> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894618> <BEA-000236> <Stopping execute threads.>
Please help.
thanks in advance

I've tried every trick in the book but no luck and finally I found a solution for this problem. Maybe it is not the best practice but it works:
1-Uninstall JDeveloper.
2-Delete Oracle Middleware file located in C:\Oracle
3-Delete the JDeveloper file located in C:\Users\MyUser\AppData\Roaming (Because the integrated Weblogic server is actually there)
4-Reinstall JDeveloper
That solved the issue.
Thanks

Weblogic.security.ldaprealmv2.LDAPRealm problem..

Hi All,
I'm running WLS6.1sp1 and I have a bit of a snag. I've been able to
successfully configure WLS6.1 to authenticate against a single development
LDAP server, but I'm running into problems with my production LDAP
environment.
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide some assistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
Jason Hanna
Lead Technical Architect - EMC.com

>
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide someassistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
The ldap realm v2 uses the netscape sdk. By default, a netscape sdk client
follows
referrals automatically.However, the client binds anonymously to the server.
There is currently no method for the ldap realm v2 to follow referrals and
bind
as a specific user.
Does your production system have the same principal and credentials for
both the original and referral directory server?
Peter

Weblogic.security.acl in Weblogic 6

I came across the following in the migration documention
(http://edocs.bea.com/wls/docs60/notes/migrate.html#1026915):
I'm assuming that this is just a typo or wording issue but it currently
reads "weblogic.security.acl" is deprecated? Can't be the whole package.
Anyone else notice this?
Deprecated APIs and Features
The following APIs and features are deprecated in anticipation of future
removal from the product:
a.. weblogic.security.acl
b.. WebLogic Events
WebLogic Events are deprecated and should be replaced by JMS messages with
NO_ACKNOWLEDGE or MULTICAST_NO_ACKNOWLEDGE delivery modes. See Programming
WebLogic JMS for more information.
c.. WebLogic HTMLKona
d.. T3 Driver

request.getRemoteUser() still works fine for me after I implented a custom
Autthenication / LoginModule.
"patrik" <[email protected]> wrote in message
news:[email protected]..
>
Yes, I have. see:
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.develo
per.interest.security&item=8553&utag=
>
But if you've managed to get out the information from it I'd be gratefulto know
how.
/Patrik
"Utpal" <[email protected]> wrote:
Have you tried weblogic.security.Security.getCurrentSubject() ??
-utpal

Weblogic.security.ldaprealm.LDAPException

hi all,
i'm trying to authenticate users/groups with weblogic 6.0sp2 against iplanet 5.0
on an nt operating system.
from time to time weblogic server is throwing exceptions like the one below:
weblogic.security.ldaprealm.LDAPException: search error: user xyz - with nested
exception:
[javax.naming.ServiceUnavailableException: server:389; remaining name 'ou=People,dc=comp,dc=com']
The App is reconnecting and able to get the connection, but those exceptions are
thrown on a very frequent basis.Any ideas what causes this behaviour?
Your help is very much appreciated.
mdheur

weblogic.security.ldaprealm.LDAPException: search error: user xyz - withnested
>
From the API,
This exception is thrown when attempting to communcate with a directory or
naming service and that service is not available. It might be unavailble for
different reasons. For example, the server might be too busy to service the
request, or the server might not be registered to service any requests, etc.
-utpal

Weblogic.security.provider.PrincipalValidatorImpl deprecated

http://edocs.bea.com/wls/docs103/javadocs/weblogic/security/provider/PrincipalValidatorImpl.html says the class is deprecated though the documentation(http://edocs.bea.com/wls/docs103/dvspisec/atn.html#wp1089150) suggests its use.
Anyone have any knowledge of the replacement api usage (com.bea.common.security.provider.PrincipalValidatorImpl) which does not seem to have a default constructor..

Same Problem here. It seems com.bea.common.security.provider.PrincipalValidatorImpl has no API Reference. and weblogic.security.provider.PrincipalValidatorImpl which is obviously for the WLS 8 release is deprecated.
Where to find an API Reference or some other documentation to com.bea.common.security.provider.PrincipalValidatorImpl ?

Location of weblogic.security.acl.internal.AuthenticatedSubject

I'm trying to compile this code:
CallbackHandler handler = new URLCallbackHandler(userName, password);
Subject subject = Authentication.login(handler);
ServletAuthentication.runAs(subject, request);
But ServletAuthentication.runAs complains that it relies on class weblogic.security.acl.internal.AuthenticatedSubject which is not found.
i agree, i don't find it in either weblogic.jar or wls-api.jar from the 10.3.4 lib directory.
Where do i get this code?

Found it!
It's in
com.bea.core.weblogic.security.identity.jar in the Middleware/modules directory

Missing weblogic.security.spi. classes

Any idea what happened to these classes? Can't find the right jar file.
import weblogic.security.spi.AuthenticationProvider;
import weblogic.security.spi.IdentityAsserter;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPv2

Glad, your issue is resolved. Also in case if you are using WLS 10.3.x, here is the link on how to generate a client jar file that has almost all the APIs from weblogic.jar and wls-api.jar etc etc. Most of the times, when we want to run WebServices, EJB clients etc as standalone, we need all these classes. So here is the link on how to generate something called "wlfullclient.jar" and put that in classpath or java build path etc.
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/client/jarbuilder.html (To create wlfullclient.jar)
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/client/t3.html
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/client/basics.html#wp1069994
HTH
Ravi Jegga

Weblogic Security(Change Password)

We are implementing “Forgot Password" feature for our web application which is based on Weblogic Portal Server. We are using Spring JMS POJO(http://static.springsource.org/spring/docs/2.5.x/reference/jms.html#jms-asynchronousMessageReception) for anonymous user to recover their password, We have the Spring JMS listener which receives the password reset request, but while doing the password reset we are getting security error
Here is the code where we do the reset onMessage() of MessageListener
com.bea.p13n.security.management.authentication.AtnManagerProxy proxy = AtnProxyHelper.getAtnProxy("SQLAuthenticator");
proxy .setPassword(loginId, newPassword);
Looks like Spring JMS listener is running as a client within the WL server, but even this pair of code does not work too
Subject subject = com.bea.p13n.security.Authentication.authenticate("weblogic","weblogic");
com.bea.p13n.security.management.authentication.AtnManagerProxy proxy = AtnProxyHelper.getAtnProxy("SQLAuthenticator");
proxy .setPassword(loginId, newPassword);
java.lang.SecurityException: The caller is not in the proper role for attempted user operation. Required role(s) [Admin, PortalSystemAdministrator, Self, updateRole]. Caller role(s) Anonymous.
     at com.bea.p13n.security.management.authentication.AtnSecurityMgmtHelper.validateUserCallerRole(AtnSecurityMgmtHelper.java:567)
     at com.bea.p13n.security.management.authentication.internal.UserProvider.setPassword(UserProvider.java:330)
     at com.bea.p13n.security.management.authentication.internal.UserProvider.setPassword(UserProvider.java:314)
     at com.bea.p13n.security.management.authentication.AtnManagerProxy.setPassword(AtnManagerProxy.java:544)
     at com.pics.weblogic.UserManagement.recoverPassword(UserManagement.java:623)
     at com.pics.core.service.ForgotPasswordServiceImpl.changePassword(ForgotPasswordServiceImpl.java:44)
     at com.pics.messaging.MessageQueueReceiver.onMessage(MessageQueueReceiver.java:100)
     at org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:505)
     at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:444)
     at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:414)
     at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:293)
     at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:239)
     at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.java:872)
     at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:812)
     at java.lang.Thread.run(Thread.java:619)

Yes, I agree it is a bad idea, but initially we did the password reset in sync but the e-mail notification in async, but then when doing the password reset we got into trouble of same security exceptions, so we moved that all the reset password and e-mail into same async code block assuming that Spring JMS listener will not ask for authorization since the WL server and JMS listener both are running on the same thread/context, but looks like Spring JMS listener in running on a different thread context. I need to impersonate since user has not logged into the system("forgot password" recovery feature). Looks like it does not matter sync or async I need to impersonate user, Here is the work around that I have put for now
     Subject subject = com.bea.p13n.security.Authentication.authenticate("weblogic","weblogic"); //I need to create a special user for this, Ugly!!
     ResetPassword resetPassword = new ResetPassword ("ForgotUserID","ForgotEmail"); //Now every thing happens here, setPassword API
     weblogic.security.Security.runAs(subject, resetPassword );
If I had used MDB instead of Spring MDB then it would have worked(I have done the same in WL couple years back)
Thanks
Edited by: lbrocks_prn on Nov 19, 2009 10:18 PM
Edited by: lbrocks_prn on Nov 19, 2009 10:19 PM

Replace "weblogic.security.Security.getCurrentSubject()"

In weblogic,we can use "weblogic.security.Security.getCurrentSubject()" method
to get a javax.security.auth.Subject object,this object contains the security
information of the current user that call this method."Security.getCurrentSubject()"
is a static method and has no parameter,so it's easy for us to get the security
information anywhere.
But this API is provided by BEA weblogic,it's not a standard J2EE API,so it's
hard for me to change the APP Server to others like WebSphere or Oracle IAS.
Another way is use getUserPrincipal() of HttpRequest and getCallerPrincipal()
of EJBContext,but these two methods need a reference to the HttpRequest object
and EjbConext object,and is restrict use in Servlet and EJB,hard to use in normal
java classes.
I want to find a standard J2EE API to do the same thing,can anyone help me?
Any suggestion is welcome.
thanks

J2EE provides no standard way of getting the current Subject. In WebLogic
the Subject returned by Subject.getSubject(AccessController.getContext()) is
not necessarily the same as the current user.
- Neil
"Lloyd Fernandes" <[email protected]> wrote in message
news:3ffd46f1$[email protected]..
>
"Jason Shi" <[email protected]> wrote:
I have try this method,but the return subject is null.
"Lloyd Fernandes" <[email protected]> wrote:
"Jason Shi" <[email protected]> wrote:
In weblogic,we can use "weblogic.security.Security.getCurrentSubject()"
method
to get a javax.security.auth.Subject object,this object contains the
security
information of the current user that call this
method."Security.getCurrentSubject()"
is a static method and has no parameter,so it's easy for us to getthe
security
information anywhere.
But this API is provided by BEA weblogic,it's not a standard J2EE
API,so
it's
hard for me to change the APP Server to others like WebSphere or Oracle
IAS.
Another way is use getUserPrincipal() of HttpRequest andgetCallerPrincipal()
of EJBContext,but these two methods need a reference to the HttpRequest
object
and EjbConext object,and is restrict use in Servlet and EJB,hard touse
in normal
java classes.
I want to find a standard J2EE API to do the same thing,can anyone
help
me?
Any suggestion is welcome.
thanks
Subject.getSubject(AccessController.getContext());
- lloyd
I noticed that too. I have escalated it to weblogic. Hopefully I will getan answer
in a couple of days.

Weblogic.security.X509 API

Similar Messages

Maybe you are looking for