Error generating custom authentication providor MBean
I'm using WLS 9.0 and am having troubles creating my custom authentication provider.
I have created my class that implements AuthenticationProviderV2 and my class that implements LoginModule and put my MBeanType xml file in the same package as my two classes.
However, when I run \bea\jrockit90_150_03\bin\java weblogic.management.commo.WebLogicMBeanMaker -MDF net\sundog\authentication\BobcatAuthenticator.xml -MJF SundogAuthenticator.jar -files . -createStubs -g -validateXML
I get the following output:
Creating an MJF from the contents of directory ....
Compiling the files...
Creating the list.
Doing the compile.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: : Generating the implementations for security MBeans
WLMaker-SubProcess: : no annotation found for key
WLMaker-SubProcess: : no annotation found for key [velocityCount]
WLMaker-SubProcess: : no annotation found for key [line]
WLMaker-SubProcess: : no annotation found for key [f]
WLMaker-SubProcess: : no annotation found for key [m]
WLMaker-SubProcess: : no annotation found for key [p]
WLMaker-SubProcess: : no annotation found for key [n]
WLMaker-SubProcess: : done
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: : Generating the parsing binders for security MBeans
WLMaker-SubProcess: : done
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: :
WLMaker-SubProcess: : Generating the bean infos for security MBeans ...
WLMaker-SubProcess: : no annotation found for key [import]
WLMaker-SubProcess: : no annotation found for key [property]
WLMaker-SubProcess: : no annotation found for key [beanConfigurable]
WLMaker-SubProcess: : no annotation found for key [propertyMethod]
WLMaker-SubProcess: : no annotation found for key [method]
WLMaker-SubProcess: : Generating Bean Factory Class to .\weblogic\management\security\SUNDOGAUTHENTICATORBeanInfoFactory.java
WLMaker-SubProcess: : done
WLMaker-SubProcess: : Stopped draining WLMaker-SubProcess:
WLMaker-SubProcess: : Stopped draining WLMaker-SubProcess:
WLMaker-SchemaGen-SubProcess : Generating schema for security provider mbeans ...
WLMaker-SchemaGen-SubProcess : [JAM] Warning: failed to resolve class tempFileDirForSchema.weblogic.management.security.ImportMBeanImpl
WLMaker-SchemaGen-SubProcess : [JAM] Warning: failed to resolve class tempFileDirForSchema.weblogic.management.security.pk.KeyStoreMBeanImpl
[---snip, many lines like the above---]
WLMaker-SchemaGen-SubProcess : [SEVERE] Could not resolve class: tempFileDirForSchema.weblogic.management.security.ImportMBeanImpl
WLMaker-SchemaGen-SubProcess : [SEVERE] Could not resolve class: tempFileDirForSchema.weblogic.management.security.pk.KeyStoreMBeanImpl
WLMaker-SchemaGen-SubProcess : [SEVERE] Could not resolve class: tempFileDirForSchema.weblogic.management.security.authentication.UserLockoutManagerMBeanImpl
WLMaker-SchemaGen-SubProcess : [SEVERE] Could not resolve class: tempFileDirForSchema.weblogic.management.utils.PropertiesListerMBeanImpl
[---snip, many lines like the above---]
WLMaker-SchemaGen-SubProcess : [SEVERE] initialization errors encountered, skipping compilation
WLMaker-SchemaGen-SubProcess: Stopped draining WLMaker-SchemaGen-SubProcess
WLMaker-SchemaGen-SubProcess: Stopped draining WLMaker-SchemaGen-SubProcess
Creating the list.
Doing the compile.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
Creating the MJF...
MJF is created.
The trouble is that it looks like it's not able to compile the classes that are supposed to be in the tempFileDirForSchema package. I am trying to follow the documentation and examples from the 9.0 documentation, and using the 8.1 samples when there isn't an updated 9.0 version available.
I figure the class compiling problems are the cause of this error I get when starting weblogic after deploying my authenticator:
eblogic.security.service.SecurityServiceRuntimeException:
[Security:090371]Problem instantiating Authentication Provider java.lang.NullPointerException
at
weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:258)
at
weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:328)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:592)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:442)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:695)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:724)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:775)
at
weblogic.security.SecurityService.start(SecurityService.java:133)
at
weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ServerWorkManagerImpl
$WorkAdapterImpl.run(ServerWorkManagerImpl.java:518)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:179)
Caused by: java.lang.NullPointerException
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:242)
at
weblogic.security.service.SecurityServiceManagerDelegateImpl.createSecurityProvider(SecurityServiceManagerDelegateImpl.java:267)
at
weblogic.security.service.SecurityServiceManager.createSecurityProvider(SecurityServiceManager.java:1000)
at
weblogic.security.service.adapters.AdapterFactory.getAuthenticationProvider(AdapterFactory.java:73)
at
weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:180)
... 12 more
Thanks,
Nathan
Message was edited by:
nvoxland
there is a spi sample exclusively for wls 9.1 here
https://codesamples.projects.dev2dev.bea.com/servlets/Scarab/remcurreport/true/template/ViewIssue.vm/id/S224/nbrresults/250
this worked for me.
Similar Messages
-
Error generating custom progress
Hi!
When I run an application JavaFx in Firefox or IntenetExplorer displays the following message:
Error generating custom progress : java.lang.SecurityException: attempted to open sandboxed jar http://dl.javafx.com/1.3/progressbar__V1.3.1_b101.jar as a Trusted-Library
java.lang.SecurityException: attempted to open sandboxed jar http://dl.javafx.com/1.3/javafx-rt-windows-i586__V1.3.1_b101.jar as a Trusted-Library
at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.JNLP2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Excepción: java.lang.SecurityException: attempted to open sandboxed jar http://dl.javafx.com/1.3/javafx-rt-windows-i586__V1.3.1_b101.jar as a Trusted-Library
The version of Java is 1.6.0_21
Thanks for the help!Many of problems i've expienced with deployment where about jar signature and cache. Is that problem appear only with your APP, is it signed, there were many bug related issues with JDK u18 to 20.
-
OAM 11g: Error while importing Custom Authentication Plug-in.
We are trying to create a sample custom authentication plugin in OAM 11g as per the 11.1.1.5.0 doc.
But while trying to import the plugin via oamconsole (system configuration->Plugins->Import Plugin) we receive an error "Invalid XML Structure".
Do we have to embed the XSD (XML Schema Definition) as well ?
-------------------------SamplePlugin.java-------------------------------------
import oracle.security.am.plugin.ExecutionStatus;
import oracle.security.am.plugin.MonitoringData;
import oracle.security.am.plugin.PluginConfig;
import oracle.security.am.plugin.authn.AuthenticationContext;
import oracle.security.am.plugin.authn.AuthenticationException;
import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
import java.util.Map;
import java.util.logging.Level;
class SamplePlugin extends AbstractAuthenticationPlugIn {
private static final String CLASS_NAME = "FirstTestClass";
public ExecutionStatus initialize (PluginConfig config){
super.initialize(config);
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
return ExecutionStatus.SUCCESS;
@Override
public String getDescription() {
// TODO Auto-generated method stub
return null;
@Override
public Map<String, MonitoringData> getMonitoringData() {
// TODO Auto-generated method stub
return null;
@Override
public String getPluginName() {
// TODO Auto-generated method stub
return null;
@Override
public int getRevision() {
// TODO Auto-generated method stub
return 0;
@Override
public ExecutionStatus process(AuthenticationContext arg0)
throws AuthenticationException {
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
return ExecutionStatus.SUCCESS;
@Override
public void setMonitoringStatus(boolean arg0) {
// TODO Auto-generated method stub
@Override
public boolean getMonitoringStatus() {
// TODO Auto-generated method stub
return false;
-------------------------SamplePlugin.java-------------------------------------
------------------------SamplePlugin.xml--------------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<Plugin name="SamplePlugin" type="Authentication">
<author>Self</author>
<email>[email protected]</email>
<creationDate>09:41:22, 2012-02-05</creationDate>
<version>1</version>
<description>SamplePlugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>SamplePlugin</implementation>
</Plugin>
------------------------SamplePlugin.xml--------------------------------
------------------------MANIFEST.MF--------------------------------
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.2
Bundle-Version: 1.0.0.qualifier
Bundle-Name: SamplePlugin
Bundle-Activator: SamplePlugin
Bundle-ManifestVersion: 2
Created-By: 1.6.0_24-b07 (Sun Microsystems Inc.)
Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.
plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,
oracle.security.am.common.utilities.principal,oracle.security.idm,jav
ax.naming,javax.sql,java.management,javax.security.auth
Bundle-SymbolicName: SamplePlugin
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
------------------------MANIFEST.MF--------------------------------
Contents of SamplePlugin.jar
1. SamplePlugin.xml
2. SamplePlugin.class
3. META-INF/
MANIFEST.MFI build the Plugin.jar file similarly as above(followed the same steps)..
But when i log into OAM and trying to import the plugin (System Configuration->Plugins- Import Plugin) the browser goes to hung state and i see below error in logs (domain log and in diag log)
I see the jar file created in this location (\Middleware\user_projects\domains\IAMdomain\oam\plugins)
Please let me know if you have any idea..Thanks!
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803273> <BEA-000000> <ADFc: /WEB-INF/adfc-config.xml: >
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803274> <ADFC-52024> <ADFc: Duplicate managed bean definition for 'accessCheck' detected.>
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000402> <1330549803479> <ADF_FACES-60099> <The region component with id: pt1:_lar has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.>
####<Feb 29, 2012 1:10:33 PM PST> <Error> <javax.enterprise.resource.webcontainer.jsf.application> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833253> <BEA-000000> <java.lang.NullPointerException
javax.faces.el.EvaluationException: java.lang.NullPointerException
at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190
####<Feb 29, 2012 1:10:33 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833316> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase INVOKE_APPLICATION 5
javax.faces.FacesException: #{FileProcessor.doUpload}: java.lang.NullPointerException
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
at oracle.adf.view.rich.component.rich.RichPopup$BroadcastContextCallback.invokeContextCallback(RichPopup.java:666)
at org.apache.myfaces.trinidad.component.UIXComponentBase.invokeOnComponent(UIXComponentBa
>
####<Feb 29, 2012 1:10:33 PM PST> <Error> <oracle.oam.admin.console.policy> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833361> <OAM-400016> <Failed to authenticate the user
javax.servlet.ServletException: java.lang.NullPointerException
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834008> <ADF_FACES-00009> <Error processing viewId: /plugin-taskflow/authplugins URI: /oracle/security/am/taskflows/authplugin.jsff actual-URI: /oracle/security/am/taskflows/authplugin.jsff.
javax.el.ELException: java.lang.NullPointerException
at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper._encodeAll(PanelCollectionRenderer.java:728)
at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper.access$500(PanelCollectionRenderer.java:537)
at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer.encodeAll(PanelCollectionRenderer.java:402)
at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:937)
####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834020> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
javax.faces.FacesException: javax.el.ELException: java.lang.NullPointerException
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:804)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214) -
Updating a Property in my Custom Authenticator MBean
I have created a custom AuthenticationProvider. It is configured through an
MBean produced by WebLogicMBeanMaker from my XML file. I have a custom
property in the XML file with a default value. My AuthenticationProvider is
able to get the bean and read back the default value.
Now, I wish to change that value to something else to allow uses to
configure the provider. The documentation clearly says that I will be
unable to use the Weblogic Console to do this and will have to use the
command line "weblogic.Admin" application to do it. This is fine, but I
cannot figure out how to access or modify my MBean.
How do I know the MBeans name or type? The MBean generated is called
WeblogicCarbonAuthenticatorMBean.java
I have tried (I have not include username/password in this post for brevity)
java weblogic.Admin GET -type WeblogicCarbonAuthenticator
No MBeans found
java weblogic.Admin GET -type Authenticator
No MBeans found
No success.
I also deployed a pair of JSPs called listMBeans.jsp and showMBean.jsp,
which claim to show me all the MBeans deployed. Searching through the list
I see nothing with the world "Carbon" or "Authenticator" in it.
How can I find/configure my Authenticator MBeans?
Thanks
-jordanJordan Reed wrote:
Getting there! I can now look at my bean, but I cannot seem to update it.
There is a string property on the MBean called "UserManagerLocation" that I
need the end user to be able to update to their appropriate location.
I am able to use the weblogic.Admin utility to query the MBean, but not to
update.
So here is my query:
java weblogic.Admin -pretty GET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator
MBeanName: "Security:Name=myrealmWeblogicCarbonAuthenticator"
ControlFlag: REQUIRED
Description: Carbon Authentication Provider adapts authentication
behavior to the User Manager Service
ProviderClassName:
com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticationPro
vider
Realm: Security:Name=myrealm
UserManagerLocation: /security/management/test/RdbmsUserManager
Version: 4.2
But here is my failing update:
java weblogic.Admin SET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator -property
UserManagerLocation "/security/management/RdbmsUserManager"
MBean not specified for setting of attributes. Value UserManagerLocation for
parameter ["9"]Get rid of the "'s around the Value. If that does not work, try
something like this,
java weblogic.Admin SET -mbean
Security:Name=myrealmWeblogicCarbonAuthenticator -commotype -property
UserManagerLocation /security/management/RdbmsUserManager
If that does not work, please open a support case with BEA.
Thanks,
-satya
>
>
>
But, inside my MBean descriptor I've got it set as writable:
<MBeanType
Name = "WeblogicCarbonAuthenticator"
DisplayName = "WeblogicCarbonAuthenticator"
Package = "com.sapient.services.security.auth.weblogic7"
Extends =
"weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
Writable = "true"
>
<MBeanAttribute
Name = "UserManagerLocation"
Type = "java.lang.String"
PersistPolicy = "OnUpdate"
Readable = "true"
Writeable = "true"
Default =
""/security/management/test/RdbmsUserManager""
/>
</MBeanType>
Any clue why I am unable to update the attribute from the command line?
Thanks
-Jordan
"Satya Ghattu" <[email protected]> wrote in message
news:[email protected]...
Jordan,
You can use weblogic.Admin utility to change values of your custom MBean
if you know the object name of your MBean.
Jordan Reed wrote:
I have created a custom AuthenticationProvider. It is configured
through an
MBean produced by WebLogicMBeanMaker from my XML file. I have a custom
property in the XML file with a default value. MyAuthenticationProvider is
able to get the bean and read back the default value.
Now, I wish to change that value to something else to allow uses to
configure the provider. The documentation clearly says that I will be
unable to use the Weblogic Console to do this and will have to use the
command line "weblogic.Admin" application to do it. This is fine, but I
cannot figure out how to access or modify my MBean.
How do I know the MBeans name or type? The MBean generated is called
WeblogicCarbonAuthenticatorMBean.java
I have tried (I have not include username/password in this post forbrevity)
java weblogic.Admin GET -type WeblogicCarbonAuthenticator
No MBeans foundyou should use the fully qualified MBean name. i.e
java weblogic.Admin GET -type foo.blah.WeblogicCarbonAuthenticator
java weblogic.Admin GET -type Authenticator
No MBeans found
No success.
I also deployed a pair of JSPs called listMBeans.jsp and showMBean.jsp,
which claim to show me all the MBeans deployed. Searching through the
list
I see nothing with the world "Carbon" or "Authenticator" in it.
How can I find/configure my Authenticator MBeans?I assume that you are using 7.0sp1, if not please upgrade to sp1. You
should see a file called CommoConfig.xm.booted file under your domain
directory, this file contains all the security MBeans that the server
found. You should be able to get the object names of your custom mbeans
from this file.
Hope it helped,
-satya
Thanks
-jordan -
Apex Custom Authentication Schema Page Sentry Error
Hi,
I am using Application Express 4.0.0. I am struggling with a strange problem while trying to implement custom authentication schema.
I declare a page sentry function 'page_sentry' which returns TRUE or FALSE based on certain conditions. My page_sentry is as follows:
FUNCTION PAGE_SENTRY RETURN BOOLEAN
IS
l_username VARCHAR2(512);
l_session_id NUMBER;
BEGIN
IF USER != 'APEX_PUBLIC_USER' THEN
RETURN false;
END IF;
l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
-- check application session cookie.
IF wwv_flow_custom_auth_std.is_session_valid THEN
apex_application.g_instance := l_session_id;
l_username := wwv_flow_custom_auth_std.get_username;
wwv_flow_custom_auth.define_user_session(
p_user => l_username, p_session_id => l_session_id);
RETURN true;
ELSE
--redirect to login page using OWA_UTIL.REDIRECT_URL
END IF;
RETURN false;
END page_sentry;
And Cookie Name : _AUTH
At first, It always returned FALSE. I wasn't getting any error. However, even after forcibly returning TRUE from the page_sentry function the redirect was still not happening. I tried to look into what cookies were being set for the same and I found this:
Name: ApexLibErrorStack1
Content: page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication
I couldn't find any relevant help for this. Worst of it is I cannot set any cookie from the page_sentry function at all. Please help!Hi all.
Can someone please help me out with the above issue. I am not sure if things are wrong at my end or is this an apex bug.
--Update:
The source of my problem perhaps lies in the manner in which I have configured my Oracle HTTP Server. When I disable port HTTP server on port 80 and run apex without it on default port 8080, the custom authentication schema cookie gets set.
Executing the following with Oracle HTTP Server:
OWA_UTIL.PRINT_CGI_ENV;
gives:
HTTP_COOKIE = ApexLibErrorStack1=page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication.; ORA_WWV_R1=%23ALL; ORA_WWV_R2=%23ALL; ORA_WWV_R3=%23ALL
And without HTTP Server:
gives:
HTTP_COOKIE = WWV_CUSTOM-F_1420403886791332_100=9625AAC49B9951D8;......
Did I miss something in my HTTP server configuration ?
Edited by: pc on Jan 2, 2012 3:15 AM -
Customer ##1 Enter a valid time interval error while generating customer BP
Dear Experts,
I am getting the following error when I am auto generating Customer while creating Business Partner in BP transaction code.
Customer ##1: Enter a valid time interval
Message no. CMD_API087
Had anybody faced this problem?
Regards
KomalHi,
In Transaction 'BP', after values is put for BP name, Grouping & Create in BP role, there is a field for Validity period. Click on the icon to Create Validity period. This should resolve the issue.
Regards,
Nimesh -
Error in custom OAM authentication plugin
Hi All
I am trying to build a custom OAM authentication plugin using JDeveloper. Here are the version information:
OAM - 11.1.1.5 BP04
WLS - 10.3.5
Issue:
I get the following error in the OAM logs when I try to activate the plugin.
[2012-11-14T09:39:17.996-08:00] [oam_server1] [WARNING] [] [oracle.oam.extensibility.lifecycle] [tid: DistributedCache:DistributionCache:EventDispatcher] [userId: <anonymous>] [ecid: 0000Jfzyiy6EgKI5qrH7iY1GcxMc000002,0] [APP: oam_server] Activation failed due to felix bundle exception while installing and starting the bundle.Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)[[
org.osgi.framework.BundleException: Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)
at org.apache.felix.framework.Felix.resolveBundle(Felix.java:3404)
The names of jar file, class file, plugin xml file etc are all same. My plugin code is very generic and I have the following values in the plugin's manifest and xml file
Plugin xml file [oamCustomAuthPlugin.xml]:
<Plugin name="oamCustomAuthPlugin" type="Authentication">
<author>uid</author>
<email>[email protected]</email>
<creationDate>09:32:20, 2011-11-13</creationDate>
<version>4</version>
<description>OAM Custom Authentication plugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>com.company.oam.oamCustomAuthPlugin</implementation>
<configuration>
<AttributeValuePair>
<Attribute type="string" length="20">INPUT_PARAM1</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>Param1</value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute type="string" length="20">INPUT_PARAM2</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>Param2</value>
</AttributeValuePair>
</configuration>
</Plugin>
Manifest File [MANIFEST.MF]:
Ant-Version: Apache Ant 1.7.1
Bundle-Version: 1.0.0.4
Bundle-Name: oamCustomAuthPlugin
Bundle-Activator: oamCustomAuthPlugin
Bundle-ManifestVersion: 2
Created-By: 17.0-b17 (Sun Microsystems Inc.)
Import-Package: oracle.security.am.plugin,oracle.security.am.plugin.authn
Bundle-SymbolicName: oamCustomAuthPlugin
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
Please let me know if you have faced a sinilar issues in the past. Please help !!Try with Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api If it doesn't work try with - Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api ,oracle.security.am.plugin.ExecutionStatus
-
Error in Custom Ldap Authentication
Hi All,
I was trying to use the custom LDAP authentication( [Earlier Post|http://forums.oracle.com/forums/thread.jspa?threadID=2251976&stqc=true] ) but was not successful in making it work with our AD LDAP server. Thats when I came across post [ http://forums.oracle.com/forums/thread.jspa?messageID=916185󟫙|http://forums.oracle.com/forums/thread.jspa?messageID=916185󟫙]
I used the same function
create or replace function authenticate_aduser(
p_username in varchar2,
p_password in varchar2)
return boolean
is
l_user varchar2(256);
l_ldap_server varchar2(256) := '<Hostname>';
l_domain varchar2(256) := '<Domain Name>';
l_ldap_port number := 389;
l_retval pls_integer;
l_session dbms_ldap.session;
l_cnt number;
begin
l_user := p_username||'@'||l_domain;
l_session := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session
l_retval := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user
l_retval := dbms_ldap.unbind_s( l_session ); -- unbind
return true;
exception when others then
l_retval := dbms_ldap.unbind_s( l_session );
return false;
end;Test it by giving correct password
SQL> declare
begin
if authenticate_aduser('<username>','<correct password>') then
dbms_output.put_line('Test Successful');
else
dbms_output.put_line('Test Failed');
end if;
end; 2 3 4 5 6 7 8
9 /
Test Successful
PL/SQL procedure successfully completed.Tested it by giving wrong password
SQL> declare
begin
if authenticate_aduser('<user name>','<wrong password>') then
dbms_output.put_line('Test Successful');
else
dbms_output.put_line('Test Failed');
end if;
end; 2 3 4 5 6 7 8
9 /
Test Failed
PL/SQL procedure successfully completed.So the fundtion is working perfectly with LDAP server.
I am trying to create a custom authentication scheme with the above function.
Shared Components -> Authentication Schemes -> create ->From Scratch ->
In Autentication Function -> return authenticate_aduser(:P101_USERNAME,:P101_PASSWORD);
In Logout URL -> wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=4155:PUBLIC_PAGE
Then after setting this as the current authentication scheme. Whenever I try to login with correct credentials it is giving me error
Invalid Login Credentials
Kindly let me know were I am going wrong here.
Thanks & Regards,
Vikas KrishnaI was able to fix this.
I used the same function authenticate_aduser
and then followed blog http://www.talkapex.com/2009/03/custom-authentication-status.html to create a custom authentication. It worked finally.
Thanks to Martin for his wonderful post.
Thanks & Regards,
Vikas Krishna -
Custom Authenticator WL startup exception
Hi, I am using Weblogic 9.2 on Linux and have created an example custom authenticator.
I have followed several suggested method for creation/deployment, but still am having a exception upon startup and hoping someone could help.
from a previous post I have used the below instructions and have deployed the jar in $WL_HOME/server/lib/mbeantypes
$WL_HOME/server/providers: This is the base Directory for Customer security Provider.
$WL_HOME/server/providers/src This is the directory for the Source Code.
$WL_HOME/server/providers/providersjar This is the directory for the Custom Provider Jar file .
$WL_HOME/server/providers/created_files This is the Directory for the created schema file by Mbean maker.
After having the directory structure as mentioned above run the command as below:
cd $WL_HOME/server
$WL_HOME/samples/domains/wl_server/setExamplesEnv.sh
java -Dfiles=providers/created_files -DMDF=providers/src/MyAuthenticator.xml -DMJF=providers/providersjar/MyAuthenticator.jar -DpreserveStubs=true -DcreateStubs=true weblogic.management.commo.WebLogicMBeanMakerStarted the WL server with the following exception:
starting weblogic with Java version:
java version "1.5.0_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
BEA JRockit(R) (build R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-linux-ia32, compiled mode)
Starting WLS with line:
/home/A470231/bea/jrockit_150_12/bin/java -jrockit -Xms256m -Xmx512m -Xverify:none -Xverify:none -da -Dplatform.home=/home/A470231/bea/weblogic92 -Dwls.home=/home/A470231/bea/weblogic92/server -Dwli.home=/home/A470231/bea/weblogic92/integration -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/home/A470231/bea/patch_weblogic923/profiles/default/sysext_manifest_classpath -Dweblogic.configuration.schemaValidationEnabled=false -Dweblogic.Name=examplesServer -Djava.security.policy=/home/A470231/bea/weblogic92/server/lib/weblogic.policy weblogic.Server
<Aug 2, 2010 1:14:57 PM EDT> <Notice> <WebLogicServer> <BEA-000395> <Following extensions directory contents added to the end of the classpath:
/home/A470231/bea/weblogic92/platform/lib/p13n/p13n-schemas.jar:/home/A470231/bea/weblogic92/platform/lib/p13n/p13n_common.jar:/home/A470231/bea/weblogic92/platform/lib/p13n/p13n_system.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_common.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_schemas.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_system.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/wsrp-common.jar>
<Aug 2, 2010 1:14:58 PM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with BEA JRockit(R) Version R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-linux-ia32 from BEA Systems, Inc.>
<Aug 2, 2010 1:14:59 PM EDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 9.2 MP3 Mon Mar 10 08:28:41 EDT 2008 1096261 >
<Aug 2, 2010 1:15:03 PM EDT> <Info> <WebLogicServer> <BEA-000215> <Loaded License : /home/A470231/bea/license.bea>
<Aug 2, 2010 1:15:03 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Aug 2, 2010 1:15:03 PM EDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Aug 2, 2010 1:15:04 PM EDT> <Notice> <Log Management> <BEA-170019> <The server log file /home/A470231/bea/weblogic92/samples/domains/wl_server/servers/examplesServer/logs/examplesServer.log is opened. All server side log events will be written to this file.>
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.CredentialMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.BulkRoleMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.BulkAuthorizationServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.RoleMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.RoleDeploymentServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************REALM:TestRealm
*****************ProviderMBean length:2
*****************ProviderMBean[0]weblogic.security.providers.authorization.DefaultAuthorizerMBeanImpl@a27aaa68([wl_server]/SecurityConfiguration[wl_server]/Realms[TestRealm]/Authorizers[DefaultAuthorizer])
*****************ProviderMBean[1]weblogic.security.providers.authorization.DefaultAdjudicatorMBeanImpl@c6697d45([wl_server]/SecurityConfiguration[wl_server]/Realms[TestRealm]/Adjudicator[DefaultAdjudicator])
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.AuthorizationServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.PolicyDeploymentServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.IsProtectedResourceServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.RoleConsumerServiceConfigHelper_TestRealm<
<Aug 2, 2010 1:15:07 PM EDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.security.service.SecurityServiceRuntimeException: [Security:090877]Service Common AuthorizationService unavailable, see exception text: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at weblogic.security.service.AuthorizationManager.initialize(AuthorizationManager.java:147)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationManager.java:83)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doATZ(CommonSecurityServiceManagerDelegateImpl.java:348)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:273)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:444)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:459)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:540)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:376)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
Caused by: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:342)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:292)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:263)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:71)
at weblogic.security.service.SecurityServiceManager.getService(SecurityServiceManager.java:95)
at weblogic.security.service.AuthorizationManager.initialize(AuthorizationManager.java:137)
... 11 more
Caused by: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:40)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:340)
... 16 more
Can anyone have any ideas?
I have narrowed it down to having a problem retrieving the role and policy consumer services I believe
Thanks,
Bobby.Hi All,
Found the reason for the exception. I was implementing the generated the CustomAuthenticatorImpl class (generated through WebLogic MBeanMaker utility) as the provider class by implementing the AuthenticationProvider interface. Keeping them separate solved the issue.
Able to create the jar without any issues and also no error or exception after restart.
Thanks. -
Cannot Start Weblogic Server After adding Custom Authentication Provider
Hi,
I implemented a Custom authentication provider and configured it wih Weblogic 10.3 application server. Although I successfully added Authentication provider, I couldn't restart my server. I used MBeanMaker utility to package my Authentication provider and login module. Although the MBean Utility signalled some warnings and severe messages, it successfully packaged the files. When I look at the config.xml file after adding he authenticator it just adds three lines
( <sec:authentication-provider>
<sec:name>STOREDPROCEDURE</sec:name>
</sec:authentication-provider>
) Although there are some other attributes of the authenticator.
Please advice.
Here is some stack trace.
Best Regards,
Salim
com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:47)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
####<Feb 3, 2009 12:22:42 AM EET> <Error> <Security> <localhost.localdomain> <DefaultServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1233613362036> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)You need to make sure that you nuke the whole directory that you are specifying to the MBean marker generator. For example, I use the following command to generate the provider jar file.
java -Dfiles=$PRJROOT/ERModel/classes -DMDF=$PRJROOT/ERModel/classes/MyCustomAuthenticator.xml -DMJF=$PRJROOT/ERModel/custom-auth-provider.jar -DtargetNameSpace=http://xmlns.oracle.com/oracleas/schema/11/adf/sampleapp/weblogic/providers -DpreserveStubs=true -DcreateStubs=true weblogic.management.commo.WebLogicMBeanMaker1c
I need to nuke the directory in the -Dfile option i.e. 'rm -rf $PRJROOT/ERModel/classes/' each time I generate the jar file. If you don't, the jar file generates without any error but you will get a runtime exception. -
Custom Authenticator not returning correctly
Hi,
I have written a custom authenticator to automatically migrate users from an oracle
SSO database into the default WLS8.1 realm (and ultimately to an LDAP Realm).
It all works fine, except that the over all login process fails.
The server is set up to use the default Authenticator initially (set to SUFFICIENT),
then, if this fails, the Migration authenticator (set to REQUIRED) is called.
If this finds the user on the Oracle db, it creates a user for them in the default
realm, and logs them in.
The problem is that even though my Migration Authenticator finishes successfully
(ie the commit() method is executed and returns true) WLS still calls the login
error page as set up in the web.xml file.
The last few lines of the login() method of the authenticator are :
loginSucceeded = true;
addUserToWLSRealm(userId, userPassword);
principalsForSubject.add(new WLSUserImpl(userId));
then the commit() method is :
public boolean commit() throws LoginException {
if(loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
System.out.println("OracleSSOLoginModule.commit - true");
return true;
} else {
System.out.println("OracleSSOLoginModule.commit - false");
return false;
If the user then tries to log in again, since they have been added to the WLS
realm, they are let in, but it should happen on the first attempt.
Any Ideas...?
TIA
Paul"Paul Davies" <[email protected]> wrote in message
news:3f4f37b3$[email protected]..
>
Hi,
I have written a custom authenticator to automatically migrate users froman oracle
SSO database into the default WLS8.1 realm (and ultimately to an LDAPRealm).
It all works fine, except that the over all login process fails.
The server is set up to use the default Authenticator initially (set toSUFFICIENT),
then, if this fails, the Migration authenticator (set to REQUIRED) iscalled.
If this finds the user on the Oracle db, it creates a user for them in thedefault
realm, and logs them in.
The problem is that even though my Migration Authenticator finishessuccessfully
(ie the commit() method is executed and returns true) WLS still calls thelogin
error page as set up in the web.xml file.
Turn on security debugging and see if you are getting a login exception
in the debug output - set the DebugSecurityAtn attribute in the ServerDebug
mbean. -
OWA_SEC.CUSTOM package - Custom authentication procedures...
Folks -
I haven't ever used the OWA_SEC.CUSTOM package for custom authentication of a psp application - and now need to do so. The documentation doesn't have any examples of what I need to do. Although there is plenty of documentation - it all says the same stuff, without saying what developers need to do to get it to work.
For example I have updated the following files in the following ways - and still it doesn't work:
owapriv.sql - updated the line that says:
auth_scheme := OWA_SEC.NO_CHECK;
to :
auth_scheme := OWA_SEC.CUSTOM;
owacust.sql - updated to say:
create or replace package body OWA_CUSTOM is
/* Global PLSQL Agent Authorization callback function - */
/* It is used when PLSQL Agent's authorization scheme is set to */
/* GLOBAL or CUSTOM when there is overriding OWA_CUSTOM package.*/
/* This is a default implementation. User should modify. */
function authorize return boolean is
v_username varchar2(30);
v_pass varchar2(30);
BEGIN
owa_sec.set_authorization(OWA_SEC.CUSTOM);
owa_sec.set_protection_realm('my_app');
v_username := owa_sec.get_user_id;
v_pass := owa_sec.get_password;
IF v_username = 'cmanning' THEN
return TRUE;
ELSE
return FALSE;
END IF;
end;
end;
show errors
wdbsvrapp.sql looks like this:
[DAD_mydad]
connect_string = my_connect_string
password = my_password
username = my_username
default_page = my_default_package.procedure
;document_table =
;document_path =
;document_proc =
;upload_as_long_raw =
;upload_as_blob =
name_prefix =
;always_describe =
;after_proc =
;before_proc =
reuse = Yes
connmax = 20
;pathalias =
;pathaliasproc =
enablesso = No
;custom_auth =
Can anyone tell me what I am missing / doing wrong.
For example:
When I take out the username/password reference from the wdbsvr.app file - the browswer tries to authenticate me and the only username/password that validates is the username/password of the database user.
I don't want to have to have database users for every application user that should be authenticated in my application. I want to put a routine in the owacust.sql file that authenticates users (via my own routine or an optional LDAP/radius/SecurID lookup). In this basic example - I am only validating with the cmanning/cmanning combination.
From what I understand in the documentation - if I use OWA_SEC.CUSTOM - then I don't have to put a .authorize function in every package - the OWA agent simply authenticates every request via the OWA_CUSTOM.authorize function.....
Dude - what's up?
Can someone from the Big O help a brother out?
cfm
nullCharles
It looks to me like you want your users authenticated when they try to view your pl/sql-generated html pages, but you want to control the validation with custom code.
You appear to be trying to use owa_custom.authorize to authorize each request, which seems like a good approach.
This whole area is quite complex and I have never found any really comprehensive doco on it. Here are my thoughts which others might like to comment on.
This is a simple version of owa_custom:
PACKAGE BODY OWA_CUSTOM IS
FUNCTION authorize return boolean is
BEGIN
owa_sec.set_protection_realm('aRealm');
if owa.user_id is null then
return false;
else
return my_validate_user
(owa.user_id,owa.get_password);
end if;
exception
RETURN FALSE;
END authorize;
begin
owa_sec.set_authorization(OWA_SEC.GLOBAL);
end;
Note the begin block that applies to the package and sets authorization to GLOBAL when the package is loaded.
The authentication mode in the DAD will need to be Global Owa (afaik) and you will need to supply an oracle username and password in the DAD. ie. you will authenticate the userid/password supplied by the user and then the user will connect to the database as the oracle user specified in the DAD.
I cannot test this code at the moment. Nor can I give you complete instructions to set up authentication from scratch. But here's a brief description of what the code should do.
1. It sets authorization to GLOBAL. So mod_plsql will call owa_custom.authorize for every request. That is, you don't call owa_custom.authorize, it will be done for you and the internals probably look like this:
if owa_custom.authorize then
user_requesed_page(user_supplied_args);
else
send_access_denied;
end if;
2. It sets up a realm, which is relevant to HTTP Basic Authentication and its challenge/response. (You don't have to use HTTP Basic Authentication. An alternative is to present a login form to the user, then you manage the userid/password.)
3. It looks in owa.user_id which will hold the userid supplied by the browser after a HTTP Basic Authentication challenge/response.
4. It uses your custom code to validate the userid and password once the user has been challenged to provide these. You obviously have to create the my_validate_user procedure in the schema and package of your choice.
5. It does not time users out, it does not sustain multi-sessions per user via cookies and it does not support logout without shutting the browsers. But it is simpler for lacking these features.
If this is a way you want to try then your first aim should be to make sure owa_custom is called globally and that it lets you into the database via the DAD-supplied userid and password. You may need some way of writing debug on the server using utl_file to confirm it is being called. Or you could make it return true unconditionally, request a page, then make it return false and request a page.
This is just a start, but let me know if it is on topic.
It would be great to hear suggestions and comments from others on authentication for an htp application under iAS.
Has anyone tried DB Prism?
null -
How to make the JMX custom authentication work ?
I am using the password and access file based authentication on JMX. When building my JMXConnectorServer, i use the property names and it works fine.
Map<String, String> env = new HashMap<String, String>();
env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);However, now i want to use a custom authenticator and i implemented my own LoginModule to have a encrypted password in the password file. Thus the ideas is to have an encrypted password and plain text user name in the password file.
public class ABCDJMXLoginModule implements LoginModule {
private CallbackHandler callbackHandler;
private Subject subject;
private String u_username;
private String u_password;
private JMXPrincipal user;
private Properties userCredentials;
private String passwordFile;
private String f_username;
private String f_password;
private static final Logger logger = LoggerFactory.getLogger(ABCDJMXLoginModule.class);
public boolean abort() throws LoginException {
// TODO Auto-generated method stub
return false;
public boolean commit() throws LoginException {
// TODO Auto-generated method stub
return true;
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
public boolean login() throws LoginException {
try {
attemptLogin();
loadPasswordFile();
} catch (Exception e) {
logger.info("Exception, e");
if (u_username == null || u_password == null) {
throw new LoginException("Either no username or no password specified");
logger.info("Password from user and file : " + u_password + " :: " + f_password);
if (u_password.equals(f_password)) {
return true;
return false;
public boolean logout() throws LoginException {
// TODO Auto-generated method stub
return true;
private void attemptLogin() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("u_username");
callbacks[1] = new PasswordCallback("u_password", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
logger.error("IOException", e);
} catch (UnsupportedCallbackException e) {
logger.error("UnsupportedCallbackException", e);
u_username = ((NameCallback) callbacks[0]).getName();
user = new JMXPrincipal(u_username);
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
u_password = tmpPassword.toString();
logger.info("UserName : " + u_username);
logger.info("Password : " + u_password);
System.arraycopy(tmpPassword, 0, u_password, 0, tmpPassword.length);
((PasswordCallback) callbacks[1]).clearPassword();
private void loadPasswordFile() throws IOException {
FileInputStream fis = null;
passwordFile = "c:\\abcd.jmx.enc.password.file";
try {
fis = new FileInputStream(passwordFile);
} catch (SecurityException e) {
logger.error("Security Exception", e);
BufferedInputStream bis = new BufferedInputStream(fis);
userCredentials = new Properties();
userCredentials.load(bis);
bis.close();
f_username = u_username;
f_password = (String) userCredentials.get(f_username);
logger.info("UserName before Decrypt : " + f_username);
logger.info("Password from file before Decrypt : " + f_password);
// decrypt the password from file and later compare it with user password from JConsole
if (f_password != null) f_password = Cryptography.decrypt(f_password);
logger.info("Password from file after Decrypt : " + f_password);
}When i use the following code and try to connect via JConsole nothing happens.
Map<String, String> env = new HashMap<String, String>();
env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
env.put("jmx.remote.x.login.config", "com.splwg.ejb.service.management.ABCDJMXLoginModule");
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);Any ideas on why this happens ? For sure, i am also not coming into the ABCDJMXLoginModule class - I have some print statements there and none of them get printed. Any sort of ideas and solutions are appreciated. I tried with the property "com.sun.management.jmxremote.login.config" too. I was expecting that mentioning the property in the environment and passing it to the JMXCOnnectorServer would do all the trick.
Am i missing something ?Hello dcloko_BR,
I downloaded and installed Lenovo´s The Lenovo Solution Center and now the solution center starts after pressing the blue button. Perhaps give it a try.
Edit: Upps sorry, only newer models are supported according to the readme.txt.
Best regards
Andreas
Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
Please insert your type, model (not S/N) number and used OS in your posts.
I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
English Community Deutsche Community Comunidad en Español -
URGENT help required : Custom Authentication Plugin for validation of users
Hi Experts.
I'm a newbie and am stuck in middle of nowhere.
I have been asked to develop a custom authentication plug-in which would validate a user using the attributes such as a userid and a shared-userid.
shared-userid is just a custom id that would be generated on the basis of some logic.
Currently I'm using OAM 10.1.4.3.0 on WINDOWS server and as everybody, I'm also not able to find any sample files or sample folder structure.
As per one of the other threads https://forums.oracle.com/forums/thread.jspa?messageID=3838474, sample code and sample folders are removed from this particular version and were present in some previous version.
So, can anyone please help me out with the following:
1. How can I proceed to accomplish this task, i.e. to check whether a user-id and a shared-userid both are validated and a user is granted access.
2. Are all of these files required to create a custom authentication plug-in or can we proceed only with the ".c" file (i.e. make file, authn.c, and a dll file made using the make file and .c file)
3. Can anybody provide me with a sample file or a sample code written in "C" wherein the plug-in connects to the LDAP and searches for a particular dn for comparison or something. Also a sample make file for windows to convert the .c file to .dll.
PLEASEEEE help me ASAP.
Regards
Edited by: 805912 on Nov 15, 2011 7:18 PMHi,
Regarding question 2, you also need the header file is supplied in the Access Server installation directory, under ...access\oblix\sdk\authn_api and is called authn_api.h. you need this to build the dll which must then be placed in the Access Server's ...\access\oblix\lib directory.
Regarding question 3, if you install an earlier version of the Access Server, ie 10.1.4.2 or less, then you will get a \access\oblix\sdk\authentication\samples\authn_api directory that contains a basic sample authentication plugin. However, there is still documented in the 10.1.4.3 Developer Guide another sample plugin, simplapi.c, in the 10.1.4.3 Developer Guide with instructions on how to use it. It does work, but unfortunately requires a couple of edits to get it working after copy&pasting it (no code changes, just fairly obvious case changes eg changing ObanPlugin* to ObAnPlugin*). I used the following commands to get it to compile into a .so file on unix:
g++44 -c -fPIC -Wno-deprecated -m32 simpleapi.c
g++44 -shared -nostdlib -lc -m32 simpleapi.o -o simpleapi.so
but I really would not know if or how these translate into a Windows environment.
Regards,
Colin
Edited by: ColinPurdon on Nov 15, 2011 2:50 PM -
Custom Authentication Module on Identity Server
Hi,
I have a custom authentication module which I am trying to access through the policy agent.
I have set the following property in AMAgent.properties file
com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
My login module code is something like this:
package com.iplanet.am.samples.authentication.providers;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import java.rmi.RemoteException;
import java.io.FileInputStream;
import java.util.Properties;
public class LoginModule1 extends AMLoginModule
private String userName;
private String userTokenId;
private HashMap usersMap;
private java.security.Principal userPrincipal = null;
public LoginModule1() throws LoginException
public void init(Subject subject, Map sharedState, Map options)
System.out.println("LoginModule1 initialization");
usersMap = new HashMap();
ResourceBundle bundle = ResourceBundle.getBundle("users");
Enumeration users = bundle.getKeys();
while (users.hasMoreElements())
String user = (String)users.nextElement();
String password = bundle.getString(user.trim());
usersMap.put(user, password);
public int process(Callback[] callbacks, int state) throws AuthLoginException
int currentState = state;
if (currentState == 1)
userName = ((NameCallback) callbacks[0]).getName().trim();
char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
String passwdString = new String (passwd);
if (userName.equals(""))
throw new AuthLoginException("names must not be empty");
if (userName.equals("testuser") && passwdString.equals("testuser"))
userTokenId = userName;
return -1;
if (usersMap.containsKey(userName))
if (usersMap.get(userName).equals(new String(passwd)))
userTokenId = userName;
return -1;
return 0;
public java.security.Principal getPrincipal()
if (userPrincipal != null)
return userPrincipal;
else
if (userTokenId != null)
userPrincipal = new SamplePrincipal("testuser");
return userPrincipal;
else
return null;
So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
Thanks
SrinivasDoes the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.
Maybe you are looking for
-
hi can you give me an application that will keep keep all the applications on the mac up to date thanks
-
How to select Posting key flag
Dear all, how to select flag for posting key. I'm getting the following Error: You cannot enter any data in field BSEG-XREF1 Message no. ICC_TR168 Diagnosis The system will not allow you to enter any data in the field. The flag for the posting key ha
-
Mov files won't play in Quicktime?
Hi, I have to cut some footage with Final Cut Pro. I used an G5 for that which worked fine. But I have to change to a MacBook Pro with Intel Core2 Duo now, because the G5 is to slow. Sadly, the footage I have won't play with Quicktime and - of course
-
Refcursor + pooling + caching ?
Hi, it's correctly make 1 mixture to get performance: refcursor+pooling+caching ? con.ConnectionString = ".......Pooling=true;Statement cache size=1"; OracleCommand cmd =con.CreateCommand() cmd.AddToStatementCache = true; cmd.CommandType = CommadType
-
Finding the smallest value from an array
Hi there :) I started learning Java a few days ago and have now run into my first problem :p I am using Netbeans on Mac OS X. I need to find the smallest value from an array. So far I've had no luck. Any suggestions would be fantastic. The code so fa