Enabling Trust Between WebLogic Server Domains

Hi everyone,
We have two sites, each one running one WL 8.1 instance. The problem is that we have different users in each one, and they need to access both sites (using a RMI call).
When the user is created in both sites, there is no problem. But we do not want to replicate all users in all sites.
So this is what we are trying to do:
Create the user in one site and enable trust between Weblogic Server domains (giving both sites the same password), so once one user is authenticated, the other site will not try to authenticate this user again. But since this user does not exist in the other site, he has no permission to do anything at all. Because of that we receive the following error message: "User a7ax does not have permission on br to perform lookup operation."
Does anyone have any idea about how we can handle this, and enable the users to use other sites, without creating the user in both sites?
Thanks in advance.
Cesar

In order to debug this issue you need to determine which kind of security has been applied on the web service deployed on remote weblogic server.
Whether it requires username/password from the calling web service ?
or it requires any kind of digital certificate from the calling web service etc......
the most usual secnario where cross-domain security is required is as:
If a user- Test calls a service- ServiceA on Weblogic Domain-domainA and provides its credentials and is authenticated properly.
Then if this service requires to call another service -ServiceB on another Weblogic Domain - DomainB which is also secured then there should be a cross-domain trust should be enabled between the domains DomainA and DomainB so that the subject populated in the domainA can be transferred to DomainB.
Now you should determine whether this is the secnario you are trying to achieve or it is something else.
Also try to use the following debug flag in the DomainB where the provider service is deployed to get the exact reason why it is failing to verify the security check.
-Dweblogic.DebugSecurityAtn=true
This debug flag is enabled as JAVA_OPTIONS.
Thanks,
Sandeep

Similar Messages

  • Global Trust Between WebLogic Domains ?

    Hi there,
    Need clarification on "Global Trust between weblogic domains "
    My scenario :
    WebLogic Version installed                : 10.3.5.0
    Linux physical machines                     :  2
              x - machine
              y - machine
    Now, I've created new domain with AdminServer , and 2 managed servers on x-machine. And, 2 more managed servers on y-machine.
         x-machine --> AdminServer + 2 managed servers
         y-machine -->  2 managed servers
    Created a cluster for all the 4 managed servers.
    My question : Though we have created 2 domains -
                                                                                         Domain 1- on x-machine where we have Admin + 2 nodes
                                                                                         Domain 2 - on y-machine where we have 2 nodes
    Now , do we require to create/enabe "Global trust between these domains to communicate  ? And, enable cross-domain security also  ? Is this required  ?
    Or in which situations we require to enable trust between domains ?
    Can someone explain me.
    Thanks

    Looking to this Oracle Doc >> http://docs.oracle.com/cd/E24329_01/web.1211/e24375/basics.htm#BRDGE128
    "Typical tasks required to manage a messaging bridge using the Administration Console include
    Creating a trusted security relationship. See "Configuring Domains for Inter-Domain Transactions" in Programming JTA for Oracle WebLogic Server"
    And, clicking the link to Configuring Domains for Inter-Domain Transactions, there's two types of communications:
    Inter-domain—The transaction communication is between servers participating in transactions that are not in the same domain.
    Intra-domain—The transaction communication is between servers participating in transactions within the same domain
    Check the rest of the doc to know how to configure each type, and apply the one that matches your case..
    Hope it helps
    Regards,
    Mohab

  • Do I need to enable trust between domains in the following scenario

    I have a domain x and domain y on 2 seperate machines. My client logs into domain x does stuff and logs out. The same client now logs into domian y and needs to do stuff, but the second domain kicks out the client by throwing an exception saying "invalid subject" etc .. But the same scenario works if I enable trust between both domains or have my client restart. What should I do so that the client can logout of domain x and login to domain y without having to enable trust betweeen domain x and y and without having to restart the client.
    Thanks
    Prashanth

    Hi Mike,
    there is no switching circuitry on the UMI, that could disable the Iso Power outputs and there is nothing you need to configure in MAX. If you can't measure a voltage between Iso Power and Iso Common pins on the Dsub outputs, the UMI might be defective (e. g. blown fuse). Please contact your local NI branch for repair options.
    Thanks and kind regards,
    Jochen

  • Enabling SSO with Weblogic Server

    Hi,
    Can someone please forward some documention on enabling SSO with Weblogic server for different applications using the admin console.
    Is enabling SSO only possible programmatically??
    Is there an external server amongst the Weblogic Platform that maintains this SSO information??
    Regards,
    Mukta

    Pradeep,
    Here are some questions for you.
    1. what version of Weblogic App Server you are using?
    2. Is it a weblogic Portal or a Java application deployed
       on a Weblogic App Server?
    3. You have mentioned that the users are stored in a table. Is it a database table ?
    Anyway see the following link as a starting point?
    http://e-docs.bea.com/wls/docs81/jconnector/security.html#1216783
    If the customer has lot of other web applications that they want to integrate you can look at third party authentication solutions (Ex: Siteminder). But if it is a few or limited applications then custom solution would be more appropriate from the cost perspective.
    Hope this can be a starting point.
    -Regards
    -Venkat Malempati

  • Failed to start Admin Server for Weblogic Server Domain

    I Created a domain named mydomain in weblogic server 10.3 in server 2003.But when i start Admin Server for Weblogic Server Domain from startmenu, it failed.
    I examined the log under domains\mydomain\servers\AdminServer\logs\AdminServer.log and got the following information:
    java.lang.NoClassDefFoundError:weblogic/ldap/EmbeddedLDAPChange
    at weblogic.ldap.EntryChangeListenerImpl.receiveEntryChanges(EntryChangeListenerImpl.java:28)
    Caused by :java.lang.ClassNotFoundException: weblogic.ldap.EmbeddedLDAPChange
    at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
    Caused by :java.util.zip.ZipException: error reading zip file
    at java.util.zip.ZipFile.read(Native Method)
    at java.util.zip.ZipFile.access$1200(ZipFile.java:29)
    weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attemping to load LDIF for provider RoleMapper from file ...\domains\mydomain\security\XACMLRoleMapperInit.ldift.
    at ...(CommonSecurityServiceManagerDelegateImpl.java:465)
    Caused by: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attemping to load LDIF for provider RoleMapper from file ...\domains\mydomain\security\XACMLRoleMapperInit.ldift.
    at .. (ServiceEngineImpl.java:365)
    Caused by: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attemping to load LDIF for provider RoleMapper from file ...\domains\mydomain\security\XACMLRoleMapperInit.ldift.
    at .. (BootStrapServiceImpl.java:910)
    Caused by: <openjpa-1.1.1-SNAPSHOT-r422266:891341 nofatal user error>kodo.jdo.UserException: This operation cannot be perfomed while a Transaction is active.
    at org.apache.openjpa.kernel.BrokerImpl.close(BrokerImpl.java:4087)
    ####<Critical><WebLogicServer><SOA><Adminserver><main><<WLS Kernel>><><><1282012271468><BEA-000362><Server failed. Reason:
    There are 1 nested errors:
    weblogic.security.service.SecurityServiceRuntimeException: [Security:090399] Security Services Unavailable
    at weblogic.security.service.CommonSecurityserviceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:916)
    I ignored some detailed error message.The runtime environment is server 2003 Enterprise Edition sp2.
    Thx in advance for any reply.

    Hello Djam,
    Please review the following:
    The FMW WebLogic Server (WLS) installation has been configured to use a non-default Java temporary files directory,
    i.e. the following has been set in the WebLogic startup or setDomainEnv.sh script:
    EXTRA_JAVA_PROPERTIES="-Djava.io.tmpdir=/appl/oracle/temp_java_files ${EXTRA_JAVA_PROPERTIES}"
    Reference: How to Change the WebLogic Server Location for Temporary Files (Doc ID 1336002.1)
    When the Middleware home was restored the directory specified by java.io.tmpdir parameter was missing,
    Therefore an IOException occurred when opening the wallet and WLS was unable to initialize the OPSS successfully.
    To resolve the issue re-create the directory specified by the java.io.tmp dir parameter, and make sure the owner and group access are the same as for the FMW installation.
    Unable Start AdminServer: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException (Doc ID 1923395.1)
    Bogdan

  • Error in creating an Oracle WebLogic Server domain

    Hi Everyone,
                        Am getting this following error when I tried to create a Weblogic Server Domain,Kindly help.I displayed the screen shot below,

    Hi
    It seems that the user installing the software does not have administrative rights.Login as user with Administrative right to configure WCC 11g

  • Enabling ssl on Weblogic server 5.1 using Verisign certificate.

    "Hi,I am trying to enable ssl in Weblogic server 5.1The properties set in my properties file areweblogic.security.certificate.server=servercert.pem(sent from the verisign via email)weblogic.security.key.server=cp8212-2d2-key.der(generated by the Certificate Servlet of Weblogic Server)

    "Hi,I am trying to enable ssl in Weblogic server 5.1The properties set in my properties file areweblogic.security.certificate.server=servercert.pem(sent from the verisign via email)weblogic.security.key.server=cp8212-2d2-key.der(generated by the Certificate Servlet of Weblogic Server)

  • Failure while extending weblogic server domain.

    Hello
    We are facing failure for registering/extending OID, OVD and OHS instances with the WebLogic Server Domain(10.3.5.0) on Windows. Weblogic domain server and URL(http://hostname:7001/console) is up and running; however we are not able to Telnet 7001 port or access Weblogic domain URL from OID/OVD/OHS server.
    Please note OID, OVD/OHS/Admin server are hosted on three different m/c.
    Web Logic Server Domain: 10.3.5.0
    OID, OVD, OHS: 11.1.1.5
    OS: windows server 2008 32 bit
    While extending we are getting error:
    INST-07242: Unable to Connect to Oracle Weblogic Middleware Admin Server
    While registering using below opmnctl command getting error:
    Command Used:
    C:\Oracle\admin\oid_inst1\bin>opmnctl registerinstance -adminHost hostname -adminPort 7001 -adminUsername weblogic
    Command requires login to weblogic admin server (hostname):
    Username: weblogic
    Password:
    Command failed: Unable to connect to the admin server. Verify it has been start
    ed and is accessible.
    Details are logged in C:\Oracle\admin\oid_inst1\diagnostics\logs\OPMN\opmn\provi
    sion.log
    opmnctl registerinstance: failed.
    Error: Refer attached log file for more details.
    Caused by: javax.naming.NamingException: Couldn't connect to the specified host [Root exception is org.omg.CORBA.COMM_FAILURE:   vmcid: SUN  minor code: 203  completed: No]
    at weblogic.corba.j2ee.naming.Utils.wrapNamingException(Utils.java:83)
    at weblogic.corba.j2ee.naming.ORBHelper.getORBReferenceWithRetry(ORBHelper.java:656)
    at weblogic.corba.j2ee.naming.ORBHelper.getORBReference(ORBHelper.java:594)
    at weblogic.corba.j2ee.naming.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:85)
    at weblogic.corba.j2ee.naming.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:31)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:46)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.java:223)
    at javax.naming.InitialContext.<init>(InitialContext.java:197)
    at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:178)
    ... 9 more
    Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed: No
    at com.sun.corba.se.impl.logging.ORBUtilSystemException.writeErrorSend(ORBUtilSystemException.java:2259)
    at com.sun.corba.se.impl.logging.ORBUtilSystemException.writeErrorSend(ORBUtilSystemException.java:2281)
    at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.writeLock(SocketOrChannelConnectionImpl.java:957)
    at com.sun.corba.se.impl.encoding.BufferManagerWriteGrow.sendMessage(BufferManagerWriteGrow.java:53)
    at com.sun.corba.se.impl.encoding.CDROutputObject.finishSendingMessage(CDROutputObject.java:144)
    at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.finishSendingRequest(CorbaMessageMediatorImpl.java:247)
    at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete1(CorbaClientRequestDispatcherImpl.java:355)
    at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(CorbaClientRequestDispatcherImpl.java:336)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(CorbaClientDelegateImpl.java:129)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.non_existent(CorbaClientDelegateImpl.java:232)
    at org.omg.CORBA.portable.ObjectImpl._non_existent(ObjectImpl.java:137)
    at weblogic.corba.j2ee.naming.ORBHel
    Trouble shooting steps tried:
    •     Firewall Off on both the server
    Edited by: 993281 on Mar 12, 2013 2:52 AM

    Did you get an answer to this problem? The opmnctl registerinstance failed with exactly the same error. In my case I know I misspelled the domain name during the install dialog and now need to correct the name, but I can't find where the name is located to correct it or which tool to use or which file I should edit? I looked through the Weblogic admin console and EM admin console but with no luck. Do you or anyone else know how I can edit the name of the host so I can move forward with my installation? It seems like it would be simple to find and change. Thanks.

  • Differences between Weblogic Server and Weblogic Server Suite?

    Hi
    What is the differences between Weblogic Server and Weblogic Server Suite, beside licens costs?
    Regards
    /Martin

    WebLogic server standard edition, you get the WebLogic with no clustering.
    Clustering is available in the WebLogic Enterprise Edition.
    The WebLogic Suite also gives you Coherence and JRockit real-time
    A desciption of the various products can be found here: http://www.oracle.com/us/products/middleware/application-server/index.html

  • Authentication needed after doing trust between two different domains.

    Hi There,
    I have a problem when i did the trust relationship between two different domains in two different forests ,,in the trust relationship steps all working two ways trust,with external trust,stub zone created on both domains and they are validated in both sides
    ,,my problem is with the objects it can't be retrieved from side and it can be from the other side . For instance :
    NY domain can get the users and computers of 2012DC1 
    but 2012DC1 can't get the users and computers of NY
    Date and time are the same,i am always getting this error 
    The session setup from computer '2012DC1' failed because the security database does not contain a trust account 'test.com.' referenced by the specified computer.  
    USER ACTION  
    If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'test.com.' is a legitimate machine account
    for the computer '2012DC1' then '2012DC1' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise,
    the following steps may be taken to resolve this problem:  
    If 'test.com.' is a legitimate machine account for the computer '2012DC1', then '2012DC1' should be rejoined to the domain.  
    If 'test.com.' is a legitimate interdomain trust account, then the trust should be recreated.  
    Otherwise, assuming that 'test.com.' is not a legitimate account, the following action should be taken on '2012DC1':  
    If '2012DC1' is a Domain Controller, then the trust associated with 'test.com.' should be deleted.  
    If '2012DC1' is not a Domain Controller, it should be disjoined from the domain.
    Can you please help me in this error.
    Thank You in advance.

    Hello,
    "The session setup from computer '2012DC1' failed because the security database does not contain a trust account 'test.com.' referenced by the specified computer. "
    This belongs to the machine 2012Dc1 in test.com and not to the other domain from your trust. Seems for me that you mix the trust with the problems of the machine 2012DC1 in test.com.
    In this error message 2012DC1 has lost the trust to its OWN domain and therefore you have to find the reason. How exactly was this machine installed?
    Or was there a restore on that machine from not supported type of backup like image/clone/snapshot?
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://blogs.msmvps.com/MWeber
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    Twitter:  

  • Adding WebLogic Server Domain fails with UnsupportedClassVersionError

    Hi all,
    I am trying to add a WebLogic Server 10.3 domain to the Grid Control, but receive the following error:
    java.lang.UnsupportedClassVersionError: weblogic/jndi/Environment (Unsupported major.minor version 49.0)
    The discovery wizards asks for 'Administration Server Home Directory'
    The help document states:
    If you are adding BEA WebLogic Manager Server Release 9.x or higher, then specify the absolute path to the directory
    where wljmxclient.jar and wlclient.jar files are located. For example, <WL-HOME>/server/lib.
    The JDK version of BEA WebLogic is 1.6.x
    The JDK version of the Grid Agent is 1.4.2
    Clearly their is a mismatch here!
    Is there any solution to this?
    Thanks,
    Knut
    Edited by: user585799 on Feb 17, 2009 2:13 AM

    This is not a supported configuration .10.2.0.4 GC is not certified with WLS 10.3
    Edited by: mnazim on Feb 17, 2009 2:56 AM

  • Two-way forest trust between two (single domain) forests with multiple identical user ID's

    Domain and forest levels - Windows 2003 (they both have one 2008 R2 DC)
    We need to create a two-way forest trust between two separate single-domain forests. The problem is that these two forests already access each others resources through a S2S. Users have the same login names and passwords on both forests/domains. Now, we
    are combining their infrastructures and need to set up a trust. From what I'm reading, you can't create forest trusts if you have the same SIDs, user ID's, or computer name in each of the forests.
    I'm looking into AD migration tool to copy the userSIDs (SID history?) between forest/domain, deleting the user ID's in the domain we migrated from, and then setting up the trust, but I'm leery about doing it this way as there is no easy 'recovery' should
    something go wrong. 
    Any suggestions for the easiest way to setup this forest trust?

    Hi,
    To eliminate your worries, two user accounts have the same user name doesn’t mean that they have the same SID. Moreover, the user’s SID remains the same even after it has been renamed.
    The SID for domain account/group consists of a
    Domain Identifier and a Relative Identifier. Domain Identifier is unique in every domain within a forest, and a Relative Identifier is unique within domain. It is unlikely that two user accounts with or without the same account
    name from two forests have the same SID.
    The Technet article you mentioned is talking about duplicate SIDs instead of “duplicate computer name or user account”, I will submit a change request to Microsoft about this.
    If there are duplicate SIDs when you create forest trust, you need to delete one of them as the article guides.
    Here are some related articles below for your references:
    How Security Identifiers Work
    http://technet.microsoft.com/en-us/library/cc778824(v=WS.10).aspx
    Security Identifier Structure
    http://technet.microsoft.com/en-us/library/cc962011.aspx
    Security Identifier
    http://en.wikipedia.org/wiki/Security_Identifier
    I hope this helps.
    Amy Wang

  • What is the difference between WebLogic Server users and Portal users

    Hi All
    What is the difference between users created in the WebLogic server and those
    created from the webLogic Portal Admin console.
    - leo

    Hi Leo,
    The WebLogic server console allows you to create users in the File realm (
    http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1057106 , "Defining
    Users" ).
    The WebLogic Portal Admin console creates Portal users in the alternate security
    realm that was written to store user/password in the Portal schema. This realm is
    com.bea.p13n.security.realm.RDBMSRealm. See the javadoc for RDBMSRealm at (
    http://edocs.bea.com/wlp/docs40/javadoc/wlp/com/bea/p13n/security/realm/RDBMSRealm.html
    For information on alternate security realms see
    http://e-docs.bea.com/wls/docs61/security/prog.html#1041025 , "Writing a Custom
    Security Realm".
    For information on the File realm see
    http://e-docs.bea.com/wls/docs61/ConsoleHelp/security.html , "Security" and also
    search the WLS 6.1 docs for "File realm" for lots of other references.
    Leo wrote:
    Hi All
    What is the difference between users created in the WebLogic server and those
    created from the webLogic Portal Admin console.
    - leo--
    Ture Hoefner
    BEA Systems, Inc.
    2590 Pearl St.
    Suite 110
    Boulder, CO 80302
    www.bea.com

  • Security issue between weblogic server

    Hello,
    Here is security issue that we are facing.
    Here is setup
    Environment 1
    Admin server say "env1admin"
    Managed Weblogic Server say "env1managed"
    We deployed an EJB called HelloEJB in env1managed server and this has an api
    sayHello(). HelloClient is a client to HelloEJB.
    S/w Weblogic 6.1 sp3
    Environment 2
    Admin server say "env2admin"
    Managed Weblogic Server say "env2managed"
    We deployed an EJB called ServiceEJB in env2managed server and this has an api
    serviceRequest(). We use weblogic role based security and restrict access to this
    api by user HelloEJB.
    s/w Weblogic 6.1 sp3
    Here is how the system works:
    We start the env2admin, env2managed (ServiceEJB is which is a Stateless session
    EJB deployed in env2Managed)
    We start the env1admin and env1managed (HelloEJB(which is a Stateless session
    EJB is deployed in env1Managed)
    Test case:
    1)HelloClient invokes HelloEJB api sayHello().
    2)Now at this point in ejbCreate() at HelloEJB() end we get a reference to ServiceEJB
    using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
    api in ServiceEJB. Then gets back a response and then returns response to HelloClient.
    Now if we repeat the above testcase.
    After step1 in step2 HelloEJB though has all the permissions to invoke api on
    ServiceEJB gets an SecurityException.
    Question is why doe this happen. Only way HelloEJB can make api calls to serviceEJB
    is by making a lookup() every single time. Which is very expensive. I looked at
    documents what they say is leave the context open and never close it. Though I
    am doing that I am getting this exception.
    Any thoughts ?
    Thanks in advance,
    Vijay

    Here are the details of exception stack trace:
    java.rmi.AccessException: Security violation: insufficient permission to access
    method; nested exception is:
    java.lang.SecurityException: Security violation: insufficient permission
    to access method
    java.lang.SecurityException: Security violation: insufficient permission to access
    method
    at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:92)
    at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:63)
    at service.ServiceBean_nr0s19_EOImpl.sendServiceRequest(ServiceBean_nr0s19_EOImpl.java:25)
    at service.ServiceBean_nr0s19_EOImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:298)
    at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:93)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:267)
    at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    End server side stack trace
    ; nested exception is:
    Vijay
    "Vijay" <[email protected]> wrote:
    >
    Hello,
    Here is security issue that we are facing.
    Here is setup
    Environment 1
    Admin server say "env1admin"
    Managed Weblogic Server say "env1managed"
    We deployed an EJB called HelloEJB in env1managed server and this has
    an api
    sayHello(). HelloClient is a client to HelloEJB.
    S/w Weblogic 6.1 sp3
    Environment 2
    Admin server say "env2admin"
    Managed Weblogic Server say "env2managed"
    We deployed an EJB called ServiceEJB in env2managed server and this has
    an api
    serviceRequest(). We use weblogic role based security and restrict access
    to this
    api by user HelloEJB.
    s/w Weblogic 6.1 sp3
    Here is how the system works:
    We start the env2admin, env2managed (ServiceEJB is which is a Stateless
    session
    EJB deployed in env2Managed)
    We start the env1admin and env1managed (HelloEJB(which is a Stateless
    session
    EJB is deployed in env1Managed)
    Test case:
    1)HelloClient invokes HelloEJB api sayHello().
    2)Now at this point in ejbCreate() at HelloEJB() end we get a reference
    to ServiceEJB
    using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
    api in ServiceEJB. Then gets back a response and then returns response
    to HelloClient.
    Now if we repeat the above testcase.
    After step1 in step2 HelloEJB though has all the permissions to invoke
    api on
    ServiceEJB gets an SecurityException.
    Question is why doe this happen. Only way HelloEJB can make api calls
    to serviceEJB
    is by making a lookup() every single time. Which is very expensive. I
    looked at
    documents what they say is leave the context open and never close it.
    Though I
    am doing that I am getting this exception.
    Any thoughts ?
    Thanks in advance,
    Vijay

  • About WebLogic Server domain failover

    Hi Gurus,
    I have ran into problem when we have primary site failover to secondary site. If we want to have this failover automated, how should we configure? If this is a site to site failover which means IP will be changed, how can we do it without interrupt the original encryption.
    I suppose we need to copy
    1. config.xml
    2. filerealm.properties
    3. boot.properties
    4. SerializedSystemIni.dat
    5. anything inside /security folder.. etc
    The WebLogic Server version is 10.3.0
    FYI.
    <AdminServer> <main> <<WLS Kernel>> <> <> <1287220805185> <BEA
    -000386> <Server subsystem failed. Reason: java.lang.AssertionError: java.lang.reflect.InvocationTargetException
    java.lang.AssertionError: java.lang.reflect.InvocationTargetException

    Hi Kal,
    Thanks for your reply.
    Could you or anyone else comment on whether to replicate the primary site's configuration to the DR side or keep using the DR side's own configuration? What is the proper approach. p.s. There will be difference anyway, e.g. IP, hostname, etc.
    I have read some posts talking about a workaround to start the wls installation with development mode and then change encrypted text to clear text and then change to production mode.
    Regards,
    Fisher

Maybe you are looking for