Initial Context Security Issue

Hi, I wonder if someone can help me with this one??
The problem we are experiencing is that we have a remote client that connects
to 2 completely independent Weblogic 6.1 instances, and it appears that, under
certain circumstances, that the initial contexts actually become "confused", so
as to create a situation both initial contexts have been initialized successfully,
and after a while it appears that a connection to server B is attempted with the
principal and credential values of server A, obviously causing account lockouts
seeing as the user account does not exist on server B.
I have established through testing that this condition can be avoided by either
setting InitialContext.SECURITY_AUTHENTICATION = "none" and by not providing InitialContext.SECURITY_PRINCIPAL
and InitialContext.SECURITY_CREDENTIALS values for both client connections, or
by setting InitialContext.SECURITY_AUTHENTICATION = "simple", supplying valid
InitialContext.SECURITY_PRINCIPAL and InitialContext.SECURITY_CREDENTIALS values
for each server, and by reinitializing the InitialContext object before each and
every remote lookup.
We have decided to implement a InitialContext.SECURITY_AUTHENTICATION = "none"
policy, allowing us not to reinitialize the InitialContext objects every single
time. Obviously, this is not the preferred way!
I would appreciate any light on this, as this is causing us huge headaches, not
to mention the fact that one of the connections become completely unusable and
therefore denies any service whatsoever from one of the servers
Thanks in advance!

Hi,
This should probably have to be handled with Cisco directly or through the company that got you the license.
To my understanding there is a possibility that the you would first install one license key and the other license might be upgrade from the previous license to the next limit of the licensed feature.
I have had several occasions where I have been provided with the wrong license and have had to contact Cisco/supplier again to get the correct licenses for my device.
While I was posting this reply I checked the Licensing document for the ASA models. It would seem to me that there is no 25 Security Content License for the ASAs. The closes are 20 SC license and 50 SC license
Check this document:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/intro_license.html#wp1230400
- Jouni

Similar Messages

Security stack and caching initial context

We are using weblogic60 sp2, when we using Optimizeit tool to profile weblogic
server and we found build up initial context is very expensive, can we cache the
initial context? Is it thread safe? I know there is a issue related with security
stack, to work around this, could we just do this, cache the initial context,
and before call any remote method, we just push a valid user to the stakc of current
thread, could this scheme work?
Thanks

We are using weblogic60 sp2, when we using Optimizeit tool to profile weblogic
server and we found build up initial context is very expensive, can we cache the
initial context? Is it thread safe? I know there is a issue related with security
stack, to work around this, could we just do this, cache the initial context,
and before call any remote method, we just push a valid user to the stakc of current
thread, could this scheme work?
Thanks

JNDI obj not binding to initial context--10gRel 2 issue only,works in rel3

hi all,
The issue I am writing about is an issue only in OAS 10g release 2 (10.1.2.0.2) and not in release 3. I have an issue where in I am trying to bind a data source object to the initial context. This data source object reference is created dynamically and is not specified in any XML file (say like web.xml or server.xml). The business requirement driving this is that for each user we need to create a data source dynamically and attach it to the JNDI and then this JNDI name is passed on to Crystal Reports which will use this data source to retrieve its data from the DB. The code for creating the data source dynamically is as below,
private String setDataSource(String username, String password) throws NamingException {
          String prefix = "jdbc";
          InitialContext ic = new InitialContext();
          // Construct BasicDataSource reference
          Reference ref = new Reference("javax.sql.DataSource", CustomDataSourceFactory.class.getName(), null);
          ref.add(new StringRefAddr("url", xxxxxx));
          ref.add(new StringRefAddr("schema",xxxxx));
          ref.add(new StringRefAddr("xxxxxx", xxxxx));
          ref.add(new StringRefAddr("password", xxxxx));
          try {
               ic.listBindings(prefix);
          } catch (NameNotFoundException exp) {
               ic.createSubcontext(prefix);
          String datasourceName = prefix + "/" + oneNumber;
          ic.rebind(datasourceName, ref);
          return datasourceName;
As you can see the reference to the data source is added dynamically. Now when I try to obtain this object by looking up the context for its JNDI name I get a object not found error. This is how I look up the object through my code,
private void testDataSource(String dsName){
          Connection conn = null;
          Statement stmt = null;
          ResultSet rs = null;
          try {
               InitialContext ic = new InitialContext();
               javax.sql.DataSource ds = (javax.sql.DataSource) ic.lookup(dsName);
               conn = ds.getConnection();
               stmt = conn.createStatement();
               rs = stmt.executeQuery("select sysdate from dual");
               String result = rs.getString(1);
               System.out.println("----YOGI----Result of query execution is AAA -----" + result);
          } catch (Exception ex ){
               System.out.println("----YOGI----the exception from this specific block is " + ex.getLocalizedMessage());
          finally {
               try {
                    if (null!= rs)
                         rs.close();
                    if(null !=stmt)
                         stmt.close();
                    if(null !=conn)
                         conn.close();
               } catch (Exception ex){
                    System.out.println("Hopeless");
When I do this I get this exception message --> jdbc/1562 not found in MyAPP
jdbc/1562 is the data source JNDI name I generated in the first method and "MyAPP" is the name of my application. I decided to make the JNDI globally available in the context and hence I used "java:global/jdbc/1562" for my datasource name and even that did not work even though the JNDI name is not bound to the application in specific.
I am really at a loss here as this is a simple add/retrieve operation to a object bound to the context. Can someone tell what is wrong here? The same code works fine in release 3 OAS and also in tomcat and websphere. Any help will be appreciated.
Regards,
Yogi

OK, I seem to be getting a new exception, not sure if I did any change but ran into this exception in the logs,
11/08/24 18:45:08 ----YOGI----the exception from this specific block is javax.naming.Reference cannot be cast to javax.sql.DataSource*
From what I read on the web, this is prevalent in glassfish and jboss. The reason could be that missing j2ee.jar in classpath or duplicate jdbc jars. I added j2ee.jar to my application library in oc4j dint resolve the issue. I removed jdbc jar from the OAS lib folder and restarted, it dint help.
Any other clues, anyone?

Weblogic 10 Initial context issue...?

Hi All,
Please provide a suggestion for the same.
InitialContext not getting loaded properly and the weblogic jars are also there in the cp
Re: Exception in Initial Context Weblogic 10
thx in Adv.

Hi RainaV,
This problem looks like a Weblogic library conflict in your runtime environment.
java.lang.NoSuchMethodError: weblogic.common.internal.VersionInfo.initialize(Z)V
at weblogic.kernel.Kernel.initialize(Kernel.java:88)
This means you have some possible mix of old and new Weblogic binaries loaded in your classpath. The Exception means that the compiled version of the Kernal class (loaded in your system classpath) is refering a different version of the class weblogic.common.internal.VersionInfo, with different initialize() method signature.
Please have a look at your full classpath and look any for duplicate and conflicted version of the weblogic.jar library.
Also, which version of weblogic client are you using? There is no such VersionInfo class in Weblogic 10.0.x. Please have a look at the MANIFEST file of the weblogic.jar you are using to confirm. You are likely trying to use an older client like Weblogic 9.x.
Regards
P-H
http://javaeesupportpatterns.blogspot.com/

ClassNotFoundException for initial-context-factory using foreign JMS p.

Hi,
I am currently working on migrating an application from weblogic 9 to weblogic 10 and I bumped into this issue while MDB connecting to JMS.
[Loaded cz.jaksky.riskscenario.beans.RiskScenarioServiceLocalHome from file:/C:/SVN/app-WLS10-FRESH/app-deploy/servers/myserver/tmp/_WL_user/performance/nyubkw/point-interfaces.jar]
<17-Sep-2012 11:01:27 o'clock CEST> <Warning> <EJB> <BEA-010061> <The Message-Driven EJB: PerformanceAsyncRequestBean is unable to connect to the JMS destination: wls.AsyncQueue. The Error was:
javax.naming.NoInitialContextException: Cannot instantiate class: cz.jaksky.common.jms.JMSInitialContextFactory [Root exception is java.lang.ClassNotFoundException: cz.jaksky.common.jms.JMSInitialContextFactory]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:657)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.deployment.jms.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:182)
at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at weblogic.jms.common.CDS$2.run(CDS.java:486)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.jms.common.CrossDomainSecurityManager.runAs(CrossDomainSecurityManager.java:131)
at weblogic.jms.common.CDS.lookupDestination(CDS.java:480)
at weblogic.jms.common.CDS.lookupDDAndCalloutListener(CDS.java:345)
at weblogic.jms.common.CDS.access$100(CDS.java:41)
at weblogic.jms.common.CDS$DDListenerRegistrationTimerListener.timerExpired(CDS.java:193)
at weblogic.timers.internal.TimerImpl.run(TimerImpl.java:273)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused by: java.lang.ClassNotFoundException: cz.jaksky.common.jms.JMSInitialContextFactory
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:46)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:654)
... 23 more
I am using foreign JMS provider with provided mapping. Config follows:
ejb-jar.xml:
<enterprise-beans>
          <message-driven>
               <ejb-name>PortfolioRetrieverAsyncRequestBean</ejb-name>
               <ejb-class>cz.jaksky.common.async.AsynchronousRequestMessageBean</ejb-class>
               <transaction-type>Bean</transaction-type>
               <acknowledge-mode>Auto-acknowledge</acknowledge-mode>
               <message-driven-destination>
                    <destination-type>javax.jms.Queue</destination-type>
                    <subscription-durability>Durable</subscription-durability>
               </message-driven-destination>
               <message-selector>
                    <![CDATA[ Service IN ('PortfolioRetriever')
                  AND MessageType = 'request'
                  AND BigBox = FALSE
                ]]>
               </message-selector>
          </message-driven>
     </enterprise-beans>
weblogic-ejb-jar.xml:
<weblogic-enterprise-bean>
          <ejb-name>PortfolioRetrieverAsyncRequestBean</ejb-name>
          <message-driven-descriptor>
               <pool>
                    <max-beans-in-free-pool>64</max-beans-in-free-pool>
                    <initial-beans-in-free-pool>1</initial-beans-in-free-pool>
               </pool>
               <destination-jndi-name>wls.AsyncQueue</destination-jndi-name>
               <initial-context-factory>weblogic.jndi.WLInitialContextFactory</initial-context-factory>
               <connection-factory-jndi-name>ServiceLocatorAsyncQueueFactory</connection-factory-jndi-name>
          </message-driven-descriptor>
          <dispatch-policy>PortfolioAsyncQueueWorkManager</dispatch-policy>
     </weblogic-enterprise-bean>
jmsconfig-jms.xml
<foreign-server name="TibjmsAsyncServer">
<default-targeting-enabled>true</default-targeting-enabled>
<foreign-destination name="AsyncQueue.LOCAL.prgdwm355410.7001">
<local-jndi-name>wls.AsyncQueue</local-jndi-name>
<remote-jndi-name>AsyncQueue.LOCAL.prgdwm355410.7001</remote-jndi-name>
</foreign-destination>
<foreign-connection-factory name="FTQueueConnectionFactory">
<local-jndi-name>ServiceLocatorAsyncQueueFactory</local-jndi-name>
<remote-jndi-name>FTQueueConnectionFactory</remote-jndi-name>
</foreign-connection-factory>
<initial-context-factory>cz.jaksky.common.jms.JMSInitialContextFactory</initial-context-factory>
<connection-url>tcp://JUSD-FTPOIA.jaksky.com:22542,tcp://JUSD-FTPOB.jaksky.com:22543</connection-url>
</foreign-server>
Module containing this MDB is packed as an ear file with following structure:
APP-INF/lib/modules.jar - contains AsynchronousRequestMessageBean class
APP-INF/lib/interface.jar - contains JMSInitialContextFactory (class used for initial-context-factory)
portfolio-async.jar
META-INF/ejb-jar.xml content pasted above
META-INF/webogic-ejb-jar.xml content pasted above
Weblogic system classpath doesn't contain any application sepcific libraries.
This set up was working for weblogic 9 without any problem. I am just wondering what the problem is whether I am faceing class loading issue or JMS configuration issue and how to resolve it.
Edited by: user13047709 on 18-Sep-2012 07:15
Edited by: user13047709 on 18-Sep-2012 07:16

Hi,
When working with a non-WebLogic JNDI provider (or a non-WebLogic JMS provider), the non-WebLogic client classes must be made available to the classloader of the calling application in WebLogic Server. This is usually accomplished by adding them to the system classpath.
In your case, WebLogic is looking for a proprietary/foreign JNDI Context Factory class named "cz.jaksky.common.jms.JMSInitialContextFactory", which means you need to make sure that a jar/dir that contains the non-WebLogic class "JMSInitialContextFactory.class" is in the classpath.
The configuration for this should be similar in WL9 and WL10. It could be that your classpath is already setup to reference the foreign class, but it refers to a directory/jar that you haven't setup yet on your WL10 host.
HTH,
Tom

How to get Initial context of Local Interface in weblogic 8.1

I have developed a local entity bean but i wouldnt able to initial context of that bean
CAN ANYBODY HELP ME
bean deployment descriptor
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'>

<ejb-jar>
<enterprise-beans>
<entity>
<ejb-name>CabinBean</ejb-name>
<home>my.CabinRemoteHome</home>
<remote>my.CabinRemote</remote>
<ejb-class>my.CabinBean</ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>java.lang.Integer</prim-key-class>
<reentrant>True</reentrant>
<cmp-version>2.x</cmp-version>
<abstract-schema-name>CabinBean</abstract-schema-name>
<cmp-field>
<field-name>bedCount</field-name>
</cmp-field>
<cmp-field>
<field-name>deckLevel</field-name>
</cmp-field>
<cmp-field>
<field-name>id</field-name>
</cmp-field>
<cmp-field>
<field-name>name</field-name>
</cmp-field>
<cmp-field>
<field-name>shipId</field-name>
</cmp-field>
<primkey-field>id</primkey-field>
<security-identity>
<use-caller-identity/>
</security-identity>
</entity>
<entity>
<ejb-name>CabinLocal</ejb-name>
<local-home>my.CabinLocalHome</local-home>
<local>my.CabinLocalLocal</local>
<ejb-class>my.CabinLocal</ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>java.lang.Integer</prim-key-class>
<reentrant>True</reentrant>
<cmp-version>2.x</cmp-version>
<abstract-schema-name>CabinLocal</abstract-schema-name>
<cmp-field>
<field-name>bedCount</field-name>
</cmp-field>
<cmp-field>
<field-name>deckLevel</field-name>
</cmp-field>
<cmp-field>
<field-name>id</field-name>
</cmp-field>
<cmp-field>
<field-name>name</field-name>
</cmp-field>
<cmp-field>
<field-name>shipId</field-name>
</cmp-field>
<primkey-field>id</primkey-field>
<ejb-local-ref>
<ejb-ref-name>LocalCabin</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<local-home>CabinLocalHome</local-home>
<local>CabinLocal</local>
<ejb-link>LocalCabin</ejb-link>
</ejb-local-ref>
<security-identity>
<use-caller-identity/>
</security-identity>
</entity>
</enterprise-beans>
<assembly-descriptor>
<container-transaction>
<method>
<ejb-name>CabinLocal</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
<container-transaction>
<method>
<ejb-name>CabinBean</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
<ejb-client-jar>EjbClient</ejb-client-jar>
</ejb-jar>
************************************** Client Code****************
package com;
import my.CabinBean;
import my.CabinRemoteHome;
import my.CabinRemote;
import javax.naming.InitialContext;
import javax.naming.Context;
import javax.naming.NamingException;
import java.rmi.RemoteException;
import java.util.Properties;
import javax.rmi.PortableRemoteObject;
import weblogic.jndi.Environment;
public class Test
    public static void main(String args[])
        try{
             Context context = getInitialContext();
                      Object cab = context.lookup("CabinLocalHome");
            ///**********-- Exception is thrown at this point -******************
            System.out.println("============ done====");
            Context ct = getInitialContext();
            Object ref = ct.lookup("CabinHomeRemote");
            CabinRemoteHome home = (CabinRemoteHome)PortableRemoteObject.narrow(ref,CabinRemoteHome.class);
            //CabinRemote cab = home.create(new Integer(1));
            //cab.setName("Master Suite");
            //cab.setDeckLevel(new Integer(1));
            //cab.setShipId(new Integer(1));
            //cab.setBedCount(new Integer(1));
            Integer pk = new Integer(1);
            CabinRemote cab1 = home.findByPrimaryKey(pk);
            System.out.println("--->>>>>>>> "+cab1.getName());
            System.out.println("--->>>>>>>> "+cab1.getShipId());
            System.out.println("--->>>>>>>>"+cab1.getBedCount());
            System.out.println("--->>>>>>>>"+cab1.getDeckLevel());
            System.out.println("---");
      }catch(java.rmi.RemoteException e){e.printStackTrace();}
       catch(javax.naming.NamingException e){e.printStackTrace();}
       //catch(javax.ejb.CreateException e){e.printStackTrace();}
       catch(javax.ejb.FinderException e){e.printStackTrace();}
    public static Context getInitialContext() throws javax.naming.NamingException
       Properties p = new Properties();
       p.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
       p.put(Context.PROVIDER_URL,"t3://localhost:7001");
       return new javax.naming.InitialContext(p);
} ************************************** Error ***********************
javax.naming.LinkException: [Root exception is javax.naming.LinkException: [Root exception is javax.naming.NameNotFoundException: remaining name: /app/ejb/myejb.jar#CabinLocal/local-home]; Link Remaining Name: 'null']; Link Remaining Name: 'java:app/ejb/myejb.jar#CabinLocal/local-home'
     at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
     at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:284)
     at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:244)
     at weblogic.jndi.internal.ServerNamingNode_813_WLStub.lookup(Unknown Source)
     at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:369)
     at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:357)
     at javax.naming.InitialContext.lookup(InitialContext.java:347)
     at com.Test.main(Test.java:27)
Caused by: javax.naming.LinkException: [Root exception is javax.naming.NameNotFoundException: remaining name: /app/ejb/myejb.jar#CabinLocal/local-home]; Link Remaining Name: 'null'
     at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:98)
     at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:292)
     at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:771)
     at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:191)
     at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
     at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
     at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:108)
     at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
     at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
     at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.naming.NameNotFoundException: remaining name: /app/ejb/myejb.jar#CabinLocal/local-home
     at weblogic.j2eeclient.SimpleContext.resolve(SimpleContext.java:35)
     at weblogic.j2eeclient.SimpleContext.resolve(SimpleContext.java:39)
     at weblogic.j2eeclient.SimpleContext.lookup(SimpleContext.java:57)
     at weblogic.j2eeclient.SimpleContext.lookup(SimpleContext.java:62)
     at weblogic.jndi.factories.java.ReadOnlyContextWrapper.lookup(ReadOnlyContextWrapper.java:45)
     at weblogic.jndi.internal.AbstractURLContext.lookup(AbstractURLContext.java:130)
     at javax.naming.InitialContext.lookup(InitialContext.java:347)
     at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)

Hi,
from what I gather, u have two jars
1. EJBClient - this will have remote and home interfaces and will be used by the client
2. myEJB - this iwll have all the classes - remote & home interfaces, the bean class and all the other classes required by the bean.
Now, the question is, who is acting as the client of your EJB ? There are 3 possibilities
1. A servlet
2. Another EJB
3. a simple java program.
In the first 2 cases, you can go for Local Interfaces (more so in the second case than the first). The reason being that the the client and server will be in the same JVM. Thus, in the first case, if the Web container and the ejb container are in the same app server, EJBs can be local.
However, in the third case, it is unlikey that you will have the client runnng and the same jvm as the server, because the server is using the jvm provided by weblogic.
Thus, you cannot use local interfaces in this 3rd case. I have a feeling that this is what you are doing. If so, change the local interfaces to remote.
See if this helps. Else, I will mail you some sample code. But I am afraid, sample code wont be of much help bcoz this seems to be a design problem.
regards

Caching initial contexts

I have read the posts about caching initial context lookups and have
implemented the solution and seen some benefits.
I am dealing with a third party application that I cannot change.
When I put my InitialContextFactory in the architecture I also logged
how many getInitialContext() calls were being made - I was absolutely
shocked - often 4+ per user transaction. I suspect that the code gets
one, does a call and dereferences all over the place.
90% of InitialContexts had the same environment passed to the getIC()
call so it struck me that what I should do is create a pool of IC, and
in my factory just serve one from the pool.
So, the question is, what is the best way of detecting when the IC has
been dereferenced so I know I can serve it again from my pool?
I presume this is a generic pool problem when you can't guarantee that
your client's will be good citizens and call a close() method or
similar.
I've posted here as it is performance related; also, is there any
reason why what I am doing is not a good idea?
Can the client do something with the IC which means it is not suitable
for use by another client? If so, can I detect this so I may discard?
As always, many thanks in advance.
Presuming I can get it to work I will post the code so that we can all
share ;-)
Cheers
Ed

Why don't you instrument your factory then to give out your own
implementation of InitialContext that will in fact only wrap a "loaner"
InitialContext every time a method is invoked on it and before returning
the value to the caller will put the real InitialContext back to the
pool to be reused by another one.
Then your clients can do whatever they want with those ICs and still
would not cause so big performance hits.
It's just an idea that just came to mind and I haven't tested it so it
might have flaws but it looks viable.
--dejan
Ed Barrett wrote:
The application is a third-party product that cannot be changed.
By introducing the factory you gave below (thanks!) we put the application
back under the load test and saw minimal improvements (like 1% response
time).
I then instrumented the factory with a system.out on finalize and noticed
that a factory instance is created for each call to getInitialContext() - is
this the way that WLS/J2EE works? I would have hoped that factories were
shared or something. What we did see is that for one user request a number
(sometimes 5!) ICs were being created ;-( Obviously the lookup cache is a
class instance and shared across the lot.
So then I started to think about pre-creating ICs and haveing a pool for the
default ones (environment specifies URL and no security details or the
like). Trouble is how to implement such when you cannot change the client
code to call a factory return method (such as returnToPool()).
Any ideas would be appreciated
"Dimitri I. Rakitine" <[email protected]> wrote in message
news:[email protected]...
I've ran into this problem while porting 5.1 application (JNDI lookups
were
super-cheap) to 6.1 (where they are not so cheap due to
serialization/deserialization)
and did this test to see if this indeed was the problem. As you saw I
didn't bother to
cache InitialContext's - I just cached JNDI lookups and that resulted in
very significant
performance improvements.
Which application are you testing it with?
Graham <[email protected]> wrote:
Dimitri,
We did this but did not see that much improvement over the default way -
we
are using 6.1 sp2.
We put some messages in our factory and found that the client code often
created over 4 ICs for one user click - aaggghhhh!! As I say we cannot
change their code but if we could take the time to create an IC away
from
the online response we feel we would save some time.
We also observed a new instance of the IC factory being created every
time a
new IC was created - is this what you would expect?
I think this is what NamingManager.getInitialContext() is supposed to do.
Cheers
Ed
"Dimitri I. Rakitine" <[email protected]> wrote in message
news:[email protected]...
Caching InitialContext's will probably not quite solve the problem,
because lookup()'s are expensive (in 6.x), so, caching lookup results
will result in performance improvements.
If you cannot change the 3'rd party code and all it does is:
... DataSource ds = (DataSource)new InitialContext().lookup(".....");
or similar, you can add caching by implementing your own InitialContext
factory,
for example: (extremely simplistic)
Startup class :
System.setProperty("java.naming.factory.initial",
"myjndi.InitialContextFactory");
where
myjndi.InitialContextFactory is :
public class InitialContextFactory implements
javax.naming.spi.InitialContextFactory {
public Context getInitialContext(Hashtable env) throws
NamingException
Context ctx = new
weblogic.jndi.WLInitialContextFactory().getInitialContext(env);
return
(Context)Proxy.newProxyInstance(ctx.getClass().getClassLoader(),
new Class[]
{ Context.class },
new
ContextHandler(ctx));
and myjndi.ContextHandler is:
public class ContextHandler implements InvocationHandler {
Context ctx;
static Hashtable cache = new Hashtable();
public ContextHandler(Context ctx) {
this.ctx = ctx;
public Object invoke(Object proxy, Method method, Object[] args)
throws Throwable {
try {
Object retVal;
if("lookup".equals(method.getName()) && args[0] instanceof
String) {
retVal = cache.get(args[0]);
if(retVal == null) {
retVal = method.invoke(ctx, args);
cache.put(args[0], retVal);
} else {
retVal = method.invoke(ctx, args);
return retVal;
} catch(InvocationTargetException oops) {
throw oops.getTargetException();
Ed <[email protected]> wrote:
Adarsh,
We agree it is a brilliant idea - now just to work out how to do it.
As you cannot always guarantee to be able to change the client code
you cannot use normal pooling techniques:
getObjectFromPool()
// do work
returnObjectToPool()
So, the client code needs an InitialContext. We can put in our own
Factory and intercept the getInitialContext() calls. This method
must
return class javax.naming.Context - therefore the only way I can see
to spot when the class is dereferenced is to extend the class and add
a finalize() method that notifies the factory.
The trouble I believe is that the class cannot be "rescued" in the
finalize() method (i.e. "I'm dying - take me back" ;-). If it simply
told the factory to add another one to its pool this would mean that
the new IC create "hit" would be in garbage collection (i.e. the
users
will pay somewhere along the line) - is this correct?
Anyone any ideas on a solution? I have discovered out code create
HUNDREDS of contexts in an hour and discards them very quickly. Be
nice to be able to cache them!
Cheers
Ed
"Adarsh Dattani" <[email protected]> wrote in message
news:<[email protected]>...
Ed,
This a brilliant idea. We are planning something similar too. We
first
want to create a pool of LDAP connections as apps make extensive
calls
to
LDAP. Did you check-out the object pooling api at Jakarta Commons.
It
deserves a close look.
http://jakarta.apache.org/commons/pool/index.html
Thanks,
Adarsh
"Ed" <[email protected]> wrote in message
news:[email protected]...
I have read the posts about caching initial context lookups and
have
implemented the solution and seen some benefits.
I am dealing with a third party application that I cannot change.
When I put my InitialContextFactory in the architecture I also
logged
how many getInitialContext() calls were being made - I was
absolutely
shocked - often 4+ per user transaction. I suspect that the code
gets
one, does a call and dereferences all over the place.
90% of InitialContexts had the same environment passed to the
getIC()
call so it struck me that what I should do is create a pool of IC,
and
in my factory just serve one from the pool.
So, the question is, what is the best way of detecting when the IC
has
been dereferenced so I know I can serve it again from my pool?
I presume this is a generic pool problem when you can't guarantee
that
your client's will be good citizens and call a close() method or
similar.
I've posted here as it is performance related; also, is there any
reason why what I am doing is not a good idea?
Can the client do something with the IC which means it is not
suitable
for use by another client? If so, can I detect this so I may
discard?
As always, many thanks in advance.
Presuming I can get it to work I will post the code so that we can
all
share ;-)
Cheers
Ed
Dimitri
Dimitri

Error creating initial context with environment

Hi,
Currently we are working on a scenarios, where we need to integrate XI and webmethods using JMS.
It was working fine. But recently they have restarted the webmethods server. After that we re getting an error message like,
In Adapter Monitoring:
Channel error occurred; detailed error description: com.sap.aii.adapter.jms.api.connector.ConnectorException: Error creating initial context with environment: {java.naming.provider.url=server:port, java.naming.factory.initial=com.sap.engine.services.jndi.InitialContextFactoryImpl, java.naming.security.principal=XYZ, java.naming.security.credentials=ABC}for profile: ConnectionProfile of channel: CC_RCV_JMS_INon node: 3010950 having object id: ABCXYZ: NamingException: Error getting the server-side naming service functionality during getInitialContext operation.
at com.sap.aii.adapter.jms.core.connector.JndiConnectorImpl.createInitialContext(JndiConnectorImpl.java:66)
In RWB
MP: Exception caught with cause com.sap.aii.af.ra.ms.api.RecoverableException: No transition found from state: STARTING, on event: process_commence for DFA: C_RCV_JMS_IN:e4413a5265a436459e271d5e0dd4859b
Can one please tell me what the problem is?
Thanks in advance.
Regards,
Prasad Babu.

Hi,
Check this link looks like same problem
Re: file to JMS(for MQ series)
Thanks
Vikranth

Java IDE Security Issues

I'm evaluating Java IDE's. My boss wants me to evaluate IDE security issues. I can't think of any issues, or how an IDE can have anything to do with security, but didn't want to sweep it under the rug without asking all of you security experts.
Are there any security concerns when selecting a Java IDE?

Yeah, you confirmed what I already knew I suppose.
Unfortunately, I know nothing if this organization, as
I'm only consulting. The management here INSISTS that
security be addressed, but I think it's out of scope
for Java IDE selection. Thanks!In that context, things like "supports HTTPS and ssh access for remote development" may be exactly what they're looking for. It lets managers say "Yes we considered security in making this purchase, and yes the developers of this tool take security seriously." Doesn't mean that security is ever going to impact the actual use of the product.
Remember that a portion of any management decision goes to insuring you can show a good-faith effort to avoid problems, when/if they happen down the road and someone's looking for a fall guy...
Good luck!
Grant

Security issue - or not? (remote trigger SMC startup)

Hi,
During installation of a few zones on a Sol10U2 system today, I noticed that simply running an nmap scan on a freshly installed and booted zone would cause the SMC to start:
Starting Solaris Management Console server version 2.1.0.
endpoint created: :898
Adding instance of solaris_providerpath
Adding class Solaris_LocalFileSystem
Adding class Solaris_Directory
Adding class Solaris_Mount
Adding class Solaris_UFS
Adding class Solaris_HSFS
Adding class Solaris_UFSMount
Adding class Solaris_HSFSMount
Adding class Solaris_LocalFSResidesOnExtent
Compilation succeeded.
Adding class Solaris_DiskDrive
Adding class Solaris_DiskPartition
Adding class Solaris_MediaPresent
Adding class Solaris_LogicalDisk
Adding class Solaris_PhysicalMedia
Adding class Solaris_Disk
Adding class Solaris_PhysicalPackage
Adding class Solaris_RealizesExtent
Adding class Solaris_RealizesDiskPartition
Adding class Solaris_RealizesDiskDrive
Adding class Solaris_DiskPartitionBasedOnDisk
Adding class Solaris_DiskPartitionBasedOnFDisk
Adding class Solaris_SCSIController
Adding class Solaris_IDEController
Adding class Solaris_MPXIOController
Adding class Solaris_USBSCSIController
Adding class Solaris_GenericController
Adding class Solaris_SCSIInterface
Adding class Solaris_MPXIOInterface
Adding class Solaris_IDEInterface
Adding class Solaris_ExtraCapacityGroup
Adding class Solaris_MPXIOGroup
Adding class Solaris_ControllerLogicalIdentity
Adding class Solaris_MPXIOCtrlrLogicalIdentity
Adding class Solaris_ControllerComponent
Adding class Solaris_MPXIOComponent
Adding class Solaris_StorageLibrary
Compilation succeeded.
Adding class CIM_ManagedElement
Adding class CIM_SettingData
Adding class CIM_Share
Adding class CIM_FileShare
Adding class CIM_NFSShare
Adding class CIM_SharedElement
Adding class CIM_HostedShare
Compilation succeeded.
Adding class Solaris_NFSShare
Adding class Solaris_NFSShareSecurity
Adding class Solaris_NFS
Adding class Solaris_PersistentShare
Adding class Solaris_MountSetting
Adding class Solaris_NFSMountSetting
Adding class Solaris_ShareSetting
Adding class Solaris_NFSShareSetting
Adding class Solaris_ShareService
Adding class Solaris_MountService
Adding class Solaris_NFSMount
Adding class Solaris_NFSShareSecurityModes
Adding class Solaris_NFSShareDefSecurityMode
Adding class Solaris_HostedShare
Adding class Solaris_PersistentShareConfiguration
Adding class Solaris_PersistentShareForSystem
Adding class Solaris_NFSShareEntry
Adding class Solaris_SharedElement
Adding class Solaris_NFSExport
Adding class Solaris_SharedFileSystem
Compilation succeeded.
Adding instance of solaris_providerpath
Adding instance of solaris_providerpath
Adding class Solaris_VMStateDatabase
Adding class Solaris_VMSoftPartition
Adding class Solaris_VMExtent
Adding class Solaris_VMStripe
Adding class Solaris_VMConcat
Adding class Solaris_VMMirror
Adding class Solaris_VMRaid5
Adding class Solaris_VMTrans
Adding class Solaris_VMHotSparePool
Adding class Solaris_VMDiskSet
Adding class Solaris_VMStorageVolume
Adding class Solaris_VMConcatComponent
Adding class Solaris_VMDriveInDiskSet
Adding class Solaris_VMExtentBasedOn
Adding class Solaris_VMSoftPartComponent
Adding class Solaris_VMExtentInDiskSet
Adding class Solaris_VMHostInDiskSet
Adding class Solaris_VMHotSpareInUse
Adding class Solaris_VMHotSpares
Adding class Solaris_VMMirrorSubmirrors
Adding class Solaris_VMRaid5Component
Adding class Solaris_VMStatistics
Adding class Solaris_VMStripeComponent
Adding class Solaris_VMTransLog
Adding class Solaris_VMTransMaster
Adding class Solaris_VMUsesHotSparePool
Adding class Solaris_VMVolumeBasedOn
Adding class Solaris_DiskIOPerformanceMonitor
Compilation succeeded.
Adding instance of solaris_providerpath
Adding class Solaris_ActiveUser
Adding class Solaris_ActiveProject
Adding class Solaris_ProcessStatisticalInformation
Adding class Solaris_UserProcessAggregateStatisticalInformation
Adding class Solaris_ProjectProcessAggregateStatisticalInformation
Adding class Solaris_ProcessStatistics
Adding class Solaris_ActiveUserProcessAggregateStatistics
Adding class Solaris_ActiveProjectProcessAggregateStatistics
Compilation succeeded.
Registration setup: 8/8 (Executing SUNWpmgr_reg.sh)
Registering components: 64/64 (Registering PatchMgrCli.jar)                 er)
Solaris Management Console server is ready.For interest, the nmap result is:
toby@deepthought ~ $ nmap -v 192.168.1.122
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-08-29 20:39 EDT
DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect() Scan against 192.168.1.122 [1672 ports] at 20:39
The Connect() Scan took 44.49s to scan 1672 total ports.
Host 192.168.1.122 appears to be up ... good.
Interesting ports on 192.168.1.122:
(The 1662 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open ftp
22/tcp   open ssh
23/tcp   open telnet
79/tcp   open finger
111/tcp open rpcbind
513/tcp open login
514/tcp open shell
898/tcp open sun-manageconsole
4045/tcp open lockd
7100/tcp open font-service
Nmap finished: 1 IP address (1 host up) scanned in 44.874 seconds(port 7100 is actually a non-standard VNC server which was carried over from the global zone)
Of course, this is immediately before running Solaris Security Toolkit (jass) to apply a secure profile.
Does it matter that this SMC startup can be triggered so easily remotely?

It just struck me odd that simply port-scanning the
machine could produce this behaviour, and I wonder if
it might be a security issue.Probably not directly. Sun has distributed several items in the past that launch via inetd connections (calendar manager and font server were two common ones). Just because it launches doesn't mean it's a security problem. The application itself may require authentication after running.
Of course the resources required by the process may be non-trivial, and the application may have security issues, but the fact that it launches isn't a direct indication of a problem.
Darren

Error in getting Initial Context

Hello,
I am facing the following exception while trying to get the Initial Context. Following
is the snippet of code that I use for getting the Context -
Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");p.
put(Context.PROVIDER_URL, url);
if (user != null) {
p.put(Context.SECURITY_PRINCIPAL, user);
if (password == null)
password = "";
p.put(Context.SECURITY_CREDENTIALS, password);
return new InitialContext(p);
The following is the exception that I encounter -
javax.naming.AuthenticationException. Root exception is java.lang.SecurityException:
attempting to add an object which is not an instance of java.security.Principal
to a Subject's Principal Set
Am i missing anything. Thanks for your time.
See the attached file for the details of the exception
Thanks,
Ashutosh
[trace.txt]

Hi Tim,
If you are running within a browser, you will not have access to anything
outside the sandbox which includes making RMI calls. Try signing the applet.
You can find more information on signing applets on the sun java website.
Regards
Arjuna
"Tim" <[email protected]> wrote in message
news:3c5ab818$[email protected]..
>
I get the following eror when I try to get the Initial Context in anapplet:
>
java.lang.ExceptionInInitializerError: java.security.Acc
ess denied (java.util.PropertyPermission * read,write)
atjava.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:272)
atjava.security.AccessController.checkPermission(AccessController.java:
399)
Does anyone have any idea what would cause this? The code works finerunning
from an application. From what I understand there might be a problem withmy
policy file. However, it seems to look ok. Any ideas?

Samba 3.2.6 patch for security issue

I know the security issue is hard to trigger, but I created a new PKGBUILD for samba 3.2.6 containing the patch.
Excerpt from the patch commentary:
commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410
Author: Michael Adam <[email protected]>
AuthorDate: Thu Dec 18 18:01:55 2008 +0100
Commit: Karolin Seeger <[email protected]>
CommitDate: Fri Dec 19 08:30:23 2008 +0100
smbd: prevent access to root filesystem when connecting with empty service name
This only applies to a setup with "registry shares = yes"
Michael
And here's the PKGBUILD:
# $Id: PKGBUILD 22200 2008-12-22 22:24:26Z tpowa $
# Maintainer: judd <[email protected]>
pkgname=samba
pkgver=3.2.6
# We use the 'A' to fake out pacman's version comparators. Samba chooses
# to append 'a','b',etc to their subsequent releases, which pamcan
# misconstrues as alpha, beta, etc. Bad samba!
_realver=3.2.6
pkgrel=2.1
pkgdesc="Tools to access a server's filespace and printers via SMB"
arch=(i686 x86_64)
url="http://www.samba.org"
license=('GPL3')
backup=(etc/logrotate.d/samba etc/pam.d/samba etc/samba/smb.conf etc/xinetd.d/swat etc/conf.d/samba)
depends=('db>=4.7' 'popt' 'libcups' 'acl' 'libldap' 'smbclient=3.2.6' 'libcap' 'heimdal>=1.2-1' 'pam' 'fam' 'gnutls>=2.4.1' 'tdb=3.2.6')
options=(!makeflags)
source=(http://us1.samba.org/samba/ftp/stable/${pkgname}-${_realver}.tar.gz \
no-clients.patch samba samba.logrotate swat.xinetd samba.pam samba.conf.d \
ftp://us1.samba.org/pub/samba/patches/security/samba-3.2.6-CVE-2009-0022.patch)
build() {
cd ${srcdir}/${pkgname}-${_realver}/source
patch -Np2 -i ${srcdir}/no-clients.patch || return 1
patch -Np2 -i ${srcdir}/samba-3.2.6-CVE-2009-0022.patch || return 1
./configure --prefix=/usr --with-configdir=/etc/samba \
--with-lockdir=/var/cache/samba \
--with-piddir=/var/run/samba \
--with-fhs --with-pam --with-ads --with-acl-support \
--without-cifsmount --without-libsmbclient \
--with-syslog --with-pam_smbpass \
--localstatedir=/var --disable-dnssd --libdir=/usr/lib/samba
make || return 1
mkdir -p ${pkgdir}/var/log/samba
mkdir -p ${pkgdir}/etc/samba/private
chmod 700 ${pkgdir}/etc/samba/private
make DESTDIR=$startdir/pkg install
chmod 644 ${pkgdir}/usr/include/*.h
rm -rf ${pkgdir}/usr/var
(cd script; cp installbin.sh i; cat i | sed 's/\/sbin\///' > installbin.sh)
install -D -m755 ../../samba ${pkgdir}/etc/rc.d/samba
install -D -m644 ../../samba.conf.d ${pkgdir}/etc/conf.d/samba
mkdir -p ${pkgdir}/etc/samba
cat ../examples/smb.conf.default | \
sed 's|log file = .*$|log file = /var/log/samba/log.%m|g' >${pkgdir}/etc/samba/smb.conf.default
install -D -m644 ../../samba.logrotate ${pkgdir}/etc/logrotate.d/samba
install -D -m644 ../../swat.xinetd ${pkgdir}/etc/xinetd.d/swat
install -D -m644 ../../samba.pam ${pkgdir}/etc/pam.d/samba
# symlink libs
for i in ${pkgdir}/usr/lib/samba/libsmbshare*; do
ln -sf samba/$(basename $i) ${pkgdir}/usr/lib/$(basename $i)
done
# spool directory
install -d -m1777 ${pkgdir}/var/spool/samba
sed -i 's|/usr/spool/samba|/var/spool/samba|g' ${pkgdir}/etc/samba/smb.conf.default
# fix logrotate
sed -i -e 's|log.%m|%m.log|g' ${pkgdir}/etc/samba/smb.conf.default
# nsswitch libraries
install -D -m755 nsswitch/libnss_wins.so ${pkgdir}/lib/libnss_wins.so
ln -s libnss_wins.so ${pkgdir}/lib/libnss_wins.so.2
install -D -m755 nsswitch/libnss_winbind.so ${pkgdir}/lib/libnss_winbind.so
install -D -m755 bin/pam_winbind.so ${pkgdir}/lib/security/pam_winbind.so
# remove conflict files of smbclient and tdb
for man in libsmbclient smbspool \
umount.cifs mount.cifs net; do
rm -f ${pkgdir}/usr/share/man/man8/${man}.8
done
for i in libnetapi* libtdb* libtalloc* libwbclient*; do
rm -f ${pkgdir}/usr/lib/samba/$i
done
rm -f ${pkgdir}/usr/bin/tdbbackup
rm -f ${pkgdir}/usr/include/{tdb.h,talloc.h,netapi.h}
for man in rpcclient smbcacls smbclient smbcquotas \
smbtree smbtar nmblookup smbget; do
rm -f ${pkgdir}/usr/share/man/man1/${man}.1
done
rm -f ${pkgdir}/usr/share/man/man7/libsmbclient.7
rm -f ${pkgdir}/usr/include/libsmbclient.h
md5sums=('0cd27c7afbb8211616eea4010f32271c'
'a676f0dde2c434aeb5125376b8797a64'
'e93533fa2296c07c1f645dfdd373657f'
'5697da77590ec092cc8a883bae06093c'
'a4bbfa39fee95bba2e7ad6b535fae7e6'
'96f82c38f3f540b53f3e5144900acf17'
'f2f2e348acd1ccb566e95fa8a561b828'
'e15ab37115101cf3a8d110f0c1f8e29e')
I think a security task force should be initiated (I know discussions existed, but I don't know what were the consequences), so that important packages (like those providing services) could be updated in a timely manner. This is a minor issue as I stated earlier, but it could be worse. Those interested, let's initiate a discussion with the developers of important packages and try to get some things working. People (mostly trusted users) who can generate early packages are welcome, so that they can provide early versions of unvulnerable packages.

ckristi wrote:I don't know about other packages, but I believe when I checked the PKGBUILD for PHP, that the security fix was included in 5.2.7.
Check http://repos.archlinux.org/viewvc.cgi/p … iew=markup for more info.
And don't get me wrong, I am a little bit concerned about the way vulnerabilities are treated in Arch, 'cause my home server is running this distro.
And I really would think we should start some serious discussions about this security issues and the way they should be treated. I know the developers are doing their best and I'm not going to put fingers at all. They should be helped in maintaining packages for important services. We'll benefit from it and their tasks would be easier.
Why don't you start a wiki page tracking the latest vulnerabilities disclosed on various security mailing lists which are not fixed in arch. This will make it much easier for the devs.
This thing has been already discussed multiple times and already a wiki page exists for Arch Security Team but it seems nobody followed up with that.
http://wiki.archlinux.org/index.php/Security_Task_Force

How OSB pass Initial Context parameters to EJB

For security reasons I have to pass a ticket (through initial context) to legacy system from OSB for calling EJB, below is a code
Hashtable env = new Hashtable(2);
env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
env.put(Context.PROVIDER_URL, connectionUrl);
env.put(javax.naming.Context.SECURITY_PRINCIPAL, ticket);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, "");
InitialContext ctx = new InitialContext(env);
Object homeRef = ctx.lookup("com.cih.services.contact.interfaces.IContactServiceRemote");
IContactServiceRemoteHome home = (IContactServiceRemoteHome) javax.rmi.PortableRemoteObject
.narrow(homeRef, IContactServiceRemoteHome.class);
IContactServiceRemote ejb = home.create();
Please let me know how we can pass Initial context parameter from Business service or proxy service to legacy system.
Thanks

Hi Russ
Yes, I've done this too. Basic SQL though will not allow the updating of a table inside a function, so we have to get clever. The trick is to use the PRAGMA AUTONOMOUS TRANSACTION command. Here's an example:
FUNCTION UPDATE_MYTABLE(P_VALUE IN NUMBER)
RETURN VARCHAR2 IS
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
UPDATE SCHEMA_OWNER.MY_TABLE SET MY_VALUE = P_VALUE;
COMMIT;
RETURN('Done');
END UPDATE_TABLE;
When the update has been completed the Discoverer worksheet will respond with 'Done'.
Everyone: don't forget to grant EXECUTE on this function to all of the necessary users, including the EUL owner, and also don't forget to import the function using the Admin edition so that it is available for the users. You will also need to make sure that all necessary users have been granted the UPDATE privilege on the table.
I hope this helps
Regards
Michael

Error getting initial context

Hi,
I've gotten the following exceptions reported to us by our production clients when trying to connect to our Weblogic 4.5.1 server (sp8).
CPClient with url: t3s://www.cpmarket.com:7002 Getting guest initial
context
[Root exception is java.io.IOException: Bootstrap unable to get a t3s
connection to
www.cpmarket.com/159.43.253.15]javax.naming.CommunicationException at
weblogic.jndi.toolkit.ExceptionTranslator.toNamingException(ExceptionTransla
tor.java:32) at
weblogic.jndi.WLInitialContextFactory.toNamingException(WLInitialContextFact
ory.java:513) at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFact
ory.java, Compiled Code) at
weblogic.jndi.Environment.getContext(Environment.java:128) at
weblogic.jndi.Environment.getInitialContext(Environment.java:111) at
com.xxxxxxx.CPClient.getGuestInitialContext(CPClient.jav
a:184) at
com.xxxxxxx.CPClient.<init>(CPClient.java:47)
Does anyone know where this could be coming from?
Thanks,
Gary Mui
[email protected]
[att1.html]

Hi Tim,
If you are running within a browser, you will not have access to anything
outside the sandbox which includes making RMI calls. Try signing the applet.
You can find more information on signing applets on the sun java website.
Regards
Arjuna
"Tim" <[email protected]> wrote in message
news:3c5ab818$[email protected]..
>
I get the following eror when I try to get the Initial Context in anapplet:
>
java.lang.ExceptionInInitializerError: java.security.Acc
ess denied (java.util.PropertyPermission * read,write)
atjava.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:272)
atjava.security.AccessController.checkPermission(AccessController.java:
399)
Does anyone have any idea what would cause this? The code works finerunning
from an application. From what I understand there might be a problem withmy
policy file. However, it seems to look ok. Any ideas?

Initial Context prbm

hi everybody,
i am new to this forum. any body help me to solve the problem
i am trying to communicate statelessbean with console client thro' weblogic 8.1 server. but i got an error during initial context object creation time. that error is
Exception in thread "main" java.lang.NoClassDefFoundError: javax/security/auth/callback/CallbackHandler
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:131)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at com.anand.StateLess.HelloTestClient.getContextInfo(HelloTestClient.java:61)
at com.anand.StateLess.HelloTestClient.main(HelloTestClient.java:104)
kindly give me a solution
thanx in advance
bye
regards
muruganandam

This is what I get when I started the agents, I am using weblogic8.1 . Are we missing any other jars in the classpath.
Exception in thread "main" java.lang.NoClassDefFoundError: javax/security/auth/callback/CallbackHandler
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:131)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:665)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
at javax.naming.InitialContext.init(InitialContext.java:222)
at javax.naming.InitialContext.<init>(InitialContext.java:198)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:83)
at com.yantra.interop.util.YIFMessageBrowser.getInitialDirContext(YIFMessageBrowser.java:212)
at com.yantra.interop.util.YIFMessageBrowser.init(YIFMessageBrowser.java:156)
at com.yantra.interop.util.YIFMessageBrowser.<init>(YIFMessageBrowser.java:85)
at com.yantra.ycp.agent.server.YCPAgentTrigger.queueHasMessages(YCPAgentTrigger.java:101)
at com.yantra.ycp.agent.server.YCPAgentTrigger.hasTrigger(YCPAgentTrigger.java:113)
at com.yantra.ycp.agent.server.YCPAgentTrigger.sendMessage(YCPAgentTrigger.java:74)
at com.yantra.ycp.agent.server.YCPAgentTrigger.main(YCPAgentTrigger.java:53)

Initial Context Security Issue

Similar Messages

Maybe you are looking for