Admin Console Integration for Users in a Custom Realm
We are implementing a custom realm and are having troubles getting our Users to
show up in the User list.
Our user class extends weblogic.security.acl.User, and is forced to use the default
CTOR because our data access layer requires it.
Unfortunately, getName() returns null if the User(String) constructor is not used.
Furthermore, Identity::setName() is final, so it seems as though there is no
way to set the user's name after construction.
I am correct in this?
If so, any thoughts on whether it is worth going down the path of making my user
class implement Principal instead of extending weblogic.security.acl.User? I
would be forced to try to guess at what methods in User are required to integrate
with the admin console, I believe. I have not been able to find any documentation
that specifies what api/contract the console uses when it attempts to display
user, role, acl information for a custom realm.
Any advice would be greatly appreciated.
-chris
My comments mixed with your text
"Chris Goodacre" <[email protected]> wrote:
>
We are implementing a custom realm and are having troubles getting our
Users to
show up in the User list.
Our user class extends weblogic.security.acl.User, and is forced to use
the default
CTOR because our data access layer requires it.
Unfortunately, getName() returns null if the User(String) constructor
is not used.Yes.
Furthermore, Identity::setName() is final, so it seems as though there
is no
way to set the user's name after construction.
I am correct in this?Yes. Changing a user's name on a constructed user object is like mutating that
user to another user - a security hole. It isn't allowed.
>
If so, any thoughts on whether it is worth going down the path of making
my user
class implement Principal instead of extending weblogic.security.acl.User?I'd try to stay with extending weblogic.security.acl.User, but also implement
weblogic.security.acl.CredentialChanger, so you can change passwords through the
console (otherwise you get NullPointerExceptions).
You really want to get around not being able to supply a user name as part of
the ctor.
I
would be forced to try to guess at what methods in User are required
to integrate
with the admin console, I believe. I have not been able to find any
documentation
that specifies what api/contract the console uses when it attempts to
display
user, role, acl information for a custom realm.
Any advice would be greatly appreciated.
-chris1. Your realm should extend AbstractManageableRealm and implement DebuggableRealm
if you want to integrate with the console.
2. The only contract is to implement all the methods!
3. Check the type of the user and group objects being passed to your realm - if
they're not your user and group type, reject the call.
4. The documentation is indeed terrible, and often wrong. The examples shipped
are incomplete (the RBDMS realm shipped has approx 1/3 of the functionality).
You'll get good with jad.
Should all be better in 7.0 with JAAS. The realm interfaces is a dog.
Good luck,
simon.
Similar Messages
-
I am experiencing this error when a servlet or JSP is preloaded on the web
server and the init method of the preloaded item results in a call to the
app server. If I don't preload and then manually invoke the JSP or servlet
after the web server completely loads the call to the app server does not
produce the exception. The only security differences between the web and
app servers are the console and system passwords. I can fix the problem by
making the passwords (system and console) the same across the board, but
find it hard to believe that this is the true solution. I would prefer
sticking with the default security settings.
I've poured through hundreds of messages. I can find similar problems but
not this exact problem.
Any ideas would truly be appreciated!
More information:...
App and Web server are both wls 6.1.1.0 running on the same SUN Solaris box.
Both are using the basic, out of the box, security.
The App server has SSL disabled.
The exception reported in the app server's log is:
java.lang.SecurityException: Authentication for user system denied in realm
wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.security.acl.internal.Security.verify(Security.java:87)
at
weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
2)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The exception reported in the web server's log is:
java.lang.SecurityException: Authentication for user system denied in realm
wl_realm
at
weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
java:85)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:255)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:222)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy54.lookup(Unknown Source)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at
com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
at
com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
at
com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
ctory.java:305)
at
com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
at
com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
va:106)
at
com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
30)
at
weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
:700)
at
weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
va:643)
at
weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
a:588)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
ontext.java:2203)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
Context.java:2147)
at
weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
a:884)
at
weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
ava:807)
at
weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
at weblogic.j2ee.Application.addComponent(Application.java:160)
at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:329)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:144)
at
weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
76)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy33.addWebDeployment(Unknown Source)
at
weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
t(WebServerMBean_CachingStub.java:1094)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:315)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
Target.java:279)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
eploymentTarget.java:233)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
entTarget.java:193)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy32.updateDeployments(Unknown Source)
at
weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
ServerMBean_CachingStub.java:2734)
at
weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
icationManager.java:362)
at
weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
r.java:154)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy45.start(Unknown Source)
at
weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
ApplicationManagerMBean_CachingStub.java:480)
at
weblogic.management.Admin.startApplicationManager(Admin.java:1151)
at weblogic.management.Admin.finish(Admin.java:570)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
at weblogic.Server.main(Server.java:35)
Thanks,
Jed ZimmerYou're correct. I meant the DOMAIN_SYSTEM_PASSWORD password in my
<domain-name>domain.ksh file. The DOMAIN_SYSTEM_PASSWORD value (if
specified) has to match the system user's password or else the server will
not start/stop.
I have determined more since my post. A startup class also produces the
same error. I have minimized my environments as follows and still receive
the exception, and a soon as I synchronize the system users' passwords on
the app/web server the problem goes away. Or, I can keep the passwords
different and just not access the app server EJBs until after the web server
finished loading, which also causes the error to go away. I'm just confused
about what I might be doing wrong.
Steps to produce the error:
App server:
- Installed from 6.1.1.0 from scratch and started it up.
- Changed the system user's password from the admin console, persisting the
changes.
- Modified logging settings to see more info in the log files.
- Disabled instrument stack traces.
- Stopped/Started the app server
Web server:
- Installed from 6.1.1.0 from scratch and started it up.
- Modified logging settings to see more info in the log files.
- Disabled instrument stack traces.
- Added a servlet to the DefaultWebApp_insiteserver application
- specified name and class
- the load on startup setting defaulted to zero, which will cause the
preloading
- Added 3 jar files to the classpath to support the EJB call
- Stopped/Started the web server
When the web server loads the servlet loads and tries to locate the EJB on
the app server. The app server throws the security exception. The app/web
servers are both running on the same SUN box, have the same IP address
(different ports) and I'm using non-SSL. Each server is it's own WLS
environment. The only installed file that is shared it the
weblogic_domain_registry.dat file in the root directory. As for security,
I'm doing nothing except changing one password (system user on the app
server).
I then tried to manually upgrade the app/web servers to 6.1.2.0 by updating
the WEBLOGIC_ROOT in the respective xxxxdomain.ksh files. Same problem.
I then cleanly reinstalled the app/web servers using version 6.1.2.0 and
configured as above. Same problem.
Let me know if I need to provide additional details.
Thanks,
Jed Zimmer
"Joseph Nguyen" <[email protected]> wrote in message
news:[email protected]...
>
"Jed Zimmer" <[email protected]> wrote in message
news:[email protected]...
I am experiencing this error when a servlet or JSP is preloaded on the
web
server and the init method of the preloaded item results in a call tothe
app server. If I don't preload and then manually invoke the JSP orservlet
after the web server completely loads the call to the app server does
not
produce the exception. The only security differences between the weband
app servers are the console and system passwords. I can fix the problemby
making the passwords (system and console) the same across the board, but
find it hard to believe that this is the true solutionI don't quite understand what you mean by "console" password? Are you
talking about the admin console? If so then it's confusing because youhave
to log into the console using the system user. If you can clarify morehere
it would great.
Joseph Nguyen
BEA Support
. I would prefer
sticking with the default security settings.
I've poured through hundreds of messages. I can find similar problems
but
not this exact problem.
Any ideas would truly be appreciated!
More information:...
App and Web server are both wls 6.1.1.0 running on the same SUN Solarisbox.
Both are using the basic, out of the box, security.
The App server has SSL disabled.
The exception reported in the app server's log is:
java.lang.SecurityException: Authentication for user system denied inrealm
wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:125)
atweblogic.security.acl.internal.Security.verify(Security.java:87)
at
weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
2)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The exception reported in the web server's log is:
java.lang.SecurityException: Authentication for user system denied inrealm
wl_realm
at
weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
java:85)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:255)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:222)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy54.lookup(Unknown Source)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at
com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
at
com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
at
com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
ctory.java:305)
at
com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
at
com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
va:106)
at
com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
30)
at
weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
:700)
at
weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
va:643)
at
weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
a:588)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
ontext.java:2203)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
Context.java:2147)
at
weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
a:884)
at
weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
ava:807)
at
weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
at weblogic.j2ee.Application.addComponent(Application.java:160)
at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:329)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:144)
at
weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
76)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy33.addWebDeployment(Unknown Source)
at
weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
t(WebServerMBean_CachingStub.java:1094)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:315)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
Target.java:279)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
eploymentTarget.java:233)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
entTarget.java:193)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy32.updateDeployments(Unknown Source)
at
weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
ServerMBean_CachingStub.java:2734)
at
weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
icationManager.java:362)
at
weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
r.java:154)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy45.start(Unknown Source)
at
weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
ApplicationManagerMBean_CachingStub.java:480)
at
weblogic.management.Admin.startApplicationManager(Admin.java:1151)
at weblogic.management.Admin.finish(Admin.java:570)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
at weblogic.Server.main(Server.java:35)
Thanks,
Jed Zimmer -
Hi,
I am using WL60SP2 on Windows NT 4.0.
I am trying to call a bean from my startup class. The code is as follows
home = lookupHome();
messageSubscriber = (MessageSubscriber) narrow(home.create(),
MessageSubscriber.class);
Right at this point the Weblogic server is throwing the following error.
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
<<no stack trace available>>
I know this has something to do with the security. In WL50 I would have
gone to the weblogic.policy file to fix it. With WL60 I know I have to
change something on the console but am not sure.
Please help.
Thanks
RajGo into the console and make sure the GuestDisabled property = false
http://e-docs.bea.com/wls/docs61/////ConsoleHelp/security.html
Joe Jerry
Raj Kathlesar wrote:
Hi,
I am using WL60SP2 on Windows NT 4.0.
I am trying to call a bean from my startup class. The code is as follows
home = lookupHome();
messageSubscriber = (MessageSubscriber) narrow(home.create(),
MessageSubscriber.class);
Right at this point the Weblogic server is throwing the following error.
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
<<no stack trace available>>
I know this has something to do with the security. In WL50 I would have
gone to the weblogic.policy file to fix it. With WL60 I know I have to
change something on the console but am not sure.
Please help.
Thanks
Raj -
I am looking for some help to deploy the application in weblogic6.0.
This is what i did during the application deployment.
Create a new directory under config as a new application.
D:\bea\wlserver6.0\config\test
under test created two other directories applications and logs.
Under the applications directory copied .ear and .war files.
Under the test i copied config.xml, all the *.pem starttest.cmd, fileRealam.properties
files. Modified the config.xml with my application, domain and the server. Modified
the settest.cmd with the new domain and server name.
when i do startup, it is prompting for the password and i entered what ever i mentioned
during the installation.
And getting the following error.
Thanks alot for any suggestions.
D:\bea\wlserver6.0\config\test>startTest.cmd
D:\bea\wlserver6.0>set PATH=.\bin;D:\bea\jdk130\bin;C:\RATIONAL\RATION~1\NUTCROO
T\bin;C:\RATIONAL\RATION~1\NUTCROOT\bin\x11;C:\RATIONAL\RATION~1\NUTCROOT\mksnt;
C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Dell\Resoluti
on Assistant\Common\bin;C:\PROGRA~1\MICROS~4\Office;C:\PROGRA~1\ULTRAE~1;C:\Rati
onal\common;C:\Rational\Rational Test;C:\jdk1.3\bin;C:\Ant\bin;
D:\bea\wlserver6.0>set CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar
D:\bea\wlserver6.0>D:\bea\jdk130\bin\java -hotspot -ms64m -mx64m -classpath .;.\
lib\weblogic_sp.jar;.\lib\weblogic.jar -Dweblogic.Domain=test -Dweblogic.Name=te
stServer -Dbea.home=D:\bea -Dcloudscape.system.home=./samples/eval/cloudscape/da
ta -Djava.security.policy==D:\bea\wlserver6.0/lib/weblogic.policy weblogic.Serve
r
Enter password to boot weblogic server:password
Starting WebLogic Server ....
<Feb 14, 2001 12:13:04 PM EST> <Notice> <Management> <Loading configuration file
.\config\test\config.xml ...>
<Feb 14, 2001 12:13:06 PM EST> <Info> <Logging> <Only log messages of severity "
Error" or worse will be displayed in this window. This can be changed at Admin C
onsole> test> Servers> testServer> Logging> Debugging> Stdout severity threshold
>
<Feb 14, 2001 12:13:08 PM EST> <Emergency> <Server> <Unable to initialize the se
rver: 'Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user system denied in
realm weblogic
java.lang.SecurityException: Authentication for user system denied in realm webl
ogic
at weblogic.security.acl.Realm.authenticate(Realm.java:209)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
at weblogic.security.acl.internal.Security.authenticate(Security.java:11
3)
at weblogic.security.SecurityService.initializeSuid(SecurityService.java
:293)
at weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.SecurityException: Authentication for user system de
nied in realm weblogic
java.lang.SecurityException: Authentication for user system denied in realm webl
ogic
at weblogic.security.acl.Realm.authenticate(Realm.java:209)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
at weblogic.security.acl.internal.Security.authenticate(Security.java:11
3)
at weblogic.security.SecurityService.initializeSuid(SecurityService.java
:293)
at weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
D:\bea\wlserver6.0>goto finish
D:\bea\wlserver6.0>cd config\test
D:\bea\wlserver6.0\config\test>ENDLOCAL
D:\bea\wlserver6.0\config\test>Seen this, may give a clue?
Server Known Problems Change Request Number Description
042556
The weblogic.Admin command now requires the user and password options. For example:
java weblogic.Admin -username system -password gumby1234
The username "system" is required for most functions (for example: VERSION). If
you do not specify -username system, you will get the following error:
Exception in thread "main" java.lang.SecurityException: Authentication for user
system denied in realm weblogic
<<no stack trace available>>
"lazar" <[email protected]> wrote:
>
I would also like to know, if there is a fix for it.
Thanks
Lazar
Greg Layton <[email protected]> wrote:
Did you ever get an answer to this. If so could you share it with me.ThanksGreg -
Authentication for user system denied in realm weblogic
hi,am using Web Logic 6.1 on hp and all works fine, I've a cron which kicks off
every morn.
This cron stops the web logic app server (admin server), then starts it. The stopping
is done with a shutdown.sh script. I've noticed all the posts here about "Authentication
for user system denied in realm weblogic" seem to be in code. This is diff as
it's on shutdown.
My shutdown script does the below:
#!/bin/sh
JAVA_HOME=/opt/weblogic6.1/jdk131
WL_HOME=/opt/weblogic6.1/wlserver6.1
CLASSPATH=$WL_HOME/lib/weblogic_sp.jar:$WL_HOME/lib/weblogic.jar
JAVA_RUN="${JAVA_HOME}/bin/java -classpath ${CLASSPATH}"
WLS_PW=try_abc
RUNCMD="${JAVA_RUN} weblogic.Admin -url localhost:9100 SHUTDOWN -username system
-password $WLS_PW"
echo $RUNCMD
$RUNCMD
When it's run the below is printed. Any help appreciated on this!!
/opt/weblogic6.1/jdk131/bin/java -classpath /opt/weblogic6.1/wlserver6.1/lib/weblogic_sp.jar:/opt/weblogic6.1/wlserver6.1/lib/webl
ogic.jar weblogic.Admin -url localhost:9100 SHUTDOWN -username system -password
admin2001
Authentication for user system denied in realm weblogic
Start server side stack trace:
java.lang.SecurityException: Authentication for user system denied in realm weblogic
at weblogic.security.acl.Realm.authenticate(Realm.java:195)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:119)
at weblogic.kernel.BootServicesImpl.findOrCreateClientContext(BootServicesImpl.java:203)
at weblogic.kernel.BootServicesImpl.invoke(BootServicesImpl.java:148)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:620)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:581)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:164)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:640)
at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:454)
at weblogic.socket.PosixSocketMuxer.deliverGoodNews(PosixSocketMuxer.java:456)
at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:385)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:24)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
End server side stack traceThis is the way it should be. You should not be able to call from one server into
another using the system user without having to provide a password.
Yeshwant <[email protected]> wrote:
>
Hi Jose
What version of the server are you using . In 6.x this is a known issue
The workaround as you mention is to have the same password for the system
user.
Jose Perez wrote:
Hi all,
I'm having problems when communicating 2 EJBs in different weblogic Serverinstances,
one acts as a "client" and the other as a "server".
The exception is "Authentication for user system denied in realm weblogic".This
only happens if the user system has different password in each server.
Any idea?
Thanks in advance -
Authentication for user system denied in realm wl_realm
HI,
When I try to start a managed server in clustered environment,
I get this error :
java.lang.SecurityException: Authentication for user system denied in realm wl_realm
at weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:85)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:133)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy7.getMBean(Unknown Source)
at weblogic.management.Admin.getDomain(Admin.java:1229)
at weblogic.cluster.MulticastSender.<init>(MulticastSender.java:136)
at weblogic.cluster.MulticastManager.createSender(MulticastManager.java:159)
at weblogic.cluster.MulticastManager.createSender(MulticastManager.java:154)
at weblogic.cluster.MulticastManager.<init>(MulticastManager.java:109)
at weblogic.cluster.MulticastManager.initialize(MulticastManager.java:70)
at weblogic.cluster.ClusterService.initialize(ClusterService.java:119)
at weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:46)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:477)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
Could you, please, help me figure out what's wrong with this ?
Thank you,
rivisa
Make sure you supply the correct system password (the password used by the admin server) when
starting the managed server.
rivisa wrote:
> HI,
>
> When I try to start a managed server in clustered environment,
> I get this error :
> java.lang.SecurityException: Authentication for user system denied in realm wl_realm
> at weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:85)
> at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:133)
> at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
> at $Proxy7.getMBean(Unknown Source)
> at weblogic.management.Admin.getDomain(Admin.java:1229)
> at weblogic.cluster.MulticastSender.<init>(MulticastSender.java:136)
> at weblogic.cluster.MulticastManager.createSender(MulticastManager.java:159)
> at weblogic.cluster.MulticastManager.createSender(MulticastManager.java:154)
> at weblogic.cluster.MulticastManager.<init>(MulticastManager.java:109)
> at weblogic.cluster.MulticastManager.initialize(MulticastManager.java:70)
> at weblogic.cluster.ClusterService.initialize(ClusterService.java:119)
> at weblogic.t3.srvr.ServerServiceList.initialize(ServerServiceList.java:46)
> at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:477)
> at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
> at weblogic.Server.main(Server.java:35)
>
> Could you, please, help me figure out what's wrong with this ?
>
> Thank you,
> rivisa
-
Getting this security exception when trying to pull a message from one weblogic
instance JMS queue, and sending the message (via a MDB) to another machine's JMS
queue.
Ex. Here's the scenario.
Two Windows2000Server machines,
one at ip ... xxx.xxx.x.16,
second machine at ... xxx.xxx.x.17.
MDB pulls message off of a JMS queue on 16. MDB sends the message to .17 box.
ON the .17 machine (the receiver) I get the following exception
weblogic.transaction.internal.CoordinatorImpl@31406b>
java.lang.SecurityException: Authentication for user system denied in realm wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.security.acl.internal.Security.verify(Security.java:87)
at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:76)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
ON the sending maching .16, I get the following exception.
####<Apr 3, 2002 9:46:24 AM CST> <Error> <RJVM> <testweblogic> <OptiSoftAppServer>
<ExecuteThread: '96' for queue: 'default'> <> <> <000000> <Unsolicited error response
for: '-1'>
The messages appear to show up on the destination machine, but are these error
messages valid, or just bogus?
Thanks,
Eric.
Why is that? Your suggestion worked but I don't understand why.
When our MDB on machineA did the JNDI lookup to MachineB we set the
credentials to a valid user/password on MachineB.
My speculation: Since the MDB on machineA is already in a transaction
any other JNDI calls use the credentials for the MDB's transactions,
ignoring any other credentials we might try to set explicitly. If my
speculation is correct then that would explain by the passwords for the
user "system" would have to be the same between servers.
Is there a good place to read up on this?
Thanks
Tom
Rajesh Mirchandani wrote:
> Make sure you have the same system password for the 2 instances of WLS on seperate boxes.
>
> Tom Barnes wrote:
>
>
>>Or post to the EJB newsgroup (which "owns" MDBs).
>>
>>Tom Barnes wrote:
>>
>>
>>>I think there is a username/password field configurable in the MDB descriptor that
>>>might help here??? Other than that, I suggest posting to the security newsgroup.
>>>
>>>Tom
>>>
>>>Eric Babin wrote:
>>>
>>>
>>>>Getting this security exception when trying to pull a message from one weblogic
>>>>instance JMS queue, and sending the message (via a MDB) to another machine's JMS
>>>>queue.
>>>>
>>>>Ex. Here's the scenario.
>>>>
>>>> Two Windows2000Server machines,
>>>> one at ip ... xxx.xxx.x.16,
>>>> second machine at ... xxx.xxx.x.17.
>>>>
>>>> MDB pulls message off of a JMS queue on 16. MDB sends the message to .17 box.
>>>>
>>>>
>>>>ON the .17 machine (the receiver) I get the following exception
>>>>
>>>>weblogic.transaction.internal.CoordinatorImpl@31406b>
>>>>java.lang.SecurityException: Authentication for user system denied in realm wl_realm
>>>> at weblogic.security.acl.Realm.authenticate(Realm.java:212)
>>>> at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
>>>> at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
>>>> at weblogic.security.acl.internal.Security.verify(Security.java:87)
>>>> at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:76)
>>>> at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
>>>> at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
>>>> at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
>>>>
>>>>ON the sending maching .16, I get the following exception.
>>>>
>>>>####<Apr 3, 2002 9:46:24 AM CST> <Error> <RJVM> <testweblogic> <OptiSoftAppServer>
>>>><ExecuteThread: '96' for queue: 'default'> <> <> <000000> <Unsolicited error response
>>>>for: '-1'>
>>>>
>>>>The messages appear to show up on the destination machine, but are these error
>>>>messages valid, or just bogus?
>>>>
>>>>Thanks,
>>>>
>>>>Eric.
>>>>
>
> --
> Rajesh Mirchandani
> Developer Relations Engineer
> BEA Support
>
>
>
-
Java.lang.SecurityException: Authentication for user null denied in realm
Hello,
We have the following exceptionj on WLS 6.1 SP3 on Win2K:
javax.naming.AuthenticationException. Root exception is
java.lang.SecurityException: Authentication for user null denied in realm
weblogic
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:135)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:518)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:362)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:334)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:211)
at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
at javax.naming.InitialContext.init(InitialContext.java:217)
at javax.naming.InitialContext.<init>(InitialContext.java:173)
at
And it seems that this exception happens after the introduction of a JAAS module
for an external call.
What strikes me is that the WLS samples use System.setProperty... and I was wondering
if this could be the cause of our problem, because the rest of the application
does not use JAAS, and that may be it screws up the realm with WLS....
Any idea?
Cheers,
ThierryHello,
We have the following exceptionj on WLS 6.1 SP3 on Win2K:
javax.naming.AuthenticationException. Root exception is
java.lang.SecurityException: Authentication for user null denied in realm
weblogic
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:135)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:518)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:362)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:334)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:211)
at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
at javax.naming.InitialContext.init(InitialContext.java:217)
at javax.naming.InitialContext.<init>(InitialContext.java:173)
at
And it seems that this exception happens after the introduction of a JAAS module
for an external call.
What strikes me is that the WLS samples use System.setProperty... and I was wondering
if this could be the cause of our problem, because the rest of the application
does not use JAAS, and that may be it screws up the realm with WLS....
Any idea?
Cheers,
Thierry -
Environment: WLS61 SP2
Two WLS61 servers on different machines. User test1 is authenticated against LDAP
on server_1, then tries
to execute a class (from JSP) that calls EJB on server_2. The environment properties
for the call to EJB on server_2 to are setup as follows (Note that user test2 is
used to call EJB on server_2. User test2 exists in the wl_realm on server2):
env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
env.put(Context.PROVIDER_URL, "t3://server2:7001");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "test2");
env.put(Context.SECURITY_CREDENTIALS, "somepass");
The call results in the following exception raised on server_2. Why is test1 id used
if test2 is explicitly specified for the call? User test1 does not exist on server_2.
<Jul 13, 2002 11:37:31 AM EDT> <Warning> <Dispatcher> <RuntimeException thrown by
rmi server: 'weblo
gic.rmi.cluster.ClusterableServerRef@111 - jvmid: '4783591120128354231S:xxx.xxx.xxx.xxx:[7001,7001,7002,7
002,7001,7002,-1]:mydomain:myserver', oid: '271', implementation: '[BaseEJBObject]
home: c
om.test.TestEJB_jvjalv_HomeImpl@7583b9''
java.lang.SecurityException: Authentication for user test1 denied in realm wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.security.acl.internal.Security.verify(Security.java:87)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:237)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)If you are using JNDI authentication, make sure you close the context before
you get another context.
In WLS, stack of authenticated users will be maintained per thread. Now when
user is authenticated, it will be pushed into the stack. When you close the
context it will be popped out. In your case it seems like somehow test1 user's
idenitity is set on the thread which is calling the EJB on server2.
use weblogic.security.acl.Security.getCurrentUser() to get the current
user associated with the thread.
I hope this helps.
-utpal -
We have started getting the above error message in a system that has worked happily
for the past 6 months or so (and continues to work happily from our disaster recovery
environment). I should probably add that this occurs when we are attempting to
write to the database via the connection pool.
Anyone have any ideas?
Thanks
Andrew
The full stack trace is
javax.naming.AuthenticationException. Root exception is java.lang.SecurityException:
Authentication for user system denied in realm weblogic
<<no stack trace available>>
31-Jan-02 00:04:41 GMT Warning Adapter RuntimeException
thrown by rmi server(class com.esure.ibis.a
ccesslayer.sb.useraccess.UserAccessBeanEOImpl)
[265127279722
6064825S:hfxesure17:[7005,7005,7002,7002,7005,7002,-1]:esure
prdwls/296]: [BaseEJBObject]
home: com.esure.ibis.accesslaye
r.sb.useraccess.UserAccessBeanHomeImpl@4b741e
com.esure.ibis.util.IbisException: NamingException occurred in UserAccess Session
Bean::validateUser()
at com.esure.ibis.accesslayer.sb.useraccess.UserAccessBean.validateUser(UserAccessBean.java:192)
at com.esure.ibis.accesslayer.sb.useraccess.UserAccessBeanImpl.validateUser(UserAccessBeanImpl.java:110)
at com.esure.ibis.accesslayer.sb.useraccess.UserAccessBeanEOImpl.validateUser(UserAccessBeanEOImpl.java:31)
at com.esure.ibis.accesslayer.sb.useraccess.UserAccessBeanEOImpl_WLSkel.invoke(UserAccessBeanEOImpl_WLSkel.java:202)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:128)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:118)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)We have started getting the above error message in a system that has worked happily
for the past 6 months or so (and continues to work happily from our disaster recovery
environment). I should probably add that this occurs when we are attempting to
write to the database via the connection pool.
Anyone have any ideas?
Thanks
Andrew
The full stack trace is
javax.naming.AuthenticationException. Root exception is java.lang.SecurityException:
Authentication for user system denied in realm weblogic
<<no stack trace available>>
31-Jan-02 00:04:41 GMT Warning Adapter RuntimeException
thrown by rmi server(class com.esure.ibis.a
ccesslayer.sb.useraccess.UserAccessBeanEOImpl)
[265127279722
6064825S:hfxesure17:[7005,7005,7002,7002,7005,7002,-1]:esure
prdwls/296]: [BaseEJBObject]
home: com.esure.ibis.accesslaye
r.sb.useraccess.UserAccessBeanHomeImpl@4b741e
com.esure.ibis.util.IbisException: NamingException occurred in UserAccess Session
Bean::validateUser()
at com.esure.ibis.accesslayer.sb.useraccess.UserAccessBean.validateUser(UserAccessBean.java:192)
at com.esure.ibis.accesslayer.sb.useraccess.UserAccessBeanImpl.validateUser(UserAccessBeanImpl.java:110)
at com.esure.ibis.accesslayer.sb.useraccess.UserAccessBeanEOImpl.validateUser(UserAccessBeanEOImpl.java:31)
at com.esure.ibis.accesslayer.sb.useraccess.UserAccessBeanEOImpl_WLSkel.invoke(UserAccessBeanEOImpl_WLSkel.java:202)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:128)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:118)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120) -
Is there a way to disable concurrent Weblogic Admin Console sessions for the same user?
A coworker on another workstation and I are able to log into same user account on the Weblogic Admin Console at the same time. I would like to restrict access so only one session per user account can be logged in to the Admin Console. Is this possible?
Alternatively, is there a way to log identifiable information (IP/workstation) when multiple sessions for one account occur at the same time?
I am using 10.3.6.0Hi,
You could also check the http access logs for such info. There you could see records for the received requests, with each record starting with the source IP that initiated the request.
The default location for access logs is ${DOMAIN_HOME}/servers/${SERVER_NAME}/logs. Of course in your case, the ${SERVER_NAME} would be your admin server name (AdminServer if left as default).
Regards,
Mohab -
Building an Admin Console Extension for a Custom Security Provider
I am looking for an example or a description how to build an Administration Console extension for a custom Authentication Provider.
Especially the creation page for the provider is interesting because I am not able to create and register the required Authentication Provider MBean.
The call “mbeanHome.getMBeanServer().createMBean(className,objectname)” always throws the following Exception “javax.management.ReflectionException: The MBean class could not be loaded by the default loader repository”
Even if I try the class “weblogic.security.providers.authentication.IPlanetAuthenticator”, that is part of the bea distribution, the same exception is thrown.
It seams that the Problem has something to do with class loaders?
When I use the standard admin console pages to create and configure my provider everything works fine.
The only example “kennedy0208.zip” I found in the net does not deal with the creation of the MBean.
It only customizes the edit pages for the provider and at that point the MBean has already been created by the standard admin pages.
Maybe the author discovered the same Problems and gave up!?
What makes me wondering is that I have to put my MBean Classes to my console extension war file to be able to import the packages in my jsp.
If I not put the classes to my war the compiler throws an exception because he can’t resolve the package.
Because I moved my provider implementation jar to the directory “WLHOME\server\lib\mbeantypes” as described in the bea documentation it should run without putting the classes to the war!?!
I am very surprised that the bea documentation does not provide any example about this topic.Found it. Cut and paste error. I still had one of their example class
names in my code. Oops. -
GW Mobility Service admin console - logins for non-Admins no longerworks
We recently upgraded from the GW Mobility Pack (Data Synchronizer)
v1.2.5 (299) to the new GW Mobility Service v2.0.1 (53).
Previously, a regular user could login to the Data Synchronizer admin
console and configure their own account settings to determine which
cabinet folders or address books would get synchronized to their mobile
device.
Since our upgrade to the GW Mobility Service, only administrators can
log in to the admin console. Any attempt by a non-admin user to login
to the admin console is met with an "Invalid username/password" error.
Is this by design, or is there something we've missed in our GMS
configuration?
Thanks,
Greg
former e-mail for posting:
[email protected]On 4/22/2014 11:49 AM, DZanre wrote:> "Greg N." wrote:
>
>> Any attempt by a non-admin user to login to the admin console is met
with an
>> "Invalid username/password" error.
>>
>> Is this by design, or is there something we've missed in our GMS
>> configuration?
>
> If you switched your authentication mode from LDAP to GW, then you
will need to
> login with the GW user/password. Have you tried that? It's quite
possible that
> this is an entirely different password (and in some cases a different
userid).
>
Danita,
Thanks for responding. Unfortunately, the authentication type wasn't
changed during the upgrade. It's still set to LDAP. Both Provisioning
and Authentication under User Source are on LDAP.
I did go ahead and try a GW login anyway, but no luck.
I also checked the base user and group DN's to make sure they are still
set to the correct eDirectory context, and they are.
Any other suggestions?
Thanks,
-Greg
former e-mail for posting:
[email protected] -
Use Tacacs+ for Admin auth & Radius for user Auth?
Can I setup my Aironet 1200 to use TACACS+ for authentication back to the cisco ACS server and RADIUS back to same server for user authentication?
If I setup a server in Server Manager under Radius, then add that same server as a TACACS+ server, it deletes the RADIUS server, so I assume no.dont know about 1200s but you can do this on 1130AGs. Create a aaa group for authentication via radius, and one for tacacs+ then use aaa groups to point console/vty to the tacacs+ aaa group, and EAP authentication to the radius group.
eg:
aaa group server radius rad-group
server x.x.x.x auth-port xxxx acct-port xxxx
aaa group server tacacs+ admin-access
server x.x.x.x
aaa authentication login eap-method group rad-group
aaa authentication login auth-admin-access group admin-access local
aaa authorization exec default group admin-access local
now under the ssid part of the config have:
dot11 ssid yyyyyy
authentication open (or whatever method you use) eap eap-method
under console/vty etc:
login authentication auth-admin-access
you need some more stuff like radius and tacacs server keys, but the above should get you started. On 1130AGs dont use aaa auth for http(s), looks like it overloads the aaa server at the moment - see field notices - probably doesnt apply to 1200s. -
Admin console error for 8.1sp2
Hi, we are using weblogic server 8.1 sp2 and we are getting the following error on our admin console only after a few days of the server restart. Does anyone know why?
java.lang.NullPointerException
at weblogic.management.console.helpers.UrlHelper.buildIconList(UrlHelper.java:169)
at weblogic.management.console.helpers.UrlHelper.getIcon(UrlHelper.java:203)
at weblogic.management.console.tags.nav.SmartNavNodeTag.getIcon(SmartNavNodeTag.java:147)
at weblogic.management.console.tags.nav.SmartNavNodeTag.inferStuffFromContext(SmartNavNodeTag.java:132)
at weblogic.management.console.tags.nav.SmartNavNodeTag.doStartTag(SmartNavNodeTag.java:43)
at weblogic.management.console.webapp._domain.__nav._jspService(__nav.java:690)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:150)
at weblogic.management.console.actions.ForwardAction.perform(ForwardAction.java:35)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doGet(ActionServlet.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
========================
p.s. error CR100006 was supposed to be fixed in SP2.Strange Error... seems due to currpt installation.
Things to check:
- Start of instance: please check all processes are down before starting up AdminServer
- Start of instance: please check messages during startup (also Warnings...)
- Check listen address, listen IP of instance...are there other (managed) instances?
- Config files: check the <doman>/config.xml , compare it with backups if you got them
Maybe you are looking for
-
I had to reset my PayPal account with iTunes and now I'm getting a apple I'd has been disabled on both my iPad and iPhone. I've already done all the steps on my computer. Now what?
-
Install Oracle81.1.7 for Linux on Mandrake
I have a problem to install Oracle8 1.1.7 for linux on Mandrake. When I run ./runIstaller I got a error message that the Java RunTime Enviroment was not found at ?/bin/jre. The "?"stands for a strange character and may change at diffrent time runing
-
I've tried to complete this album several times, but it won't let me?
I've filled out my payment info and everything. But no matter how many times I've tried to complete the album, nothing ever happens.
-
Some Buttons have to be Double+ clicked
I noticed a strange thing on my site. All buttons are programmed identical but some of them have to be double or tripple clicked (depending on the level they are in) in order to access the designated location. What does it mean? Is there an error in
-
Does the N96 support 32GB microSD card?
Can this phone support SDHC cards with >8GB of space? If not do you know of a phone that does have large capacity (or upgradable) for music, and supports tethering in addiiton?