Accessing Custom Security Realm and NotOwnerException.
I have installed the RDBMS example security realm, which appears to work fine. However when I attempt to access this realm from a Servlet via Realm.getRealm("name") I get an NotOwnerException being thrown.
Ideas ?
regards,
Jeff.
We did something similar in a past project, and it turned out to be more of a mess than
it was worth it (not only the "chicken-egg" dilemma with system, guest, administrator
users, etc., but also with various lookup and threading issues.) We ended up ripping
out the code and writing a new one which does not use an EJB.
EJB are supposed to be written in terms of container services (which security being one
of the services the container provides) but in this scenario you'd be writing one of the
container services in terms of EJBs, so it "breaks" the proper layering.
In our case, we wanted to "encapsulate" our security code from Weblogic's propreitary
realm mechanism, at the end we still achieved without having to create a session bean
(sometimes regular Java classes work just fine) :-)
regards,
-Ade
"watscheck" <[email protected]> wrote in message news:[email protected]..
>
Hi,
i want to use a sessonEJB as my security store for the custom security realm in
weblogic server 6.1.
Has anyone experience with that?
First i have to pass all filerealm users through my custom realm (csr) because
it is not possible to authenticate the system and guest users before the sessionEJB
itself is loaded.
OK, but my problem is the authentication of the csr at the sessionEJB, which is
itself secured by method-permission in it's assemblydesciptor. So i have to get
an initialcontext with an authorized user for the sessionEJB an invoke all protected
methods with this principal.
But Bea WLS has a problem with propagating this user back to the actual application.
Is there a way that the application (web-app and ejbs) is not affected by the
authentification of the csr at the sessionEJB (security store)?
And is it right that the new initialcontext in the csr always overrides the bea
context and with that the servlet request of the web-app?
thanks in advance
watscheck
Similar Messages
-
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
What is the best way to deploy/update custom security realm classes to WLS 6.0?
From the WLS 6.0 console, I see that I can specify the Java class that
implements my custom security realm but I am wondering what is the best way
to deploy/update this code. I don't see a way to do this from the console.
Does this mean that I have to manually copy the class files over that
implement my custom security realm?Thanks Danut,
A jar file seems to be a good way to package it up but it sounds like it
still needs to be manually copied to each Weblogic server install directory
post-installation and whenever it is updated. I thought it would be nice to
be able to deploy/update the custom security realm by uploading it through
the Console just as you can with web applications and EJBs.
Brian
"Danut Prisacaru" <[email protected]> wrote in message
news:3aba2db0$[email protected]..
You have to have your Custom Realm class in the class path. I usually havea
jar file with all the Custom Realm classes and that jar I copy it in thelib
folder. Then I modify "startWebLogic.cmd" and I add to the classpath
".\lib\CustomRealm.jar"
set
CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar;.\lib\CustomRealm.jar;
>
Be aware that in order to have you custom realm besides creating thecustom
realm using the console you also have to create a custom caching andchoose
that one as your default caching realm.
Here is how the security settings are looking in my "config.xml"
<CustomRealm Name="CustomRealm"
RealmClassName="Custom.appserver.weblogic.security.CustomRealm"/>
<CachingRealm BasicRealm="CustomRealm" CacheCaseSensitive="true"
Name="CustomCachingRealm"/>
<Realm CachingRealm="CustomCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_realm"/>
<FileRealm Name="wl_default_file_realm"/>
<Security GuestDisabled="false"
Name="mydomain" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm"/>
Danut -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
One custom security realm for many wl servers?
Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server.Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server. -
WebStart, custom security policy and debugging
Hi,
Please forgive the long post, it's an obscure problem.
A year ago I implemented a custom instance-centric security policy that uses a database for storing permission data. It has served our needs very well on the server side. Now, however, I need to reuse it in a client application deployed to about 50 users via WebStart (there are more similar applications coming which will take the user base to about 200).
For some reason, the permissions are not being properly evaluated under WebStart. Tracing through my policy code, I can see that calls to imply() return with expected true/false values, however, when the internals of Java's underlying security API aggregate the results, calls to AccessController.checkPermission() don't raise exceptions when and where they are expected to.
This is really a hard problem to debug/trace. When I run the application locally, I have no problems with security checks even if I run it under a security manager (via -D.java.security.manager). Tracing to standard helps to a point and I can see that there is a difference: during the local runs, calls to MyCustomPolicy.implies(Permission, Domain) are made once per every AccessController.checkPermission() call made from the business layer. Under WebStart, there are three calls to MyCustomPolicy.implies() per every call to AccessController.checkPermission(). All three calls seem to come from the same stack frame. All three return 'false', yet AccessController.checkPermission() doesn't raise an exception.
Analyzing stack's state at the point MyCustomPolicy.implies() is been called, I think the answer to my problem may lie in the following code snippet of AccessControlContext.checkPermission(Permission):
for (int i=0; i< context.length; i++) {
if (context[i] != null && !context.implies(perm)) {
if (debug != null) {
debug.println("access denied "+perm);
if (Debug.isOn("failure")) {
Thread.currentThread().dumpStack();
final ProtectionDomain pd = context[i];
final Debug db = debug;
AccessController.doPrivileged (new PrivilegedAction() {
public Object run() {
db.println("domain that failed "+pd);
return null;
throw new AccessControlException("access denied "+perm, perm);
I believe that somehow one of the iterations gets to "return null" line, but at the moment I have no way of verifying this.
I'm finally getting to my question. In order for me to understand what's going on, I need to enable debugging of AccessControlContext. I can do this by setting java.security.debug system property. Again, I have no problem enabling debugging on a local system, but not under WebStart.
Here's what the relevant markup in the .jnlp file looks like:
<resources>
<j2se version="1.5" max-heap-size="128m" initial-heap-size="32m" java-vm-args="-Djava.security.debug=all">
</j2se>
<!-- a bunch of jar declarations -->
<property name="java.security.auth.login.config" value="jar:swing-app-SNAPSHOT.jar!/jaas_login.properties">
</property>
<property name="java.security.debug" value="all">
</property>
</resources>
this seems to have no effect and no debugging output appears. Any ideas why? Is there anything else I can do to enable debugging of AccessControlContext under WebStart?
I don't expect too many replies to my post (unless 3 sleepless weeks made me miss something really obvious), but if anyone can offer a hit/hit/insightful comment :), that would be great.
DmitryHey
I have just finished such a policy implemention - boy could I have done with your help!
I've never seen the java.security.debug property before - not to say it doesn't exist, but don't confuse system properties and security properties. Try setting it programmatically via Security.setProperty() or the Java Admin console [if you can], or even in the JRE WebStart uses via the java.security file.
When you run it locally with security switched on, do you observe the 3-to-1 behaviour also? I'm not sure if this is important - depends on your answer. As for the checks being performed from the same stack frame, the AC iterates over the protection domains as it checks them; the 3-to-1 behaviour is the result of there being 3 extra frames to check, possibly due to the fact your executing from JWS [although I'd expect JWS to be considered system code]. If the execution in AC gets to return null; then Debug.isOn("failure") must evaluate to true [...I'd slump in my chair at this point] but there's no way to figure out accurately what the semantics of this is AS THERE'S NO FRICKIN SRC AVAILABLE [...this really annoys me]. The only thing I can suggest for that is to not try and switch debugging on.
I suspect you are using JAAS [hence the dynamic policy need]? I have an idea if you are.
I totally know what you mean about the sleepless nights mate - I'm glad I done it all now, learnt all about security within Java which I knew nothing about 6 months ago.
Warm regads,
D -
How to access Custom Controller Methods and context
Hi
I have to components (comp1,comp2) in one DC. I want to use custom controller method of comp1 into comp2 view?
Thanks
PrasadHi,
in order to access comp1 from comp2.
create Public part for Comp1 and it to the useds DC of Comp2 and as well add the required controllers in Comp2 (in view controller and custome controller where u want to access them).
PFB link fro example.
[http://wiki.sdn.sap.com/wiki/display/WDJava/UsecomponentsinbiggerWebDynproprojects+%28componentization%29]
Regards,
Govindu -
Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan -
URGENT HELP NEEDED ... Tomcat Realm and JRE1.4 plug-in problem
I have tried the Security Realm of Tomcat. Since I do not have
an LDAP server, I decided to use the Tomcat-users.xml file in
Tomcat\conf directory.
I added the following lines of code in the web.xml file.
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- NOTE: This role is not present in the default users file -->
<role-name>webviewer</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
The <role-name> "webviewer" is added into "Tomcat-Users.xml" as the following:
<tomcat-users>
<user name="test" password="password" roles="webviewer" />
</tomcat-users>
So, now when we type the url: http://localhost:8080/adbpdbre/default.htm, TOMCAT shows a dialog box asking for UserName: and Password:Now, only when we give the username and password, it shows the page. This is exactly what we want.
But the problem now is, this default.htm page, has 5 links to 5 applets. The first time that I click on one of these links, the JRE plug of 1.4 shows a dialog again asking for the username and password. Till I dont provide the username and password the system doesnt go ahead and applet doesnt load. I do not want the JRE to ask me for the username/passwords again..How to avoid this ?
Can you give me some more information on this. Ultimately in the production usage, we will be using LDAP and not Tomcat's memory realm.
URGENT HELP NEEDED ... I need to get back to my client on this.
Help would be v. much appreciated.In the config file, you 're essentially saying that you want Tomcat to prompt for usr/passw on every request (url-pattern = /*) made by a 'webviewer', and that's exactly what Tomcat is doing.
Consider using specific url-patterns & roles for resources to be protected. If for now, all you need is to protect the first page, use a more specific url-pattern.
Just an advice : if you'll be using LDAP in production, do not waste time with Tomcat's Security Realm and the BASIC authentication type, since the two have not much in common. Start reading doc on LDAP, and code a prototype, or even better, a vertical slice of the app (i.e a proof of concept). -
How to get domain name in java code/custom security provider
Hi all,
I've developed a custom security provider and deployed it in WL_HOME/server/lib/mbeantypes folder. I also have multiple domain created and running in the same machine. now if a user logs in from a specific domain, say, t3://localhost:7005, how do I retrieve the domain name in my custom security provider?
I found the following code could do it, but this code needs to know the port number in advance
Hashtable env = new Hashtable();
env.put(Context.PROVIDER_URL,"t3://localhost:7101");
env.put(Context.INITIAL_CONTEXT_FACTORY,
"weblogic.jndi.WLInitialContextFactory");
env.put(Context.SECURITY_PRINCIPAL,"weblogic");
env.put(Context.SECURITY_CREDENTIALS,"weblogic1");
Context ctx = new InitialContext(env);
MBeanHome home = (MBeanHome)ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
String domainName = home.getDomainName();
System.out.println(domainName);
Any help is greatly appreciated...
Thanks,
Philip
Edited by: VivaCuba on Nov 14, 2010 9:43 AMCheck out methods in the following classes: LegacyDirectoryLocator and DirectoryLocator.
Jonathan
http://jonathanhult.com -
Migrating SSRS custom security from 2008 R2 to SQL Server 2012
Hi,
We have built custom security in SSRS 2008 R2 and now we are migrating it to SSRS 2012. We are facing an issue, it always throws Security exception below and when we are changing
web.config file to below line we are getting "500 Internal server error". Tried everything, no luck... can someone please assist here whether we need to rewrite entire custom security code and then migrate it to SSRS 2012 custom
security. Any help here much appreciated
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name="sqlAuthCookie" timeout="60" path="/"></forms>
</authentication>
<identity impersonate="false" />
Regards,
HarishHi yashmitl,
In your case, please running the following command to check the current URL reservations on http.sys.
netsh http show urlacl
Then, please delete the URL reservation by executing the following command try to resolve the issue.
netsh http delete urlacl <url>
There is a similar issue, you can refer to it.
http://social.technet.microsoft.com/Forums/en-US/d5204dd3-e26d-4592-8ef0-a94005fc46a5/the-url-has-already-been-reserved?forum=sqlreportingservices
Hope this helps.
Regards,
Alisa Tang
Alisa Tang
TechNet Community Support -
Hi,
we are using weblogic workshop 8.1.. When we try to create a new security realm and set that as default realm instead of myRealm.. and reboot the server...
we are getting authentication denied exception and does not reboot.. i understand that default user/pass weblogic/weblogic holds good only for original myRealm and not the new security realm..
how do we resolve this....
Thx & Rgds,
RamachandranMonduke,
Thanks for the suggestion.
we are trying to opt your first part. i.e. only one ADS Authenticator..
we had a doubt while creating weblogic user like where to add(which folder). Moreover there are built-in administrators group in ADS.. Will adding weblogic under that group solve the problem as i doubt how WLS will understand that.
I tried adding weblogic in built-in Administrators group..
I could see the ADS users in Admin Console but in WLIConsole's User Management i could only see the following error..
Error
java.lang.NullPointerException
at weblogic.management.commo.CommoProxy.invoke(Ljava/lang/Object;Ljava/lang/reflect/Method;[Ljava/lang/Object;)Ljava/lang/Object;(CommoProxy.java:397)
at $Proxy1.listUsers(Ljava/lang/String;I)Ljava/lang/String;(Unknown Source)
at com.bea.wli.management.MBeanHelper.getUserNames(Ljava/lang/String;)Ljava/util/List;(MBeanHelper.java:630)
at com.bea.wli.oam.usermanagement.UserManagementHelper.searchUsers(Ljava/lang/String;Ljava/util/Locale;)[Lcom/bea/wli/oam/usermanagement/UserManagementHelper$UserInfo;(Unknown Source)
at com.bea.wli.oam.usermanagement.servlets.UserManagement.viewUsers(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.usermanagement.servlets.UserManagement.processRequest(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.usermanagement.servlets.UserManagement.doGet(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.core.BaseServlet.userService(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.core.BaseServlet.run()Ljava/lang/Object;(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic/security/subject/AbstractSubject;Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Lweblogic/security/acl/internal/AuthenticatedSubject;Lweblogic/security/acl/internal/AuthenticatedSubject;Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;(SecurityManager.java:147)
at com.bea.wli.security.authentication.AuthenticationService.runAs(Ljava/security/PrivilegedExceptionAction;Lweblogic/security/acl/internal/AuthenticatedSubject;)Ljava/lang/Object;(AuthenticationService.java:109)
at com.bea.wli.oam.core.BaseServlet.secureService(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.core.BaseServlet.service(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at javax.servlet.http.HttpServlet.service(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava/lang/Object;(ServletStubImpl.java:1072)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Lweblogic/servlet/internal/FilterChainImpl;)V(ServletStubImpl.java:465)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V(ServletStubImpl.java:348)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava/lang/Object;(WebAppServletContext.java:6985)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic/security/subject/AbstractSubject;Ljava/security/PrivilegedAction;)Ljava/lang/Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic/security/acl/internal/AuthenticatedSubject;Lweblogic/security/acl/internal/AuthenticatedSubject;Ljava/security/PrivilegedAction;)Ljava/lang/Object;(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic/servlet/internal/ServletRequestImpl;Lweblogic/servlet/internal/ServletResponseImpl;)V(WebAppServletContext.java:3892)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic/kernel/ExecuteThread;)V(ServletRequestImpl.java:2766)
at weblogic.kernel.ExecuteThread.execute(Lweblogic/kernel/ExecuteRequest;)V(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:183)
at java.lang.Thread.startThreadFromVM(Ljava/lang/Thread;)V(Unknown Source)
As mentioned earlier, we are badly in need of help to solve this.. will be grateful, if u could help us on this...
Thanx & Regards,
Ramachandran.P.J -
Using an alternate security realm
Hi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain nameHi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain name -
Unable to save changes in console for a custom security provider
I built a custom security provider and dropped it in the mbeantypes folder. This gets picked up by weblogic. I then try to modify the control flags and make it SUFFICIENT. I reboot the server but when i log back in the control flag is reset to OPTIONAL. It not saving the data to the xml file. We are running it on a UNIX box.
Hi,
I solved the problem by myself.
The log area was at 100%, that's why the configtool wasn't able to save my changes.
Now I changed the backup properties for the log files to AutoLog (in the Backup Wizard) and it works fine.
Best regards,
Christian -
HT1920 How do I access my security questions & answers for my apple account?
How so I access my security questions and answers on my apple account?
You need to ask Apple to reset your security questions; ways of contacting them include phoning AppleCare and asking for the Account Security team, clicking here and picking a method for your country, and filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(104176)
Maybe you are looking for
-
Creative Cloud, Download error doesn't go away (for a month now)
Hi everyone, I got 'Download error' about a month ago (10.9.5, MBPr), after that I tried everything I could think of: - permission steps from this topic Help | Download Error in Apps tab of Creative Cloud Desktop Application - repairing permissions w
-
Does the 7th generation ipod nano have the same storage capacity as the 4th generation ipod nano
Just bought a ipod nano 7th generation to replace my 16gb 4th generation nano as its battery life is getting shorter Went to load my library on to my new ipod and it could not take all the songs, wheras my 4th generarion had room to spare so i have h
-
SSO is not working for SAPGUI for HTML
Hi Experts, We have configured SSO between EP and ECC.SSO is working fine for SAPGUI for windows.But it is not working for SAPGUI for HTML. Workflow iViews are getting error. "SWITCH to HTTPS does not occur." The domain names are different for EP and
-
Someone Please Help??? Question About Internet?
Hi, I got my daughter the 8gb touch in May and how is she able to go on the internet for free?? Is there some kind of free trial or something?? I have internet in my house but not WIFI....any help would be greatly appreciated as I do not want to be b
-
Phoneline not working properly
People can ring in I can ring out but when I speak callers just hear noise as I speak. I've used a non-DECT phone plugged directly into the socket I've also tried another DECT phone and it's the same. I've done a test on the line via the web but it s