Another problem: Default security providers in a cluster
Here is another problem I hit, trying to deploy a J2EE application within a cluster.
I have defined security as per spec, with <security-constraints> in web.xml. I
have three of four security roles that I protect my resources (URLs) with.
I am performing a logon by declaring a login url (/logonInit.html), which in turn
does a POST to j_security_check.
Fine and standard so far.
I successfully deploy the application on my development box (a single, standalone
server domain).
I then deploy the app to a clustered domain (in fact, having a single managed
server and an admin server).
All my recources, including JDBC pools, data sources, AND the application are
specifically deployed onto the cluster.
I then try to log on. The thing does the POST to j_security_check and that's about
the last thing it does!!!
I then undeploy everything from the cluster, deploy them on to the single managed
server and try again.
It works!!!!
I know for a fact that resources like JDBC pools and data sources DO work in a
clustered domain.
I am however doubtful whether the same is valid for the Default implementations
of the various security modules, including the Default Authenticator and the Default
Role Mapping modules.
Has anybody had problems moving to clustered configurations with those modules?
Incidentally, has anything been fixed in that area in the service release (7.0.0.1
I believe). I am still on base 7.0.
I suppose I could install the service pack and see if it goes away.
This seems to me like a pretty fundamental thing.
Thoughts?
TIA
Kostas
Here is another problem I hit, trying to deploy a J2EE application within a cluster.
I have defined security as per spec, with <security-constraints> in web.xml. I
have three of four security roles that I protect my resources (URLs) with.
I am performing a logon by declaring a login url (/logonInit.html), which in turn
does a POST to j_security_check.
Fine and standard so far.
I successfully deploy the application on my development box (a single, standalone
server domain).
I then deploy the app to a clustered domain (in fact, having a single managed
server and an admin server).
All my recources, including JDBC pools, data sources, AND the application are
specifically deployed onto the cluster.
I then try to log on. The thing does the POST to j_security_check and that's about
the last thing it does!!!
I then undeploy everything from the cluster, deploy them on to the single managed
server and try again.
It works!!!!
I know for a fact that resources like JDBC pools and data sources DO work in a
clustered domain.
I am however doubtful whether the same is valid for the Default implementations
of the various security modules, including the Default Authenticator and the Default
Role Mapping modules.
Has anybody had problems moving to clustered configurations with those modules?
Incidentally, has anything been fixed in that area in the service release (7.0.0.1
I believe). I am still on base 7.0.
I suppose I could install the service pack and see if it goes away.
This seems to me like a pretty fundamental thing.
Thoughts?
TIA
Kostas
Similar Messages
-
Load default configuration in BIOS to fix sound, caused another problem
Hey !
I have had problem to get sound in my T61, and used Lenovo support, Troubleshooting, to fix it.
I did as it told in Lenovo Support.
In BIOS Setup utility menu setup I pressed F9.
Then I selected YES to load the default configuration.
After that I pressed F10 key and YES to save the configuration.
But after that when I start the computer it says that a failur has occured, and windows has shot down to avoid problems with the computer.
Is there any way of going back in the BIOS setup, so I should get it work again ?
Thanks in advance/ Kurt
Moderator edit: Subject edited for clarity.Hi !
I solved it with money !
I went to a company, and they fixed it, Don't ask me how ! I did not understand when they described it.
Anyway I have another problem with the sound, as you can see in the other message !
They tried to fix that to, but could not solve the problem.
George -
Hi ,
I have the following error while i am stopping a Weblogic instance. Did anyone face a similar issue, please let me know. I see a classnotfound error , but not sure what is that jar file. Is it a application jar or a weblogic one?
Stopping Weblogic Server...
Initializing WebLogic Scripting Tool (WLST) ...
log4j: Trying to find [resources/comdev/default-log4j.properties] using context classloader java.net.URLClassLoader@183f74d.
log4j: Using URL [jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties] for automatic log4j configuration.
log4j: Reading configuration from URL jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties
log4j: Hierarchy threshold set to [ALL].
log4j: Parsing for [root] with value=[INFO, NA].
log4j: Level token is [INFO].
log4j: Category root set to INFO
log4j: Parsing appender named "NA".
log4j: Parsed "NA" options.
log4j: Finished configuring.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3://localhost:7009 with userid weblogic ...
This Exception occurred at Sun Apr 10 14:17:03 UTC 2011.
javax.naming.CommunicationException [Root exception is java.rmi.UnmarshalException: failed to unmarshal class weblogic.security.acl.internal.AuthenticatedUser; nested excep
tion is:
java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:74)
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:32)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:673)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
... 48 more
Problem invoking WLST - Traceback (innermost last):
File "/web/10.2/user_projects/domains/dom/shutdown.py", line 1, in ?
File "<iostream>", line 22, in connect
WLSTException: 'Error occured while performing connect : Error getting the initial context. There is no server running at t3://localhost:7009 Use dumpStac
k() to view the full stacktrace'
Thanks a lot for your time.
ManishHi Manish,
It seems that you are using a custom security provider and the weblogic server is not able to find the class / jar file that contains the class.
java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
Make sure you have all the required jar files in the server classpath.
You can use the JarScan utility to find the jar that contains the class.
Refer the below link regarding the jarScan.
http://weblogic-wonders.com/weblogic/2011/01/26/finding-jar-files-using-jarscan/
Regards,
Anandraj
http://weblogic-wonders.com -
WebLogic 9.1 Security Providers Issue
I have created custom Authentication and Authorization security providers
using the sample code, SampleSecurityProviders.zip, found on the dev2dev
site. I used the MBean maker to create the MBean JAR file and installed it
in the WL_HOME/server/lib/mbeantypes folder. I used the console application
to set-up a new security realm, configured it to use my custom security
providers, marked it as the default realm and re-started my WLS instance.
The WLS instance starts-up without any problems and I am able to log-in to
the console application without incident. Trace messages I added to my
custom security providers indicate they are being utilized. The console
application functions normally until I try to log out. A dialog box is
displayed with the message: " Internal server error The server encountered
an unexpected condition which prevented it from fulfilling the request." and
the log out operation fails. The server log file contains the following
stack trace:
####<Mar 7, 2006 8:58:18 AM MST> <Error> <HTTP> <cosilrsc> <RSeriesServer>
<[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'> <<WLS Kernel>> <> <> <1141747098863> <BEA-101020>
<[weblogic.servlet.internal.WebAppServletContext@10eb27d - name: 'console',
context-path: '/console'] Servlet failed with Exception
java.lang.IllegalStateException: HttpSession is invalid
at
weblogic.servlet.internal.session.SessionData.getAttribute(SessionData.java:369)
at
org.apache.beehive.netui.script.common.BundleMap.retrieveUserLocale(BundleMap.java:261)
at
org.apache.beehive.netui.script.common.BundleMap.entrySet(BundleMap.java:131)
at java.util.AbstractMap.toString(AbstractMap.java:584)
at java.lang.String.valueOf(String.java:2577)
at java.lang.StringBuilder.append(StringBuilder.java:116)
at
org.apache.beehive.netui.pageflow.scoping.internal.AttributeContainer.getSerializableAttrs(AttributeContainer.java:101)
at
org.apache.beehive.netui.pageflow.scoping.internal.ScopedRequestImpl.persistAttributes(ScopedRequestImpl.java:439)
at
com.bea.portlet.adapter.scopedcontent.PersistedRequestAttributes.persistAttributes(PersistedRequestAttributes.java:61)
at
com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.persistRequestAttributes(ScopedContentCommonSupport.java:758)
at
com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:235)
at
com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:102)
at
com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:338)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:401)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:665)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at
com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:677)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:151)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:206)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:146)
at
com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:327)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:190)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:156)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:141)
at
com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:124)
at
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:225)
at
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:127)
at
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:272)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at
weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:26)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3151)
at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at
weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:1973)
at
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1880)
at
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1310)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
>
I suspect the problem has something to do with the way I have implemented my
security providers but after several days of analysis I have been unable to
pinpoint a cause. When I switch the security realm default back to the
security realm created by the domain wizard the problem goes away.
If anyone can provide some insight into how my custom security providers
might introduce this problem and how I might go about debugging the issue I
would appreciate it very much. Thank you.Weblogic 9.x supports only JDK 1.5 ? Now, Iam trying to perform same build using Weblogic 8.1 SP5 and Iam not able to find javax.jms.ConnectionFactory in weblogic.jar, where as in Weblogic 9.x 'weblogic.jar' javax.jms.ConnectionFactory' is found.
code snippet:
String url = "t3://" + hostName + ":" + hostPort;
Environment environment = new Environment();
environment.setProviderUrl( url );
environment.setInitialContextFactory( weblogic.jndi.WLInitialContextFactory );
Context context = environment.getInitialContext();
ConnectionFactory factory = (ConnectionFactory)context.lookup( "..." );
Connection theConnection = factory.createConnection();
Iam using SUN JDK 1.4.2.11 ( even did try Weblogic JDK). I have weblogic.jar and JDK/tools.jar included in my classpath.
What other jar files we need to included in my classpath to make this code to work in weblogic 8.1SP5 ? -
BEA public API (WLS6.1)for programatically updating default security realm?
Hi,
Does anyone know how to use BEA's public API to programmatically add/update WLS
6.1 user credentials in the default security realm? The API would of course
automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
Is there a way to do such updates by programmatically engaging the WLS security
realm related Mbeans? I basically need to do (from a deployed application component)
what is easily done from the WLS Console's [security->User->Add User/Change
Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
command line utility (or wlshell also) uses to make updates. But I doubt that
the classes used by these tools are in BEA's public API for WLS 6.1. Especially
important to me would be the BEA API mechanism that takes a clear-text password
and hashes it to the encrypted format written in fileRealm.properties (and synchronized
w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate a large
Oracle table of (*user, clear-text -password, group) records into the default
WLS security realm. Thanks for any insights.
BenThanks to another's post, I have found the answer to my problem in the Girdley/Woollen/Emerson
book "J2EE Applications and BEA WebLogic Server" pp. 496-498:
Note: this code segment is for WLS 6.1 and this API is said to be deprecated
in WLS 7+
//Roughly outlined, assuming session w/ userName, groupName, password Strings
in HTTP Post request
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
weblogic.security.acl.Security.getRealm();
weblogic.security.acl.User u;
weblogic.security.acl.Group g;
u = realm.newUser(userName, password, null);
g = realm.getGroup(groupName); // use g = realm.newGroup(groupName) if groupName
does not exist in realm
g.addMember(u);
//log in the new user
int rc = weblogic..servlet.security.ServletAuthentication.weak(userName, password,
httpSession);
// use realm.deleteUser(u), realm.deleteGroup(g) as appropriate, etc.
"Ben Cotton" <[email protected]> wrote:
>
>
Hi,
Does anyone know how to use BEA's public API to programmatically add/update
WLS
6.1 user credentials in the default security realm? The API would of
course
automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
Is there a way to do such updates by programmatically engaging the
WLS security
realm related Mbeans? I basically need to do (from a deployed application
component)
what is easily done from the WLS Console's [security->User->Add User/Change
Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
command line utility (or wlshell also) uses to make updates. But I
doubt that
the classes used by these tools are in BEA's public API for WLS 6.1.
Especially
important to me would be the BEA API mechanism that takes a clear-text
password
and hashes it to the encrypted format written in fileRealm.properties
(and synchronized
w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate
a large
Oracle table of (*user, clear-text -password, group) records into the
default
WLS security realm. Thanks for any insights.
Ben -
WL10: How to port sample security providers?
Hello,
I've downloaded sample security providers for WL8.1 and trying to get them working on my WL10 setup. It seems quite a lot has changed since wl8.1. For example information how to setup security providers by using admin console are completely different. Also when I tried to workaround this by using ant setup, it also failed with:
[java] Executing command: INVOKE -mbean Security:Name=SampleRealmManageable
SampleAuthenticator -method createUser sampleuser samplepassword nodescription
[java] Could not find the instance for Security:Name=SampleRealmManageableS
ampleAuthenticator
[java] Error: setupSampleRealm.adm at line number: 45
[java] --------------------------------------------------------------------
[java] --------------------------------------------------------------------
[java] Batch Command Results:
[java] Total Commands Executed: 23
[java] Commands Successful: 22
[java] Commands Failed: 1
BUILD SUCCESSFUL
Total time: 7 seconds
My question is: has anybody already ported sample security providers to the WL10?
Thanks,
Karel"Laurent Duperval" <[email protected]> wrote in message
news:3fe07edb$[email protected]..
>
Hi,
I'm trying to get the sample realm working as the default realm to startWeblogic.
The goal is to modify it piece by piece to a more secure model, but I'mstarting
from the basics.
Here's what I've done now: I created a new realm and I used all thedefault providers
except the authentication provider. For that, I used the Manageableauthentication
sample. The problem is that it uses non-encrypted data to set the passwordbut
the boot.properties file containes 3DES data. So now, the realm won'tstart. How
can I set up the boot.properties file to enable the use of my new realm asthe
default?
The boot.properties should work with any provider. WLS decrypts the username
and password
before passing it to the provider. I would double check to make sure that
username and
password is defined in your manageable authentication sample.
You can define the DebugSecurityAtn="true" attribute for the ServerDebug
Mbean to get
additional debugging information. -
Problem in starting server instances in Cluster using nodeagent
Hi,
I have a cluster which is having 2 servers and in that one server is under nodeagent1(on the same host) and another is on nodeagent2 which is on an another host.
When I start the Cluster instances the server in the nodeagent1 is getting started. But the server on the nodeagent2(which is on the other host) is not getting started.
Always it says
"Operation 'start' failed in 'server' Config Mbean. Target exception message: NAGT0023:The node agent could not start instance testserver. It is starting and must be stopped."
If you wait for considerable amount of time and try to start it gives the same error. It looks like some process or something is running and depending on that it says the particular message.
In the domain server.log also it has the same information. There is nothing comes in the server specific log.
This seems to be an issue.
Is anybody observed this issue. Is there any workaround for this?
I am using Sun java Enterprise System 8.1 2005q4 version.
SebasIt seems you created your second NodeAgent when the first Nodeagent is not running.
Remember, the AS8 uses several ports other ports like jms,iiop. for the first one it takes the default port numbers and if those are free when you create second, it uses them again.
So check the port numbers that are in use for agent1 and agent2 from the domain.xml and change them, if they are same. -
Error occurred while preloading classes of security providers from jre/lib/
Hello all,
We are Upgrading our BW Production System with EHP1 Package.
on the Step DEPLOY_ONLINE_DEPL the Upgrade stops and we get the error message
Error occurred while preloading classes of security providers from jre/lib/ext folder: java.util.zip.ZipException: A file or directory in the path name does not e*
*xist. jar:file:/usr/java14_64/jre/lib/ext/ibmjceprovider.jar
I have checked the file Path and the Permission exist
I have no Idea anymore
Can you help us ?
Best regards
Vito CecereHi Vito,
This issue looks similar to the following thread I believe the problem was with the SAPJSF user
Cannot startup visual administrator due to UME logon client details changed -
What is the risk of changing the order of the security providers?
I have developed a SFTP solution for Webmethods. Webmethods has IAIK (class iaik.security.provider.IAIK) as its default DH provider. To get the SFTP solution to work, I had to change the DH provider to SunJCE.
I did that through changing the order of the security providers in the
java.security file
in C:\j2sdk1.4.2_13\jre\lib\security
Now it is
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.rsajca.Provider
Before it was
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
A lot of other webmethods services uses the same server, so if we change the order of the security providers, it will affect all of these. So what I want to know is what is the risk of changing the order of the security providers?Check here for compatibility of 3rd party Software you may be using...
http://roaringapps.com/apps:table
Also note that Rosetta is no longer supported in Lion and Mountain Lion...
You will need more RAM... Get the Maximum you can for your Mac...
It is important to get the Correct and Matching RAM
See Here > OWC RAM > http://www.macsales.com
The above site also has videos on how to Install RAM should you need it... -
Default security context for signed applets using WinXP+IE8
What is the default security context for signed applets from the internet zone using Java 6 and WinXP+IE8 combination? My guess is that all file and socket access available for the user's Windows account is provided to the applet as well. Is this correct and if so, is there a way to limit these access privileges for signed applets from the internet zone?
This information is surprisingly difficult to find given how security concious people now are using the internet.AntonBoer wrote:
Thank you for your swift reply.
Unfortunately your answer reflects to my worst fears. Frankly I find this security model naiive. Anyone with euros can get their applet signed so that is no security control at all.The same naive security model applies to just about anything signed and downloaded; not just to Java Applets.
>
Working for a corporate IT how I am supposed to allow Java installations on any of our computers with internet access? That automatically means I am providing them as platforms to whoever wishes to run Java code on them (given that the user of course visits the web site). I would have expected Sun to put more effort into this but it appers nothig have changed in this regard for 10 years.I don't see this as a Sun problem; it is indicative of what I consider to be a general security weakness for all computer systems. For example, for Windows, Vista just added more user involvement in the trust process but it still allows programs to run pretty much unconstrained if the user agrees to them running.
For some time I have advocated a more fine grained approach. I would like to see ALL programs run in a sandbox that a user can specify what and what cannot be done by each individual program. Unfortunately, this would annoy the hell out of most users so it has little chance of every of ever being accepted. The average user just wants a run-and-forget-about-security model. -
Is this possible to use no default security realm?
Hi,
I created new security ReadOnlySQLAuthentication provider in the default realm and it works. Now I have all the users from all applications in one realm. If they use the same enterprise roles, user can log to one application with login and password from another application. To prevent it I created another security realm. I've added ReadOnlySQLAuthentication provider, set in my application new realm name - in jazn-data.xml and web.xml. But it doesn't work. My questions are:
It is possible to use few realms? So one application will use default realm, another no default realm.
If so, how to bind an application to no default realm?
BartHi,
A WLS instance only supports a single realm. So the answer unfortunately is no (was different with OC4J)
Frank -
Cannot find security providers when using a security manager.
Hi all,
I've done stuff with JAAS and JSSE before, but this is the first time I've combined the two :o)
I have some code for an application server and I'm using SSL sockets in order to communicate with the outside world. These all work fine, no problems at all.
However, I want to control what code is executed on the server using the security framework. When I load my server using a security manager and custom security policy it seems that my app can no longer find the security providers.
Exception in thread "SSLServer" java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:137)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.getEphemeralDHKeys(ServerHandshaker.java:132)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:707)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:292)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
at com.essar.hikesoft.server.netio.SSLConnectionServer.run(SSLConnectionServer.java:126)
at java.lang.Thread.run(Thread.java:595)I start my app as follows:
java -Djava.security.manager -Djava.security.policy==security.policy -classpath... and I have the following lines in my security.policy file
permission java.security.SecurityPermission "insertProvider.*";
permission java.security.SecurityPermission "putProviderProperty.*";I know that the providers are defined in the java.security file, do I have to implement my own Security manager in order to load these providers? Or have I missed something else?
Am currently chewing through the docs at http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-spec.doc6.html but any further assistance greatly appreciated!That seems to have cured it cheers - sure I copied the double '=' from somewhere, thought it was wierd at the time.
Now to solve the odd MySQL errors :-)
Thanks for your help. -
Classloading of security providers
I've stuck the MBeans for my security service providers in the %BEA_HOME%/weblogic81/server/lib/mbeantypes
dir and was able to instrument them via the console. However, I cannot seem to
get WebLogic to start up without throwing a ClassNotFoundException complaining
that it cannot find my security providers. I've tried sticking them in in the
mbeantypes dir as well as just server/lib.
Do I REALLY have to stick them in the system classpath? I really don't want to
if I don't have to.
Cheers,
Steve Maring
AT&T LabsSteve,
sorry, i am still unable to understand the problem. So typically this is
what users do,
1) Build security providers using the weblogic mbean maker, the output
is a jar
2) copy this jar file to the lib/mbeantypes directory.
3) Start the server, these mbeans will be loaded into the server.
4) Go to console and the new provider's show up, you can then configure
the providers.
5) After saving, you should see entries in your config.xml reflecting
the provider mbean instances you just created via the console.
6) If you re-start the server, you should be able to go back to the
console and see your instances that you created in your previous session.
Now, at what point in this cycle you are seeing issues? Also could you
ptovide any stack traces, if there are any?
Thanks,
-satya
Steve Maring wrote:
OK, let me say that I was able to configure the security providers to use my custom
providers, so obviously my mbeans were OK. However, the server itself, after
reviewing the config.xml, and seeing my custom security providers configured,
complains that it cannot find them. I've tried putting them in server/lib, common/lib,
and server/lib/mbeantypes, but none of these seem to work.
Satya Ghattu <[email protected]> wrote:
Steve Maring wrote:
I've stuck the MBeans for my security service providers in the %BEA_HOME%/weblogic81/server/lib/mbeantypes
dir and was able to instrument them via the console. However, I cannotseem to
get WebLogic to start up without throwing a ClassNotFoundExceptioncomplaining
that it cannot find my security providers. I've tried sticking themin in the
mbeantypes dir as well as just server/lib.They should not be put in the system classpath. When you say you have
instrumented them via console, what exactly does this mean? Try
accessing the MBeans via straight JMX calls instead of using the
interfaces in your code.
Do I REALLY have to stick them in the system classpath? No, you dont have to.
thanks,
-satya
I really don't want to
if I don't have to.
Cheers,
Steve Maring
AT&T Labs -
Hello,
When I donwload code from security providers (such as BouncyCastle), and put the package in the directory of the class that is using the code, it still doesn't work. This occurs because I have to move the appropriate .jar file in directory /jre/lib/ext/ in order for the code to compile and execute. However, I'm running the program in several computers, and I have to repeat the same step each time the program is to be run in a different computer ( and the non-technical user also).
So I would like to know here if there exists another way for the Java program to access this .jar file, provided that it exists in a package in the same directory. Is it possible to set the classpath, or anything else?1) For security reasons: no, no and no.
2) If you can use the BouncyCastle Lightweight API instead of JCE, you can avoid such hassle. But test throughfully your app before deploying (some APIs can fail because they have hidden dependencies with the JCE routines. ) -
After having yet another problem with my MacBook Pro and having to wipe the drive, I am now unable to sync my iPhones etc without erasing all the music on them. Is there a way around this? I have no other library!
iTunes is a mess! It couldn't find it's own libraries and I was forced to create a new one. Now I don't know where my music is or if any's missing.columbus new boy wrote:
How crap is that?
It's not crap at all.
It's not that simple. For example, I've 3500 songs on my MacBook but don't want them all on my phone, so I have to manually select each song again???
There has to be a solution.
Why not simply make a playlist with the songs you want on the iPhone?
and maintain a current backup of your computer.
Maybe you are looking for
-
Configuring Database Security Store is failing
Guys, I am trying to configure Database Security Store while installing 11gR2 (OIM, OAM, SOA) and wlst.sh script is failing. Here is the format I am giving. $MW_HOME/oracle_common/common/bin/wlst.sh $ORACLE_HOME/common/tools/configureSecurityStore.py
-
Video Problem: A & B connect, B & C connect BUT C & A can NOT connect
While trying to debug the connection between A & C we discovered that A and C can both make video connections to B but not with each other. What might cause this problem? A & B are both MacBook Pros C is an old 12' iBook. While we like to do 3 ways a
-
Iphone 4 syncing- new pc-help!
I have an Iphone 4 that was synced to my old pc ( the motherboard crashed) so now I have a new laptop and it wants me to re-sync my phone (while erasing everything) to my new pc. So I guess, how do I sync without erasing because my new pc is empty? o
-
Cfquery qeustion, not sure about syntax
Hello; Can someone tell me how to make this query work properly. I need to make this query do 2 things in my where statement. one function is, any record with the number 2 in the categoryID field, is to be shown, I'm not sure how to write that. Here
-
Print to go installation fails
I tried to install Print to go on my Vista and W7 computers and neither installed. I think I may be the problem here... I downloaded the file to my Vista and started the install. being impatient I had a drive shared to the W7 box and started an insta