Custom Security Manager or Security Event Interception from WebLogic Console

Similar Messages

• MANAGED SERVER NOT COMMING UP  FROM ADMIN CONSOLE,

  Hi All,
  I can't start managed server from admin console.
  The status is showing FAILED_NOT_RESTARTABLE.
  below is the error it is showing in the node manager.
  But i can start managed server from the back-end successfully. If i start the nodemanager then managed server is not comming up.
  <May 24, 2011 4:12:22 AM> <WARNING> <Exception while starting server 'my_managed
  _server'>
  java.io.IOException: Server failed to start up. See server output log for more d
  etails.
  at weblogic.nodemanager.server.AbstractServerManager.start(AbstractServe
  rManager.java:200)
  at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:23
  at weblogic.nodemanager.server.Handler.handleStart(Handler.java:604)
  at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:121)
  at weblogic.nodemanager.server.Handler.run(Handler.java:71)
  at java.lang.Thread.run(Thread.java:662)
  May 24, 2011 4:12:22 AM weblogic.nodemanager.server.Handler handleStart
  WARNING: Exception while starting server 'my_managed_server'
  java.io.IOException: Server failed to start up. See server output log for more d
  etails.
  at weblogic.nodemanager.server.AbstractServerManager.start(AbstractServe
  rManager.java:200)
  at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:23
  at weblogic.nodemanager.server.Handler.handleStart(Handler.java:604)
  at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:121)
  at weblogic.nodemanager.server.Handler.run(Handler.java:71)
  at java.lang.Thread.run(Thread.java:662)
  Please help.
  Regards,
  nag.

  <May 24, 2011 4:12:18 AM> <INFO> <weblogic_domain> <my_managed_server> <Working directory is 'C:\Oracle\Middleware\user_projects\domains\weblogic_domain'>
  <May 24, 2011 4:12:18 AM> <INFO> <weblogic_domain> <my_managed_server> <Rotated server output log to "C:\Oracle\Middleware\user_projects\domains\weblogic_domain\servers\my_managed_server\logs\my_managed_server.out00039">
  <May 24, 2011 4:12:18 AM> <INFO> <weblogic_domain> <my_managed_server> <Server error log also redirected to server log>
  <May 24, 2011 4:12:18 AM> <INFO> <weblogic_domain> <my_managed_server> <Server output log file is 'C:\Oracle\Middleware\user_projects\domains\weblogic_domain\servers\my_managed_server\logs\my_managed_server.out'>
  <May 24, 2011 4:12:22 AM> <INFO> <weblogic_domain> <my_managed_server> <Server failed during startup so will not be restarted>
  <May 24, 2011 4:12:22 AM> <WARNING> <Exception while starting server 'my_managed_server'>
  java.io.IOException: Server failed to start up. See server output log for more details.
       at weblogic.nodemanager.server.AbstractServerManager.start(AbstractServerManager.java:200)
       at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:23)
       at weblogic.nodemanager.server.Handler.handleStart(Handler.java:604)
       at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:121)
       at weblogic.nodemanager.server.Handler.run(Handler.java:71)
       at java.lang.Thread.run(Thread.java:662)
  This is what i found in nodemanager log file
  Regards,
  Nag.

• Custom Work Manager not shown in WL Server Admin Console

  An application scoped custom work manager is to be configured, for which the files weblogic-application.xml, weblogic-ejb-jar.xml, weblogic.xml have been defined. After it is deployed on the server, custom work manager is not being shown in the list on console -> deployments -> application -> monitoring -> workload.
  What could be the reason? Is there something which is missed out?

  Hi Justin,
  According to the error message and the issue can be caused by the edition of your SSRS is not support for the custom data provider. For example the express edition have limitation support on this:
  Features Supported by the Editions of SQL Server 2012 .
  If your edition is the supportted edition and the issue can be caused by the custom data provider do not necessarily support all the functionality supplied by Reporting Services data processing extensions. In addition, some OLE DB data providers and ODBC
  drivers can be used to author and preview reports, but are not designed to support reports published on a report server. For example, the Microsoft OLE DB Provider for Jet is not supported on the report server. For more information, see
  Data Processing Extensions and .NET Framework Data Providers (SSRS).
  If you are running on a 32-bit platform, the data provider must be compiled for a 32-bit platform. If you are running on a 64-bit platform, the data provider must be compiled for the 64-bit platform. You cannot use a 32-bit data provider wrapped with 64-bit
  interfaces on a 64 bit platform.
  More details information:Data Sources Supported by Reporting Services (SSRS)
  Similar thread for your reference：
  ERROR: An attempt has been made to use a data extension 'SQL' that is not registered for
  this report server.
  Error when viewing SSRS report with SQL Azure as data source
  If you still have any problem, please feel free to ask.
  Regards
  Vicky Liu
  Vicky Liu
  TechNet Community Support

• Can't start manager server on other machine from admin console

  hi, m fredzh
  i have weblogic 10.3.2 where i created a cluster named cluster1 on production mode
  the machines and servers list as follow:
  cluster1 192.168.1.100
  --machine1
  --server1 192.168.1.100
  --machine2
  -server2 192.168.1.101
  i create nodemanager on machine2, and set the type as ssl, the listener address 192.168.1.101,
  then login on 192.168.1.101, and run wlst.sh , nmEnroll and then start startNodemanaged.sh ..
  start server2 on the admin console(on 192.168.1.100), failed and the log as follow:
  can anbody help me, thank you..
  ==============================================================================
  <Critical> <WebLogicServer> <localhost.localdomain> <managerServer2> <main> <<WLS Kernel>> <> <> <1286788326928> <BEA-000386> <Server subsystem failed. Reason: java.lang.AssertionError: java.lang.reflect.InvocationTargetException
  java.lang.AssertionError: java.lang.reflect.InvocationTargetException
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:175)
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
  at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:991)
  at weblogic.management.configuration.SecurityConfigurationMBeanImpl.getCredential(SecurityConfigurationMBeanImpl.java:709)
  at weblogic.security.internal.ServerPrincipalValidatorImpl.getSecret(ServerPrincipalValidatorImpl.java:88)
  at weblogic.security.internal.ServerPrincipalValidatorImpl.sign(ServerPrincipalValidatorImpl.java:67)
  at weblogic.security.service.PrivilegedActions$SignPrincipalAction.run(PrivilegedActions.java:62)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.security.service.SecurityServiceManager.createServerID(SecurityServiceManager.java:1098)
  at weblogic.security.service.SecurityServiceManager.getServerID(SecurityServiceManager.java:1111)
  at weblogic.security.service.SecurityServiceManager.sendASToWire(SecurityServiceManager.java:602)
  at weblogic.server.channels.ChannelService.resetQOS(ChannelService.java:284)
  at weblogic.server.channels.ChannelService.start(ChannelService.java:250)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused By: java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
  at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:991)
  at weblogic.management.configuration.SecurityConfigurationMBeanImpl.getCredential(SecurityConfigurationMBeanImpl.java:709)
  at weblogic.security.internal.ServerPrincipalValidatorImpl.getSecret(ServerPrincipalValidatorImpl.java:88)
  at weblogic.security.internal.ServerPrincipalValidatorImpl.sign(ServerPrincipalValidatorImpl.java:67)
  at weblogic.security.service.PrivilegedActions$SignPrincipalAction.run(PrivilegedActions.java:62)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.security.service.SecurityServiceManager.createServerID(SecurityServiceManager.java:1098)
  at weblogic.security.service.SecurityServiceManager.getServerID(SecurityServiceManager.java:1111)
  at weblogic.security.service.SecurityServiceManager.sendASToWire(SecurityServiceManager.java:602)
  at weblogic.server.channels.ChannelService.resetQOS(ChannelService.java:284)
  at weblogic.server.channels.ChannelService.start(ChannelService.java:250)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused By: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.
  at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:125)
  at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:173)
  at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
  at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
  at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:991)
  at weblogic.management.configuration.SecurityConfigurationMBeanImpl.getCredential(SecurityConfigurationMBeanImpl.java:709)
  at weblogic.security.internal.ServerPrincipalValidatorImpl.getSecret(ServerPrincipalValidatorImpl.java:88)
  at weblogic.security.internal.ServerPrincipalValidatorImpl.sign(ServerPrincipalValidatorImpl.java:67)
  at weblogic.security.service.PrivilegedActions$SignPrincipalAction.run(PrivilegedActions.java:62)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.security.service.SecurityServiceManager.createServerID(SecurityServiceManager.java:1098)
  at weblogic.security.service.SecurityServiceManager.getServerID(SecurityServiceManager.java:1111)
  at weblogic.security.service.SecurityServiceManager.sendASToWire(SecurityServiceManager.java:602)
  at weblogic.server.channels.ChannelService.resetQOS(ChannelService.java:284)
  at weblogic.server.channels.ChannelService.start(ChannelService.java:250)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Edited by: fredzh on 2010-10-12 下午6:54

  hi,Jay
  i followed the steps as follow:
  1、change prod mode to dev
  2、modified the config.xml entrys on the all two servers:
  <node-manager-password-encrypted>test</node-manager-password-encrypted>
  <credential-encrypted>test</credential-encrypted>
  <embedded-ldap>
  <name>cluster_domain</name>
  <credential-encrypted>test</credential-encrypted>
  </embedded-ldap>
  3、enrolled the node, then started the two adminservers, started server2's nodemanager..server2 can be started from the cluster admin console.
  4、change the dev mode to prod mode on admin console, it failed throw error:
  "in production mode, it's not allowed to set a clear text value to the property: CredentialEncrypted of SecurityConfigurationMBean"
  i checked the config.xml ,the entrys i had changed were not aotomatically encrypted,may i manually encryp the clear text value? ..follow is the config.xml :
  <?xml version='1.0' encoding='UTF-8'?>
  <domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
  <name>cluster_domain</name>
  <domain-version>10.3.2.0</domain-version>
  <security-configuration>
  <name>cluster_domain</name>
  <realm>
  <sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
  <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
  <sec:active-type>AuthenticatedUser</sec:active-type>
  </sec:authentication-provider>
  <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
  <sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
  <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
  <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
  <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
  <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
  <sec:name>myrealm</sec:name>
  <sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
  <sec:name>SystemPasswordValidator</sec:name>
  <pas:min-password-length>8</pas:min-password-length>
  <pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
  </sec:password-validator>
  </realm>
  <default-realm>myrealm</default-realm>
  <anonymous-admin-lookup-enabled>false</anonymous-admin-lookup-enabled>
  <credential-encrypted>test</credential-encrypted>
  <web-app-files-case-insensitive>false</web-app-files-case-insensitive>
  <compatibility-connection-filters-enabled>false</compatibility-connection-filters-enabled>
  <node-manager-username>weblogic</node-manager-username>
  <node-manager-password-encrypted>test</node-manager-password-encrypted>
  <principal-equals-case-insensitive>false</principal-equals-case-insensitive>
  <principal-equals-compare-dn-and-guid>false</principal-equals-compare-dn-and-guid>
  <downgrade-untrusted-principals>false</downgrade-untrusted-principals>
  <enforce-strict-url-pattern>true</enforce-strict-url-pattern>
  <cross-domain-security-enabled>false</cross-domain-security-enabled>
  </security-configuration>
  <jta>
  <security-interop-mode>default</security-interop-mode>
  </jta>
  <server>
  <name>AdminServer</name>
  <ssl>
  <hostname-verifier xsi:nil="true"></hostname-verifier>
  <hostname-verification-ignored>true</hostname-verification-ignored>
  <export-key-lifespan>500</export-key-lifespan>
  <client-certificate-enforced>false</client-certificate-enforced>
  <two-way-ssl-enabled>false</two-way-ssl-enabled>
  <ssl-rejection-logging-enabled>true</ssl-rejection-logging-enabled>
  <inbound-certificate-validation>BuiltinSSLValidationOnly</inbound-certificate-validation>
  <outbound-certificate-validation>BuiltinSSLValidationOnly</outbound-certificate-validation>
  <allow-unencrypted-null-cipher>false</allow-unencrypted-null-cipher>
  <use-server-certs>false</use-server-certs>
  </ssl>
  <listen-port>7110</listen-port>
  <listen-address></listen-address>
  </server>
  <server>
  <name>server2</name>
  <machine>machine2</machine>
  <listen-port>7110</listen-port>
  <listen-address>192.168.1.101</listen-address>
  <server-start>
  <java-vendor>Sun</java-vendor>
  <java-home>/opt/jdk1.6.0_21</java-home>
  <bea-home>/root/Oracle/Middleware</bea-home>
  <root-directory>/root/Oracle/Middleware/user_projects/domains/cluster_domain</root-directory>
  <username>weblogic</username>
  <password-encrypted>{AES}xhSI75AxXtXdMrCXRgA2uY5pfcxUGE9X4YXTjfe1XEY=</password-encrypted>
  </server-start>
  </server>
  <embedded-ldap>
  <name>cluster_domain</name>
  <credential-encrypted>test</credential-encrypted>
  </embedded-ldap>
  <configuration-version>10.3.2.0</configuration-version>
  <machine xsi:type="unix-machineType">
  <name>machine2</name>
  <node-manager>
  <nm-type>SSL</nm-type>
  <listen-address>192.168.1.101</listen-address>
  <listen-port>5556</listen-port>
  <debug-enabled>false</debug-enabled>
  </node-manager>
  </machine>
  <admin-server-name>AdminServer</admin-server-name>
  </domain>
  Edited by: fredzh on 2010-10-13 下午7:57

• Managed servers are started/stopped from admin console using NodeManager

  Hi,
  I have weblogic cluster and it has 4 managed servers on two different machines with each machine having 2 managed servers.
  I have node manager setup on the two machines. I use admin console to start/stop managed servers.
  Now there is a requirement to add TIBCO lib and bin path to weblogic managed server path. I have added the entries in LD_LIBARY_PATH but on starting the server using admin console the TIBCO lib/bin paths are not appended to weblogic server path.
  I noticed that in nodemanager.properties we have set StartScriptEnabled=false and so it doesn't use startWebLogic.sh,which internally use other configuration files.
  I'm wondering as how to add these entries in WebLogic server path. Also, how the nodemanager is able to start the managed server without using startWebLogic.sh script.
  In general, what happens when I click the start button in Admin console to start the managed servers which calls NodeManager internally.
  Your inputs are highly appreciated.
  Thanks in advance.
  BR,
  Ajmal

  Hi Ajmal,
  For your issue there are two solution's as shown below:
  Solution-1
  You can add the TIBCO lib with the complete path where the TIBCO lib file is kept from console in Class Path
  Console Path:
  Servers > Configuration > Server Start
  However this has to be done with all the managed serves.
  Solution-2
  If you don't want the burden to add the TIBCO lib files on every server from console then you can add the same lib files in the classpath of startWebLogic.sh and in nodemanager.properties we have set StartScriptEnabled=true. This will make sure that all the settings would be taken from the startWebLogic.sh.
  This way whenever you start any of you managed servers from console it would pick up that lib files.
  In both the solution you can check the managed servers *.out* files that the lib files would be present in there classpath.
  Hope this would help you.
  Regards,
  Ravish Mody

• How to log the user and group setup from weblogic console

  If I use the file realm to setup my acls, does it possible to log these
  action?
  Our customer ask us must to log which user or group you added, deleted.
  Thanks and Best Regards,
  Tom Hsu
  ³\®aºa (Tom Hsu)
  Project Manager
  Banking Solution Dept.
  Bull Information Systems Taiwan Ltd.
  8F, 2, Min-Sheng E. Road, Sec. 3,
  Taipei, Taiwan
  E-mail: [email protected]
  TEL¡G02-25013090 Ext:205
  FAX¡G02-25055439
  Mobil: 0939-869-316

  You might want to Try Re-run the Config utility from the Linux-Essbase server and Re-register the Essbase with HSS.
  Start the Essbase in Foreground and check if it is running
  Now log on to the EAS/AAS with default admin/password if you havent changed it :); add your Essbase server using the Super user/Owner of essbase i mean the id..if you are succesful; i would always create a Test user as before Externalisation i can create users at EAS/AAS and then using Admin id ; i will push the Users/groups to the HSS by Externalising.. let me know if that helped you. GUd Luck..
  Sriram

• One custom security realm for many wl servers?

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

• Session broker and custom conversion manager

  I'm having some problem using session broker and a custom conversion manager. I just moved from using single session to using a session broker in the sessions.xml. I'm using a custom conversion manager as shown in this tech. tips URL
  http://www.oracle.com/technology/products/ias/toplink/technical/tips/customconversion/index.html
  Here's my conversion manager set up code -
  public class JpmiConversionManagerSetup extends SessionEventAdapter
  * During the pre-login event the new MyConversionManager must be installed
  * @see oracle.toplink.sessions.SessionEventAdapter#preLogin
  * @param event
  public void preLogin(SessionEvent event) {
  ConversionManager cm= new JpmiConversionManager();
  ConversionManager.setDefaultManager(cm);
  event.getSession().getLogin().getPlatform().setConversionManager(cm);
  My session broker manages 2 sessions. In sessions.xml for one session I have the <event-listener-class> entry where I need some conversion, another session I don't have any such entry as I don't need any conversion.
  Now when I try to run a named query using session broker the conversion part blows up, throws a ConversionException. Any idea? Do I need to configure the session broker instead of session in the preLogin or anything like that?

  I think sessions editor is not available in 10.1.3dp4 yet. So I have to write the sessions.xml by hand. But the parser throwing me an error saying that <session-broker> is not allowed in sessions.xml.
  SessionLoaderExceptions:
  org.xml.sax.SAXParseException: <Line 41, Column 18>: XML-24534: (Error) Element 'session-broker' not expected.
       at oracle.xml.parser.v2.XMLError.flushErrorHandler(XMLError.java:415)
       at oracle.xml.parser.v2.XMLError.flushErrors1(XMLError.java:284)
       at oracle.xml.parser.v2.NonValidatingParser.parseDocument(NonValidatingParser.java:302)
       at oracle.xml.parser.v2.XMLParser.parse(XMLParser.java:199)
       at oracle.xml.jaxp.JXDocumentBuilder.parse(JXDocumentBuilder.java:155)
       at oracle.xml.jaxp.JXDocumentBuilder.parse(JXDocumentBuilder.java:111)
       at oracle.toplink.platform.xml.xdk.XDKParser.parse(XDKParser.java:160)
       at oracle.toplink.platform.xml.xdk.XDKParser.parse(XDKParser.java:190)
       at oracle.toplink.tools.sessionconfiguration.XMLSessionConfigLoader.loadDocument(XMLSessionConfigLoader.java:191)
       at oracle.toplink.tools.sessionconfiguration.XMLSessionConfigLoader.loadDocument(XMLSessionConfigLoader.java:151)
       at oracle.toplink.tools.sessionconfiguration.XMLSessionConfigLoader.load(XMLSessionConfigLoader.java:88)
       at oracle.toplink.tools.sessionmanagement.SessionManager.getSession(SessionManager.java:364)
       at oracle.toplink.tools.sessionmanagement.SessionManager.getSession(SessionManager.java:331)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
  Any idea how to or where to write sessions broker in sessions.xml for 10.1.3dp4???

• Adminserver does not start after deleting oim_server1 from the console

  Have deleted oim_server1 from weblogic console and. I wanted to reconfig oim but can't extend the domain anymore as OIM is greyed out.
  Please help:
  Can't start Adminserver anymore too:
  WARNING: Error registering the bulk operations MBean.
  java.lang.IllegalArgumentException: WorkManagerMBean 'OIMUIWorkManager' refers to a constraint or request class 'MaxThreadsConstraint-0' but they are deployed on targets that have no servers in common. Please deploy the mbeans so that they have at least one server in common.
  at weblogic.management.configuration.WorkManagerLegalHelper.validateTargets(WorkManagerLegalHelper.java:66)
  at weblogic.management.configuration.WorkManagerMBeanImpl.setMaxThreadsConstraint(WorkManagerMBeanImpl.java:487)
  at weblogic.management.configuration.WorkManagerMBeanImpl$9.resolveReference(WorkManagerMBeanImpl.java:468)
  at weblogic.descriptor.internal.ReferenceManager$UnresolvedReference.resolve(ReferenceManager.java:404)
  at weblogic.descriptor.internal.ReferenceManager.resolveReferences(ReferenceManager.java:296)
  at weblogic.descriptor.internal.DescriptorImpl.resolveReferences(DescriptorImpl.java:328)
  at weblogic.descriptor.BasicDescriptorManager.createDescriptor(BasicDescriptorManager.java:334)
  at weblogic.management.provider.internal.EditAccessImpl.loadBeanTree(Edi
  THANKS!

  Try to boot the computer in Windows Safe mode with network support (press F8 on the boot screen) as a test to see if that helps.

• How to restrict employees from accessing managers data using custom security profile

  Hi,
  I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
  Responsibility :US Super HRMS Manager
  ASSIGNMENT.PERSON_ID
  IN
  (SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
  PER_ALL_ASSIGNMENTS_F PF,
  PAY_PEOPLE_GROUPS PG,
  PER_PERSON_TYPE_USAGES_F PPU,
  FND_USER FNU
  WHERE PAF.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
  AND PAF.EFFECTIVE_END_DATE
  AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
  AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
  AND PPU.PERSON_ID=PAF.PERSON_ID
  AND PPU.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
  AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
  AND PAF.PERSON_TYPE_ID =2
  AND PPU.PERSON_TYPE_ID
  IN(2,62)
  and PAF.person_id = FND_PROFILE.value('user_id')
  AND PG.SEGMENT2=8)
  and using "restrict the people visible to each other using this profile".
  I have assigned the security profile to HR user responsibility
  But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
  When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
  Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
  I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
  Please suggest.
  Thanks & Regards,
  Anusha.

  Hi All ,
  i solved the problem by using event 01 of header view and using the table "Extract" .
  Regards,
  Neha

• Access to IPortalComponentRequest in custom security manager

  Hi All,
  I am implementing a custom security manager. For my requirements, I need IPortalComponentRequest object in the security manager class. Can anyone give me a clue to get the request object in security manager implementation.
  Regards,
  Yoga

  Hi Romano,
  I tried this. Its returning mysapsso2 cookie and authentication_schema cookie. But not retuning any custom cookies added to the response from any other application.
  What I have tried to achieve is:
  1. When a user login and authentication suceeds, I will add a custom cookie to the response.
  2. Get the custom cookie added in the security manager class and do manipulations to check whether the user is authenticated.
  Using the method you have suggested, I was not able to get any custom cookies added in other applications.
  I tried the code using resource context(resource context obtained form IUser) as suggested in other threads,
  HttpServletRequest request = (HttpServletRequest) resourceContext.getObjectValue("http://sapportals.com/xmlns/cm/httpservletrequest");
  But this API returns null.
  Any way to achieve?
  Regards
  Yoga

• SSRS Custom Security / Sql Server Data Tools / SQL Management Studio?

  We are planning on implementing custom security for SSRS via IAuthenticationExtension and IAuthorizationExtension.
  Once we switch SSRS from Windows security to our own custom security (based upon external user table in sql), how will that affect:
  1. Publishing reports from SSDT for VS2013
  2. Connecting / Managing SSRS from SQL Mgmt Studio
  SSRS 2014
  scott

  Hi scott_m,
  According to your description, you want to know effect when using custom Authentication and Authorization. Right?
  In Reporting Services, for deploying a report from SSDT to report server, it requires the current user has permission to create reports. It's has nothing to do with the Authentication and Authorization. For managing SSRS in SSMS, it's directly accessing
  the report server database. It will not call the web service, the custom Authentication and Authorization will not effect managing.
  For the internal working of Authentication and Authorization in Reporting Services, please refer to links below:
  Authorization in Reporting Services
  Authentication in Reporting Services
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou
  "In Reporting Services, for deploying a report from SSDT to report server, it requires the current
  user has permission to create reports."
  Simon, How does SSDT know who the current user is when custom authentication is enabled in SSRS?
  thanks
  scott

• How to pass custom cookie from report builder application to SSRS Custom Security Extension?

  We want to implement SSRS in SaaS model. We implemented Custom Security extension in order to authenticate users from other application. When user enters username/password, i would like to authenticate the user in other application and it will return some data which can be used for autherization. I am expecting the same set of data will be accessible during all autherization calls.
  Currently we are implementing this in Report Builder application. I couldn't able to persist the information in cookie. Report builder removes all the cookies exceprt one cookie which is used by report server.Is there any way to share the information in all reportbuilder autherization calls in same session?

  if you have your own data extension, you can using
  HttpContext.Current.Application.Add("yourkey",
  yourdata);
  to save your data, but the issue I met it the key, I cannot find a key depended on report builder. If I use username, if the user open 2 report builder, both of them will get the same key and same data, but at this case the data should be different.
  I hope it will help you.

• Cannot assign custom security manager to repository

  Hello,
  I've been following the details on how to implement a read-only security manager (https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e2ddd63d-0b01-0010-46bb-e092790068cb) and I have run into the following problem:
  After following the instructions for option B in the document (creating a security manager only) and  deploying my project, the new security manager appears in the list of managers on the admin screen (Content Management -> Repository Managers -> Security Manager) but it is not available in the drop down list of security managers for my repository. Without that entry I cannot apply the new security manager to my repository.
  According to the document, the new security manager should be part of this list but it is not even after I've restarted the J2EE engine.
  The document is dated May 2006 so perhaps there have been some changes to the system that are not covered in the document. We are running NW 7.0 SP14.
  Any help in determining why my custom security manager is not part of the security manager drop down list would be appreciated.

  Ok, after much decompiling and inspection of the standard KM security manager implementations I found the answer to my question.
  Basically I found that the security manager tutorial only applies if you plan on using your custom security manager with your own custom repository manager. You cannot apply a security manager created using that document to a standard KM repository manager.
  In my case I want to apply a custom security manager to a standard KM File System Repository. By inspecting the SFSRepositoryManager.cc.xml file I found the following entry:
  <attribute name="securitymgr.ref" type="ref" refType="/cm/repository_managers/security_managers/SecurityManager" mandatory="false" hotReload="true" />
  The refType value defines which security managers are displayed in the drop down list of available Security Managers at runtime for the repository manager. In order to get a custom security manager to be available you must define the cc.xml for your custom security manager so that it extends "SecurityManager" not "SecurityManagerMi" as the tutorial describes.
  Changing the extension means your security manager implementation must also change so that it extends com.sapportals.wcm.repository.manager.AbstractRepositorySubManager and implements com.sapportals.wcm.repository.manager.ISecurityManager.
  Now if only I could figure out how to reward points to myself .....

• The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.

  Last night, some of our systems installed updates released on 11/13/2014.  
  KB3021674
  KB2901983
  KB3023266
  KB3014029
  KB3022777
  KB3020388
  KB890830
  Today, all of the servers running Windows Server 2008 R2 started logging the following error in the Security log over and over:
  Log Name:      Security
  Source:        Microsoft-Windows-Eventlog
  Date:          1/15/2015 11:12:39 AM
  Event ID:      1108
  Task Category: Event processing
  Level:         Error
  Keywords:      Audit Success
  User:          N/A
  Description:
  The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
  Servers running Windows Server 2008 that also installed the updates are not experiencing the problem.  It looks like one of the updates may have introduced this problem with Server 2008 R2.

  ...Did you for sure confirm that:
  https://technet.microsoft.com/library/security/MS15-001
  is the cause?
  I did.  I had a VM that was not experiencing the problem.  I took a snapshot and tested the patches one by one.  Installing only KB3023266 immediately caused the issue to occur (after reboot).  A similar process was used to confirm that
  installing KB2675611 resolved the problem.
  Note that I found the installation of KB2675611 is usually quick, but it took several hours hours to install on some of our systems.  We had installed this patch a few months ago on a couple of servers and it was always quick to install.  But,
  it seems like installing it on a symptomatic system can cause it to take a long time.