Authentication MBean
I am trying to implement my own authentication MBean, and got some questions:
1. how do you tell the weblogic console to show the control flag choices when
you create the authentication provider?
2. if I have other authenticator attributes, how can I ask the weblogic console
to provide the UIs for filling those? it's like the OpenLDAPAuthenticator where
there is a Details tab for filling out the port, hostname, etc. How can I tell
weblogic to show me those UIs?
3. I read that it might not be possible to tell the weblogic console to show UIs
for optional attributes. They said to use weblogic.Admin instead. How do I specify
the mbean type of my authentication mbean? For example, if I used the SampleAutenticator
as found at http://developer.bea.com/code/codedirect.jsp, how can I use weblogic.Admin
to get its value? I tried java weblogic.Admin -username system -password weblogic
-type SampleAuthenticator GET -property Version and it gave me back "No MBeans
found".
-hoki
I've seen this error before and the way around I found was to reset the BISystemUser credentials. To do this:
1) In WL Console. Find the user BISystemUser in the security realm and enter a new password.
2) In Enterprise Manager look on left hand side Weblogic Domain > bifoundation_domain > right click > Security > Credentials. Expand oracle.bi.system > system.user > Edit. Enter the same password as in 1)
3) Restart all the services.
Paul
Similar Messages
-
Updating a Property in my Custom Authenticator MBean
I have created a custom AuthenticationProvider. It is configured through an
MBean produced by WebLogicMBeanMaker from my XML file. I have a custom
property in the XML file with a default value. My AuthenticationProvider is
able to get the bean and read back the default value.
Now, I wish to change that value to something else to allow uses to
configure the provider. The documentation clearly says that I will be
unable to use the Weblogic Console to do this and will have to use the
command line "weblogic.Admin" application to do it. This is fine, but I
cannot figure out how to access or modify my MBean.
How do I know the MBeans name or type? The MBean generated is called
WeblogicCarbonAuthenticatorMBean.java
I have tried (I have not include username/password in this post for brevity)
java weblogic.Admin GET -type WeblogicCarbonAuthenticator
No MBeans found
java weblogic.Admin GET -type Authenticator
No MBeans found
No success.
I also deployed a pair of JSPs called listMBeans.jsp and showMBean.jsp,
which claim to show me all the MBeans deployed. Searching through the list
I see nothing with the world "Carbon" or "Authenticator" in it.
How can I find/configure my Authenticator MBeans?
Thanks
-jordanJordan Reed wrote:
Getting there! I can now look at my bean, but I cannot seem to update it.
There is a string property on the MBean called "UserManagerLocation" that I
need the end user to be able to update to their appropriate location.
I am able to use the weblogic.Admin utility to query the MBean, but not to
update.
So here is my query:
java weblogic.Admin -pretty GET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator
MBeanName: "Security:Name=myrealmWeblogicCarbonAuthenticator"
ControlFlag: REQUIRED
Description: Carbon Authentication Provider adapts authentication
behavior to the User Manager Service
ProviderClassName:
com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticationPro
vider
Realm: Security:Name=myrealm
UserManagerLocation: /security/management/test/RdbmsUserManager
Version: 4.2
But here is my failing update:
java weblogic.Admin SET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator -property
UserManagerLocation "/security/management/RdbmsUserManager"
MBean not specified for setting of attributes. Value UserManagerLocation for
parameter ["9"]Get rid of the "'s around the Value. If that does not work, try
something like this,
java weblogic.Admin SET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator -commotype -property
UserManagerLocation /security/management/RdbmsUserManager
If that does not work, please open a support case with BEA.
Thanks,
-satya
>
>
>
But, inside my MBean descriptor I've got it set as writable:
<MBeanType
Name = "WeblogicCarbonAuthenticator"
DisplayName = "WeblogicCarbonAuthenticator"
Package = "com.sapient.services.security.auth.weblogic7"
Extends =
"weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
Writable = "true"
>
<MBeanAttribute
Name = "UserManagerLocation"
Type = "java.lang.String"
PersistPolicy = "OnUpdate"
Readable = "true"
Writeable = "true"
Default =
""/security/management/test/RdbmsUserManager""
/>
</MBeanType>
Any clue why I am unable to update the attribute from the command line?
Thanks
-Jordan
"Satya Ghattu" <[email protected]> wrote in message
news:[email protected]...
Jordan,
You can use weblogic.Admin utility to change values of your custom MBean
if you know the object name of your MBean.
Jordan Reed wrote:
I have created a custom AuthenticationProvider. It is configured
through an
MBean produced by WebLogicMBeanMaker from my XML file. I have a custom
property in the XML file with a default value. MyAuthenticationProvider is
able to get the bean and read back the default value.
Now, I wish to change that value to something else to allow uses to
configure the provider. The documentation clearly says that I will be
unable to use the Weblogic Console to do this and will have to use the
command line "weblogic.Admin" application to do it. This is fine, but I
cannot figure out how to access or modify my MBean.
How do I know the MBeans name or type? The MBean generated is called
WeblogicCarbonAuthenticatorMBean.java
I have tried (I have not include username/password in this post forbrevity)
java weblogic.Admin GET -type WeblogicCarbonAuthenticator
No MBeans foundyou should use the fully qualified MBean name. i.e
java weblogic.Admin GET -type foo.blah.WeblogicCarbonAuthenticator
java weblogic.Admin GET -type Authenticator
No MBeans found
No success.
I also deployed a pair of JSPs called listMBeans.jsp and showMBean.jsp,
which claim to show me all the MBeans deployed. Searching through the
list
I see nothing with the world "Carbon" or "Authenticator" in it.
How can I find/configure my Authenticator MBeans?I assume that you are using 7.0sp1, if not please upgrade to sp1. You
should see a file called CommoConfig.xm.booted file under your domain
directory, this file contains all the security MBeans that the server
found. You should be able to get the object names of your custom mbeans
from this file.
Hope it helped,
-satya
Thanks
-jordan -
Customizing an Authenticator MBean
All,
I'm working on creating a custom SSPI for our specific security system. I
have it setup and working, but there are some problems with the MBean used
to plug it into Weblogic.
1) I created an MDF file with three Attributes (ProviderClassName,
Description, Version). When I go the Authentication Provider tab in the
Weblogic console, I see that these settings are being properly retreived and
displayed.
But if I select my specific provider, the page that comes back has blank
entries for everything listed here (things like name, description, version,
control flag). Also, Control Flag appears as an empty text-input field
instead of a drop down listing the proper flags.
In the System.out window I see a bunch of exceptions get thrown when I
request the details page:
java.lang.NoSuchMethodException: couldn't find getter for 'Name' on
com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticatorMBea
n
I attempted to add a new Attribute in the MDF file for "Name" and rebuilt,
but it did not appear to fix the problem. What do I need to do to make the
details page for my Authenticator provide useful information?
2) My Authenticator requires some configuration properties to run. I
currently have them hard-coded for testing purposes, but I would like for
users to be able to set these in the console. What must I do to make these
appear as text-input fields in the console? I could not find any examples
of how to do this.
-jdrWhat I did was to get the SampleSecurityProviders as a starting point
and then add my custom properties to it.
It didn't work for a while because of the classpath issue but once I had
this resolved it started working fine without me having to do anything more.
--dejan
Jordan Reed wrote:
Thanks Dejan,
when I pulled all the classes out of the main server classpath and only had
them in a jar under the mbeantypes directory in weblogic it started working
correctly.
Now I just need to figure out how to put my own configurable attribute in
the MBean.
-jordan
"Deyan D. Bektchiev" <[email protected]> wrote in message
news:[email protected]...
Hi Jordan,
I had a similar issue and the solution was to remove all of the provider
classes from the server classpath.
There is a sample on dev2dev.bea.com called SampleSecurityProviders that
was very useful for me, but it has the same classpath issue (BEA support
said they'll update their documentation for this).
Regards,
Dejan
Jordan Reed wrote:
All,
I'm working on creating a custom SSPI for our specific security system.
I
have it setup and working, but there are some problems with the MBean
used
to plug it into Weblogic.
1) I created an MDF file with three Attributes (ProviderClassName,
Description, Version). When I go the Authentication Provider tab in the
Weblogic console, I see that these settings are being properly retreived
and
displayed.
But if I select my specific provider, the page that comes back has blank
entries for everything listed here (things like name, description,
version,
control flag). Also, Control Flag appears as an empty text-input field
instead of a drop down listing the proper flags.
In the System.out window I see a bunch of exceptions get thrown when I
request the details page:
java.lang.NoSuchMethodException: couldn't find getter for 'Name' on
com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticatorMBe
a
n
I attempted to add a new Attribute in the MDF file for "Name" and
rebuilt,
but it did not appear to fix the problem. What do I need to do to make
the
details page for my Authenticator provide useful information?
2) My Authenticator requires some configuration properties to run. I
currently have them hard-coded for testing purposes, but I would like for
users to be able to set these in the console. What must I do to make
these
appear as text-input fields in the console? I could not find any
examples
of how to do this.
-jdr -
Authentication MBean optional attribute
I read on http://e-docs.bea.com/wls/docs70/dvspisec/atn.html in the section "Optional
SSPI MBeans or Custom Operations" that
4. If you included any custom attributes/operations in your MDF, implement the
methods using the method stubs.
Suppose I have this (I copied it from DefaultAuthenticator.xml inside of wlSecurityProviders.jar
that comes with weblogic7.0) in my MyAuthenticator.xml:
<MBeanAttribute
Name = "MinimumPasswordLength"
Type = "java.lang.Integer"
InterfaceType = "int"
Default = "new Integer(8)"
Min = "0"
Description = "The minimum number of characters required in a password."
/>
Do I need to do anything with the generated class?
Even if I have that, the weblogic console won't show me a text box for entering
the length. How does DefaultAuthenticator do it?
Are there more examples other than SampleAuthenticator which has some optional
attributes?Hi, did you find a solution? If yes, I would be thankfull if you could tell me...
/Marc -
I developed our own Authentication, Identity Assertion & Authorization providers
for weblogic 8.1 SP1. In the authenticator MBean i have one method which takes
user defined object as a argument and returns a user defined object. i am able
to call all the methods which takes java objects(for example: String, int, ArrayList,
HashMap, Etc...) as a argument and returns also a java object but when i user
any user defined object then it gives exception. if in the argument i used user
defined object then it is not able to call that method telling NoSuchMethodException.
Is there any way to use user defined object as an argument to MBean method?
can anyone please help us as we r in the final stage of the project?
Thanks
Lakshmi"Lakshmi Padhy" <[email protected]> wrote in message
news:3fc2f50c$[email protected]..
>
I developed our own Authentication, Identity Assertion & Authorizationproviders
for weblogic 8.1 SP1. In the authenticator MBean i have one method whichtakes
user defined object as a argument and returns a user defined object. i amable
to call all the methods which takes java objects(for example: String, int,ArrayList,
HashMap, Etc...) as a argument and returns also a java object but when iuser
any user defined object then it gives exception. if in the argument i useduser
defined object then it is not able to call that method tellingNoSuchMethodException.
>
Is there any way to use user defined object as an argument to MBeanmethod?
>
I seem to remember that jmx only supports scalar datatypes. Ask in the
weblogic.developer.interest.management newsgroup. -
How to use LanguageMap attribute for Authentication Providers?
Hi all,
I couldn't find a BEA MBean-specific forum, so I'll post this here and hope you can point me to the correct people to talk to.
We're developing an Authentication provider for WebLogic 8.1. We would like to have our Authentication Provider MBean support multiple languages. I've experimented with the LanguageMap attribute but with no success. Has anybody been able to get these to work?
The spec states that the path should be fully qualified, which I take to mean that it needs to be an absolute path. I found this to be a bit unreasonable but tried it nonetheless. Unfortunately, it did not work.
I've also tried specifying the path in Java-style resource bundle form (eg// com.mycompany.mypackage.myresources) and relative paths but, again, with no success.
I pack the resource file with the authentication mbean jar.
Some examples of what I've done:
(absolute path case, where I just copied my resources file to somewhere on my comp):
<MBeanAttribute
Name = "BDOption"
LanguageMap = "c:/dev/BDResources.properties"
DisplayName = "option.bdoption"
Type = "java.lang.String"
Writeable = "true"
Default = ""Default Value""
/>
(java resource bundle case):
<MBeanAttribute
Name = "BDOption"
LanguageMap = "com.mycompany.mypackage.BDResources"
DisplayName = "option.bdoption"
Type = "java.lang.String"
Writeable = "true"
Default = ""Default Value""
/>
My resource file has only the following entry:
option.bdoption=Brian's Option
But the option will always appear as "BDOption" rather than "Brian's Option"
Any help would be appreciated,
Brianrefer the following links
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/092dddc6-0701-0010-268e-fd61f2035fdd
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2a56861-0601-0010-bba1-e37eb5d8d4a9
please let me know if u dont find relevant information -
Hi all,
I posted a similar question to weblogic.developer.interest.security but somebody suggested that this post would be better suited for this forum:
We're developing an Authentication provider for WebLogic 8.1. We would like to have our Authentication Provider MBean support multiple languages. I've experimented with the LanguageMap attribute (a BEA-specific attribute, apparently) but with no success. Has anybody been able to get these to work?
The spec states that the path should be fully qualified, which I take to mean that it needs to be an absolute path. I found this to be a bit unreasonable but tried it nonetheless. Unfortunately, it did not work.
I've also tried specifying the path in Java-style resource bundle form (eg// com.mycompany.mypackage.myresources) and relative paths but, again, with no success.
I pack the resource file with the authentication mbean jar.
Some examples of what I've done:
(absolute path case, where I just copied my resources file to somewhere on my comp):
<MBeanAttribute
Name = "BDOption"
LanguageMap = "c:/dev/BDResources.properties"
DisplayName = "option.bdoption"
Type = "java.lang.String"
Writeable = "true"
Default = ""Default Value""
/>
(java resource bundle case):
<MBeanAttribute
Name = "BDOption"
LanguageMap = "com.mycompany.mypackage.BDResources"
DisplayName = "option.bdoption"
Type = "java.lang.String"
Writeable = "true"
Default = ""Default Value""
/>
My resource file has only the following entry:
option.bdoption=Brian's Option
But the option will always appear as "BDOption" rather than "Brian's Option"
Any help would be appreciated,
BrianHi Satya, thanks for the response.
So, despite the fact that LanguageMap is a documented property for BEA-specific MBeans, it's not actually supported? That'd be odd and disappointing but, so far, I haven't seen anything that would indicate otherwise.
The reference is here:
http://e-docs.bea.com/wls/docs81/dvspisec/mdf_ref.html#1047007
Anybody have any suggestions as to what would be a good method to support multiple languages in my MBean? -
Error using commo mbean server to create custom mbean
When I execute the attached program, I see that I can create an instance of the
DefaultAuthenticator mbean successfully, but the attempt to create an instance
of a custom authenticator mbean results in the following run time exception. Any
idea why? I can configure the custom authenticator using the weblogic.Admin tool
and also from the console without any problem - so that eliminates the possibility
of the custom mbean not created right. Then why not using a java program. I don't
see any documentation on the commo server. Are there supported public APIs to
do this sort of thing from a java class.
thanks,
Jyothi
<Feb 27, 2004 11:00:09 AM PST> <Warning> <RMI> <BEA-080003> <RuntimeException
thrown by rmi server: weblogic.management.internal.RemoteMBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)
javax.management.RuntimeOperationsException: RuntimeException thrown by the invoke
method of the Dynamic MBean.
java.lang.ClassCastException
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:1166)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
at weblogic.management.internal.RemoteMBeanServerImpl_WLSkel.invoke(Unknown
Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:353)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
--------------- nested within: ------------------
javax.management.RuntimeOperationsException: RuntimeException thrown by the invoke
method of the Dynamic MBean
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1559)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
at weblogic.management.internal.RemoteMBeanServerImpl_WLSkel.invoke(Unknown
Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:353)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
[bea.java]Forgot to mention that I am using weblogic server 8.1 SP2 on solaris.
Any help is greatly appreciated.
-Jyothi
"Jyothi" <[email protected]> wrote:
>
>
>
When I execute the attached program, I see that I can create an instance
of the
DefaultAuthenticator mbean successfully, but the attempt to create an
instance
of a custom authenticator mbean results in the following run time exception.
Any
idea why? I can configure the custom authenticator using the weblogic.Admin
tool
and also from the console without any problem - so that eliminates the
possibility
of the custom mbean not created right. Then why not using a java program.
I don't
see any documentation on the commo server. Are there supported public
APIs to
do this sort of thing from a java class.
thanks,
Jyothi
<Feb 27, 2004 11:00:09 AM PST> <Warning> <RMI> <BEA-080003> <RuntimeException
thrown by rmi server: weblogic.management.internal.RemoteMBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)
javax.management.RuntimeOperationsException: RuntimeException thrown
by the invoke
method of the Dynamic MBean.
java.lang.ClassCastException
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:1166)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
at weblogic.management.internal.RemoteMBeanServerImpl_WLSkel.invoke(Unknown
Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:353)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
--------------- nested within: ------------------
javax.management.RuntimeOperationsException: RuntimeException thrown
by the invoke
method of the Dynamic MBean
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1559)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
at weblogic.management.internal.RemoteMBeanServerImpl_WLSkel.invoke(Unknown
Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:353)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170) -
Schema validation error at startup
Configuration:
WL Portal 9.2
Linux Fedora Core 6
I just created a new portal domain and it just does not startup.
The reported exception is:
Schema validation errors while parsing /domains/portal/./config/config.xml - Invalid xsi:type qname: 'ext:wsrp-identity-asserterType' in element realm@http://www.bea.com/ns/weblogic/920/domain>
Schema validation errors while parsing /domains/portal/./config/config.xml - /domains/portal/<unknown>:13:9: error: failed to load java type corresponding to t=wsrp-identity-asserterType@http://www.bea.com/ns/wlp/90/security/wsrp
I can't find the schema 'http://www.bea.com/ns/wlp/90/security/wsrp.xsd' neither on the web nor the jars supplied with the product.
Any help would be appreciated.Hi, I think you may be missing the binding-file.xml that should be in your mbean jar which should be in your WL_HOME/server/lib/mbeantypes/...
I am having similar problem and I get this error if I replace the 9.2 MBean jar (generated with MakeMBean) with 8.1 version. The 9.2 MakeMBean utility seems to bundle a bunch of additional jaxb binding files into the jar (xsb, binding-file.xml, *BeanImpl etc). Optionally you can run an 8.1 MBean through the 'weblogic.Upgrade -type securityprovider', this will convert your authentication mbean jar to 9.2 which also includes above mentioned files.
Once you have an MBean jar, generated with the 9.2 MakeMBean you will probably get a similar error in that the startup will fail with error below: If you know how to fix this please let me know as I have spent a day on this with no luck.
...config.xml - C:\...\mydomain\<unknown>:16:9: error: fail
ed to load java type corresponding to t=ucv-db-authenticatorType@http://www.bea.com/ns/weblogic/90/security/extension>
<Feb 15, 2007 9:26:29 AM NZDT> <Critical> WebLogicServer> <BEA-000362> <Server failed. Reason: [Management:141245]Schema Validation Error in :\...\server\mydomain\config\config.xml see log for details. Schema validation can be disabled by starting the server with the command line option: -Dweblog
ic.configuration.schemaValidationEnabled=false>
PS: setting the -Dweblogic.configuration.schemaValidationEnabled=false option only causes the startup to fail as it cannot load the security provider (if this is your default provider I guess?)
Hope this helps. -
Exception by getAuthenticationProviderMBean()
Hi,
Below is my code that i am trying to use to create an user programmatically in weblogic portal. But it giving starnge exceptions. If anybody have encountered such exception then please suggest how to fix it.
Rajeeb ( [email protected] )
Code:
import javax.naming.Context;
import weblogic.management.MBeanHome;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
//import weblogic.management.security.authentication.UserEditorMBean;
import weblogic.jndi.Environment;
import weblogic.security.providers.authentication.DefaultAuthenticatorMBean;
public class UserManagement {
//private static UserEditorMBean editor = null;
//public UserManagement(String user,String password,String serverName,String serverURL)
//@common:security run-as-principal="weblogic" run-as="Administrators"
public UserManagement() {
String user = "weblogic";
String password = "weblogic";
String serverURL = "t3://localhost:7001";
String serverName = "myserver";
MBeanHome adminHome = null;
SecurityConfigurationMBean conBean = null;
RealmMBean realmBean = null;
AuthenticationProviderMBean[] authBeans = null;
DefaultAuthenticatorMBean defBean = null;
DomainMBean dBean = null;
System.out.println("Entered UserManagement Constructor");
try {
Environment env = new Environment();
env.setSecurityPrincipal(user);
env.setSecurityCredentials(password);
env.setProviderUrl(serverURL);
Context ctx = env.getInitialContext();
System.out.println("Context Name: " + ctx);
adminHome = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
System.out.println("Got the MBeanHome: " + adminHome);
System.out.println("\n");
//adminHome = Helper.getMBeanHome(user,password,serverURL,serverName);
//System.out.println("Got Local MBeanHome by Helper Class");
//System.out.println("Local Admin Home Name: " + adminHome);
dBean = adminHome.getActiveDomain();
System.out.println("Domain MBean: "+ dBean);
System.out.println("\n");
conBean = dBean.getSecurityConfiguration();
System.out.println("Security configuration MBean: "+ conBean);
System.out.println("\n");
realmBean = conBean.findDefaultRealm();
System.out.println("Got the default realm: " + realmBean);
System.out.println("\n");
authBeans = realmBean.getAuthenticationProviders(); //is it the defaultAuthenticationProviderMBean???
defBean = (DefaultAuthenticatorMBean)authBeans[0];
System.out.println("Got the default Authenticator MBean: " + defBean);
//defBean.createUser("test","testtocreate","just a test of wls81 security");
//System.out.println("\n Created successfully!");
//System.out.println("\n\n");
//then find all the authentication providers
//AuthenticationProviderMBean[] providers = rbean.getAuthenticationProviders();
//editor = (UserEditorMBean) providers[0];
//providers[0] is the default authenticator
}catch (Exception e) {
e.printStackTrace();
} // End of constructor
Output and Exceptions:
Entered UserManagement Constructor
Context Name: WLContext ()
Got the MBeanHome: weblogic.rmi.internal.BasicRemoteRef@102 - hostID: '-7508997471895112706S:10.116.70.99:[7001,7001,-1,-1,7001,-1,-1,0,0]:thortech:myserver', oid: '258'
Domain MBean: [Caching Stub]Proxy for thortech:Name=thortech,Type=Domain
Security configuration MBean: [Caching Stub]Proxy for thortech:Name=thortech,Type=SecurityConfiguration
Got the default realm: Security:Name=myrealm
java.lang.NullPointerException
at weblogic.management.commo.CommoProxy.createFreshProxy(CommoProxy.java:576)
at weblogic.management.commo.CommoProxy.getProxyInstance(CommoProxy.java:485)
at weblogic.management.commo.CommoProxy.getCommoProxy(CommoProxy.java:178)
at weblogic.management.commo.CommoProxy.wrap(CommoProxy.java:599)
at weblogic.management.commo.CommoProxy.wrap(CommoProxy.java:609)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:258)
at $Proxy0.getAuthenticationProviders(Unknown Source)
at com.webportal.UserManagement.<init>(UserManagement.java:75)
at com.webportal.UserManagement.main(UserManagement.java:121)Hi satya,
I have added three jars. weblogic.jar,wlsecurityProviders.jar and wlManagement.jar
and still i am getting the same exceptions.
Do i need to define some security role for the "weblogic"
username or it is defined somewhere..
do clarify
Thanks
Rajeeb -
Error generating custom authentication providor MBean
I'm using WLS 9.0 and am having troubles creating my custom authentication provider.
I have created my class that implements AuthenticationProviderV2 and my class that implements LoginModule and put my MBeanType xml file in the same package as my two classes.
However, when I run \bea\jrockit90_150_03\bin\java weblogic.management.commo.WebLogicMBeanMaker -MDF net\sundog\authentication\BobcatAuthenticator.xml -MJF SundogAuthenticator.jar -files . -createStubs -g -validateXML
I get the following output:
Creating an MJF from the contents of directory ....
Compiling the files...
Creating the list.
Doing the compile.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: : Generating the implementations for security MBeans
WLMaker-SubProcess: : no annotation found for key
WLMaker-SubProcess: : no annotation found for key [velocityCount]
WLMaker-SubProcess: : no annotation found for key [line]
WLMaker-SubProcess: : no annotation found for key [f]
WLMaker-SubProcess: : no annotation found for key [m]
WLMaker-SubProcess: : no annotation found for key [p]
WLMaker-SubProcess: : no annotation found for key [n]
WLMaker-SubProcess: : done
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: : Generating the parsing binders for security MBeans
WLMaker-SubProcess: : done
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: : Generating the bean infos for security MBeans ...
WLMaker-SubProcess: : no annotation found for key [import]
WLMaker-SubProcess: : no annotation found for key [property]
WLMaker-SubProcess: : no annotation found for key [beanConfigurable]
WLMaker-SubProcess: : no annotation found for key [propertyMethod]
WLMaker-SubProcess: : no annotation found for key [method]
WLMaker-SubProcess: : Generating Bean Factory Class to .\weblogic\management\security\SUNDOGAUTHENTICATORBeanInfoFactory.java
WLMaker-SubProcess: : done
WLMaker-SubProcess: : Stopped draining WLMaker-SubProcess:
WLMaker-SubProcess: : Stopped draining WLMaker-SubProcess:
WLMaker-SchemaGen-SubProcess : Generating schema for security provider mbeans ...
WLMaker-SchemaGen-SubProcess : [JAM] Warning: failed to resolve class tempFileDirForSchema.weblogic.management.security.ImportMBeanImpl
WLMaker-SchemaGen-SubProcess : [JAM] Warning: failed to resolve class tempFileDirForSchema.weblogic.management.security.pk.KeyStoreMBeanImpl
[---snip, many lines like the above---]
WLMaker-SchemaGen-SubProcess : [SEVERE] Could not resolve class: tempFileDirForSchema.weblogic.management.security.ImportMBeanImpl
WLMaker-SchemaGen-SubProcess : [SEVERE] Could not resolve class: tempFileDirForSchema.weblogic.management.security.pk.KeyStoreMBeanImpl
WLMaker-SchemaGen-SubProcess : [SEVERE] Could not resolve class: tempFileDirForSchema.weblogic.management.security.authentication.UserLockoutManagerMBeanImpl
WLMaker-SchemaGen-SubProcess : [SEVERE] Could not resolve class: tempFileDirForSchema.weblogic.management.utils.PropertiesListerMBeanImpl
[---snip, many lines like the above---]
WLMaker-SchemaGen-SubProcess : [SEVERE] initialization errors encountered, skipping compilation
WLMaker-SchemaGen-SubProcess: Stopped draining WLMaker-SchemaGen-SubProcess
WLMaker-SchemaGen-SubProcess: Stopped draining WLMaker-SchemaGen-SubProcess
Creating the list.
Doing the compile.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
Creating the MJF...
MJF is created.
The trouble is that it looks like it's not able to compile the classes that are supposed to be in the tempFileDirForSchema package. I am trying to follow the documentation and examples from the 9.0 documentation, and using the 8.1 samples when there isn't an updated 9.0 version available.
I figure the class compiling problems are the cause of this error I get when starting weblogic after deploying my authenticator:
eblogic.security.service.SecurityServiceRuntimeException:
[Security:090371]Problem instantiating Authentication Provider java.lang.NullPointerException
at
weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:258)
at
weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:328)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:592)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:442)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:695)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:724)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:775)
at
weblogic.security.SecurityService.start(SecurityService.java:133)
at
weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ServerWorkManagerImpl
$WorkAdapterImpl.run(ServerWorkManagerImpl.java:518)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
Caused by: java.lang.NullPointerException
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:242)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.createSecurityProvider(SecurityServiceManagerDelegateImpl.java:267)
at
weblogic.security.service.SecurityServiceManager.createSecurityProvider(SecurityServiceManager.java:1000)
at
weblogic.security.service.adapters.AdapterFactory.getAuthenticationProvider(AdapterFactory.java:73)
at
weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:180)
... 12 more
Thanks,
Nathan
Message was edited by:
nvoxlandthere is a spi sample exclusively for wls 9.1 here
https://codesamples.projects.dev2dev.bea.com/servlets/Scarab/remcurreport/true/template/ViewIssue.vm/id/S224/nbrresults/250
this worked for me. -
Custom Authenticator not returning correctly
Hi,
I have written a custom authenticator to automatically migrate users from an oracle
SSO database into the default WLS8.1 realm (and ultimately to an LDAP Realm).
It all works fine, except that the over all login process fails.
The server is set up to use the default Authenticator initially (set to SUFFICIENT),
then, if this fails, the Migration authenticator (set to REQUIRED) is called.
If this finds the user on the Oracle db, it creates a user for them in the default
realm, and logs them in.
The problem is that even though my Migration Authenticator finishes successfully
(ie the commit() method is executed and returns true) WLS still calls the login
error page as set up in the web.xml file.
The last few lines of the login() method of the authenticator are :
loginSucceeded = true;
addUserToWLSRealm(userId, userPassword);
principalsForSubject.add(new WLSUserImpl(userId));
then the commit() method is :
public boolean commit() throws LoginException {
if(loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
System.out.println("OracleSSOLoginModule.commit - true");
return true;
} else {
System.out.println("OracleSSOLoginModule.commit - false");
return false;
If the user then tries to log in again, since they have been added to the WLS
realm, they are let in, but it should happen on the first attempt.
Any Ideas...?
TIA
Paul"Paul Davies" <[email protected]> wrote in message
news:3f4f37b3$[email protected]..
>
Hi,
I have written a custom authenticator to automatically migrate users froman oracle
SSO database into the default WLS8.1 realm (and ultimately to an LDAPRealm).
It all works fine, except that the over all login process fails.
The server is set up to use the default Authenticator initially (set toSUFFICIENT),
then, if this fails, the Migration authenticator (set to REQUIRED) iscalled.
If this finds the user on the Oracle db, it creates a user for them in thedefault
realm, and logs them in.
The problem is that even though my Migration Authenticator finishessuccessfully
(ie the commit() method is executed and returns true) WLS still calls thelogin
error page as set up in the web.xml file.
Turn on security debugging and see if you are getting a login exception
in the debug output - set the DebugSecurityAtn attribute in the ServerDebug
mbean. -
Custom Authenticator WL startup exception
Hi, I am using Weblogic 9.2 on Linux and have created an example custom authenticator.
I have followed several suggested method for creation/deployment, but still am having a exception upon startup and hoping someone could help.
from a previous post I have used the below instructions and have deployed the jar in $WL_HOME/server/lib/mbeantypes
$WL_HOME/server/providers: This is the base Directory for Customer security Provider.
$WL_HOME/server/providers/src This is the directory for the Source Code.
$WL_HOME/server/providers/providersjar This is the directory for the Custom Provider Jar file .
$WL_HOME/server/providers/created_files This is the Directory for the created schema file by Mbean maker.
After having the directory structure as mentioned above run the command as below:
cd $WL_HOME/server
$WL_HOME/samples/domains/wl_server/setExamplesEnv.sh
java -Dfiles=providers/created_files -DMDF=providers/src/MyAuthenticator.xml -DMJF=providers/providersjar/MyAuthenticator.jar -DpreserveStubs=true -DcreateStubs=true weblogic.management.commo.WebLogicMBeanMakerStarted the WL server with the following exception:
starting weblogic with Java version:
java version "1.5.0_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
BEA JRockit(R) (build R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-linux-ia32, compiled mode)
Starting WLS with line:
/home/A470231/bea/jrockit_150_12/bin/java -jrockit -Xms256m -Xmx512m -Xverify:none -Xverify:none -da -Dplatform.home=/home/A470231/bea/weblogic92 -Dwls.home=/home/A470231/bea/weblogic92/server -Dwli.home=/home/A470231/bea/weblogic92/integration -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/home/A470231/bea/patch_weblogic923/profiles/default/sysext_manifest_classpath -Dweblogic.configuration.schemaValidationEnabled=false -Dweblogic.Name=examplesServer -Djava.security.policy=/home/A470231/bea/weblogic92/server/lib/weblogic.policy weblogic.Server
<Aug 2, 2010 1:14:57 PM EDT> <Notice> <WebLogicServer> <BEA-000395> <Following extensions directory contents added to the end of the classpath:
/home/A470231/bea/weblogic92/platform/lib/p13n/p13n-schemas.jar:/home/A470231/bea/weblogic92/platform/lib/p13n/p13n_common.jar:/home/A470231/bea/weblogic92/platform/lib/p13n/p13n_system.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_common.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_schemas.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_system.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/wsrp-common.jar>
<Aug 2, 2010 1:14:58 PM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with BEA JRockit(R) Version R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-linux-ia32 from BEA Systems, Inc.>
<Aug 2, 2010 1:14:59 PM EDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 9.2 MP3 Mon Mar 10 08:28:41 EDT 2008 1096261 >
<Aug 2, 2010 1:15:03 PM EDT> <Info> <WebLogicServer> <BEA-000215> <Loaded License : /home/A470231/bea/license.bea>
<Aug 2, 2010 1:15:03 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Aug 2, 2010 1:15:03 PM EDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Aug 2, 2010 1:15:04 PM EDT> <Notice> <Log Management> <BEA-170019> <The server log file /home/A470231/bea/weblogic92/samples/domains/wl_server/servers/examplesServer/logs/examplesServer.log is opened. All server side log events will be written to this file.>
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.CredentialMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.BulkRoleMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.BulkAuthorizationServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.RoleMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.RoleDeploymentServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************REALM:TestRealm
*****************ProviderMBean length:2
*****************ProviderMBean[0]weblogic.security.providers.authorization.DefaultAuthorizerMBeanImpl@a27aaa68([wl_server]/SecurityConfiguration[wl_server]/Realms[TestRealm]/Authorizers[DefaultAuthorizer])
*****************ProviderMBean[1]weblogic.security.providers.authorization.DefaultAdjudicatorMBeanImpl@c6697d45([wl_server]/SecurityConfiguration[wl_server]/Realms[TestRealm]/Adjudicator[DefaultAdjudicator])
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.AuthorizationServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.PolicyDeploymentServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.IsProtectedResourceServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.RoleConsumerServiceConfigHelper_TestRealm<
<Aug 2, 2010 1:15:07 PM EDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.security.service.SecurityServiceRuntimeException: [Security:090877]Service Common AuthorizationService unavailable, see exception text: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at weblogic.security.service.AuthorizationManager.initialize(AuthorizationManager.java:147)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationManager.java:83)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doATZ(CommonSecurityServiceManagerDelegateImpl.java:348)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:273)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:444)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:459)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:540)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:376)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
Caused by: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:342)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:292)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:263)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:71)
at weblogic.security.service.SecurityServiceManager.getService(SecurityServiceManager.java:95)
at weblogic.security.service.AuthorizationManager.initialize(AuthorizationManager.java:137)
... 11 more
Caused by: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:40)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:340)
... 16 more
Can anyone have any ideas?
I have narrowed it down to having a problem retrieving the role and policy consumer services I believe
Thanks,
Bobby.Hi All,
Found the reason for the exception. I was implementing the generated the CustomAuthenticatorImpl class (generated through WebLogic MBeanMaker utility) as the provider class by implementing the AuthenticationProvider interface. Keeping them separate solved the issue.
Able to create the jar without any issues and also no error or exception after restart.
Thanks. -
Custom Authentication Provider and User Manage like SQLAuthenticator, How?
Hi everyone,
I faced a problem with login function of my portal (Webcenter Application). The Problem is:
- Allow the users logging in by user that store in another system. I must communicate using low level of socket. This really is not a problem.
- If user logged in, for first time of logging in, i must store them in some identity store (Maybe tables database).
- View Users in Weblogic Console. To do that, i known that i must implemeted something that i dont what that are.
Here are my work:
- I Created a Custom Authentication Provider. And configuration in Admin Console. But i don't know what are that i should implementing to View user & group in Admin Console.
- I Cannot logging in: After i created simple application for testing, i cannot logging in even i tested with SQLAuthenticator Provider and original DefaultProvider. In Logging Console, I saw every I Printed In The Code of Login Module.
Here are my Code:
<?xml version="1.0" ?>
<MBeanType Name = "OrkitVASPortal" DisplayName = "OrkitVASPortal"
Package = "orkit"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate">
<MBeanAttribute
Name = "ProviderClassName"
Type = "java.lang.String"
Writeable = "false"
Default = ""orkit.OrkitVASPortalProviderImpl""
/>
<MBeanAttribute
Name = "Description"
Type = "java.lang.String"
Writeable = "false"
Default = ""WebLogic Simple Sample Audit Provider""
/>
<MBeanAttribute
Name = "Version"
Type = "java.lang.String"
Writeable = "false"
Default = ""1.0""
/>
<MBeanAttribute
Name = "LogFileName"
Type = "java.lang.String"
Default = ""SimpleSampleAuditor.log""
/>
</MBeanType>
package orkit;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.*;
public final class OrkitVASPortalProviderImpl implements AuthenticationProviderV2 {
private String description;
private LoginModuleControlFlag controlFlag;
public OrkitVASPortalProviderImpl() {
System.out.println("The Orkit VASPortal Provider Implemented!!!!!");
@Override
public IdentityAsserterV2 getIdentityAsserter() {
return null;
// Our mapping of users to passwords/groups, instead of being in LDAP or in a
// database, is represented by a HashMap of MyUserDetails objects..
public class MyUserDetails {
String pw;
String group;
// We use this to represent the user's groups and passwords
public MyUserDetails(String pw, String group) {
this.pw = pw;
this.group = group;
public String getPassword() {
return pw;
public String getGroup() {
return group;
// This is our database
private HashMap userGroupMapping = null;
public void initialize(ProviderMBean mbean, SecurityServices services) {
System.out.println("The Orkit VASPortal Provider is intializing......");
OrkitVASPortalMBean myMBean = (OrkitVASPortalMBean) mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
System.err.println("#In realm:" + myMBean.getRealm().wls_getDisplayName());
// We would typically use the realm name to find the database
// we want to use for authentication. Here, we just create one.
userGroupMapping = new HashMap();
userGroupMapping.put("a", new MyUserDetails("passworda", "g1"));
userGroupMapping.put("b", new MyUserDetails("passwordb", "g2"));
userGroupMapping.put("system", new MyUserDetails("12341234",
"Administrators"));
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("Invalid control flag " + flag);
public AppConfigurationEntry getLoginModuleConfiguration() {
HashMap options = new HashMap();
options.put("usermap", userGroupMapping);
System.out.println("UserMap: " + options);
return new AppConfigurationEntry(
"orkit.OrkitVASPortalLoginModule",
controlFlag, options);
public String getDescription() {
return description;
public PrincipalValidator getPrincipalValidator() {
return new PrincipalValidatorImpl();
public AppConfigurationEntry getAssertionModuleConfiguration() {
return null;
// public IdentityAsserter getIdentityAsserter() {
// return null;
public void shutdown() {
* To change this template, choose Tools | Templates
* and open the template in the editor.
package orkit;
import orkit.OrkitVASPortalProviderImpl;
import java.io.IOException;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.LoginModule;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* This login module will be called by our Authentication Provider. It assumes
* that the option, usermap, will be passed which contains the map of users to
* passwords and groups.
public class OrkitVASPortalLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private HashMap userMap;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsBeforeCommit = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
// Fetch user/password map that should be set by the authenticator
userMap = (HashMap) options.get("usermap");
* Called once after initialize to try and log the person in
public boolean login() throws LoginException {
// First thing we do is create an array of callbacks so that
// we can get the data from the user
Callback[] callbacks;
callbacks = new Callback[2];
callbacks[0] = new NameCallback("username: ");
callbacks[1] = new PasswordCallback("password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException eio) {
throw new LoginException(eio.toString());
} catch (UnsupportedCallbackException eu) {
throw new LoginException(eu.toString());
String username = ((NameCallback) callbacks[0]).getName();
System.out.println("Username: " + username);
char[] pw = ((PasswordCallback) callbacks[1]).getPassword();
String password = new String(pw);
System.out.println("PASSWORD: " + password);
if (username.length() > 0) {
if (!userMap.containsKey(username)) {
throw new FailedLoginException("Authentication Failed: Could not find user:" + username);
}else{
System.out.println("Contstainded Username");
String realPassword = ((OrkitVASPortalProviderImpl.MyUserDetails) userMap.get(username)).getPassword();
if (realPassword == null || !realPassword.equals(password)) {
throw new FailedLoginException("Authentication Failed: Password incorrect for user" + username);
}else{
System.out.println("Everyitng OKIE");
} else {
// No Username, so anonymous access is being attempted
loginSucceeded = true;
// We collect some principals that we would like to add to the user
// once this is committed.
// First, we add his username itself
principalsBeforeCommit.add(new WLSUserImpl(username));
// Now we add his group
principalsBeforeCommit.add(new WLSGroupImpl(((OrkitVASPortalProviderImpl.MyUserDetails) userMap.get(username)).getGroup()));
return loginSucceeded;
public boolean commit() throws LoginException {
if (loginSucceeded) {
subject.getPrincipals().removeAll(principalsBeforeCommit);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsBeforeCommit);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
return true;
}and OrkitVASPortalMBean & OrkitVASPortalImpl class created by MBeanMaker tool.
Can someome help.
Thanks in advance!Hi ,
SQLAuthenticator is not yet supported with UCM 11g due to some JPS Provider limitations .
Currently there is an Enhancement request for this .
Thanks
Srinath -
Custom Authentication With Identity Store
Hi everyone,
I faced a problem with login function of my portal (Webcenter Application). The Problem is:
- Allow the users logging in by user that store in another system. I must communicate using low level of socket. This really is not a problem.
- If user logged in, for first time of logging in, i must store them in some identity store (Maybe tables database).
- View Users in Weblogic Console. To do that, i known that i must implemeted something that i dont what that are.
Here are my work:
- I Created a Custom Authentication Provider. And configuration in Admin Console. But i don't know what are that i should implementing to View user & group in Admin Console.
- I Cannot logging in: After i created simple application for testing, i cannot logging in even i tested with SQLAuthenticator Provider and original DefaultProvider. In Logging Console, I saw every I Printed In The Code of Login Module.
Here are my Code:
<?xml version="1.0" ?>
<MBeanType Name = "OrkitVASPortal" DisplayName = "OrkitVASPortal"
Package = "orkit"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate">
<MBeanAttribute
Name = "ProviderClassName"
Type = "java.lang.String"
Writeable = "false"
Default = ""orkit.OrkitVASPortalProviderImpl""
/>
<MBeanAttribute
Name = "Description"
Type = "java.lang.String"
Writeable = "false"
Default = ""WebLogic Simple Sample Audit Provider""
/>
<MBeanAttribute
Name = "Version"
Type = "java.lang.String"
Writeable = "false"
Default = ""1.0""
/>
<MBeanAttribute
Name = "LogFileName"
Type = "java.lang.String"
Default = ""SimpleSampleAuditor.log""
/>
</MBeanType>
package orkit;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.*;
public final class OrkitVASPortalProviderImpl implements AuthenticationProviderV2 {
private String description;
private LoginModuleControlFlag controlFlag;
public OrkitVASPortalProviderImpl() {
System.out.println("The Orkit VASPortal Provider Implemented!!!!!");
@Override
public IdentityAsserterV2 getIdentityAsserter() {
return null;
// Our mapping of users to passwords/groups, instead of being in LDAP or in a
// database, is represented by a HashMap of MyUserDetails objects..
public class MyUserDetails {
String pw;
String group;
// We use this to represent the user's groups and passwords
public MyUserDetails(String pw, String group) {
this.pw = pw;
this.group = group;
public String getPassword() {
return pw;
public String getGroup() {
return group;
// This is our database
private HashMap userGroupMapping = null;
public void initialize(ProviderMBean mbean, SecurityServices services) {
System.out.println("The Orkit VASPortal Provider is intializing......");
OrkitVASPortalMBean myMBean = (OrkitVASPortalMBean) mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
System.err.println("#In realm:" + myMBean.getRealm().wls_getDisplayName());
// We would typically use the realm name to find the database
// we want to use for authentication. Here, we just create one.
userGroupMapping = new HashMap();
userGroupMapping.put("a", new MyUserDetails("passworda", "g1"));
userGroupMapping.put("b", new MyUserDetails("passwordb", "g2"));
userGroupMapping.put("system", new MyUserDetails("12341234",
"Administrators"));
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("Invalid control flag " + flag);
public AppConfigurationEntry getLoginModuleConfiguration() {
HashMap options = new HashMap();
options.put("usermap", userGroupMapping);
System.out.println("UserMap: " + options);
return new AppConfigurationEntry(
"orkit.OrkitVASPortalLoginModule",
controlFlag, options);
public String getDescription() {
return description;
public PrincipalValidator getPrincipalValidator() {
return new PrincipalValidatorImpl();
public AppConfigurationEntry getAssertionModuleConfiguration() {
return null;
// public IdentityAsserter getIdentityAsserter() {
// return null;
public void shutdown() {
* To change this template, choose Tools | Templates
* and open the template in the editor.
package orkit;
import orkit.OrkitVASPortalProviderImpl;
import java.io.IOException;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.LoginModule;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* This login module will be called by our Authentication Provider. It assumes
* that the option, usermap, will be passed which contains the map of users to
* passwords and groups.
public class OrkitVASPortalLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private HashMap userMap;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsBeforeCommit = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
// Fetch user/password map that should be set by the authenticator
userMap = (HashMap) options.get("usermap");
* Called once after initialize to try and log the person in
public boolean login() throws LoginException {
// First thing we do is create an array of callbacks so that
// we can get the data from the user
Callback[] callbacks;
callbacks = new Callback[2];
callbacks[0] = new NameCallback("username: ");
callbacks[1] = new PasswordCallback("password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException eio) {
throw new LoginException(eio.toString());
} catch (UnsupportedCallbackException eu) {
throw new LoginException(eu.toString());
String username = ((NameCallback) callbacks[0]).getName();
System.out.println("Username: " + username);
char[] pw = ((PasswordCallback) callbacks[1]).getPassword();
String password = new String(pw);
System.out.println("PASSWORD: " + password);
if (username.length() > 0) {
if (!userMap.containsKey(username)) {
throw new FailedLoginException("Authentication Failed: Could not find user:" + username);
}else{
System.out.println("Contstainded Username");
String realPassword = ((OrkitVASPortalProviderImpl.MyUserDetails) userMap.get(username)).getPassword();
if (realPassword == null || !realPassword.equals(password)) {
throw new FailedLoginException("Authentication Failed: Password incorrect for user" + username);
}else{
System.out.println("Everyitng OKIE");
} else {
// No Username, so anonymous access is being attempted
loginSucceeded = true;
// We collect some principals that we would like to add to the user
// once this is committed.
// First, we add his username itself
principalsBeforeCommit.add(new WLSUserImpl(username));
// Now we add his group
principalsBeforeCommit.add(new WLSGroupImpl(((OrkitVASPortalProviderImpl.MyUserDetails) userMap.get(username)).getGroup()));
return loginSucceeded;
public boolean commit() throws LoginException {
if (loginSucceeded) {
subject.getPrincipals().removeAll(principalsBeforeCommit);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsBeforeCommit);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
return true;
}and OrkitVASPortalMBean & OrkitVASPortalImpl class created by MBeanMaker tool.
Can someome help.
Thank you very much!When i login with the password and username from my custom authentication provider, my login module check ok, but logon form still there.
Maybe you are looking for
-
I downloaded Yosemite last week, having major issues with typing
dw yosimite last week and have had major issues with typing, cursor leaving page
-
Hello, I've searched for this problem and have not found anyone with this same issue. The trackpad suddenly quit "moving the cursor" and will only scroll the screen (if possible). When it scrolls, it will do it with only one finger (not two!) AND the
-
How do you send a clip to Motion and back?
I've done a search on the internet and I don't see a simple answer! I've filmed some stuff which is shaky so I want to do this: Take the edited clip Put it in Motion Stabilize it Bring it back to FCPX exactly where it is in the timeline How are you g
-
Enhancement point in reserved namespace like /LTIL/
We are working in reserved namespace like /LTIL/ for the product which will be installed as Add On package. We want to add enhancement point so that the future client user's can add their code to enhance functionality as per their requirement. Till i
-
Differences between security tasks in BPC 7.0 MS and BPC 10.0 NW
Hi all, I am on a migration Project from BPC 7.0 MS to BPC 10.0 NW and I have to migrate task profiles. The problem is that while uploading the task profiles from a .csv, I realized that there are differences between the tasks to assign in source and