Global Trust

Similar Messages

• Global Trust Between WebLogic Domains ?

  Hi there,
  Need clarification on "Global Trust between weblogic domains "
  My scenario :
  WebLogic Version installed                : 10.3.5.0
  Linux physical machines                     :  2
            x - machine
            y - machine
  Now, I've created new domain with AdminServer , and 2 managed servers on x-machine. And, 2 more managed servers on y-machine.
       x-machine --> AdminServer + 2 managed servers
       y-machine -->  2 managed servers
  Created a cluster for all the 4 managed servers.
  My question : Though we have created 2 domains -
                                                                                       Domain 1- on x-machine where we have Admin + 2 nodes
                                                                                       Domain 2 - on y-machine where we have 2 nodes
  Now , do we require to create/enabe "Global trust between these domains to communicate  ? And, enable cross-domain security also  ? Is this required  ?
  Or in which situations we require to enable trust between domains ?
  Can someone explain me.
  Thanks

  Looking to this Oracle Doc >> http://docs.oracle.com/cd/E24329_01/web.1211/e24375/basics.htm#BRDGE128
  "Typical tasks required to manage a messaging bridge using the Administration Console include
  Creating a trusted security relationship. See "Configuring Domains for Inter-Domain Transactions" in Programming JTA for Oracle WebLogic Server"
  And, clicking the link to Configuring Domains for Inter-Domain Transactions, there's two types of communications:
  Inter-domain—The transaction communication is between servers participating in transactions that are not in the same domain.
  Intra-domain—The transaction communication is between servers participating in transactions within the same domain
  Check the rest of the doc to know how to configure each type, and apply the one that matches your case..
  Hope it helps
  Regards,
  Mohab

• Global transactions in OSB and EJB 2.1

  Hi,
  My team is working in a SOA service based on OSB 11g (11.1.1.5) using DB JCA Adapter and EJB 2.1 over WLS 10g(WLI environment). The logic of the service works in this way:
  1. A table in a database (XE) is polled by the DB Adapter which starts the service (1 row = 1 message).
  2. The message contains a collection of items to be inserted in another Oracle database.
       Once a message/row is picked, and after some steps (logging, validation,etc), there is a for..each action which extracts each item of the collection and executes a service callout action to a business service.
  3. This business service uses EJB protocol to call an EJB (2.1 + WLS Extensions). The EJB is deployed in another domain (WLS 10.3.0/10g and Oracle BEA drivers)  and only executes an store procedure with the parameters based on the message and inserts these values in a table.
  4. Once the for...each finishes, there is a call to another proxy service which marks the message/row as "processed" in the source table. This update is done via DB JCA also.
  5. In case of an error, the error handler of the proxy service calls the proxy service mentioned above to mark the row as "Failed" (in fact there is a retry mechanism, but it's not important for now).
  The service requires to work inside a global transaction. The main requirement is that the collection of items should be processed as "All or None", so basically we're using the options to manage the global transaction. However, the problem is that it's failing to rollback the whole insertion of items when an error is simulated. It only rolls back the last insertion/execution of SP.
  Additionally, the proxy service that should mark the row as FAILED, never updates this one, and the tables stay locked until we modify one of the store procedure in order to avoid the simulated error and commit the transaction.
  The EJB uses WLS extensions with the annotations to "transaction required". The proxy service has the option transaction required also. The database drivers are all XA and we're testing against Oracle11g XE (however, the EJB destiny will be Oracle 8i in production).
  We have tried different alternatives, splitting the logic in different proxies (Proxy services for JCA, Proxy with For Each for EJB, etc), isolating the specific part with the EJB call, without success.
  The security between domains is set as Global Trust.
  Do you have any idea, example or suggestion about this problem? Is EJB really supported in Global Transactions and XA?
  Thanks in advance.

  where do you find the J2EE Connector 1.5 compliant
  Resource Adapter?I wrote the compliant adapter myself. Hey Steve,
  Were you able to find a solution for this problem. I am struggling with the same problem with the RI Beta implementation.
  Sandeep

• Flash Player trust file not working with Embedded browser on linux

  Hi,
  I have an application which embeds a browser based on
  Xulrunner inside it. I have couple of flash swf files I need to
  load in the browser. The swf files talk with a javascript to change
  the page title and also to change the URL when I am browsing
  through the content in the URL. I need the URL change because I
  need to remember where I was in the flash content so that I can go
  directly to that place in the flash file when I open my browser the
  next time.
  To let the swf file do this I created a cfg file and placed
  it into the Flash Player Trust folder( I tried both the local one
  at /home/user/.macromedia/Flash_Player/#Security/FlasPlayerTrust
  and global trust file location at /etc/adobe/FlashPlayerTrust ) ,
  but I didn't get the expected result. I debugged into my app and
  found that the swf never reset the Title of the page( which
  indicates that the javascript was blocked) . It works fine from a
  firefox browser but not from inside my embedded browser. My app
  also works fine on windows and Mac . This is observed only on
  Linux. Can any body think of what else I need to do get my
  javascript embedded in the flash file working?
  Thanks
  jbsp72

  I tried out a few more things since nobody on this forum was
  responding. I tried installing another application which also
  embeds xulrunner browser. So I downloaded Prism which is a simple
  xulrunner based browser. The flash works fine with that and the URL
  gets set appropriately. So is there any setting I need to do to get
  it working. Or could somebody atleast point me to the right place
  to ask this question? :(

• JMS Send Transaction Failing, due to resources could not be assigned

  I am trying to get a transaction of a JMS send to work where the origination of the send occurs in domain A and the message queue is hosted in domain B. I have been able to get this to work; however, this issue has shown up in recent tests. I haven't changed anything other than the version of the Oracle database client that is being used. I don't see any relationship between that and the persistent store.
  Both domains are hosted on the same computer and both domains are simple development domains. Trust is established between the domains using 'global trust'.
  I'm running Weblogic Server 10.3.4..
  I'm not sure how to get around this issue. I can't find any documentation...
  My suspicion is that there needs to be some special configuration for the transaction, since I'm using the default persistence store. The warnings seem to indicate the problem. The AdminServer is hosted on domain A and the AuditAdminServer on domain B...
  Any assistance will be greatly appreciated!
  Thanks in advance...
  Here is the stacktrace:
  <Apr 11, 2013 11:17:05 AM MDT> <Warning> <JTA> <BEA-110405> <Resource WLStore_audit_domain__WLS_AuditAdminServer was not assigned to any of these servers: AdminServer AuditAdminServer >
  <Apr 11, 2013 11:17:25 AM MDT> <Warning> <JTA> <BEA-110405> <Resource WLStore_audit_domain__WLS_AuditAdminServer was not assigned to any of these servers: AdminServer AuditAdminServer >
  <Apr 11, 2013 11:19:47 AM MDT> <Error> <EJB> <BEA-010026> <Exception occurred during commit of transaction Name=[EJB gov.va.med.datasharing.core.ServiceBusImpl.processInbound(java.lang.String,java.lang.Object)],Xid=BEA1-003FA101855115C0DB45(13340960),Status=Rolling Back. [Reason=javax.transaction.SystemException: Aborting prepare because the following resources could not be assigned: WLStore_audit_domain__WLS_AuditAdminServer],numRepliesOwedMe=0,numRepliesOwedOthers=0,seconds since begin=183,seconds left=22,XAServerResourceInfo[DefaultXADataSource_vhie_domain]=(ServerResourceInfo[DefaultXADataSource_vhie_domain]=(state=rolledback,assigned=AdminServer),xar=DefaultXADataSource,re-Registered = false),XAServerResourceInfo[WLStore_audit_domain__WLS_AuditAdminServer]=(ServerResourceInfo[WLStore_audit_domain__WLS_AuditAdminServer]=(state=new,assigned=none),xar=null,re-Registered = false),XAServerResourceInfo[WLStore_vhie_domain_VhieFileStore]=(ServerResourceInfo[WLStore_vhie_domain_VhieFileStore]=(state=rolledback,assigned=AdminServer),xar=WLStore_vhie_domain_VhieFileStore1316539,re-Registered = false),SCInfo[vhie_domain+AdminServer]=(state=rolledback),SCInfo[audit_domain+AuditAdminServer]=(state=rolling-back),properties=({weblogic.transaction.name=[EJB gov.va.med.datasharing.core.ServiceBusImpl.processInbound(java.lang.String,java.lang.Object)]}),local properties=({weblogic.jdbc.jta.DefaultXADataSource=[ No XAConnection is attached to this TxInfo ]}),OwnerTransactionManager=ServerTM[ServerCoordinatorDescriptor=(CoordinatorURL=AdminServer+192.168.1.120:7001+vhie_domain+t3+, XAResources={WLStore_vhie_domain_VhieFileStore, SDSDataSource_vhie_domain, DefaultXADataSource_vhie_domain, eis/jms/WLSConnectionFactoryJNDIXA, WSATGatewayRM_AdminServer_vhie_domain},NonXAResources={})],CoordinatorURL=AdminServer+192.168.1.120:7001+vhie_domain+t3+): weblogic.transaction.RollbackException: Aborting prepare because the following resources could not be assigned: WLStore_audit_domain__WLS_AuditAdminServer
       at weblogic.transaction.internal.TransactionImpl.throwRollbackException(TransactionImpl.java:1881)
       at weblogic.transaction.internal.ServerTransactionImpl.internalCommit(ServerTransactionImpl.java:345)
       at weblogic.transaction.internal.ServerTransactionImpl.commit(ServerTransactionImpl.java:239)
       at weblogic.ejb.container.internal.BaseRemoteObject.postInvoke1(BaseRemoteObject.java:625)
       at weblogic.ejb.container.internal.StatelessRemoteObject.postInvoke1(StatelessRemoteObject.java:49)
       at weblogic.ejb.container.internal.BaseRemoteObject.__WL_postInvokeTxRetry(BaseRemoteObject.java:444)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:53)
       at gov.va.med.datasharing.core.ServiceBus_r6xnti_ServiceBusImpl.processInbound(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
       at $Proxy89.processInbound(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
       at $Proxy91.processInbound(Unknown Source)
       at gov.va.med.datasharing.web.ServiceBusDelegate.processInbound(ServiceBusDelegate.java:43)
       at gov.va.med.datasharing.web.adc.PatientServiceImpl.changeADCStatus(PatientServiceImpl.java:58)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:69)
       at org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:97)
       at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:81)
       at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102)
       at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:98)
       at org.springframework.binding.expression.spel.SpringELExpression.getValue(SpringELExpression.java:84)
       at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:75)
       at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
       at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
       at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
       at org.springframework.webflow.engine.support.ActionTransitionCriteria.test(ActionTransitionCriteria.java:82)
       at org.springframework.webflow.engine.support.TransitionCriteriaChain.test(TransitionCriteriaChain.java:71)
       at org.springframework.webflow.engine.Transition.canExecute(Transition.java:195)
       at org.springframework.webflow.engine.Transition.execute(Transition.java:211)
       at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:393)
       at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
       at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
       at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
       at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388)
       at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
       at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:232)
       at org.springframework.webflow.engine.ViewState.resume(ViewState.java:196)
       at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
       at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:258)
       at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
       at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
       at org.springframework.webflow.mvc.servlet.FlowController.handleRequest(FlowController.java:174)
       at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
       at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
       at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
       at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:915)
       at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:822)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
       at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:796)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:180)
       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
  Caused by: javax.transaction.SystemException: Aborting prepare because the following resources could not be assigned: WLStore_audit_domain__WLS_AuditAdminServer
       at weblogic.transaction.internal.TransactionImpl.abort(TransactionImpl.java:1153)
       at weblogic.transaction.internal.ServerTransactionImpl.globalPrepare(ServerTransactionImpl.java:2200)
       at weblogic.transaction.internal.ServerTransactionImpl.internalCommit(ServerTransactionImpl.java:279)
       ... 77 more
  .>

  It turns out that those packages are, indeed, in extra.
  I didn't think to look there, since I assumed that everything needed by base would be in [core].
  I assumed wrong.

• Issue in starting the server

  Hi All,
  I wanted to enable Global trust or Cross domain trust between the two domain. To achieve this I executed the following steps:
  1. In the left pane, click the name of the domain.
  2. Select Security > General. Scroll down and click Advanced.
  3. Enter a password for the domain in the Credential text field. Choose the password carefully. Oracle Systems recommends using a combination of upper and lower case letters and numbers.
  4. Click Save.
  5. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
  After executing this step in two of my domains when I restarted the managed servers in the domain. Its not getting stated. They went to shutdown state. Can anyone tell me what can be the issue??
  Thanks in Advance!!
  Find below the details of the log generated.
  <Nov 9, 2012 7:18:48 AM GMT> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
  <Nov 9, 2012 7:18:48 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
  <Nov 9, 2012 7:18:48 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
  <Nov 9, 2012 7:18:49 AM GMT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 172.18.41.47:9001 for protocols iiop, t3, ldap, snmp, http.>
  <Nov 9, 2012 7:18:49 AM GMT> <Notice> <WebLogicServer> <BEA-000358> <Started WebLogic Independent Managed Server "bam_server1" for domain "base_domain" running in Production Mode>
  <Nov 9, 2012 7:18:49 AM GMT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: java.lang.SecurityException: Anonymous attempt to get to a JNDI resource
  java.lang.SecurityException: Anonymous attempt to get to a JNDI resource
       at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:194)
       at weblogic.management.remote.common.ClientProviderBase.newJMXConnector(ClientProviderBase.java:84)
       at javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:338)
       at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:247)
       at weblogic.management.mbeanservers.runtime.internal.RegisterWithDomainRuntimeService.getDomainMBeanServerConnection(RegisterWithDomainRuntimeService.java:222)
       Truncated. see log file for complete stacktrace
  >
  <Nov 9, 2012 7:18:49 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Nov 9, 2012 7:18:49 AM GMT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Nov 9, 2012 7:18:49 AM GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  <Nov 9, 2012 7:18:49 AM GMT> <Notice> <Server> <BEA-002607> <Channel "Default" listening on 172.18.41.47:9001 was shutdown.>
  <Nov 9, 2012 7:18:50 AM GMT> <Warning> <Common> <BEA-000632> <Resource Pool "BAMDataSource" shutting down, ignoring 1 resources still in use by applications..>
  <Nov 9, 2012 12:48:51 PM> <FINEST> <NodeManager> <Waiting for the process to die: 10640>
  <Nov 9, 2012 12:48:51 PM> <INFO> <NodeManager> <Server failed during startup so will not be restarted>
  <Nov 9, 2012 12:48:51 PM> <FINEST> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>

  Hi Roshni,
  1. What is the version of WebLogic?
  If it is 10.3.5, it is a bug (Credential value disappear when starting Admin Server) and there is no patch for it. The WebLogic Server must be upgraded to 10.3.6.
  There is a patch (Patch 8633831) available if the version is between 10.0 and 10.3.2
  Do you see the credential value encrypted and available under Domain->Security?
  2. If someone deleted the administration server and try to recreate when Managed Server running, it happens. Did anyone at your team deleted the Administration Server and recreated recently?
  I would suggest to remove the credential values, remove the /cache, /tmp under servers folder and try starting. If the issue still exists, upgrad to V 10.3.6 and also contact Oracle Support.
  Thanks
  Lawrence Manickam
  http://toyork.blogspot.ca

• AMF connection working on browser, not in stand alone player

  Greetings,
  I'm trying to communicate my SWF file with PHP using Zend_Amf. I compile the flash side using Flex SDK 4.
  Whenever I try to run the swf using the stand alone player (the projector), I always get a NetConnection.Call.BadVersion event. However, when running exactly the same file thorught the player of the browser (even not thoguht a server, just using the file:// kind of address), everything works OK, so I know my code is not completely wrong.
  I thought this could be related with the security sandbox. However, I added the folder where my swf file is to the global trusted folder; and actually made sure that Security.sandboxType returns "localTrusted". How ever, that didn't fix anything.
  So I'm out of ideas. Any suggestion on where to look next?

  Here's my code, in case its needed (it's a pretty straightforward hello world example):
  PHP SIDE:
  $a = new Amf_Model_Test();
  $server = new Zend_Amf_Server();
  $server->setClass('Amf_Model_Test');
  echo $server->handle();
  class Amf_Model_Test
  * return string               
  public function greet()
      return "hello";
  AS SIDE:
  public class main extends Sprite
  private var _resp: Responder;
  private var _nc: NetConnection;
  private var tf: TextField;
  private var _gateway: String;
  public function main()
  tf = new TextField();
  tf.width = 500;
  tf.border = true;
  tf.borderColor = 0x0000FF;
  addChild(tf);
        _gateway = 'http://cms.loc/amf';
  _resp = new Responder(onResult, onFault);
  _nc = new NetConnection();
  _nc.connect(_gateway);
  _nc.client = this;
  _nc.addEventListener(NetStatusEvent.NET_STATUS, onNetStatus);
  _nc.call("Amf_Model_Test.greet", _resp);
  private function onNetStatus(event: NetStatusEvent): void
  trace(event.info['code']);
  tf.text = "Status = "+event.info['code'];
  private function onFault(result: Object): void
  tf.text = "Fault = " + String(result);
  private function onResult(result: Object): void
        tf.text = "Result = " + String(result);
  In my browser, I get "Result = hello", as expected. In the stand alone player (which is exactly the same version) I get "Status = NetConnection.Call.BadVersion".

• Java.lang.SecurityException: Security: Invalid Subject: principals

  I am getting the following exception intermittently:
  java.lang.SecurityException: Security: Invalid Subject: principals=[XXX, Administrators]
  What i am doing is, i have two weblogic servers both running Weblogic 10.0 and running on different domains, a war is deployed on one server (server A) which sends a message to queue on another server (Server B), now everything works but if i restart B then A throws the above Security Exception while looking up the queue on Server B?? Any ideas why, i haven't configured any security credentials.
  If i restart A after restarting B then everything works again but restarting all the servers each time one gets restarted is cumbersome,so does someone knows answer to the question above?
  Edited by: user4828945 on Feb 11, 2009 5:41 PM

  If you dont require authentication, then enable the global trust between the domains.
  When this feature is enabled, identity is passed between WebLogic Server domains over an RMI connection without requiring authentication in the second domain. When inter-domain trust is enabled, transactions can commit across domains. A trust relationship is established when the Domain Credential for one domain matches the Domain Credential for another domain.
  By default, the Domain Credential is randomly generated and therefore, no two domains will have the same Domain Credential. If you want two WebLogic Server domains to interoperate, you need to replace the generated credential with a credential you select, and set the same credential in each of the domains.
  Link :[http://e-docs.bea.com/wls/docs100/ConsoleHelp/taskhelp/security/EnableGlobalTrustBetweenDomains.html]

• Flash SSL connection failure IE

  I am working on a very innovative e-commerce site with an all
  Flash interface. We have uncovered an unusual situation where Flash
  works in Firefox but not IE when calling webservices over https. It
  only occurs when the certificate doesn't match the site name. It
  appears that after a period of time the IE browser is unable to
  open an ssl connection to the target site. This happens even though
  the user has accepted the mismatch. Works fine in FireFox.
  Anyone else seen this?

  RE: the talkingtree.com article, I think you're confusing
  client certificates and
  server certificates. The talking tree article is discussing
  an SSLv3 issue with client certs. Server certs are a seperate
  animal altogether.
  There should be no issue with updating (renewing?) the SSL
  certificate on "webA". Just make sure that the SSL cert being used
  by "webA" now, has a "common name" that matches the domain name
  you're using to address it with.
  (I'm guessing you're simply using "webA" as the domain name,
  since it's all internal correct?)
  One other thing to consider, what is the "Issuer" is on the
  new SSL cert? If the new cert was not issued by a globally trusted
  third party (like VeriSign/PayPal, or Thawte), than you may need to
  register the cert in JRun's "cacerts" file. You can read more about
  that here:
  http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_19139&sliceId=1#enableCF

• Creating Bridge on weblogic to connect between OSM and AIA

  Hi,
  Am trying to create a messaging bridge in weblogic server to move msg from a queue to AIA's queue. I have created both Source & Target destinations and associated to bridge. My doubt is as both servers are different app servers, if i use initial context factory of AIA in target bridge destination will it be able to handle it or any steps needs to be done to handle it? Also how to set up global trust between two servers?
  As per my knowledge turst credentials should be given in weblogic console as follows,
  DomainName->Security->Advanced->Credential
  This credential is the same credential that must match on AIA. Pls confirm this.
  Can anybody Pls clarify on my queries asap....
  Thanks in advance
  Bharathi

  Hi Naveen,
  Thanks for your inputs.
  Those 2 points are clear now. Can u please tell me is there anything to edit in the bridge configuration after ran that script in weblogic console.
  I have followed the below mentioned steps after ran that script
  1.
  - Weblogic console,
  - Services
  - JDBC
  - Data Sources
  - Newly created JDBC Data Source which points to AIA AQ database
  - Connection Pool: set user and password.
  - Services -
  - JDBC
  - Data Sources
  - Newly created JDBC Data Source which points to AIA AQ database: select the Target Server.
  - Save changes.
  2.
  - AQ JMS Module (bridge_jms_module).
  - Security Tab
  - Role Tab: create new Role e.x JMSAQRole. Click on the role and Add Conditions "Access to Every One"
  3.
  Do the same thing for the "osm-jms-role", but the role is already created (also there is a condition already created "Group : OMS_client or OMS_ws_api or OMS_xml_api or OSM_automation or Cartridge_Management_WebService", but we to create the new condition)
  Please remember that am not using latest AIA, so i have created queues in AIA DB manually.
  can u please tell me why bridge is in Inactive state and shows warning as WARN: failed and will reconnect later.
  Also weblogic server logs shows as below
  <Warning> <MessagingBridge> <BEA-200026> <Br
  idge "CFS_2_AIA_CreateCustomer" encountered some problems in one of its adapters
  or underlying systems. It stopped transferring messages and will try to reconne
  ct to the adapters shortly. (The exception caught was javax.resource.ResourceExc
  eption: Failed to setup the Resource Adapter Connection for enlistment in the tr
  ansaction, Pool = 'eis/jms/WLSConnectionFactoryJNDIXA', javax.transaction.System
  Exception: start() failed on resource 'eis/jms/WLSConnectionFactoryJNDIXA': XA_O
  K
  javax.transaction.xa.XAException: method start should not be called on weblogic.
  transaction.internal.IgnoreXAResource
  at weblogic.jms.foreign.IgnoreXAResourceImpl.start(ForeignAQIntegration.
  java:260)
  at weblogic.connector.security.layer.AdapterLayer.start(AdapterLayer.jav
  a:513)
  at weblogic.connector.transaction.outbound.XAWrapper.start(XAWrapper.jav
  a:466)
  at weblogic.transaction.internal.XAServerResourceInfo.start(XAServerReso
  urceInfo.java:1184)
  at weblogic.transaction.internal.XAServerResourceInfo.xaStart(XAServerRe
  sourceInfo.java:1117)
  at weblogic.transaction.internal.XAServerResourceInfo.enlist(XAServerRes
  ourceInfo.java:275)
  at weblogic.transaction.internal.ServerTransactionImpl.enlistResource(Se
  rverTransactionImpl.java:516)
  at weblogic.transaction.internal.ServerTransactionImpl.enlistResource(Se
  rverTransactionImpl.java:443)
  at weblogic.connector.transaction.outbound.XATxConnectionHandler.enListR
  esource(XATxConnectionHandler.java:118)
  at weblogic.connector.outbound.ConnectionWrapper.invoke(ConnectionWrappe
  r.java:218)
  at $Proxy112.createMessage(Unknown Source)
  at weblogic.jms.bridge.internal.MessagingBridge.onMessageInternal(Messag
  ingBridge.java:1323)
  at weblogic.jms.bridge.internal.MessagingBridge.onMessage(MessagingBridg
  e.java:1251)
  at weblogic.jms.adapter.JMSBaseConnection$29.run(JMSBaseConnection.java:
  2269)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
  dSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
  147)
  at weblogic.jms.adapter.JMSBaseConnection.onMessage(JMSBaseConnection.ja
  va:2265)
  Please suggest how to resolve this issue.
  Thanks in advance
  Bharathi
  Edited by: Bharathi on Nov 29, 2011 6:51 AM
  Edited by: Bharathi on Nov 29, 2011 6:59 AM

• Debug vs normal Test Movie sandbox

  In Flash, if I Test Movie in normal mode (Ctr + Enter) I get no complaints about accessing URLs. The SWF's sandbox is "localTrusted". However when I debug Test Movie (Ctr + Shift + Enter), the sandbox is different. I then get complaints about accessing URLs; Security Sandbox Violation "...Untrusted local SWFs may not contact the Internet..." if localWithFile, and "...denied due to lack of policy file permissions..." if localWithNetwork.
  Is this a "feature"? If so, I'd like to be able to turn it off. It would be nice if there was simply a warning, and not actual failure. To fix it, I could trust the file using global trust settings, but that seems silly just for debugging.
  Any other ideas? Thanks.

  add the folder that contains your swf files to your trusted files.

• Oracle WebLogic Server - How to connect to IBM DB2-400

  Hi to all,
  I'm afraid I'm going to ask a f.a.q... anyway... I'm trying to define a Connection Pool to Db2/400. I see that Oracle App Server do support DB2 on windows and linux O.S;
  what about DB2 on a iSeries / iOs machine ?
  Thank you in advance for your help.

  1. Can OSB connect to JMS Queue which resides within the IBM Maximo Application? If yes can you please provide any documents/link which outlines the steps.Yes. You can use a OSB proxy service with jms transport to dequeue the messages from remote weblogic jms.
  2. Do I need to configure a Messaging Bridge or a Foreign JNDI provider in Weblogic? Which is the best optionNot required.
  3. What information do we need to configure in Weblogic to connect to the JMS Queue in IBM Maximo Application? Configure a proxy service with jms transport. Here you have to provide the transport URI hostname/port part you have to give details of the maximo WLS server host and part.Since jms transport involves rmi communication between two weblogic domains, you also need to setup either global trust between the domains or cross domain security.
  http://download.oracle.com/docs/cd/E12839_01/web.1111/e13707/domain.htm#i1176046

• Unable to create a JMS Message bridge between Weblogic 12c and Weblogic 8.1

  Hi,
  I am unable to successfully create a Message Bridge between Weblogic 12.1.1.0 and Weblogic 8.1. The error message being received is:
  eis/jms/WLSConnectionFactoryJNDINoTX > ResourceAllocationException generated by resource adapter on call to ManagedConnectionFactory.createManagedConnection(): "javax.resource.ResourceException: ConnectionFactory: failed to get initial context (InitialContextFactory =weblogic.jndi.WLInitialContextFactory, url = t3://localhost:8001, user name = System) ">
  The error on the monitoring tab is WARN: failed to connect to target.
  Both domains are deployed on one box for testing purposes. The bridge itself is deployed on Weblogic 12c. The areas of config that may be of interest are:
  <server>
  <name>AdminServer</name>
  <listen-address></listen-address>
  </server>
  <messaging-bridge>
  <name>Bridge</name>
  <target>AdminServer</target>
  <source-destination>JMSBridgeSource12c</source-destination>
  <target-destination>JMSBridgeTarget81</target-destination>
  <selector>Test</selector>
  <quality-of-service>Exactly-once</quality-of-service>
  <qos-degradation-allowed>false</qos-degradation-allowed>
  <durability-enabled>true</durability-enabled>
  <idle-time-maximum>60</idle-time-maximum>
  <async-enabled>true</async-enabled>
  <started>true</started>
  <preserve-msg-property>false</preserve-msg-property>
  </messaging-bridge>
  <app-deployment>
  <name>jms-xa-adp</name>
  <target>AdminServer</target>
  <module-type>rar</module-type>
  <source-path>D:\ORACLE~3\WLSERV~1.1\server\lib\jms-xa-adp.rar</source-path>
  <security-dd-model>DDOnly</security-dd-model>
  </app-deployment>
  <jms-bridge-destination>
  <name>JMSBridgeSource12c</name>
  <adapter-jndi-name>eis.jms.WLSConnectionFactoryJNDIXA</adapter-jndi-name>
  <user-name>System</user-name>
  <user-password-encrypted>{AES}nfFzhs+0J/O2Cenf0g4zDsDyvIKENMF7cZ5sAVUehX0=</user-password-encrypted>
  <classpath></classpath>
  <connection-factory-jndi-name>JMSConnectionFactory12c</connection-factory-jndi-name>
  <connection-url>t3://localhost:7001</connection-url>
  <destination-jndi-name>JMSQueue12c</destination-jndi-name>
  </jms-bridge-destination>
  <jms-bridge-destination>
  <name>JMSBridgeTarget81</name>
  <adapter-jndi-name>eis.jms.WLSConnectionFactoryJNDIXA</adapter-jndi-name>
  <user-name>System</user-name>
  <user-password-encrypted>{AES}eBkO46cHvtrzEraOMIOdXow6WvEAtA4NCUDTQ4mC+9w=</user-password-encrypted>
  <classpath></classpath>
  <connection-factory-jndi-name>JMSConnectionFactory81</connection-factory-jndi-name>
  <connection-url>t3://localhost:8001</connection-url>
  <destination-jndi-name>JMSQueue81</destination-jndi-name>
  </jms-bridge-destination>
  I have enforced global trust between the two domains. I have disabled the guest user on the 8.1 domain but can’t see where to do this on 12c.
  Any suggestions would be much appreciated.
  Regards
  John
  Edited by: 958336 on 13-Sep-2012 03:11

  Thanks for the recommendation. Unfortunately it did not help solve the problem.
  I have managed to get a JMS bridge working between 12c and 8.1 by including the 8.1 weblogic.jar on the classpath. This setup was using eis.jms.WLSConnectionFactoryJNDINoTX.
  After trying to use the adapter that supports transactions, WLSConnectionFactoryJNDIXA I received the following error:
  java.lang.IllegalStateException: can only be called from server
  Is this because the Weblogic 12c server now views the 8.1 server as being foreign?

• The selected certificate has errors: Invalid policy constraint

  Hi
  What does this exactely mean?
  The signer of the document in question used an official p12 keystore, issued by QuoVadis. QuoVadisRootCa3 is globally trusted by all software we know so far.
  The certificate chain is shown correctely in adobe reader, but the usercertificate shows the yellow warning flag along with above message.
  What can/must we do on the signer's side to get the document accepted in adobe reader at the customer site?
  Thanks for your help
  Marcel

  A CA may issue many different signing certificates and System Administrator may restrict which signatures signed with certificates issued by this CA should be accepted as Valid on particular Reader installations.
  Policy constraints are set on individual Acrobat/Reader installations. Usually they are set by IT but can be also done manually by the users. When policy constraints are enabled Reader validates only signatures signed with DIgital IDs that meet specified policy constraints. In Reader/Acrobat policy constraints are specified per trusted root certificate. In Reader XI go to Edit->Preferences->Signatures, click on More.... in "Identities&Trusted Certificates" and select "Trusted Certificates". In the list of ttrusted certificates select the root certificate of the chain in the problem signature and click "Edit Trust" button. In the dialog that comes up select "Policy Restrictions" tab. It contains on top explanation of what policy restrictions are.
  Apparently the installations that exhibit this problem have some "Certificate policies" entered for QuoVadis trusted root. When it happens Reader will mark as Valid only signatures signed with the QuoVadis-issued Digital IDs that include matching policy constraints. There is nothing you can do about it on the signer's side, because it is controlled by the preferences on the recipients' side.

• Security Exception in trying to get a org.w3c.dom.Document

  Hi,
  I'm trying to get an org.w3c.dom.Document using the following code----
       String configFileName = "discoveryconsts.xml";
            DocumentBuilder db = null;
            Document xmlDocument = null;
            DocumentBuilderFactory dbf = null;
       dbf = DocumentBuilderFactory.newInstance();
  System.out.println("The DocumentBuilderFactory is :" + dbf);     
  //the exception happens here,while building the DocumentBuilder.
       db = dbf.newDocumentBuilder();
  System.out.println("The DocumentBuilder is :" + db);          try
       xmlDocument = db.parse(configFileName);
  System.out.println("The Document Builder is :" + db);
  catch(Exception e)
       System.out.println("The Exception is :"+ e);
  System.out.println("The XML Document is :" + xmlDocument);
  The error obtained is in the ---
  java.lang.SecurityException: sealing violation
  at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
  at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
  at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:286)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
  at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
  at org.apache.xerces.jaxp.DocumentBuilderImpl.<init>(DocumentBuilderImpl.java:98)
  atorg.apache.xerces.jaxp.DocumentBuilderFactoryImpl.newDocumentBuilder(DocumentBuilderFactoryImpl.java:87)
  at Prototype.ChangingDiscConstsFile.discoveryConstants(ChangingDiscConstsFile.java:36)
  at Prototype.ChangingDiscConstsFile.main(ChangingDiscConstsFile.java:74)
  This error is obtained at runtime(ie.The file gets compiled).
  Kindly let me know the reason for the exception.
  regards,
  Karan.

  Hello Satya,
  Have you checked if the cross domain security between the domain WLS 10.3.5 and the backend server is enabled?
  Trust between domains is established so that principals in a Subject from one WebLogic domain can make calls in another domain. In previous releases of WebLogic Server, there was only one type of domain trust that is now referred to as Global Trust. WebLogic Server now supports a type of domain trust that is referred to as Cross Domain Security. The following sections explain how to configure each domain trust type:
  Enabling Cross Domain Security Between WebLogic Server Domains
  Enabling Global Trust
  http://docs.oracle.com/cd/E21764_01/web.1111/e13707/domain.htm#i1176046