Cloudscape rdbmsrealm
Hi,
I am trying the sample rdbmsrealm secuirty example in WLS6.0 SP2.
I followed all the steps in
wlserver6.0\samples\examples\security\rdbmsrealm\package-summary.html.
But I am not able to view User, Group, and Access Control Lists nodes
and view the addition security information defined by the RDBMS security
realm.
Also when I tried to add new user it is updating in fileRealm.properties
not in cloudscape rdbmsrealm.
pls guide me,
thanks in advance,
Milind.
thanks satya it is working perfectly
regards,
Milind.
milind puranik wrote:
thanks a lot satya .
i tried below tags into config.xml
but still I am getting following exception
<Jun 26, 2001 11:49:57 AM EDT> <Notice> <Management> <Loading
configuration file .\config\examples\config.xml ...>
The WebLogic Server did not start up properly.
Exception raised:
weblogic.management.configuration.ConfigurationException: undefined
mbean reference: examples:Name=myFileRe
alm,Type=FileRealm
weblogic.management.configuration.ConfigurationException: undefined
mbean reference: examples:Name=myFileRealm,Type=FileRealm
at
weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.resolveMBeanAttributes(ConfigurationPars
er.java:352)
at
weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.endDocument(ConfigurationParser.java:194
at
weblogic.apache.xerces.parsers.SAXParser.endDocument(SAXParser.java:1222)
at
weblogic.apache.xerces.validators.common.XMLValidator.callEndDocument(XMLValidator.java:743)
at
weblogic.apache.xerces.framework.XMLDocumentScanner$EndOfInputDispatcher.dispatch(XMLDocumentScanner.java:1545)
at
weblogic.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner.java:380)
at
weblogic.apache.xerces.framework.XMLParser.parse(XMLParser.java:900)
at
weblogic.management.internal.xml.ConfigurationParser.parse(ConfigurationParser.java:103)
at
pls guide me I am sending u my config.xml.
thanks,
Milind.
Satya Ghattu wrote:
Milind,
Looks like your RDBMSRealm is not configured properly. In your config.xml
file make sure that you have something like this,
For the Realm tag,
<Realm
Name="defaultRealm"
FileRealm="defaultFileRealm"
CachingRealm="defaultCachingRealm"
/>
For the cachingRealm tag,
<CachingRealm
Name="defaultCachingRealm"
BasicRealm="defaultRDBMSRealmForCloudscape"
/>
RDBMSRealm tag
<RDBMSRealm
Name="defaultRDBMSRealmForCloudscape"
RealmClassName="security.rdbmsrealm.RDBMSRealm"
DatabaseDriver="COM.cloudscape.core.JDBCDriver"
DatabaseURL="jdbc:cloudscape:demo;create=true;autocommit=false"
DatabaseUserName=""
DatabasePassword=""
SchemaProperties="getGroupNewStatement=true;getUser=SELECT U_NAME,
U_PASSWORD FROM users WHERE U_NAME = ?;getGroupMembers=SELECT GM_GROUP,
GM_MEMBER from groupmembers WHERE GM_GROUP = ?;getAclEntries=SELECT
A_NAME,
A_PRINCIPAL, A_PERMISSION FROM aclentries WHERE A_NAME = ? ORDER BY
A_PRINCIPAL;getUsers=SELECT U_NAME, U_PASSWORD FROM
users;getGroups=SELECT
GM_GROUP, GM_MEMBER FROM groupmembers;getAcls=SELECT A_NAME, A_PRINCIPAL,
A_PERMISSION FROM aclentries ORDER BY A_NAME,
A_PRINCIPAL;getPermissions=SELECT DISTINCT A_PERMISSION FROM
aclentries;getPermission=SELECT DISTINCT A_PERMISSION FROM aclentries
WHERE
A_PERMISSION = ?;newUser=INSERT INTO users VALUES ( ? ,
? );addGroupMember=INSERT INTO groupmembers VALUES ( ? ,
? );removeGroupMember=DELETE FROM groupmembers WHERE GM_GROUP = ? AND
GM_MEMBER = ?;deleteUser1=DELETE FROM users WHERE U_NAME =
?;deleteUser2=DELETE FROM groupmembers WHERE GM_MEMBER =
?;deleteUser3=DELETE FROM aclentries WHERE A_PRINCIPAL =
?;deleteGroup1=DELETE FROM groupmembers WHERE GM_GROUP =
?;deleteGroup2=DELETE FROM aclentries WHERE A_PRINCIPAL = ?"
/>
Now, restart your server and you should see the users, groups and acls
that
you defined in your RDBMSRealm on the console.
-satya
milind puranik <[email protected]> wrote in message
news:[email protected]...
Hi,
I am trying the sample rdbmsrealm secuirty example in WLS6.0 SP2.
I followed all the steps in
wlserver6.0\samples\examples\security\rdbmsrealm\package-summary.html.
But I am not able to view User, Group, and Access Control Lists nodes
and view the addition security information defined by the RDBMS security
realm.
Also when I tried to add new user it is updating in fileRealm.properties
not in cloudscape rdbmsrealm.
pls guide me,
thanks in advance,
Milind.
<?xml version="1.0" encoding="UTF-8"?>
<!--If your domain is active, please do not edit the config.xml file. Any changes made to that file while the domain is active will not have any effect on the domain's configuration and are likely to be lost. If your domain is inactive, you may edit this file with an XML editor. If you do so, please refer to the configuration documentation at http://edocs.bea.com/wls/docs60/adminguide/config_xml.html. In general, we recommend that changes to your configuration file be made through the Administration Console.-->
<Domain Name="examples">
<Application Deployed="true" Name="jta_ejb_jmsjdbc" Path=".\config\examples\applications">
<EJBComponent Name="jta_ejb_jmsjdbc" Targets="examplesServer" URI="jta_ejb_jmsjdbc.jar"/>
</Application>
<Application Deployed="true" Name="ejb_basic_statefulSession" Path=".\config\examples\applications">
<EJBComponent Name="ejb_basic_statefulSession"
Targets="examplesServer" URI="ejb_basic_statefulSession.jar"/>
</Application>
<Log FileName="./config/examples/logs/wl-domain.log" Name="examples"/>
<Application Deployed="true" Name="ejb_extensions_readMostly" Path=".\config\examples\applications">
<EJBComponent Name="ejb_extensions_readMostly"
Targets="examplesServer" URI="ejb_extensions_readMostly.jar"/>
</Application>
<WLECConnectionPool FailoverAddresses="//wlehost:2468"
MaximumPoolSize="3" MinimumPoolSize="2" Name="simplepool"
PrimaryAddresses="//wlehost:2468" UserName="wleuser"
UserRole="developer" WLEDomain="simple"/>
<JTA AbandonTimeoutSeconds="86400"
BeforeCompletionIterationLimit="100" ForgetHeuristics="false"
MaxTransactions="10000" MaxUniqueNameStatistics="1000"
Name="examples" TimeoutSeconds="100"/>
<!--Realm FileRealm="myFileRealm" Name="myRealm"/-->
<Realm Name="defaultRealm" FileRealm="defaultFileRealm" CachingRealm="defaultCachingRealm"/>
<Application Name="wl_management_internal2" Path=".\config\tmp">
<WebAppComponent Name="wl_management_internal2"
Targets="examplesServer" URI="wl_management_internal2.war"/>
</Application>
<JMSConnectionFactory
JNDIName="weblogic.examples.jms.TopicConnectionFactory" Name="exampleTopic"/>
<JMSConnectionFactory
JNDIName="weblogic.examples.jms.QueueConnectionFactory" Name="exampleQueue"/>
<LDAPRealm AuthProtocol="simple" Credential="MyLDAPCredential"
GroupDN="o=airius.com,ou=Groups" GroupIsContext="false"
GroupNameAttribute="cn" GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://ldapserver:389"
Name="defaultLDAPRealmForNetscapeDirectoryServer"
Notes="This is provided as an example. Before enabling this Realm, you must edit the configuration parameters as appropriate for your environment."
Principal="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot"
UserAuthentication="local" UserDN="o=airius.com,ou=People"
UserNameAttribute="uid" UserPasswordAttribute="userpassword"/>
<JDBCConnectionPool CapacityIncrement="2"
DriverName="weblogic.jdbc.oci.Driver" InitialCapacity="4"
LoginDelaySeconds="1" MaxCapacity="10" Name="oraclePool"
Properties="user=SCOTT;password=tiger;server=DEMO"
RefreshMinutes="10" ShrinkPeriodMinutes="15"
ShrinkingEnabled="true" TestConnectionsOnRelease="false"
TestConnectionsOnReserve="false" TestTableName="dual" URL="jdbc:weblogic:oracle"/>
<Application Deployed="true" Name="cluster_ejb_teller" Path=".\config\examples\applications">
<EJBComponent Name="cluster_ejb_teller" Targets="examplesServer" URI="cluster_ejb_teller.jar"/>
</Application>
<JDBCConnectionPool CapacityIncrement="1"
DriverName="COM.cloudscape.core.XaDataSource"
InitialCapacity="1" MaxCapacity="2" Name="demoXAPool"
Properties="dataSourceName=demoXAPool;databaseName=demo;createDatabase=create"
RefreshMinutes="0" ShrinkPeriodMinutes="15"
ShrinkingEnabled="true" Targets="examplesServer"
TestConnectionsOnRelease="false"
TestConnectionsOnReserve="false" URL="jdbc:cloudscape:demo"/>
<LDAPRealm AuthProtocol="simple" Credential="MyLDAPCredential"
GroupDN="o=airius.com,ou=Groups" GroupIsContext="true"
GroupNameAttribute="cn" GroupUsernameAttribute="member"
LDAPURL="ldap://ldapserver:363"
Name="defaultLDAPRealmForNovellDirectoryServices"
Notes="This is provided as an example. Before enabling this Realm, you must edit the configuration parameters as appropriate for your environment."
Principal="cn=Admin,o=airius.com" SSLEnable="true"
UserAuthentication="bind" UserDN="o=airius.com,ou=People"
UserNameAttribute="cn" UserPasswordAttribute="userpassword"/>
<Application Deployed="true" Name="console" Path=".\config\examples\applications">
<WebAppComponent Name="console" Targets="examplesServer" URI="console.war"/>
</Application>
<Application Deployed="true" Name="DefaultWebApp_examplesServer" Path=".\config\examples\applications">
<WebAppComponent Name="DefaultWebApp_examplesServer"
Targets="examplesServer" URI="DefaultWebApp_examplesServer"/>
</Application>
<RDBMSRealm DatabaseDriver="sun.jdbc.odbc.JdbcOdbcDriver"
DatabasePassword="tiger"
DatabaseURL="jdbc:odbc:MyDataSourceName"
DatabaseUserName="scott" Name="defaultRDBMSRealmForODBC"
Notes="This is provided as an example and is designed to work with the schema created for the examples.security.rdbmsrealm example. To enable this RDBMSRealm, you must first create the database tables and edit the configuration parameters as appropriate for your environment."
RealmClassName="examples.security.rdbmsrealm.RDBMSRealm" SchemaProperties="getGroupMembers=SELECT GM_GROUP, GM_MEMBER from groupmembers WHERE GM_GROUP = ?;deleteGroup2=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;deleteGroup1=DELETE FROM groupmembers WHERE GM_GROUP = ?;addGroupMember=INSERT INTO groupmembers VALUES ( ? , ? );getUser=SELECT U_NAME, U_PASSWORD FROM users WHERE U_NAME = ?;getPermission=SELECT DISTINCT A_PERMISSION FROM aclentries WHERE A_PERMISSION = ?;deleteUser3=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;getGroupNewStatement=true;deleteUser2=DELETE FROM groupmembers WHERE GM_MEMBER = ?;deleteUser1=DELETE FROM users WHERE U_NAME = ?;getAcls=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A_NAME, A_PRINCIPAL;getUsers=SELECT U_NAME, U_PASSWORD FROM users;getGroups=SELECT GM_GROUP, GM_MEMBER FROM groupmembers;getPermissions=SELECT DISTINCT A_PERMISSION FROM aclentries;getAclEntries=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries WHERE A_NAME = ? ORDER BY A_PRINCIPAL;newUser=INSERT INTO users VALUES ( ? , ? );removeGroupMember=DELETE FROM groupmembers WHERE GM_GROUP = ? AND GM_MEMBER = ?"/>
<StartupClass ClassName="examples.rmi_iiop.hello.HelloImpl"
FailureIsFatal="false" Name="hello_iiop"/>
<JDBCConnectionPool CapacityIncrement="1"
DriverName="COM.cloudscape.core.JDBCDriver" InitialCapacity="1"
MaxCapacity="2" Name="demoPool"
Properties="user=none;password=none;server=none"
RefreshMinutes="0" ShrinkPeriodMinutes="15"
ShrinkingEnabled="true" Targets="examplesServer"
TestConnectionsOnRelease="false"
TestConnectionsOnReserve="false" URL="jdbc:cloudscape:demo"/>
<Application Deployed="true" Name="ejb_basic_containerManaged" Path=".\config\examples\applications">
<EJBComponent Name="ejb_basic_containerManaged"
Targets="examplesServer" URI="ejb_basic_containerManaged.jar"/>
</Application>
<StartupClass ClassName="examples.rmi.hello.HelloImpl"
FailureIsFatal="false" Name="hello" Targets="examplesServer"/>
<StartupClass ClassName="examples.rmi.stock.StockServer"
FailureIsFatal="false" Name="stock"/>
<LDAPRealm AuthProtocol="simple" Credential="MyLDAPCredential"
GroupDN="o=Microsoft, ou=Groups" GroupIsContext="true"
GroupNameAttribute="cn" GroupUsernameAttribute="memberObject"
LDAPURL="ldap://ldapserver:389"
Name="defaultLDAPRealmForMicrosoftSiteServer"
Notes="This is provided as an example. Before enabling this Realm, you must edit the configuration parameters as appropriate for your environment."
Principal="cn=ldapadmin" UserAuthentication="local"
UserDN="o=Microsoft, ou=Members" UserNameAttribute="cn" UserPasswordAttribute="userpassword"/>
<Server AcceptBacklog="50" AdministrationPort="0" ClusterWeight="1"
ConsoleInputEnabled="false" DGCIdlePeriodsUntilTimeout="2"
DefaultProtocol="t3" DefaultSecureProtocol="t3s"
HttpdEnabled="true" JavaCompiler="d:\bea\jdk130/bin/javac"
ListenPort="7001" Name="examplesServer" NativeIOEnabled="true"
SocketReaderTimeoutMaxMillis="10"
TransactionLogFilePrefix="config/examples/logs/"
TunnelingClientPingSecs="45" TunnelingClientTimeoutSecs="40" XMLRegistry="examplesXMLRegistry">
<KernelDebug Name="examplesServer"/>
<ServerDebug Name="examplesServer"/>
<SSL Enabled="true" ListenPort="7002" Name="examplesServer"
PeerValidationEnforced="0"
ServerCertificateChainFileName="./config/examples/ca.pem"
ServerCertificateFileName="./config/examples/democert.pem"
ServerKeyFileName="./config/examples/demokey.pem" TrustedCAFileName="./config/examples/ca.pem"/>
<WebServer DefaultWebApp="DefaultWebApp_examplesServer"
LogFileName="./config/examples/logs/access.log"
LoggingEnabled="true" Name="examplesServer"/>
<Log FileName="./config/examples/logs/weblogic.log" Name="examplesServer"/>
</Server>
<PasswordPolicy Name="wl_default_password_policy"/>
<JMSConnectionFactory JNDIName="jms.connection.traderFactory" Name="exampleTrader"/>
<StartupClass ClassName="examples.security.acl.FrobImpl"
FailureIsFatal="false" Name="frob" Targets="examplesServer"/>
<JDBCDataSource JNDIName="examples-dataSource-demoPool"
Name="examples-dataSource-demoPool" PoolName="demoPool" Targets="examplesServer"/>
<JDBCTxDataSource JNDIName="myDataSource" Name="myDataSource" PoolName="oraclePool"/>
<StartupClass
Arguments="connectionFactory=weblogic.examples.jms.TopicConnectionFactory,topic=weblogic.examples.jms.exampleTopic"
ClassName="examples.jms.startup.ServerReceive"
FailureIsFatal="false" Name="serverReceive"/>
<Application Deployed="true" Name="ejb_basic_beanManaged" Path=".\config\examples\applications">
<EJBComponent Name="ejb_basic_beanManaged"
Targets="examplesServer" URI="ejb_basic_beanManaged.jar"/>
</Application>
<RDBMSRealm DatabaseDriver="weblogic.jdbc.oci.Driver"
DatabasePassword="tiger"
DatabaseURL="jdbc:weblogic:oracle:MyOracleServerName"
DatabaseUserName="scott" Name="defaultRDBMSRealmForOracle"
Notes="This is provided as an example and is designed to work with the schema created for the examples.security.rdbmsrealm example. To enable this RDBMSRealm, you must first create the database tables and edit the configuration parameters as appropriate for your environment."
RealmClassName="examples.security.rdbmsrealm.RDBMSRealm" SchemaProperties="getGroupMembers=SELECT GM_GROUP, GM_MEMBER from groupmembers WHERE GM_GROUP = ?;deleteGroup2=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;deleteGroup1=DELETE FROM groupmembers WHERE GM_GROUP = ?;addGroupMember=INSERT INTO groupmembers VALUES ( ? , ? );getUser=SELECT U_NAME, U_PASSWORD FROM users WHERE U_NAME = ?;getPermission=SELECT DISTINCT A_PERMISSION FROM aclentries WHERE A_PERMISSION = ?;deleteUser3=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;getGroupNewStatement=false;deleteUser2=DELETE FROM groupmembers WHERE GM_MEMBER = ?;deleteUser1=DELETE FROM users WHERE U_NAME = ?;getAcls=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A_NAME, A_PRINCIPAL;getUsers=SELECT U_NAME, U_PASSWORD FROM users;getGroups=SELECT GM_GROUP, GM_MEMBER FROM groupmembers;getPermissions=SELECT DISTINCT A_PERMISSION FROM aclentries;getAclEntries=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries WHERE A_NAME = ? ORDER BY A_PRINCIPAL;newUser=INSERT INTO users VALUES ( ? , ? );removeGroupMember=DELETE FROM groupmembers WHERE GM_GROUP = ? AND GM_MEMBER = ?"/>
<!--RDBMSRealm DatabaseDriver="COM.cloudscape.core.JDBCDriver"
DatabaseURL="jdbc:cloudscape:demo;create=true;autocommit=false"
Name="defaultRDBMSRealmForCloudscape"
RealmClassName="examples.security.rdbmsrealm.RDBMSRealm" SchemaProperties="getGroupMembers=SELECT GM_GROUP, GM_MEMBER from groupmembers WHERE GM_GROUP = ?;deleteGroup2=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;deleteGroup1=DELETE FROM groupmembers WHERE GM_GROUP = ?;addGroupMember=INSERT INTO groupmembers VALUES ( ? , ? );getUser=SELECT U_NAME, U_PASSWORD FROM users WHERE U_NAME = ?;getPermission=SELECT DISTINCT A_PERMISSION FROM aclentries WHERE A_PERMISSION = ?;deleteUser3=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;getGroupNewStatement=true;deleteUser2=DELETE FROM groupmembers WHERE GM_MEMBER = ?;deleteUser1=DELETE FROM users WHERE U_NAME = ?;getAcls=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A_NAME, A_PRINCIPAL;getUsers=SELECT U_NAME, U_PASSWORD FROM users;getGroups=SELECT GM_GROUP, GM_MEMBER FROM groupmembers;getPermissions=SELECT DISTINCT A_PERMISSION FROM aclentries;getAclEntries=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries WHERE A_NAME = ? ORDER BY A_PRINCIPAL;newUser=INSERT INTO users VALUES ( ? , ? );removeGroupMember=DELETE FROM groupmembers WHERE GM_GROUP = ? AND GM_MEMBER = ?"/-->
<RDBMSRealm Name="defaultRDBMSRealmForCloudscape" RealmClassName="security.rdbmsrealm.RDBMSRealm" DatabaseDriver="COM.cloudscape.core.JDBCDriver"
DatabaseURL="jdbc:cloudscape:demo;create=true;autocommit=false"
DatabaseUserName=""
DatabasePassword=""
SchemaProperties="getGroupNewStatement=true;getUser=SELECT U_NAME,U_PASSWORD FROM users WHERE U_NAME = ?;getGroupMembers=SELECT GM_GROUP,GM_MEMBER from groupmembers WHERE GM_GROUP = ?;getAclEntries=SELECT A_NAME,A_PRINCIPAL, A_PERMISSION FROM aclentries WHERE A_NAME = ? ORDER BY A_PRINCIPAL;getUsers=SELECT U_NAME, U_PASSWORD FROM users;getGroups=SELECT GM_GROUP, GM_MEMBER FROM groupmembers;getAcls=SELECT A_NAME, A_PRINCIPAL,A_PERMISSION FROM aclentries ORDER BY A_NAME,A_PRINCIPAL;getPermissions=SELECT DISTINCT A_PERMISSION FROM aclentries;getPermission=SELECT DISTINCT A_PERMISSION FROM aclentries WHERE A_PERMISSION = ?;newUser=INSERT INTO users VALUES ( ? ,? );addGroupMember=INSERT INTO groupmembers VALUES ( ? ,? );removeGroupMember=DELETE FROM groupmembers WHERE GM_GROUP = ? AND GM_MEMBER = ?;deleteUser1=DELETE FROM users WHERE U_NAME = ?;deleteUser2=DELETE FROM groupmembers WHERE GM_MEMBER = ?;deleteUser3=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;deleteGroup1=DELETE FROM groupmembers WHERE GM_GROUP = ?;deleteGroup2=DELETE FROM aclentries WHERE A_PRINCIPAL = ?" />
<JDBCTxDataSource JNDIName="examples-dataSource-demoXAPool"
Name="examples-dataSource-demoXAPool" PoolName="demoXAPool" Targets="examplesServer"/>
<WLECConnectionPool ApplicationPassword="wlepassword"
FailoverAddresses="//wlehost:2468" MaximumPoolSize="3"
MinimumPoolSize="2" Name="Univpool"
PrimaryAddresses="//wlehost:2468" UserName="wleuser"
UserRole="developer" WLEDomain="university"/>
<RDBMSRealm DatabaseDriver="weblogic.jdbc.mssqlserver4.Driver"
DatabaseURL="jdbc:weblogic:sybase:database@MyDatabaseHost:MyDatabasePort"
DatabaseUserName="sa"
Name="defaultRDBMSRealmForMSSQLServerType4"
Notes="This is provided as an example and is designed to work with the schema created for the examples.security.rdbmsrealm example. To enable this RDBMSRealm, you must first create the database tables and edit the configuration parameters as appropriate for your environment."
RealmClassName="examples.security.rdbmsrealm.RDBMSRealm" SchemaProperties="getGroupMembers=SELECT GM_GROUP, GM_MEMBER from groupmembers WHERE GM_GROUP = ?;deleteGroup2=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;deleteGroup1=DELETE FROM groupmembers WHERE GM_GROUP = ?;addGroupMember=INSERT INTO groupmembers VALUES ( ? , ? );getUser=SELECT U_NAME, U_PASSWORD FROM users WHERE U_NAME = ?;getPermission=SELECT DISTINCT A_PERMISSION FROM aclentries WHERE A_PERMISSION = ?;deleteUser3=DELETE FROM aclentries WHERE A_PRINCIPAL = ?;getGroupNewStatement=true;deleteUser2=DELETE FROM groupmembers WHERE GM_MEMBER = ?;deleteUser1=DELETE FROM users WHERE U_NAME = ?;getAcls=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A_NAME, A_PRINCIPAL;getUsers=SELECT U_NAME, U_PASSWORD FROM users;getGroups=SELECT GM_GROUP, GM_MEMBER FROM groupmembers;getPermissions=SELECT DISTINCT A_PERMISSION FROM aclentries;getAclEntries=SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries WHERE A_NAME = ? ORDER BY A_PRINCIPAL;newUser=INSERT INTO users VALUES ( ? , ? );removeGroupMember=DELETE FROM groupmembers WHERE GM_GROUP = ? AND GM_MEMBER = ?"/>
<StartupClass ClassName="examples.cluster.rmi.HelloClusterImpl"
FailureIsFatal="false" Name="hello_cluster"/>
<Application Name="wl_management_internal1" Path=".\config\tmp">
<WebAppComponent Name="wl_management_internal1"
Targets="examplesServer" URI="wl_management_internal1.war"/>
</Application>
<ApplicationManager Name="examples"/>
<Application Deployed="true" Name="examplesWebApp" Path=".\config\examples\applications">
<WebAppComponent Name="examplesWebApp" Targets="examplesServer" URI="examplesWebApp"/>
</Application>
<Application Deployed="true" Name="ejb_basic_statelessSession" Path=".\config\examples\applications">
<EJBComponent Name="ejb_basic_statelessSession"
Targets="examplesServer" URI="ejb_basic_statelessSession.jar"/>
</Application>
<WLECConnectionPool ApplicationPassword="wlepassword"
FailoverAddresses="//wlehost:2468" MaximumPoolSize="3"
MinimumPoolSize="2" Name="StatelessSessionPool"
PrimaryAddresses="//wlehost:2468" UserName="wleuser"
UserRole="developer" WLEDomain="ejbsample"/>
<!--CachingRealm BasicRealm="defaultRDBMSRealmForCloudscape" Name="defaultCachingRealm"/-->
<CachingRealm Name="defaultCachingRealm" BasicRealm="defaultRDBMSRealmForCloudscape"/>
<JMSServer Name="examplesJMSServer" Store="exampleJDBCStore" Targets="examplesServer">
<JMSQueue JNDIName="weblogic.examples.jms.exampleQueue" Name="exampleQueue"/>
<JMSTopic JNDIName="quotes" Name="quotes"/>
<JMSTopic JNDIName="weblogic.examples.jms.exampleTopic" Name="exampleTopic"/>
</JMSServer>
<StartupClass ClassName="examples.rmi.multihello.HelloImpl"
FailureIsFatal="false" Name="multihello"/>
<JMSJDBCStore ConnectionPool="demoPool" Name="exampleJDBCStore"/>
<Security GuestDisabled="false" Name="examples"
PasswordPolicy="wl_default_password_policy" Realm="myRealm" SystemUser="system"/>
<StartupClass
Arguments="connectionFactory=weblogic.examples.jms.TopicConnectionFactory,topic=weblogic.examples.jms.exampleTopic"
ClassName="examples.jms.startup.PoolReceive"
FailureIsFatal="false" Name="poolReceive"/>
<Application Deployed="true" Name="xml_xslt_content" Path=".\config\examples\applications">
<EJBComponent Name="xml_xslt_content" Targets="examplesServer" URI="xml_xslt_content.jar"/>
</Application>
<!--FileRealm Name="myFileRealm"/-->
<Application Deployed="true" Name="ejb_subclass" Path=".\config\examples\applications">
<EJBComponent Name="ejb_subclass" Targets="examplesServer" URI="ejb_subclass.jar"/>
</Application>
<Application Deployed="true" Name="security-1" Path=".\config\examples\applications">
<WebAppComponent Name="security" Targets="examplesServer" URI="security"/>
</Application>
<XMLRegistry Name="examplesXMLRegistry">
<XMLRegistryEntry EntityPath="stocktrade.dtd" Name="stocktrade"
PublicId="examples.xml.http-stocktrade" RootElementTag="stocktrade"/>
</XMLRegistry>
<StartupClass ClassName="examples.security.acl.FrobImpl"
FailureIsFatal="false" Name="FrobImpl"/>
<Application Name="security" Path="d:\bea\wlserver6.0\samples\examples\webapp">
<WebAppComponent Name="security" URI="security"/>
</Application>
</Domain>
config.xml
Content-Type:
text/xml
Content-Encoding:
quoted-printable
Similar Messages
-
Re: HELP..serious issues with RdbmsRealm in WL 4.5
d> the error seems to imply that the server cannot find the database
d> RdbmsRealm, but it is located just off the weblogic server path, so
d> I'm not sure why.
It looks like you haven't initialised your tables.
<b
Let us pray:
What a Great System.
Please Do Not Crash.
^G^IP@P6David Regan <[email protected]> wrote in message
news:8ciqdm$mhh$[email protected]..
the RdbmsRealm table is populated, I checked it with cloudview. It almost
seems like
it cannot find the right database, but I'm not sure why not unless the URL
in the realm_prop file
is wrong.
this is the relevant excerpt from my weblogic.realm_properties file
# - - - - - - CLOUDSCAPE - - - - - - -
dbURL=jdbc:cloudscape:RDBMSRealm;create=true;autocommit=false
driver=COM.cloudscape.core.JDBCDriver
dbUser=none
dbPassword=none
As I mentioned in the original posting, I changed dbUser and dbPasswordfrom
"","" to none,none.
(wouldnt run the test program successfully till I did so)
-David Regan
Callidus Software
[email protected]
Bryan O'Sullivan <[email protected]> wrote in message
news:[email protected]..
d> the error seems to imply that the server cannot find the database
d> RdbmsRealm, but it is located just off the weblogic server path, so
d> I'm not sure why.
It looks like you haven't initialised your tables.
<b
Let us pray:
What a Great System.
Please Do Not Crash.
^G^IP@P6 -
RdbmsRealm - how to make it work
I was running the example server. I would like to see if I can delegate the security to an rdbmsRealm. I followed the instruction from the documentation. I created the three tables for security in Oracle 8i Lite in my NT machine. I then startup the example server and created a security realm for my oracle 8i tables. I then selected the cacing realm and selected my oralce 8i Lite realm. However, this does not change the security because the new users that I created are still updated in the filerealm.properties file.
My understanding is that we should be able to use the oracle realm I just created for the wls realm. As for the caching realm, I thought it's there for performance reasons.
Could somebody tell me how to make it work? Thanks.Hi Susan:
I followed you instruction and modified the config.xml file to use the rdbmsRealm in that I set up in Oracle 8i Lite. I am using the Oracle 8i Lite driver to talk to the database. I then tried to create new users. From the console, it appears that the users are added successfully. However, the new users do not exit in the oracle 8i lite rdbmsRealm. They do not exist in the filerealm.properties file neither.
I then tried to use the cloudscape rdbmsRealm. This is achived by the following configuration in the config.xml file:
<CachingRealm BasicRealm="defaultRDBMSRealmForCloudscape" Name="defaultCachingRealm"/>
However, the realm initialization failed. Then I checked the definition for the cloudscape rdbmsRealm in the config file and found out that the schemaproperties entried are all chopped off. This is because of the bug you told me earlier.
I would like to get the cloudscape rdbmsRealm working first and then try to find out why the oracle 8i Lite rdbmsRealm did not work. Could you please send me the schemaproperties entries needed for the cloudscape rdbmsRealm? Thanks.
Helen
"Suresh Vallabhaneni" <[email protected]> wrote:
>
Hi Helen
Here is a sample of what you need in the config.xml. Modify to match your environment.
<Security
Realm="defaultRealm"
/>
<Realm
Name="defaultRealm"
FileRealm="defaultFileRealm"
CachingRealm="defaultCachingRealm"
/>
<CachingRealm
Name="defaultCachingRealm"
BasicRealm="defaultRDBMSRealmForOracle"
/>
SUBSTITUTE THE REQUIRED VALUES FOR THE RDBMS REALM
<RDBMSRealm
Name="defaultRDBMSRealmForOracle"
RealmClassName="examples.security.rdbmsrealm.RDBMSRealm"
DatabaseDriver="weblogic.jdbc.oci.Driver"
DatabaseURL="jdbc:weblogic:oracle:yourdatabase"
DatabaseUserName=""
DatabasePassword=""
SchemaProperties=""
/>
Let me know if you still have a problem.
thanks
"Helen Semus" <[email protected]> wrote:
Hi Suresh:
Yes, I was selecting the default cacherealm from the console.
I checked my config.xml for the exampe server. You are right. The schemaProperties attribute values are truncated. I guess I will have to manually modify my config.xml file to get it to work.
Besides making sure the attributes for the rdbmsRealm element correct, is there anyother element or attribute that I need to set to enable the rdbmsRealm?
Thanks.
Helen
"Suresh Vallabhaneni" <[email protected]> wrote:
Hi Helen
Are you trying to select the caching realm through console? There is a release note on this(http://www.weblogic.com/docs60/notes/issues.html#1029973) that selecting the caching realm through console will corrupt the config file. If you're doing otherwise, plz let me know.
thanks
"Helen Semus" <[email protected]> wrote:
I was running the example server. I would like to see if I can delegate the security to an rdbmsRealm. I followed the instruction from the documentation. I created the three tables for security in Oracle 8i Lite in my NT machine. I then startup the example server and created a security realm for my oracle 8i tables. I then selected the cacing realm and selected my oralce 8i Lite realm. However, this does not change the security because the new users that I created are still updated in the filerealm.properties
file.
My
understanding
is
that we should be able to use the oracle realm I just created for the wls realm. As for the caching realm, I thought it's there for performance reasons.
Could somebody tell me how to make it work? Thanks. -
RDBMSRealm - Cloudscape rdbms security realm
Have a bit of a problem with the cloudscape rdbms security realm shipped with weblogic
6.1
I am trying the sample rdbmsrealm secuirty example in WLS6.1 SP2.
I changed the class RDBMSRealm.java to add a public method say
display();
From my jsp page I have
RDBMSRealm realm = new RDBMSRealm();
realm.display();
realm.getUser("jason").getName();
When I run this I am able to access the display method, but
the call to getUser fails with
<Feb 27, 2002 12:58:11 PM PST> <Error> <HTTP> <[WebAppServletContext(5278096,for
mauth,/formauth)] Servlet failed with Exception
ERROR 40XL1: A lock could not be obtained within the time requested
at c8e.c_.b.newException(Unknown Source)
at c8e._g.g.lockObject(Unknown Source)
at c8e._g.f.zeroDurationlockObject(Unknown Source)
at c8e.as.r.lockRecordForRead(Unknown Source)
at c8e.s.h.lockPositionForRead(Unknown Source)
at c8e.s.d.fetchRows(Unknown Source)
at c8e.w.g.fetchNextGroup(Unknown Source)
at c8e.h.h.e(Unknown Source)
at c8e.h.h.getNextRowCore(Unknown Source)
at c8e.h.z_.getNextRow(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.next(Unknown Source)
at examples.security.rdbmsrealm.RDBMSDelegate.getUser(RDBMSDelegate.java
:270)
In my JSP page when I
weblogic.security.acl.CachingRealm realm =
(weblogic.security.acl.CachingRealm) weblogic.security.acl.Security.getRealm();
realm.getUser() works, But I am not able to access/find display()
realm.display();
Any suggestions would help. Thanks
Seshadri
<CachingRealm BasicRealm="defaultRDBMSRealmForCloudscape" Name="defaultCachingRealm"/>
<Realm CachingRealm="defaultCachingRealm" FileRealm="wl_default_file_realm" Name="wl_default_file_realm"/>"Seshadri" <[email protected]> wrote:
>
Have a bit of a problem with the cloudscape rdbms security realm shipped
with weblogic
6.1
I am trying the sample rdbmsrealm secuirty example in WLS6.1 SP2.
I changed the class RDBMSRealm.java to add a public method say
display();
From my jsp page I have
RDBMSRealm realm = new RDBMSRealm();
realm.display();
realm.getUser("jason").getName();
When I run this I am able to access the display method, but
the call to getUser fails with
<Feb 27, 2002 12:58:11 PM PST> <Error> <HTTP> <[WebAppServletContext(5278096,for
mauth,/formauth)] Servlet failed with Exception
ERROR 40XL1: A lock could not be obtained within the time requested
at c8e.c_.b.newException(Unknown Source)
at c8e._g.g.lockObject(Unknown Source)
at c8e._g.f.zeroDurationlockObject(Unknown Source)
at c8e.as.r.lockRecordForRead(Unknown Source)
at c8e.s.h.lockPositionForRead(Unknown Source)
at c8e.s.d.fetchRows(Unknown Source)
at c8e.w.g.fetchNextGroup(Unknown Source)
at c8e.h.h.e(Unknown Source)
at c8e.h.h.getNextRowCore(Unknown Source)
at c8e.h.z_.getNextRow(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.next(Unknown Source)
at examples.security.rdbmsrealm.RDBMSDelegate.getUser(RDBMSDelegate.java
:270)
In my JSP page when I
weblogic.security.acl.CachingRealm realm =
(weblogic.security.acl.CachingRealm) weblogic.security.acl.Security.getRealm();
realm.getUser() works, But I am not able to access/find display()
realm.display();
Any suggestions would help. Thanks
Seshadri
<CachingRealm BasicRealm="defaultRDBMSRealmForCloudscape" Name="defaultCachingRealm"/>
<Realm CachingRealm="defaultCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_file_realm"/> -
Using Cloudscape for rdbmsRealm
Using WLS60sp1 on WinNTor HP-UX I was unable to modify user information against the
shipped cloudscape
database. After boot up all users in the demo DB were displayed as expected but I
couldn't modify users settings
although the console confirmed that but nothing changed in Cloudscape. I wonder if
I missed something as this
is default WLS right after installing but I can't see what to specify more in the
console and nothing has been
written to the logs.
Any ideas? Thx.Using WLS60sp1 on WinNTor HP-UX I was unable to modify user information against the
shipped cloudscape
database. After boot up all users in the demo DB were displayed as expected but I
couldn't modify users settings
although the console confirmed that but nothing changed in Cloudscape. I wonder if
I missed something as this
is default WLS right after installing but I can't see what to specify more in the
console and nothing has been
written to the logs.
Any ideas? Thx. -
Problem w. newUser(): WLS6.0, RDBMSRealm
Hi,
I'm trying to create a new user with the RDBMSRealm. The user is created, but not
saved in the Cloudscape db (the name apperas in the console but disappears at restart).
Does anybody know why..? Am I doing something wrong? I'm using the following code:
RDBMSRealm rdbms = (RDBMSRealm)Security.getCurrentUser().getRealm();
User created = rdbms.newUser("zapa", "zapa", null);
Any help greatly appreciated!
Regards,
Rolle"Seshadri" <[email protected]> wrote:
>
Have a bit of a problem with the cloudscape rdbms security realm shipped
with weblogic
6.1
I am trying the sample rdbmsrealm secuirty example in WLS6.1 SP2.
I changed the class RDBMSRealm.java to add a public method say
display();
From my jsp page I have
RDBMSRealm realm = new RDBMSRealm();
realm.display();
realm.getUser("jason").getName();
When I run this I am able to access the display method, but
the call to getUser fails with
<Feb 27, 2002 12:58:11 PM PST> <Error> <HTTP> <[WebAppServletContext(5278096,for
mauth,/formauth)] Servlet failed with Exception
ERROR 40XL1: A lock could not be obtained within the time requested
at c8e.c_.b.newException(Unknown Source)
at c8e._g.g.lockObject(Unknown Source)
at c8e._g.f.zeroDurationlockObject(Unknown Source)
at c8e.as.r.lockRecordForRead(Unknown Source)
at c8e.s.h.lockPositionForRead(Unknown Source)
at c8e.s.d.fetchRows(Unknown Source)
at c8e.w.g.fetchNextGroup(Unknown Source)
at c8e.h.h.e(Unknown Source)
at c8e.h.h.getNextRowCore(Unknown Source)
at c8e.h.z_.getNextRow(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.next(Unknown Source)
at examples.security.rdbmsrealm.RDBMSDelegate.getUser(RDBMSDelegate.java
:270)
In my JSP page when I
weblogic.security.acl.CachingRealm realm =
(weblogic.security.acl.CachingRealm) weblogic.security.acl.Security.getRealm();
realm.getUser() works, But I am not able to access/find display()
realm.display();
Any suggestions would help. Thanks
Seshadri
<CachingRealm BasicRealm="defaultRDBMSRealmForCloudscape" Name="defaultCachingRealm"/>
<Realm CachingRealm="defaultCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_file_realm"/> -
NotOwnerException when trying sample RDBMSRealm
Hi,
Currently, i'm using WL6.0 on NT and trying out RDBMSRealm from console. I could make it work the way it is described, but when I try to change any of the permission to any group or user, i get following error msgs. I logged in as a "system" and trying to grant "write" permission (to "disk" ACL) to user "scott" from a console. I get following exceptions... What could be going wrong here ?
Thanks a lot for yr help....
V.S
java.security.acl.NotOwnerException
at weblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:753)
at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
java.lang.InternalError: aclOwner not owner
at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:772)
at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)For the record:
Suresh,
Update on my case....
Having downloaded and configured the latest release of WL server (beta 2), I could successfully test some of our requirements using WL Realm.
As a first step part of an iterative process, I tried creating users, groups and ACLs (Access control lists similar to permission ) , then associated users to groups , granted specific privilege to principals (users/groups) so on... Everything seems to be working fine...
Next, I'll be making it work with RDBMS since right now it uses FileRealm not the databaseRealm. I'll update you on this as I progress...
Thanks a lot for yr continued support...
Regards,
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 4:17 PM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help
Vishal
Nope. Beta refresh is somewhere around mid Nov.
thanks
At 04:09 PM 11/22/00 -0500, [email protected] wrote:
I think, i'm using 6.0 beta. WebLogic Server (6.0.0b1 10/06/2000 22:34:17 >#86762)
b1 signify beta refresh ?
Thanks
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 4:08 PM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help
Hi Vishal
fileRealm is the default realm with WebLogic Server. If an operation fails >on an alternate realm, usually it will failover to the default >Realm(stored in fileRealm.properties). If the failover is not handled >well, the server may throw an exception. I believe the issue of FileRealm >not getting refreshed in the console is fixed in the later loads, I'm not >sure its fixed in Beta refresh though. Are u using beta or beta refresh of >6.0? Will get back to u whether this is available in beta refresh later.
thanks
At 03:48 PM 11/22/00 -0500, you wrote:
Suresh,
Thanks once again.
I could create a user, group and ACLs , ("vshah", "Trader", "Trade > (Buy, >Sell , Buy&Sell permissions) but the changes don't reflect > immediately. I >had to bring down the server and restart it again.
Having looked around , i then found out that this new information > gets >stored in "FileRealm.properties" file (security realm ???) and not > updated >to the database.(cloudscape)
Shouldn't the changes persist to DB ? As per the documentation it says,
A Sample Custom Security Realm
The weblogic.security.rdbmsrealm package in > the >samples/examples/security/rdbmsrealm directory is a custom security > realm >that uses a relational database for its security store. Attached > is a >FileRealm.properties file
Regards,
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 1:41 PM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help
Vishal
This is what I gathered from the developer for the Realm stuff:
RDBMS realm is only partially manageable. The operation supported are:
(1) Users - Create, Delete and Change Password
(2) Groups - Delete, Modify(Create is not supported)
(3) Acls - No operations are supported
Plz let me know if you're having problems with any of the operations > that >are supported.
thanks
At 12:09 PM 11/22/00 -0500, you wrote:
Thanks, See u on Monday.
Have a wondeful thanksgiving.
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 12:11 PM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help
Vishal
I'm sorry. Yes, RDBMS realm is the only manageable realm out of the > four
alternate realms we support. I may not be able to answer your question
today. I'll get back to you with an answer by Monday.
thanks
At 11:54 AM 11/22/00 -0500, you wrote:
Hi Suresh,
There are couple of things going on...
First, I could add user "vshah" with password "vshah", added group"Trader"
and made "vshah" belonging to this group. Then created a new ACL > "Trade"
with two permissions "Buy" and "Sell" and granted
"vshah" to these perm. So far so good.
Next, I tried adding few more users, and followed very similiar > patternas
in the first case to create groups, ACLS and grant permissions to > thesenew
users. But, nothing works. Sometimes, when I grant a permission to anuser,
it immediately reflects on the console and sometimes it doesn't. The
behaviour is not quite consistent. Even I restart the server, i > > don't see
those new users, groups and ACLs.
I'm extracting few lines from a log file that would help....
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090049>
<System user unperson does not exist, creating it.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090044>
<Principal rdoust does not exist thus cannot be added to group > > SuperTFA.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090047>
<Principal jpatel does not exist thus cannot be added to ACL Trade.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090047>
<Principal jpatel does not exist thus cannot be added to ACL Trade.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090047>
<Principal rdoust does not exist thus cannot be added to ACL Trade.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090047>
<Principal rdoust does not exist thus cannot be added to ACL Trade.>
For existing ACLs as part of a sample example (RDBMSRealm) , i > couldn't
add/modify/remove any permissions to any users/groups.
I looked at RDBMSRealm source code and it extends"AbstractManageableRealm"
so it should allow changes to the realm.
Thanks again
P.S. Attached pl see the screen dumps and log file...
<<screenshots.zip>> <<weblogic.log>>
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 11:23 AM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help [Shah, > Vishal]
Vishal
For now modify the table in the database directly. I can keep you
posted
about realm enhancements in the next release if you're interested.
thanks
At 11:16 AM 11/22/00 -0500, you wrote:
Hi,
Thanks for a prompt answer.
You got me right, i'm trying to add/modify/create new ACLs > and > change
permissions to users thro' console.
How would I go about doing this ?
Thanks again...
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 11:16 AM
To: Shah, Vishal
Subject: Re: NotOwnerException thrown... pl help
Hi Vishal
RDBMS Realm is a Listable realm not a Manageable realm, meaning
you
cannot
make any changes to a user, group or acl defined in the RDBMS
Realm. I
guess you're trying to modify the acl defined in the RDBMS > Realmthru
console. You cannot do that thru the console. If this is > not whatyou're
doing and I didnot interpret your problem correctly, plz let me
know.
thanks
At 06:59 PM 11/21/00 -0500, you wrote:
Hi Suresh,
Instead of posting this msg to newgroup, I thought of > addressing
directly
to
u so that I can answer immidiately from a bea person.
Currently, i'm using WL6.0 on NT and trying out RDBMSRealm > from
console.
I
could make it work the way it is described, but when I try to
change
any
of
the permission to any group or user, i get following error > msgs.
I
logged
in
as a "system" and trying to grant "write" permission (to > "disk"
ACL)
to
user "scott" from a console. I get following exceptions... > What
could
be
going wrong here ?
Thanks a lot for yr help....
java.security.acl.NotOwnerException
atweblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
at
weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.ja > va > :753
at
weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java: > 2079)
atweblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.internal.DynamicMBeanImpl.invokeLocally(Dynamic > MB > eanI
mpl
.java:536)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanIm > pl > .jav
a:5
22)
at java.lang.reflect.Method.invoke(Native Method)
at
javax.management.MBeanServer.invoke(MBeanServer.java:1543)
atjavax.management.MBeanServer.invoke(MBeanServer.java:1501)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
atweblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
atweblogic.management.configuration.AclMBean_CachingStub.grantPermiss > io > n(Ac
lMB
ean_CachingStub.jav
at
weblogic.management.console.pages._panels._mbean._aclpermissiontabl > e. > _jsp
Ser
vice(_aclpermission
at > > weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStub > Im > pl.j
ava
:209)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebApp > Se > rvle
tCo
ntext.java:1114)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequest > Im > pl.j
ava
:1388)
at
weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at
weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
java.lang.InternalError: aclOwner not owner
atweblogic.security.acl.internal.FileRealm.setPermission(FileRealm.ja > va > :772
at
weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java: > 2079)
atweblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.internal.DynamicMBeanImpl.invokeLocally(Dynamic > MB > eanI
mpl
.java:536)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanIm > pl > .jav
a:5
22)
at java.lang.reflect.Method.invoke(Native Method)
at
javax.management.MBeanServer.invoke(MBeanServer.java:1543)
atjavax.management.MBeanServer.invoke(MBeanServer.java:1501)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
atweblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
atweblogic.management.configuration.AclMBean_CachingStub.grantPermiss > io > n(Ac
lMB
ean_CachingStub.jav
at
weblogic.management.console.pages._panels._mbean._aclpermissiontabl > e. > _jsp
Ser
vice(_aclpermission
at > > weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStub > Im > pl.j
ava
:209)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebApp > Se > rvle
tCo
ntext.java:1114)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequest > Im > pl.j
ava
:1388)
at
weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at
weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
"Suresh Vallabhaneni" <[email protected]> wrote:
>
Vishal
I'm sorry. Yes, RDBMS realm is the only manageable realm out of the four alternate realms we support. I may not be able to answer your question today. I'll get back to you with an answer by Monday.
thanks
"Suresh Vallabhaneni" <[email protected]> wrote:
Hi Vishal
RDBMS Realm is a Listable realm not a Manageable realm, meaning you cannot make any changes to a user, group or acl defined in the RDBMS Realm. I guess you're trying to modify the acl defined in the RDBMS Realm. You cannot do that thru the console. If this is not what you're doing and I didnot interpret your problem correctly, plz let me know.
thanks
"V Shah" <[email protected]> wrote:
Hi,
Currently, i'm using WL6.0 on NT and trying out RDBMSRealm from console. I could make it work the way it is described, but when I try to change any of the permission to any group or user, i get following error msgs. I logged in as a "system" and trying to grant "write" permission (to "disk" ACL) to user "scott" from a console. I get following exceptions... What could be going wrong here ?
Thanks a lot for yr help....
V.S
java.security.acl.NotOwnerException
at weblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:753)
at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
java.lang.InternalError: aclOwner not owner
at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:772)
at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116) -
Problem when using cloudscape on JBoss
Hi All,
I try to run Petstore 1.3.2 on JBoss 3.2.3. I used a patch for Petstore 1.3.2 to run on JBoss 3.0.1 RC1. I tested, this patch works on 3.0.1 well. Using database cloudscape, provided by j2eesdk 1.3.1.
But it doesnt work in 3.2.3.
link to the patch and doc:
http://docs.huihoo.com/jboss/petstore.html
I changed two things of JBoss 3.2.3:
First, I changed "C:\jboss-3.2.3\server\default\conf\login-config.xml"
add following lines into it:
Code:
<application-policy name = "CloudscapeDbRealm">
<authentication>
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
<module-option name = "principal"></module-option>
<module-option name = "userName">estoreuser</module-option>
<module-option name = "password">estore</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=EstoreDataSource</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name = "CloudscapeDbRealmInventory">
<authentication>
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
<module-option name = "principal"></module-option>
<module-option name = "userName">estoreuser</module-option>
<module-option name = "password">estore</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=InventoryDataSource</module-option>
</login-module>
</authentication>
</application-policy> --------------------------------------------------------------------
Second, I copy a file called "cloudscape-service.xml" into "C:\jboss-3.2.3\server\default\deploy"
The content of this file:
<server>
<mbean code="org.jboss.resource.connectionmanager.LocalTxConnectionManager" name="jboss.jca:service=LocalTxCM,name=EstoreDataSource">
<attribute name="SecurityDomainJndiName">CloudscapeDbRealm</attribute>
<depends optional-attribute-name="ManagedConnectionFactoryName">
<!--embedded mbean-->
<mbean code="org.jboss.resource.connectionmanager.RARDeployment" name="jboss.jca:service=LocalTxDS,name=EstoreDataSource"> <!--DS-->
<attribute name="JndiName">EstoreDB</attribute>
<attribute name="ManagedConnectionFactoryProperties">
<properties>
<config-property name="ConnectionURL" type="java.lang.String">jdbc:rmi://localhost:1099/jdbc:cloudscape:EstoreDB;create=true</config-property>
<config-property name="DriverClass" type="java.lang.String">COM.cloudscape.core.RmiJdbcDriver</config-property>
<!--set these only if you want only default logins, not through JAAS -->
<config-property name="UserName" type="java.lang.String">estoreuser</config-property>
<config-property name="Password" type="java.lang.String">estore</config-property>
</properties>
</attribute>
<!--hack-->
<depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper</depends>
</mbean>
</depends>
<depends optional-attribute-name="ManagedConnectionPool">
<!--embedded mbean-->
<mbean code="org.jboss.resource.connectionmanager.JBossManagedConnectionPool" name="jboss.jca:service=LocalTxPool,name=EstoreDataSource">
<attribute name="MinSize">0</attribute>
<attribute name="MaxSize">50</attribute>
<attribute name="BlockingTimeoutMillis">5000</attribute>
<attribute name="IdleTimeoutMinutes">15</attribute>
<attribute name="Criteria">ByContainer</attribute>
</mbean>
</depends>
<depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager</depends>
<depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
<attribute name="TransactionManager">java:/TransactionManager</attribute>
<!--make the rar deploy! hack till better deployment-->
<depends>jboss.jca:service=RARDeployer</depends>
</mbean>
<mbean code="org.jboss.resource.connectionmanager.LocalTxConnectionManager" name="jboss.jca:service=LocalTxCM,name=InventoryDataSource">
<!--uncomment out this line if you are using the Informix DbRealm above -->
<attribute name="SecurityDomainJndiName">CloudscapeDbRealmInventory</attribute>
<depends optional-attribute-name="ManagedConnectionFactoryName">
<!--embedded mbean-->
<mbean code="org.jboss.resource.connectionmanager.RARDeployment" name="jboss.jca:service=LocalTxDS,name=InventoryDataSource"> <!--DS-->
<attribute name="JndiName">InventoryDB</attribute>
<attribute name="ManagedConnectionFactoryProperties">
<properties>
<config-property name="ConnectionURL" type="java.lang.String">jdbc:rmi://localhost:1099/jdbc:cloudscape:EstoreDB;create=true</config-property>
<config-property name="DriverClass" type="java.lang.String">COM.cloudscape.core.RmiJdbcDriver</config-property>
<!--set these only if you want only default logins, not through JAAS -->
<config-property name="UserName" type="java.lang.String">estoreuser</config-property>
<config-property name="Password" type="java.lang.String">estore</config-property>
</properties>
</attribute>
<!--hack-->
<depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper</depends>
</mbean>
</depends>
<depends optional-attribute-name="ManagedConnectionPool">
<!--embedded mbean-->
<mbean code="org.jboss.resource.connectionmanager.JBossManagedConnectionPool" name="jboss.jca:service=LocalTxPool,name=InventoryDataSource">
<attribute name="MinSize">0</attribute>
<attribute name="MaxSize">50</attribute>
<attribute name="BlockingTimeoutMillis">5000</attribute>
<attribute name="IdleTimeoutMinutes">15</attribute>
<attribute name="Criteria">ByContainer</attribute>
</mbean>
</depends>
<depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager</depends>
<depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
<attribute name="TransactionManager">java:/TransactionManager</attribute>
<!--make the rar deploy! hack till better deployment-->
<depends>jboss.jca:service=RARDeployer</depends>
</mbean>
</server>
(I started cloudscape.)
JBoss 3.2.3 seems has no problem with the modification of "login-config.xml".
However, JBoss 3.2.3 can't deploy "cloudscape-service.xml". It shows error msg when I start it:
12:22:18,140 ERROR [URLDeploymentScanner] MBeanException: Exception in MBean operation 'checkIncompleteDeployments()'
Cause: Incomplete Deployment listing:
Packages waiting for a deployer:
Incompletely deployed packages:
MBeans waiting for classes:
MBeans waiting for other MBeans:
[ObjectName: jboss.jca:service=LocalTxCM,name=EstoreDataSource
state: FAILED
I Depend On: jboss.jca:service=LocalTxDS,name=EstoreDataSource
Depends On Me: org.jboss.deployment.DeploymentException: Exception setting attribute javax.management.Attribute: name=ManagedConnectionFactoryName value=jboss.
jca:service=LocalTxDS,name=EstoreDataSource on mbean jboss.jca:service=LocalTxCM,name=EstoreDataSource; - nested throwable: (javax.management.AttributeNotFoundException: Writable attribute 'ManagedConnectionFactoryName' not found), ObjectName: jboss.jca:service=LocalTxDS,name=EstoreDataSource
state: FAILED
I Depend On:
Depends On Me: jboss.jca:service=LocalTxCM,name=EstoreDataSource
org.jboss.deployment.DeploymentException: No Attribute found with name: JndiName, ObjectName:
jboss.jca:service=LocalTxCM,name=InventoryDataSource
state: FAILED
I Depend On: jboss.jca:service=LocalTxDS,name=InventoryDataSource
Depends On Me: org.jboss.deployment.DeploymentException: Exception setting attribute javax.management.Attribute: name=ManagedConnectionFactoryName value=jboss.
jca:service=LocalTxDS,name=InventoryDataSource on mbean jboss.jca:service=LocalTxCM,name=InventoryDataSource; - nested
throwable: (javax.management.AttributeNotFoundException: Writable attribute 'ManagedConnectionFactoryName' not found), ObjectName: jboss.jca:service=LocalTxDS,name=InventoryDataSource
state: FAILED
I Depend On:
Depends On Me: jboss.jca:service=LocalTxCM,name=InventoryDataSource
org.jboss.deployment.DeploymentException: No Attribute found with name: JndiName
The Petstore still can run, but shows "Unable to Connect to Database
Database Connection is closed: Confirm that you have started your database."
Could anyone kindly help with this problem, please?
The reason why I using 3.2.3 is the project I am working on need to use TPTP BTM to monitor Petstore.
But eclipse seems just support JBoss 3.2.3 and JBoss 4.0.
I have the same problem with JBoss 4.0.5 GA.
Thank you very much!Hi,
I am having the same issue with Siebel on Demand web services. I was wondering if you ever solved this issue??? -
Error when creating table in cloudscape database
Hi, all:
I installed j2sdk1.4.0, j2sdkee1.3.1 on windows XP. I am able to start j2ee, cloudscape and deploy without error. I try to follow the J2EE tutorial to setting up the database, I go to the j2eetutorial/examples directory and type "ant create-savingsaccount-table", I got error "java.lang.NoClassDefFoundError: COM/cloudscape/tools/ij".
Following are the environment variables:
JAVA_HOME C:\j2sdk1.4.0
J2EE_HOME C:\j2sdkee1.3.1
CLASSPATH %JAVA_HOME%\lib\tools.jar;%J2EE_HOME%\lib\j2ee.jar;%J2EE_HOME%\lib\jhall.jar;%J2EE_HOME%\lib\system\cloudutil.jar;%J2EE_HOME%\lib\system\cloudscape.jar;%J2EE_HOME%\lib\cloudscape\cloudclient.jar;%J2EE_HOME%\lib\cloudscape\RmiJdbc.jar
cloudscape is from the j2ee1.3.1 bundle. does anyone know how to get around this?
please help. thanks in advance.I'm having the same problem.
I really did some searching put couldn't find a working solution :|
This worked fine at work but when I continued learing at home it didn't work anymore. I have xp at home and nt4 at work. -
Unable to create a table in cloudscape with solaris
Hi experts,
I have WLS6.1 running on Solaris. I'm trying to create tables in cloudscape but
it throughs NullPointerException. I'm able to run java utils.Schema jdbc:cloudscape:test;create=true
COM.cloudscape.core.JDBCDriver
-verbose test.ddl
This is the error :
CREATE TABLE test ( id varchar(32), name varchar(32))
SQL Exception: Java exception: ': java.lang.NullPointerException'.
SQL Error Code: 0
SQL State: XJ001
It creates empty database. I have the required permission. And I can run java
COM.cloudscape.tools.cview but when I try to create a table even using cview it
throughs NullPointerException.
Any help is appreciated.Try this SQL statement:
CREATE TABLE myTable (myField COUNTER)
This creates a table with name 'myTable' and a column 'myField' of type AutoNumber. -
In order to use RDBMSRealm ... HELP!
In order to use RDBMSRealm, I appended the following content in
weblogic.properties:
weblogic.security.realmClass=rdbmsrealm.RDBMSRealm
weblogic.security.realm.cache.user.enable=true
weblogic.security.realm.cache.group.enable=true
weblogic.security.realm.cache.permission.enable=true
weblogic.security.realm.cache.acl.enable=true
weblogic.security.realm.cache.auth.enable=true
Then some exceptions like the following turned up:
The WebLogic Server did not start up properly.
Exception raised: java.lang.reflect.InvocationTargetException
java.lang.reflect.InvocationTargetException: java.lang.NoClassDefFoundError:
weblogic/utils/NestedRuntimeException
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at rdbmsrealm.RDBMSDelegate$DFactory.newInstance(RDBMSDelegate.java:894)
at weblogic.utils.reuse.Pool.getInstance(Pool.java:57)
at rdbmsrealm.RDBMSRealm.getDelegate(RDBMSRealm.java:114)
at rdbmsrealm.RDBMSRealm.getPermission(RDBMSRealm.java:516)
at weblogic.security.acl.CachingRealm.getPermission(CachingRealm.java:1698)
at weblogic.security.acl.CachingRealm.setupAcls(CachingRealm.java:757)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:706)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:564)
at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1084)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
java.lang.NoClassDefFoundError: weblogic/utils/NestedRuntimeException
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at rdbmsrealm.RDBMSDelegate$DFactory.newInstance(RDBMSDelegate.java:894)
at weblogic.utils.reuse.Pool.getInstance(Pool.java:57)
at rdbmsrealm.RDBMSRealm.getDelegate(RDBMSRealm.java:114)
at rdbmsrealm.RDBMSRealm.getPermission(RDBMSRealm.java:516)
at weblogic.security.acl.CachingRealm.getPermission(CachingRealm.java:1698)
at weblogic.security.acl.CachingRealm.setupAcls(CachingRealm.java:757)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:706)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:564)
at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1084)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
Could anybody tell me why? Thank you very much!
* @Name: Gary Wang
* @Company: CNUOL
* @Tel: 85191818-517The reason is that the realmClass is wrong. You need the complete qualified class
name, which I believe is something like "examples.security.rdbmsrealm.RDBMSRealm".
I'm not sure that that's correct, but you get the idea. Also make sure that it's
all compiled and placed in the proper directory (on mine it's myserver/serverclasses/examples/security/rdbmsrealm)
Cheers,
BKR
"Gary Wang" <[email protected]> wrote:
In order to use RDBMSRealm, I appended the following content in
weblogic.properties:
weblogic.security.realmClass=rdbmsrealm.RDBMSRealm
weblogic.security.realm.cache.user.enable=true
weblogic.security.realm.cache.group.enable=true
weblogic.security.realm.cache.permission.enable=true
weblogic.security.realm.cache.acl.enable=true
weblogic.security.realm.cache.auth.enable=true
Then some exceptions like the following turned up:
The WebLogic Server did not start up properly.
Exception raised: java.lang.reflect.InvocationTargetException
java.lang.reflect.InvocationTargetException: java.lang.NoClassDefFoundError:
weblogic/utils/NestedRuntimeException
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at rdbmsrealm.RDBMSDelegate$DFactory.newInstance(RDBMSDelegate.java:894)
at weblogic.utils.reuse.Pool.getInstance(Pool.java:57)
at rdbmsrealm.RDBMSRealm.getDelegate(RDBMSRealm.java:114)
at rdbmsrealm.RDBMSRealm.getPermission(RDBMSRealm.java:516)
at weblogic.security.acl.CachingRealm.getPermission(CachingRealm.java:1698)
at weblogic.security.acl.CachingRealm.setupAcls(CachingRealm.java:757)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:706)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:564)
at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1084)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
java.lang.NoClassDefFoundError: weblogic/utils/NestedRuntimeException
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at rdbmsrealm.RDBMSDelegate$DFactory.newInstance(RDBMSDelegate.java:894)
at weblogic.utils.reuse.Pool.getInstance(Pool.java:57)
at rdbmsrealm.RDBMSRealm.getDelegate(RDBMSRealm.java:114)
at rdbmsrealm.RDBMSRealm.getPermission(RDBMSRealm.java:516)
at weblogic.security.acl.CachingRealm.getPermission(CachingRealm.java:1698)
at weblogic.security.acl.CachingRealm.setupAcls(CachingRealm.java:757)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:706)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:564)
at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1084)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
Could anybody tell me why? Thank you very much!
* @Name: Gary Wang
* @Company: CNUOL
* @Tel: 85191818-517 -
Hello.
I'm using WLS 5.1 with SP6 running on JDK1.2.2, platform is Windows NT
Server 4.0 SP6.
I want to know if there is a way to use wildcards to create entries for
RDBMSRealm.
The reason I want to use wildcards is that if I create an entry in the
ACLENTRIES table like this...:
A_NAME : weblogic.url
A_PRINCIPAL : testuser
A_PERMISSION : /index.html
I can restrict access for the URL http://localhost:7001/index.html to
"testuser."
However, when I create this entry, weblogic prompts for a username even if I
access a URL other than http://localhost:7001/index.html, for example,
http://localhost:7001/test.html.
When this happens, I cannot access "test.html" by using any of the usernames
that I have listed in my RDBMSRealm USERS table.
I was thinking that this works like the "weblogicURL.policy" file.
If you create one entry in the "weblogicURL.policy" file, all other URL
defaults to "everyone deny access".
I remembered that you can use wildcards in the "weblogicURL.policy" file, so
I tried changing the A_PERMISSION column to the following six patterns...:
A_PERMISSION : *
A_PERMISSION : -
A_PERMISSION : *.html
A_PERMISSION : /*
A_PERMISSION : /-
A_PERMISSION : /*.html
Using the six patterns, I tried to access http://localhost:7001/test.html
each time.
However, none of the four patterns above seemed to work, since I was
prompted and couldn't access even if I tried every username that I have in
my RDBMSRealm, in all of the six cases.
If I cannot use wildcards, this means that I would have to create entries
for every single HTML pages. (probably JSP pages, too)
Is there a way to use wildcards in the RDBMSRealm so that I can simplify
this?
Thanks ahead of time.
RYotaro.Thanks, Terry and Kishore!
I guess it's not a very smart idea to restrict access on URLs using the
RDBMSRealm...
What I was thinking was that if it was possible to put entries for Servlets,
URLs, etc... into one place, it would be easier for managers to manage
access control.
# For instance, it could cause some people confusion if access control for
URLs are listed in weblogicURL.policy and servlets are listed in RDBMSRealm.
It would be better if all of the entries are written in one place.
As a matter of fact, I have tried web-applications some time ago, and am
thinking of going back to it.
# As I recall, web-applications cannot be "hot-deployed." But there's
probably a way to get around it.
Thanks again!
Ryotaro.
"Kishore Talari" <[email protected]> wrote in message
news:[email protected]...
>
Try using a web application! Servlet spec 2.2+, WLS 510, SP6.
You can do a world of URL patterns!
The only change you will have to make is package the jsp/html,etc pagesinto a .war archive and write a web.xml file.
>
"Terry" <[email protected]> wrote:
I'm not sure that this is the way you want to go about it.
AFAICR there is no need to add aclentries in the RDBMSRealm database when
using the weblogicURL.policy file - simply add an entry to the policy
file
allowing access to all urls for all users, then add more specific entries
for those urls you wish to restrict access to. Adding stuff to the
ACLENTRIES table will not have any effect (I know because that is what I
tried first).
The documentation on wublogicURL.properties should tell you all that you
need to know
terry
Ryotaro Toda <[email protected]> wrote in message
news:[email protected]...
Hello.
I'm using WLS 5.1 with SP6 running on JDK1.2.2, platform is Windows NT
Server 4.0 SP6.
I want to know if there is a way to use wildcards to create entries for
RDBMSRealm.
The reason I want to use wildcards is that if I create an entry in the
ACLENTRIES table like this...:
A_NAME : weblogic.url
A_PRINCIPAL : testuser
A_PERMISSION : /index.html
I can restrict access for the URL http://localhost:7001/index.html to
"testuser."
However, when I create this entry, weblogic prompts for a username even
if
I
access a URL other than http://localhost:7001/index.html, for example,
http://localhost:7001/test.html.
When this happens, I cannot access "test.html" by using any of theusernames
that I have listed in my RDBMSRealm USERS table.
I was thinking that this works like the "weblogicURL.policy" file.
If you create one entry in the "weblogicURL.policy" file, all other URL
defaults to "everyone deny access".
I remembered that you can use wildcards in the "weblogicURL.policy"
file,
so
I tried changing the A_PERMISSION column to the following six
patterns...:
>>>
A_PERMISSION : *
A_PERMISSION : -
A_PERMISSION : *.html
A_PERMISSION : /*
A_PERMISSION : /-
A_PERMISSION : /*.html
Using the six patterns, I tried to accesshttp://localhost:7001/test.html
each time.
However, none of the four patterns above seemed to work, since I was
prompted and couldn't access even if I tried every username that I havein
my RDBMSRealm, in all of the six cases.
If I cannot use wildcards, this means that I would have to createentries
for every single HTML pages. (probably JSP pages, too)
Is there a way to use wildcards in the RDBMSRealm so that I cansimplify
this?
Thanks ahead of time.
RYotaro. -
Database connection problem from RDBMSRealm
Hi Everyone,
I am implementing an application with Weblogic5.1, RDBMSRealm, Merant type 4 JDBC driver and SQL server 7.0. When I am starting
the Weblogic server, I am getting an error as described as follows. Can anyone there give me a clue?
As you see, I am using Merant Spy JDBC driver (for debugging).
With this kind of driver, any JDBC calls to database server
in the code will be displayed.
As you know, there are a quite number of "prepareStatement" from RDBMSRealm. When the weblogic server is starting, they have to be initialized. I don't understand why it needs to make a connection for each "prepareStatement"?, and why it is still in connection mode after it is initialized?
Thanks a lot.
-John
Thu Jan 18 16:01:00 EST 2001:<I> <System Props> weblogic.system.home = Ppg
Thu Jan 18 16:01:00 EST 2001:<I> <System Props> weblogic.system.name = PpgServer
Thu Jan 18 16:01:00 EST 2001:<I> <WebLogicServer> Loaded License : D:/weblogic/license/WebLogicLicense.xml
Thu Jan 18 16:01:00 EST 2001:<I> <WebLogicServer> Server loading from weblogic.class.path. EJB redeployment enabled.
registerDriver: driver[className=com.merant.datadirect.jdbc.sqlserver.SQLServerDriver,com.merant.datadirect.jdbc.sqlserver.SQLServerDriver@d071d920]
skipping: driver[className=weblogic.jdbc.pool.Driver,weblogic.jdbc.pool.Driver@fdd92d]
spy>> Connection accepted by SQLServer
spy>> OK (Connection[1])
getConnection returning driver[className=com.merant.jdbcspy.SpyDriver,com.merant.jdbcspy.SpyDriver@cee1d920]
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT U_NAME, U_PASSWORD FROM users WHERE U_NAME = ?
spy>> OK (PreparedStatement[1])
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries WHERE A_NA..
spy>> OK (PreparedStatement[2])
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT U_NAME, U_PASSWORD FROM users
spy>> OK (PreparedStatement[3])
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT GM_GROUP, GM_MEMBER FROM groupmembers ORDER BY GM_GROUP
spy>> OK (PreparedStatement[4])
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A..
spy>> java.sql.SQLException: [MERANT][SQLServer JDBC Driver][SQLServer]Login fa..
java.sql.SQLException: [MERANT][SQLServer JDBC Driver][SQLServer]Login failed. The maximum simultaneous user count of 5 licenses for this 'Standard Edition' server has been exceeded. Additional licenses should be ob
tained and installed or you should upgrade to a full version.
at com.merant.datadirect.jdbc.base.BaseExceptions.getException(BaseExceptions.java:72)
at com.merant.datadirect.jdbc.sqlserver.tds.TDSRequest.processErrorToken(TDSRequest.java:401)
at com.merant.datadirect.jdbc.sqlserver.tds.TDSRequest.processReplyToken(TDSRequest.java:1571)
at com.merant.datadirect.jdbc.sqlserver.tds.TDSLoginRequest.processReplyToken(TDSLoginRequest.java:549)
at com.merant.datadirect.jdbc.sqlserver.tds.TDSRequest.processTokensInReply(TDSRequest.java, Compiled Code)
at com.merant.datadirect.jdbc.sqlserver.tds.TDSRequest.processReply(TDSRequest.java:1661)
at com.merant.datadirect.jdbc.sqlserver.SQLServerImplConnection.open(SQLServerImplConnection.java:98)
at com.merant.datadirect.jdbc.base.BaseConnection.getNewImplConnection(BaseConnection.java:405)
at com.merant.datadirect.jdbc.base.BaseConnection.getImplConnection(BaseConnection.java:333)
at com.merant.datadirect.jdbc.base.BaseStatement.getImplConnection(BaseStatement.java:1223)
at com.merant.datadirect.jdbc.base.BaseStatement.getImplStatement(BaseStatement.java:1241)
at com.merant.datadirect.jdbc.base.BasePreparedStatement.<init>(BasePreparedStatement.java:63)
at com.merant.datadirect.jdbc.base.BaseConnection.prepareStatement(BaseConnection.java:960)
at com.merant.jdbcspy.SpyConnection.prepareStatement(Unknown Source)
at com.bea.ppg.rdbmsrealm.RDBMSDelegate.prepare(RDBMSDelegate.java:116)
at com.bea.ppg.rdbmsrealm.RDBMSDelegate.<init>(RDBMSDelegate.java:187)
at com.bea.ppg.rdbmsrealm.RDBMSDelegate$DFactory.newInstance(RDBMSDelegate.java:912)
at weblogic.utils.reuse.Pool.getInstance(Pool.java:57)
at com.bea.ppg.rdbmsrealm.RDBMSRealm.getDelegate(RDBMSRealm.java:115)
at com.bea.ppg.rdbmsrealm.RDBMSRealm.getPermission(RDBMSRealm.java:515)
at weblogic.security.acl.CachingRealm.getPermission(CachingRealm.java:1698)
at weblogic.security.acl.CachingRealm.setupAcls(CachingRealm.java, Compiled Code)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:706)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:564)
at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1750)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
Unable to initialize server: com.bea.ppg.rdbmsrealm.RDBMSException: realm initialization failed, Connection.prepareStatement() failed on statement "SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A
_NAME, A_PRINCIPAL", - with nested exception:
[java.sql.SQLException: [MERANT][SQLServer JDBC Driver][SQLServer]Login failed. The maximum simultaneous user count of 5 licenses for this 'Standard Edition' server has been exceeded. Additional licenses should be o
btained and installed or you should upgrade to a full version.]
fatal initialization exception
com.bea.ppg.rdbmsrealm.RDBMSException: realm initialization failed, Connection.prepareStatement() failed on statement "SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A_NAME, A_PRINCIPAL", - with
nested exception:
[java.sql.SQLException: [MERANT][SQLServer JDBC Driver][SQLServer]Login failed. The maximum simultaneous user count of 5 licenses for this 'Standard Edition' server has been exceeded. Additional licenses should be o
btained and installed or you should upgrade to a full version.]
at com.bea.ppg.rdbmsrealm.RDBMSDelegate.<init>(RDBMSDelegate.java:210)
at com.bea.ppg.rdbmsrealm.RDBMSDelegate$DFactory.newInstance(RDBMSDelegate.java:912)
at weblogic.utils.reuse.Pool.getInstance(Pool.java:57)
at com.bea.ppg.rdbmsrealm.RDBMSRealm.getDelegate(RDBMSRealm.java:115)
at com.bea.ppg.rdbmsrealm.RDBMSRealm.getPermission(RDBMSRealm.java:515)
at weblogic.security.acl.CachingRealm.getPermission(CachingRealm.java:1698)
at weblogic.security.acl.CachingRealm.setupAcls(CachingRealm.java, Compiled Code)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:706)
at weblogic.security.acl.CachingRealm.<init>(CachingRealm.java:564)
at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1750)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
D:\weblogic>goto finish
D:\weblogic>cd Ppg
D:\weblogic\Ppg>ENDLOCAL
D:\weblogic\Ppg>John, this should be fairly easy to correct. Make sure that you are closing
your prepared statements after you finish with then. Even if you have 3
connections open and you don't close your statements, more connections will
be opened to take care of need.
Hope that this helps.
Paul
"John Wang" <[email protected]> wrote in message
news:[email protected]...
>
All SQL server connections come from the code itself. As you see in themessage output, everytime when the server is initalizing a
"prepareStatement(String sql)" which comes from RDBMSRealm, it is making a
connection. When it starts the sixth, it is broken. In other words, to make
the server start with RDMBSRealm, I have to have the number of SQL server
licence at least the same as the number of "prepareStatement(String sql)" in
RDBMSRrealm realm. Is my understanding correct here? Why is it still in
connection mode after one "prepareStatement" is initialized? Any ideas?
>
Thanks.
-John
"Pete Cressman" <[email protected]> wrote:
The same error? Hmm... the trace says:
java.sql.SQLException: [MERANT][SQLServer JDBC Driver][SQLServer]Login
failed. The maximum simultaneous user count of 5 licenses for this 'Standard
Edition' server has been exceeded. Additional licenses should be obtained
and installed or you should upgrade to a full version.
>>
Find out who is making so many connections. Sorry, that's the best I cansuggest. Good luck.
>>
"John Wang" <[email protected]> wrote:
Hi Pete,
Thanks for your help.
As you suggested, I modified the value DEFAULT_POOL_SIZE = 2 or 1 and
compiled it again. When I run, it still gave me the same error message. What
could it be wrong?
>>>
-John
"Pete Cressman" <[email protected]> wrote:
RDBMSDelegates are pooled by RDBMSRealm. The connection in each
RDBMSDelegate is held open until the class is disposed. the default pool
size is 6. Your license is limited to 5 connections total. Modify the code
in RDBMSRealm so DEFAULT_POOL_SIZE = 2 or 3.
>>>>
"John Wang" <[email protected]> wrote:
Hi Everyone,
I am implementing an application with Weblogic5.1, RDBMSRealm, Merant
type 4 JDBC driver and SQL server 7.0. When I am starting
the Weblogic server, I am getting an error as described as follows.Can anyone there give me a clue?
>>>>>
As you see, I am using Merant Spy JDBC driver (for debugging).
With this kind of driver, any JDBC calls to database server
in the code will be displayed.
As you know, there are a quite number of "prepareStatement" fromRDBMSRealm. When the weblogic server is starting, they have to be
initialized. I don't understand why it needs to make a connection for each
"prepareStatement"?, and why it is still in connection mode after it is
initialized?
>>>>>
Thanks a lot.
-John
Thu Jan 18 16:01:00 EST 2001:<I> <System Props> weblogic.system.home =Ppg
Thu Jan 18 16:01:00 EST 2001:<I> <System Props> weblogic.system.name =PpgServer
Thu Jan 18 16:01:00 EST 2001:<I> <WebLogicServer> Loaded License :D:/weblogic/license/WebLogicLicense.xml
Thu Jan 18 16:01:00 EST 2001:<I> <WebLogicServer> Server loading fromweblogic.class.path. EJB redeployment enabled.
registerDriver:driver[className=com.merant.datadirect.jdbc.sqlserver.SQLServerDriver,com.me
rant.datadirect.jdbc.sqlserver.SQLServerDriver@d071d920]
skipping:driver[className=weblogic.jdbc.pool.Driver,weblogic.jdbc.pool.Driver@fdd92d]
spy>> Connection accepted by SQLServer
spy>> OK (Connection[1])
getConnection returningdriver[className=com.merant.jdbcspy.SpyDriver,com.merant.jdbcspy.SpyDriver@c
ee1d920]
>>>>>
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT U_NAME, U_PASSWORD FROM users WHERE U_NAME = ?
spy>> OK (PreparedStatement[1])
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentriesWHERE A_NA..
spy>> OK (PreparedStatement[2])
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT U_NAME, U_PASSWORD FROM users
spy>> OK (PreparedStatement[3])
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT GM_GROUP, GM_MEMBER FROM groupmembers ORDER BYGM_GROUP
spy>> OK (PreparedStatement[4])
spy>> Connection[1].prepareStatement(String sql)
spy>> sql = SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentriesORDER BY A..
spy>> java.sql.SQLException: [MERANT][SQLServer JDBCDriver[SQLServer]Login fa..
java.sql.SQLException: [MERANT][SQLServer JDBC Driver][SQLServer]Login
failed. The maximum simultaneous user count of 5 licenses for this 'Standard
Edition' server has been exceeded. Additional licenses should be ob
tained and installed or you should upgrade to a full version.
atcom.merant.datadirect.jdbc.base.BaseExceptions.getException(BaseExceptions.j
ava:72)
atcom.merant.datadirect.jdbc.sqlserver.tds.TDSRequest.processErrorToken(TDSReq
uest.java:401)
atcom.merant.datadirect.jdbc.sqlserver.tds.TDSRequest.processReplyToken(TDSReq
uest.java:1571)
atcom.merant.datadirect.jdbc.sqlserver.tds.TDSLoginRequest.processReplyToken(T
DSLoginRequest.java:549)
atcom.merant.datadirect.jdbc.sqlserver.tds.TDSRequest.processTokensInReply(TDS
Request.java, Compiled Code)
atcom.merant.datadirect.jdbc.sqlserver.tds.TDSRequest.processReply(TDSRequest.
java:1661)
atcom.merant.datadirect.jdbc.sqlserver.SQLServerImplConnection.open(SQLServerI
mplConnection.java:98)
atcom.merant.datadirect.jdbc.base.BaseConnection.getNewImplConnection(BaseConn
ection.java:405)
atcom.merant.datadirect.jdbc.base.BaseConnection.getImplConnection(BaseConnect
ion.java:333)
atcom.merant.datadirect.jdbc.base.BaseStatement.getImplConnection(BaseStatemen
t.java:1223)
atcom.merant.datadirect.jdbc.base.BaseStatement.getImplStatement(BaseStatement
.java:1241)
atcom.merant.datadirect.jdbc.base.BasePreparedStatement.<init>(BasePreparedSta
tement.java:63)
atcom.merant.datadirect.jdbc.base.BaseConnection.prepareStatement(BaseConnecti
on.java:960)
at com.merant.jdbcspy.SpyConnection.prepareStatement(UnknownSource)
atcom.bea.ppg.rdbmsrealm.RDBMSDelegate.prepare(RDBMSDelegate.java:116)
atcom.bea.ppg.rdbmsrealm.RDBMSDelegate.<init>(RDBMSDelegate.java:187)
atcom.bea.ppg.rdbmsrealm.RDBMSDelegate$DFactory.newInstance(RDBMSDelegate.java
:912)
at weblogic.utils.reuse.Pool.getInstance(Pool.java:57)
atcom.bea.ppg.rdbmsrealm.RDBMSRealm.getDelegate(RDBMSRealm.java:115)
atcom.bea.ppg.rdbmsrealm.RDBMSRealm.getPermission(RDBMSRealm.java:515)
atweblogic.security.acl.CachingRealm.getPermission(CachingRealm.java:1698)
atweblogic.security.acl.CachingRealm.setupAcls(CachingRealm.java, Compiled
Code)
atweblogic.security.acl.CachingRealm.<init>(CachingRealm.java:706)
atweblogic.security.acl.CachingRealm.<init>(CachingRealm.java:564)
atweblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1750)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
Unable to initialize server: com.bea.ppg.rdbmsrealm.RDBMSException:realm initialization failed, Connection.prepareStatement() failed on
statement "SELECT A_NAME, A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY
A
_NAME, A_PRINCIPAL", - with nested exception:
[java.sql.SQLException: [MERANT][SQLServer JDBCDriver[SQLServer]Login failed. The maximum simultaneous user count of 5licenses for this 'Standard Edition' server has been exceeded. Additional
licenses should be o
btained and installed or you should upgrade to a full version.]
fatal initialization exception
com.bea.ppg.rdbmsrealm.RDBMSException: realm initialization failed,Connection.prepareStatement() failed on statement "SELECT A_NAME,
A_PRINCIPAL, A_PERMISSION FROM aclentries ORDER BY A_NAME, A_PRINCIPAL", -
with
nested exception:
[java.sql.SQLException: [MERANT][SQLServer JDBCDriver[SQLServer]Login failed. The maximum simultaneous user count of 5licenses for this 'Standard Edition' server has been exceeded. Additional
licenses should be o
btained and installed or you should upgrade to a full version.]
atcom.bea.ppg.rdbmsrealm.RDBMSDelegate.<init>(RDBMSDelegate.java:210)
atcom.bea.ppg.rdbmsrealm.RDBMSDelegate$DFactory.newInstance(RDBMSDelegate.java
:912)
at weblogic.utils.reuse.Pool.getInstance(Pool.java:57)
atcom.bea.ppg.rdbmsrealm.RDBMSRealm.getDelegate(RDBMSRealm.java:115)
atcom.bea.ppg.rdbmsrealm.RDBMSRealm.getPermission(RDBMSRealm.java:515)
atweblogic.security.acl.CachingRealm.getPermission(CachingRealm.java:1698)
atweblogic.security.acl.CachingRealm.setupAcls(CachingRealm.java, Compiled
Code)
atweblogic.security.acl.CachingRealm.<init>(CachingRealm.java:706)
atweblogic.security.acl.CachingRealm.<init>(CachingRealm.java:564)
atweblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1750)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
D:\weblogic>goto finish
D:\weblogic>cd Ppg
D:\weblogic\Ppg>ENDLOCAL
D:\weblogic\Ppg> -
Problems with RDBMSRealm/WL 5.1
We migrated our EJB-application from BEA Weblogic 4.5.1 / JDK 1.1.7 to Weblogic 5.1/JDK 1.2 . We use the RDBMSRealm for managing users, groups and acls. During the migration process we converted the txt-deployment descriptors
of our EJBs to xml (with the DDConverter tool). An original 4.5.1 txt-DD looks like this:
(SessionDescriptor
beanHomeName edbau.Admin
enterpriseBeanClassName de.tlc.edbau.ejb.sb.admin.AdminBean
homeInterfaceClassName de.tlc.edbau.ejb.sb.admin.AdminHome
remoteInterfaceClassName de.tlc.edbau.ejb.sb.admin.Admin
isReentrant false
(accessControlEntries
; DEFAULT [admin manager]
); end accessControlEntries
(controlDescriptors
(DEFAULT
transactionAttribute TX_REQUIRED
); end isolationLevel
); end controlDescriptors
(environmentProperties
; realmName "my.realm"
; homeClassName
; ejbObjectClassName
maxBeansInFreePool 20
maxBeansInCache 1000
idleTimeoutSeconds 600
); end environmentProperties
; Session Bean specific properties
stateManagementType STATELESS_SESSION
sessionTimeout 60; seconds
; end Session Bean specific props
); end SessionDescriptor
The DDConverter created the following xml-DD (ejb-jar.xml):
<?xml version="1.0"?>
<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 1.1//EN' 'http://java.sun.com/j2ee/dtds/ejb-jar_1_1.dtd'>
<ejb-jar>
<enterprise-beans>
<session>
<ejb-name>edbau.Admin</ejb-name>
<home>de.tlc.edbau.ejb.sb.admin.AdminHome</home>
<remote>de.tlc.edbau.ejb.sb.admin.Admin</remote>
<ejb-class>de.tlc.edbau.ejb.sb.admin.AdminBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
</session>
</enterprise-beans>
<assembly-descriptor>
<container-transaction>
<method>
<ejb-name>edbau.Admin</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
Everything seemed to work fine; then I tried to start a test client (the login was done with a user,
which existed in the RDBMSRealm).
The result of that test client was:
method Security violation: insufficient permission to access method
java.rmi.RemoteException: Security violation: insufficient permission to access
method
at weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.j
ava:76)
at de.tlc.edbau.ejb.sb.admin.AdminBeanEOImpl_WLStub.getAllBEOEBR(AdminBe
anEOImpl_WLStub.java:480)
at de.tlc.edbau.ejb.sb.admin.AdminBeanEOImpl_ServiceStub.getAllBEOEBR(Co
mpiled Code)
at de.tlc.edbau.ejb.test.ADMINTester.main(Compiled Code)
I didnt specify any permissions for this bean. So I read in weblogic-doc:
Assigning method permissions
The steps that follow describe how to limit access to individual EJB method calls by assigning method-level permissions.
Default method permissions in WebLogic Server
If you specify no method-level permissions for an EJB (there is no method-permission stanza in ejb-jar.xml), WebLogic Server provides "guest" access to all EJB methods in the .jar file. This ensures that EJB methods have some default access permission when deployed on WebLogic Server.
If you want to specify method-level permissions you must do so for all methods in all EJBs stored in the .jar file. If you specify method permissions for even a single EJB method, WebLogic Server denies access for any methods that do not have permissions defined in the ejb-jar file.
After reading the weblogic-doc, i didnt understand why I got the upper mentioned exception ??
Finally (to have a workaround), I used the Deployer-Tool (5.1) to create the roles and users,
which were already defined in the RDBMSRealm (in the according tables). For testing purposes, all
roles (groups) had all permissions for all EJBs.
So my question: Is it really necessary to define all users/groups(roles) in the database and do
the same in the DD of our application ? This might cause huge administration problems ! What is the
clean solution for that problem ?
Thanx for your help !
MikeTry to restore it... I'm hating this iOS 5.1, everything was working much better before it was released. I shouldn't have upgraded...
-
Hi,
I am currently using WLI 2.0 SP2 installation. Here is a very unusual thing I
noticed. Can somebody tell me what is going on ???
1 : I have set up the security realm as indicated in the config.xml file. As far
as I understand, the caching realm entry has attribute pointing to the wlpiRDBMSRealm,
which is a RDBMS implementation from the WLI 2.0 SP2 distribution.
2: I start the server, open the WLS console, and create a new user through the
console. I get no error message and it seems to work fine. ( I also click on the
save it to database link, and it returns with msg that cache is refreshed ).
3: I see an entry in the fileRealm.properties file, but no record is inserted
in the WLSUSER table in the database.
Since the RDBMS realm (from WLI distribution) is defined as basic
realm implementation, should it not insert entry into the database, instead of
the file realm.
Is this a general problem ( any RDBMS realm ) or is it specific to the WLI ?
Is there anything that I have not configured here that is causing this behavior
Is it just refreshing the cache instead of inserting record in DB ?
Why should it insert entry into fileRealm.properties ?
Thanks,
Girish
[noaa1.zip]Hi,
I turned on the caching realm through the WLS Console, (Security).
After this I get a very unusual error, which seems to be comming
from the RDBMS implementation class (from WLI 2.0 SP2 distribution).
Here is the msg that I get while WLS server boots (the WLS server boots ok, but
WLPI does not initialize) ....
Unable to initialize WebLogic Process Integrator:
SQL Exception: ResultSet not open, operation 'next' not permitted. Verify that
autocommit is OFF.
at c8e.k.j.l_(Unknown Source)
at c8e.k.j.l_(Unknown Source)
at c8e.k.j.j_(Unknown Source)
at c8e.k.n.checkIfClosed(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.next(Unknown Source)
at com.bea.wlpi.rdbmsrealm.RDBMSDelegate.getGroup(RDBMSDelegate.java:425)
at com.bea.wlpi.rdbmsrealm.RDBMSRealm.getGroup(RDBMSRealm.java:235)
at weblogic.security.acl.CachingRealm.getGroup(CachingRealm.java:1120)
at weblogic.ejb20.deployer.SecurityRoleMapping.lookupPrincipal(SecurityRoleMapping.java:243)
at weblogic.ejb20.deployer.SecurityRoleMapping.getSecurityRolePrincipals(SecurityRoleMapping.java:96)
at weblogic.ejb20.deployer.SecurityRoleMapping.getSecurityRolePrincipals(SecurityRoleMapping.java:128)
at weblogic.ejb20.deployer.SecurityRoleMapping.isPrincipalInAnyRole(SecurityRoleMapping.java:174)
at weblogic.ejb20.deployer.MethodInfoImpl.checkAccess(MethodInfoImpl.java:214)
at weblogic.ejb20.internal.MethodDescriptor.checkAccess(MethodDescriptor.java:285)
at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:90)
at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:55)
at com.bea.wlpi.server.plugin.PluginManagerCfgBeanEOImpl.init(PluginManagerCfgBeanEOImpl.java:1301)
at com.bea.wlpi.server.initlistener.InitListenerBean.onMessage(InitListenerBean.java:151)
at weblogic.ejb20.internal.MDListener.execute(MDListener.java:221)
at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:175)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:1933)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:1892)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.Kernel.execute(Kernel.java:250)
at weblogic.jms.client.JMSSession.pushEnvelope(JMSSession.java:1779)
at weblogic.jms.client.JMSCallback.pushEnvelope(JMSCallback.java:69)
at weblogic.jms.frontend.FESession.execute(FESession.java:1972)
<Aug 22, 2001 11:56:01 AM MDT> <Notice> <WebLogicServer> <WebLogic Server started>
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------
com.bea.wlpi.rdbmsrealm.RDBMSException: caught SQL exception - with nested exception:
[SQL Exception: ResultSet not open, operation 'next' not permitted. Verify that
autocommit is OFF.]
at com.bea.wlpi.rdbmsrealm.RDBMSRealm.getGroup(RDBMSRealm.java:242)
<Aug 22, 2001 11:56:01 AM MDT> <Notice> <WebLogicServer> <ListenThread listening
on port 7101>
at weblogic.security.acl.CachingRealm.getGroup(CachingRealm.java:1120)
at weblogic.ejb20.deployer.SecurityRoleMapping.lookupPrincipal(SecurityRoleMapping.java:243)
at weblogic.ejb20.deployer.SecurityRoleMapping.getSecurityRolePrincipals(SecurityRoleMapping.java:96)
at weblogic.ejb20.deployer.SecurityRoleMapping.getSecurityRolePrincipals(SecurityRoleMapping.java:128)
at weblogic.ejb20.deployer.SecurityRoleMapping.isPrincipalInAnyRole(SecurityRoleMapping.java:174)
at weblogic.ejb20.deployer.MethodInfoImpl.checkAccess(MethodInfoImpl.java:214)
at weblogic.ejb20.internal.MethodDescriptor.checkAccess(MethodDescriptor.java:285)
at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:90)
at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:55)
at com.bea.wlpi.server.plugin.PluginManagerCfgBeanEOImpl.init(PluginManagerCfgBeanEOImpl.java:1301)
at com.bea.wlpi.server.initlistener.InitListenerBean.onMessage(InitListenerBean.java:151)
at weblogic.ejb20.internal.MDListener.execute(MDListener.java:221)
at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:175)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:1933)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:1892)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.Kernel.execute(Kernel.java:250)
at weblogic.jms.client.JMSSession.pushEnvelope(JMSSession.java:1779)
at weblogic.jms.client.JMSCallback.pushEnvelope(JMSCallback.java:69)
at weblogic.jms.frontend.FESession.execute(FESession.java:1972)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
"Girish Gupte" <[email protected]> wrote:
>
>
>
Hi,
I am currently using WLI 2.0 SP2 installation. Here is a very unusual
thing I
noticed. Can somebody tell me what is going on ???
1 : I have set up the security realm as indicated in the config.xml file.
As far
as I understand, the caching realm entry has attribute pointing to the
wlpiRDBMSRealm,
which is a RDBMS implementation from the WLI 2.0 SP2 distribution.
2: I start the server, open the WLS console, and create a new user through
the
console. I get no error message and it seems to work fine. ( I also click
on the
save it to database link, and it returns with msg that cache is refreshed
3: I see an entry in the fileRealm.properties file, but no record is
inserted
in the WLSUSER table in the database.
Since the RDBMS realm (from WLI distribution) is defined as basic
realm implementation, should it not insert entry into the database, instead
of
the file realm.
Is this a general problem ( any RDBMS realm ) or is it specific to the
WLI ?
Is there anything that I have not configured here that is causing this
behavior
Is it just refreshing the cache instead of inserting record in DB ?
Why should it insert entry into fileRealm.properties ?
Thanks,
Girish
Maybe you are looking for
-
I have a 3 year old MacBook Pro with MAC OSX 10.6.8, iPhoto ’09 version 8.1.2 and have downloaded two software programs: one is Aperture 3.2 and the other is Photoshop Elements 9 (which I got from a friend who didn’t need it). I am totally happy with
-
Old Apple ID won't let me log in on itunes... can't validate old music
I purchased music in itunes starting about four years ago. At that time, I was using my aol screen name account to purchase music. When I select a song bought by my aol account (and not my present apple id) it asks me to log in to this old account. I
-
How can I import an ibook file back into iBook Author?
I exported an ebook from iBook Author thinking it is the equivalent of saving the file. I did not save the file, I only exported it and than exited the program. My active file is vannished. I need to make some adjustments to the ebook, but can not br
-
How to use Start Task Group for Workflow Interface
Hi all, anyone who can tell me how to use the Interface IFWFTSKGRP (Start Task Group for Workflow Interface)? As far as I understood the documentation it can be used to restrict the selection of workflows that can be started in the Generic Object Ser
-
Hello Experts, I have the following situation, im trying to use a OVS in a test application that i'm built in. The thing is, that i only want that the search popup appear, i'm using nodes that doesnt have anything (data) just the structure for my tes