Default security realm
Hi,
I recently downloaded Weblogic7.0. And I have created a new security realm. But there
is no option i can see on the console to set the new security realm as default realm.
If anyone did this before, please reply me.
Thanks
Venkat
Its available under Domain(examples)---->Security---->General
Venkat wrote:
Hi,
I recently downloaded Weblogic7.0. And I have created a new security realm. But there
is no option i can see on the console to set the new security realm as default realm.
If anyone did this before, please reply me.
Thanks
Venkat
Similar Messages
-
BEA public API (WLS6.1)for programatically updating default security realm?
Hi,
Does anyone know how to use BEA's public API to programmatically add/update WLS
6.1 user credentials in the default security realm? The API would of course
automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
Is there a way to do such updates by programmatically engaging the WLS security
realm related Mbeans? I basically need to do (from a deployed application component)
what is easily done from the WLS Console's [security->User->Add User/Change
Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
command line utility (or wlshell also) uses to make updates. But I doubt that
the classes used by these tools are in BEA's public API for WLS 6.1. Especially
important to me would be the BEA API mechanism that takes a clear-text password
and hashes it to the encrypted format written in fileRealm.properties (and synchronized
w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate a large
Oracle table of (*user, clear-text -password, group) records into the default
WLS security realm. Thanks for any insights.
BenThanks to another's post, I have found the answer to my problem in the Girdley/Woollen/Emerson
book "J2EE Applications and BEA WebLogic Server" pp. 496-498:
Note: this code segment is for WLS 6.1 and this API is said to be deprecated
in WLS 7+
//Roughly outlined, assuming session w/ userName, groupName, password Strings
in HTTP Post request
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
weblogic.security.acl.Security.getRealm();
weblogic.security.acl.User u;
weblogic.security.acl.Group g;
u = realm.newUser(userName, password, null);
g = realm.getGroup(groupName); // use g = realm.newGroup(groupName) if groupName
does not exist in realm
g.addMember(u);
//log in the new user
int rc = weblogic..servlet.security.ServletAuthentication.weak(userName, password,
httpSession);
// use realm.deleteUser(u), realm.deleteGroup(g) as appropriate, etc.
"Ben Cotton" <[email protected]> wrote:
>
>
Hi,
Does anyone know how to use BEA's public API to programmatically add/update
WLS
6.1 user credentials in the default security realm? The API would of
course
automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
Is there a way to do such updates by programmatically engaging the
WLS security
realm related Mbeans? I basically need to do (from a deployed application
component)
what is easily done from the WLS Console's [security->User->Add User/Change
Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
command line utility (or wlshell also) uses to make updates. But I
doubt that
the classes used by these tools are in BEA's public API for WLS 6.1.
Especially
important to me would be the BEA API mechanism that takes a clear-text
password
and hashes it to the encrypted format written in fileRealm.properties
(and synchronized
w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate
a large
Oracle table of (*user, clear-text -password, group) records into the
default
WLS security realm. Thanks for any insights.
Ben -
Is this possible to use no default security realm?
Hi,
I created new security ReadOnlySQLAuthentication provider in the default realm and it works. Now I have all the users from all applications in one realm. If they use the same enterprise roles, user can log to one application with login and password from another application. To prevent it I created another security realm. I've added ReadOnlySQLAuthentication provider, set in my application new realm name - in jazn-data.xml and web.xml. But it doesn't work. My questions are:
It is possible to use few realms? So one application will use default realm, another no default realm.
If so, how to bind an application to no default realm?
BartHi,
A WLS instance only supports a single realm. So the answer unfortunately is no (was different with OC4J)
Frank -
How to create default groups in Weblogic- Security Realms -- Groups
Hi Team,
Unfortunately I have deleted some default groups from Weblogic->Security Realms --> Groups. How to add the groups.
Regards,
Ravi.Hi Ravi,
These are the defaults groups present inside Security Realms ,you can manually create them by
Going inside Security Realms-->Users and Groups-->Groups-->New
Administrators----Administrators can view and modify all resource attributes and start and stop servers-----------------------DefaultAuthenticator
Deployers---------Deployers can view all resource attributes and deploy applications.---------------------------------------------DefaultAuthenticator
Monitors-----------Monitors can view and modify all resource attributes and perform operations not restricted by roles.------DefaultAuthenticator
Operators---------Operators can view and modify all resource attributes and perform server lifecycle operations.-------------DefaultAuthenticator
Restart the Admin Server
Regards
FAbian -
How to list all users present in Default Autheticator in WebLogic Security Realm
Hi All,
I need to get a list of all the users in my Weblogic server--> security realm--> Default Authenticator
There are more than 1000 users present in my security realm for different different Authentication Providers. So I can not get these details from WebLogic Admin Console.
Can anyone please help me in getting this list of all users in Default Authenticator? Please let me know how can I get these details.
My WebLogic version is 10.3.4.0
Thanks in Advance!You can use JMX to list users
http://weblogic-wonders.com/weblogic/2010/11/10/list-users-and-groups-in-weblogic-using-jmx/ -
What is the best way to deploy/update custom security realm classes to WLS 6.0?
From the WLS 6.0 console, I see that I can specify the Java class that
implements my custom security realm but I am wondering what is the best way
to deploy/update this code. I don't see a way to do this from the console.
Does this mean that I have to manually copy the class files over that
implement my custom security realm?Thanks Danut,
A jar file seems to be a good way to package it up but it sounds like it
still needs to be manually copied to each Weblogic server install directory
post-installation and whenever it is updated. I thought it would be nice to
be able to deploy/update the custom security realm by uploading it through
the Console just as you can with web applications and EJBs.
Brian
"Danut Prisacaru" <[email protected]> wrote in message
news:3aba2db0$[email protected]..
You have to have your Custom Realm class in the class path. I usually havea
jar file with all the Custom Realm classes and that jar I copy it in thelib
folder. Then I modify "startWebLogic.cmd" and I add to the classpath
".\lib\CustomRealm.jar"
set
CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar;.\lib\CustomRealm.jar;
>
Be aware that in order to have you custom realm besides creating thecustom
realm using the console you also have to create a custom caching andchoose
that one as your default caching realm.
Here is how the security settings are looking in my "config.xml"
<CustomRealm Name="CustomRealm"
RealmClassName="Custom.appserver.weblogic.security.CustomRealm"/>
<CachingRealm BasicRealm="CustomRealm" CacheCaseSensitive="true"
Name="CustomCachingRealm"/>
<Realm CachingRealm="CustomCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_realm"/>
<FileRealm Name="wl_default_file_realm"/>
<Security GuestDisabled="false"
Name="mydomain" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm"/>
Danut -
BEA-090078 User ovowl in security realm myrealm has had 5 invalid login
Hi,
I created new domain for 10.3.4.0. there are two default users weblogic and OracleSystemUser. But in admin stdoutlog file, there are continuous below errors
<XXXXXXXXX> <Notice> <Security> <BEA-090078> <User ovowl in security realm myrealm has had 5 invalid login attempts, locking account for 30
minutes.>
can you pls let me know where can i find ovowl user in weblogic domain.
Thanks.my guess is this user "ovowl" doesn't exist at all.
I have tried logging into the console for 5 times with a non existing username, and I got the same error:
<17-May-2011 16:10:32 o'clock CEST> <Notice> <Security> <BEA-090078> <User weblogic1 in security realm myrealm has had 5 invalid login attempts, locking account for 30 minutes.>
but there is no user "weblogic1".... -
Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
I don't remember how have I done it. Somehow I made me a 'file' based realm (name file) and then set in weblogic-application.xml
<security>
<realm-name>file</realm-name>
</security>and I remember that that was it...
but now... it gives me weblogic.security.service.InvalidParameterException: [Security:090396]Security Realm file does not exist ...
If i do the same thing with the defaul myrealm it works... I don't remember setting the file realm as default...
Do you know how can I change the realm for my application?
ThanksThanks Vishnu,
I made a stupid thing I added SQLAuthenticator to the default and the db instance is down ... now I have to manually remove it from config.xml -
BEA WebLogic 8.1 server not booting after adding a security realm
Hi,
I have added my own security realm for BEA WebLogic Server 8.1.
However, when I try to boot the server using this realm, it simply hangs. I cannot
take thread dumps as the server java process does not respond to "kill -3 PID"
(after the server has hung).
When I looked at the server log file, I observed that the server had hung after
initializing the IIOP subsystem.
I have attached herewith the following 3 files:
1. config.xml (the server config file after adding entry for my security realm)
2. default_realm.log (the server log file when booted through the default realm)
3. netpoint_realm.log (the server log file when booted through my realm).
Is there any way, I can debug where the server is exactly hanging?
Thanks and Regards,
Abhinay
[BEA_Files.zip]is it admin server or Managed server which isnot starting?
Mir -
RDBMS Security realm 6.1-8.1 migration
I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
Security' node appearing in the left-hand console pane. The contents of the Users
and Groups nodes visible under this node look correct (ie as defined in the underlying
database).
However, to get to this point I had to initially hardwire the values for the database
driver, url, user and password as these were null when obtained from the associated
RDBMSRealmMBean object, causing the server to fail to start. This enabled me
to bootstrap the process so that I could use the console to enter these values
on the Database tab for the Realm I had defined for Compatibility Security. I
see no mention of this step in the instructions referred to above and therefore
missed out this vital step.
When WLS8.1 starts it displays:
<date&time> <Notice> <Security> <BEA-090082> <Security initializing using security
realm myrealm.>
myrealm is a Realm listed under Security but I would have expected the realm to
be the specially-defined realm associated with Compatibility Security. So, question
number 1 - does this output from WLS indicate that it is using the Compatibility
Security realm or the default realm?
Although the console displays the expected set of users and groups , my application
is failing to associate a user with a 'role' - the Groups node shows that user
U is in group G but when the application invokes the SessionContext method isCallerInRole(String
role) where the caller is U and the role is G the result of the invocation is
false. Question number 2 - why does this not return true in this case?
Note, this code (that I have inherited) worked fine in WLS6.1 and the only significant
change I needed to make for WLS8.1 is in the wrapper classes, in particular the
code to get the required RDBMSRealmMBean. Having now successfully got hold of
this object I would have expected the rest of the code to work fine (ok, 'expected'
is a bit optimisitic - but I'm not aware that there are any functional differences
beyond obtaining the RDBMSRealmMBean object).
Many thanks in advance for any assistance with this.
DavidMehrshad
I wasn't involved in the original WL6.1 code development but this is based on
the example code that BEA provide with the WLS6.1 installation - it should therefore
be visible at ~bea/wlserver6.1/samples/examples/security/rdbmsrealm
HTH
David
"Mehrshad Setayesh" <[email protected]> wrote:
>
David:
I am trying to do the same thing and can not find which RealmClassName
to use
in 8.1. In our previous version, 6.1, I was using com.bea.wlpi.rdbmsrealm.RDBMSRealm.
What is the mapping
Java class in 8.1? Thanks.
Regards
Mehrshad
"David Franklin" <[email protected]> wrote:
I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
Security' node appearing in the left-hand console pane. The contents
of the Users
and Groups nodes visible under this node look correct (ie as defined
in the underlying
database).
However, to get to this point I had to initially hardwire the values
for the database
driver, url, user and password as these were null when obtained from
the associated
RDBMSRealmMBean object, causing the server to fail to start. This enabled
me
to bootstrap the process so that I could use the console to enter these
values
on the Database tab for the Realm I had defined for Compatibility Security.
I
see no mention of this step in the instructions referred to above and
therefore
missed out this vital step.
When WLS8.1 starts it displays:
<date&time> <Notice> <Security> <BEA-090082> <Security initializingusing
security
realm myrealm.>
myrealm is a Realm listed under Security but I would have expected the
realm to
be the specially-defined realm associated with Compatibility Security.
So, question
number 1 - does this output from WLS indicate that it is using the Compatibility
Security realm or the default realm?
Although the console displays the expected set of users and groups ,
my application
is failing to associate a user with a 'role' - the Groups node shows
that user
U is in group G but when the application invokes the SessionContextmethod
isCallerInRole(String
role) where the caller is U and the role is G the result of the invocation
is
false. Question number 2 - why does this not return true in this case?
Note, this code (that I have inherited) worked fine in WLS6.1 and the
only significant
change I needed to make for WLS8.1 is in the wrapper classes, in particular
the
code to get the required RDBMSRealmMBean. Having now successfully got
hold of
this object I would have expected the rest of the code to work fine(ok,
'expected'
is a bit optimisitic - but I'm not aware that there are any functional
differences
beyond obtaining the RDBMSRealmMBean object).
Many thanks in advance for any assistance with this.
David -
Hi,
we are using weblogic workshop 8.1.. When we try to create a new security realm and set that as default realm instead of myRealm.. and reboot the server...
we are getting authentication denied exception and does not reboot.. i understand that default user/pass weblogic/weblogic holds good only for original myRealm and not the new security realm..
how do we resolve this....
Thx & Rgds,
RamachandranMonduke,
Thanks for the suggestion.
we are trying to opt your first part. i.e. only one ADS Authenticator..
we had a doubt while creating weblogic user like where to add(which folder). Moreover there are built-in administrators group in ADS.. Will adding weblogic under that group solve the problem as i doubt how WLS will understand that.
I tried adding weblogic in built-in Administrators group..
I could see the ADS users in Admin Console but in WLIConsole's User Management i could only see the following error..
Error
java.lang.NullPointerException
at weblogic.management.commo.CommoProxy.invoke(Ljava/lang/Object;Ljava/lang/reflect/Method;[Ljava/lang/Object;)Ljava/lang/Object;(CommoProxy.java:397)
at $Proxy1.listUsers(Ljava/lang/String;I)Ljava/lang/String;(Unknown Source)
at com.bea.wli.management.MBeanHelper.getUserNames(Ljava/lang/String;)Ljava/util/List;(MBeanHelper.java:630)
at com.bea.wli.oam.usermanagement.UserManagementHelper.searchUsers(Ljava/lang/String;Ljava/util/Locale;)[Lcom/bea/wli/oam/usermanagement/UserManagementHelper$UserInfo;(Unknown Source)
at com.bea.wli.oam.usermanagement.servlets.UserManagement.viewUsers(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.usermanagement.servlets.UserManagement.processRequest(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.usermanagement.servlets.UserManagement.doGet(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.core.BaseServlet.userService(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.core.BaseServlet.run()Ljava/lang/Object;(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic/security/subject/AbstractSubject;Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Lweblogic/security/acl/internal/AuthenticatedSubject;Lweblogic/security/acl/internal/AuthenticatedSubject;Ljava/security/PrivilegedExceptionAction;)Ljava/lang/Object;(SecurityManager.java:147)
at com.bea.wli.security.authentication.AuthenticationService.runAs(Ljava/security/PrivilegedExceptionAction;Lweblogic/security/acl/internal/AuthenticatedSubject;)Ljava/lang/Object;(AuthenticationService.java:109)
at com.bea.wli.oam.core.BaseServlet.secureService(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at com.bea.wli.oam.core.BaseServlet.service(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V(Unknown Source)
at javax.servlet.http.HttpServlet.service(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava/lang/Object;(ServletStubImpl.java:1072)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Lweblogic/servlet/internal/FilterChainImpl;)V(ServletStubImpl.java:465)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V(ServletStubImpl.java:348)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava/lang/Object;(WebAppServletContext.java:6985)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic/security/subject/AbstractSubject;Ljava/security/PrivilegedAction;)Ljava/lang/Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic/security/acl/internal/AuthenticatedSubject;Lweblogic/security/acl/internal/AuthenticatedSubject;Ljava/security/PrivilegedAction;)Ljava/lang/Object;(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic/servlet/internal/ServletRequestImpl;Lweblogic/servlet/internal/ServletResponseImpl;)V(WebAppServletContext.java:3892)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic/kernel/ExecuteThread;)V(ServletRequestImpl.java:2766)
at weblogic.kernel.ExecuteThread.execute(Lweblogic/kernel/ExecuteRequest;)V(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:183)
at java.lang.Thread.startThreadFromVM(Ljava/lang/Thread;)V(Unknown Source)
As mentioned earlier, we are badly in need of help to solve this.. will be grateful, if u could help us on this...
Thanx & Regards,
Ramachandran.P.J -
Conf. a Win2K Security Realm on WebLogic
Hi! I'm having some problems configuring a security realm in WebLogic
server 6.0sp1.
I'd like that WebLogic use the Windows2000 security realm as the
default security (it can be used as the secondary security realm
if it's the only way).
We've been trying to make it work for the last two (business) days
with no hope of being successfull at all.
We are using the BEA documentation 'Managing Security' as reference,
and we have some doubts about what's in there.
First doubt: The documentation says that we need to create new
security realm of the type Windows NT. OK, we did it. But we are
not sure about how to fill the filed Primary Domain. The documentation
says to put the host and port of the computer where User and Groups
are defined for the NT domain. I'm using the same computer for
both (NT domain and Web Logic), so I put the host name (babalu).
Wich port should I put?
Second doubt: The documentation says to create a systerm user on
the NT domain using NT administrative tools, names it 'system'
and set some stuff for it. But windows 2000 already has a user
with that name (SYSTE, but capitalized) and the property that I
should set on it doesn't exist! By the way, on the system user
user that windows2000 has I wasn't able to set any property.
Last doubt (maybe should be the first one) : Does WebLogic 6.0sp1
support Security Realms from Windows 2000? Or I need to download
another plugin or somethign like that?
Thanks for Reading and (hope) Answering my qusetions!
Roberto Giordano BarraHi! Thanks for the answer. I'll try to run WebLogic as a service.
In fact, I tried it before but I wasn't able to. I started the
service by hand, but I wasn't able to access the server. So, I
click on the 'remove web logic as service'(something like that)
in the WebLogic program group. Ok, it was removed. But when I tried
to put it back I didn't find no funny button to help me! Could
you help me with that?
Another thing. If I use NT Realm as a Caching Realm I'll be
able to see the NT user and users groups with the Web Logic management
GUI ?
Thanks once again,
Roberto Giordano Barra
"arthur" <[email protected]> wrote:
>
Hi,
By saying win2k I am assuming you mean creating an NT
realm.
Do not bother specifying a port, just put the server name.
You have to ensure that you are running the weblogic server
as
a NT service if you want to use the NTrealm.
Make sure under Caching Realm you specify the NTrealm.
That should be it.
Hope this helps.
Regards,
-Arthur
"Roberto Giordano Barra" <[email protected]> wrote:
Hi! I'm having some problems configuring a security
realm in WebLogic
server 6.0sp1.
I'd like that WebLogic use the Windows2000 securityrealm
as the
default security (it can be used as the secondary security
realm
if it's the only way).
We've been trying to make it work for the last two (business)
days
with no hope of being successfull at all.
We are using the BEA documentation 'Managing Security'
as reference,
and we have some doubts about what's in there.
First doubt: The documentation says that we need to create
new
security realm of the type Windows NT. OK, we did it.
But we are
not sure about how to fill the filed Primary Domain.The
documentation
says to put the host and port of the computer where User
and Groups
are defined for the NT domain. I'm using the same computer
for
both (NT domain and Web Logic), so I put the host name
(babalu).
Wich port should I put?
Second doubt: The documentation says to create a systerm
user on
the NT domain using NT administrative tools, names it
'system'
and set some stuff for it. But windows 2000 already has
a user
with that name (SYSTE, but capitalized) and the property
that I
should set on it doesn't exist! By the way, on the system
user
user that windows2000 has I wasn't able to set any property.
Last doubt (maybe should be the first one) : Does WebLogic
6.0sp1
support Security Realms from Windows 2000? Or I needto
download
another plugin or somethign like that?
Thanks for Reading and (hope) Answering my qusetions!
Roberto Giordano Barra -
Hi,
I have different sets of users coming from different databases and using different
roles mapping for each of my web applications. I would like to configure a specific
security realm per application in my weblogic server 7.0 . Is it possible ?
I try to specify the realm-name of the login-config tag from the web-xml deployement
descriptor but it doesn't make any difference. The default realm is always used.
I also would like to tell the Weblogic server to use the default realm in case
the realm isn't specified or isn't found. For example, the default would contains
my admin users.
Thanks a lot for your answer.
IzI thik this is a common mistake the ralm-name tag in the deployment descriptor is used
just by the browser for display purposes (when it opens the basic auth dialog box) so as
of now there is only 1 active realm which can have multiple providers as Kevin pointed
out
Kevin Lewis wrote:
WebLogic 7 now ignores the realm-name tag (I found that out yesterday).
My understanding is that there is only one realm active at a time for a domain
(I would be interested in being contradicted in this).
However, you can have multiple providers in each category of a realm: authentication,
authorization, etc. Therefore, what you can do is key authentication, et al,
off of some other information. We have our users enter their company, for example,
and use the TextInputCallback to get it. You could also encode something in the
initial page, based on the URL they hit, or whatever, and get that back in your
callback.
You can store that information in your own Principal implementation, and key off
of that in your authorization provider, going to a different database as appropriate,
or abstaining when a specific provider doesn’t have anything to say about a subject.
Anyway, there should be a way to do it, even if it's more complex than you would
have hoped.
--Kevin
Maybe you are looking for
-
I am using Snow Leopard and have created a movie in 16:9 format (SD not HDV) I created a movie which stays in the 16:9 format in fcp file, .mov fiule and MP4 file. I created an iDVD pane in 16:9 but when I play the movie in the iDVD preview window th
-
does latest version of bootcamp installed on late 2013 rMBP put thunderbolt drivers for lacie external thunderbolt/USB 3.0 drive? I am wiping my current windows bootcamp partition and reinstalling windows using disk utility /bootcamp wizard to clean
-
Execute code from a text file ...
Hello , Would like to know whether it is possible to have my ABAP code in a text file in desktop and then execute the code by reading it into an ITAB in another ABAP program . Note : Pl. dont suggest how to upload and create a new program . I dont w
-
Representing coax cable in Multisim
I am trying to simulate a 50 ft coax cable connected to a signal generator on the left-hand side and a 50 ohm load on the right-hand side. How would I build this using Multisim?
-
supose we have a record of STOP PAY for an employee on a given day ,now if LEAVING or RESIGN ACTION comes on the same day then it deltes the record from PA30 as well as from PA0000 table In such case can anyone tell where this STOP PAY actions gets m