Invalid Flag

When I try to compile my Java programs, I get an error saying that the file path where my program is saved is an "invalid flag." I tried saving the programs in different files, but nothing worked. I don't understand what an invalid flag is or obviously how to fix the problem. Please help!

Invalid Flag means something in the command you typed was interpreted by the compiler as an option that doesn't exist. For example,
javac -cp c:\java Test.java
generates an invalid flag because -cp is not a valid option for SDK 1.3. If you still have trouble, post the exact command you are entering, the exact file you are trying to compile, and the exact error message. Some one can probably tell you what's wrong.

Similar Messages

Invalid flag error

i'm trying to use JFreechart for my application.i tried installing it and tried setting classpath using the command
prompt and it shows the following errors
C:\Documents and Settings\Administrator>javac -classpath C:\Documents and Settin
gs\Administrator\jfreechart-1.0.13\lib\jfreechart-1.0.13.jar;C:\Documents and Se
ttings\Administrator\jfreechart-1.0.13\lib\jcommon-1.0.16.jar polardemo.java
javac: invalid flag: Settings\Administrator\jfreechart-1.0.13\lib\jfreechart-1.0
.13.jar;C:\Documents
Usage: javac <options> <source files>
use -help for a list of possible options
where am i going wrong.i need my compiler to recognise the jfree class libraries.

You're missing double quotes in your classpath value; if you don't use any, then the compiler will see these as multiple command arguments.
Vincent

Javac: invalid flag: C:\XML\web.xml

Hi,
I created a file web.xml in JCreator. When I tried to compile the file, it showed:
javac: invalid flag: C:\XML\web.xml.
Does any know how to solve the problem?
Thanks in advance.
Dan

The following is the full message showed after the compiling. It also happened to *.jsp files.
--------------------Configuration: <Default>--------------------
javac: invalid flag: C:\XML\web.xml
Usage: javac <options> <source files>
where possible options include:
-g Generate all debugging info
-g:none Generate no debugging info
-g:{lines,vars,source} Generate only some debugging info
-nowarn Generate no warnings
-verbose Output messages about what the compiler is doing
-deprecation Output source locations where deprecated APIs are used
-classpath <path> Specify where to find user class files
-cp <path> Specify where to find user class files
-sourcepath <path> Specify where to find input source files
-bootclasspath <path> Override location of bootstrap class files
-extdirs <dirs> Override location of installed extensions
-endorseddirs <dirs> Override location of endorsed standards path
-d <directory> Specify where to place generated class files
-encoding <encoding> Specify character encoding used by source files
-source <release> Provide source compatibility with specified release
-target <release> Generate class files for specific VM version
-version Version information
-help Print a synopsis of standard options
-X Print a synopsis of nonstandard options
-J<flag> Pass <flag> directly to the runtime system
Process completed.

Trying to compile tutorial gives invalid flag error

C:\java\kodo-jdo-3.0.0b1\tutorial>javac -classpath ../lib/*.jar *.java
javac: invalid flag: ../lib/jakarta-commons-lang-1.0.1.jar
This in a windows cmd.exe prompt.
Am I the first one ever to do this? Any suggestions?
Karl.

Ok, thanks. Silly error.
I got the same for 2.5.2 and 3.0 so I just posted in developer.
Stephen Kim wrote:
Classpaths have to be full an explicit: e.g. javac -classpath
c:javakodolibkodo-jdo.jar;c:javakodolibjdo1_0.jar
and so forth.
A good way to properly set up your environment is to use one of our GA
level distributions (2.5.2 being the latest) and modifying jdocmd.bat or
jdocommand.bat to 3.0's library dependencies.
Also, until Kodo 3 goes into GA, the proper forum is solarmetric.kodo.beta
as Kodo 3 is at a different tier of support for now.
On Mon, 11 Aug 2003 22:26:55 +0000, Karl Nicholas wrote:>>
C:javakodo-jdo-3.0.0b1tutorial>javac -classpath ../lib/*.jar *.java
javac: invalid flag: ../lib/jakarta-commons-lang-1.0.1.jar
This in a windows cmd.exe prompt.
Am I the first one ever to do this? Any suggestions?
Karl.
Steve Kim
[email protected]
SolarMetric Inc.
http://www.solarmetric.com

RUL-01014 (Root Cause: javac: invalid flag)

Hello,
I am trying to create XML fact but I am getting the error bellow. Can someone help?
Cannot perform operation. 'RUL-01014: Unable to add XML schema path D:\My Documents\download\Application1\Project1\event.xsd into data model. Please see the base exception for resolution. Root Cause: javac: invalid flag: Documents\download\Application1\Project1
j
ava.lang.Exception: javac: invalid flag: Documents\download\Application1\Project1 at oracle.rules.sdk.datamodel.impl.DataModelUtil.compileJavaFile(DataModelUtil.java:497) at oracle.rules.sdk.datamodel.DataModelManager.addXMLSchemaPath(DataModelManager.java:984) at oracle.rules.sdk.mapper.RuleObjectHelper.addSchemapath(RuleObjectHelper.java:2759) at oracle.rules.ra.uix.mvc.SchemaSelectorEH.addSchema(SchemaSelectorEH.java:138) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at oracle.rules.ra.uix.mvc.BeanEH.genericHandleEvent(BeanEH.java:869) at oracle.rules.ra.uix.mvc.BeanEH.handleEvent(BeanEH.java:838) at oracle.cabo.servlet.event.TableEventHandler.handleEvent(Unknown Source) at oracle.cabo.servlet.event.TableEventHandler.handleEvent(Unknown Source) at oracle.cabo.servlet.event.BasePageFlowEngine.handleRequest(Unknown Source) at oracle.cabo.servlet.AbstractPageBroker.handleRequest(Unknown Source) at oracle.cabo.servlet.ui.BaseUIPageBroker.handleRequest(Unknown Source) at oracle.cabo.servlet.PageBrokerHandler.handleRequest(Unknown Source) at oracle.cabo.servlet.UIXServlet.doGet(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:743) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64) at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:436) at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621) at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:368) at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:866) at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:448) at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:216) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117) at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110) at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260) at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239) at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34) at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880) at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303) at java.lang.Thread.run(Thread.java:595)

Hi Everyone,
I am also facing same problem. My error is as fallows
Cannot perform operation. 'RUL-01014: Unable to add XML schema path E:\Jdeveloper\Conditional_BPELProcess.xsd into data model. Root Cause: collision in class name mapping at node "{0}". '
java.lang.Exception: collision in class name mapping at node "{0}". at oracle.xml.jaxb.JaxbSchemaCompiler.putBindingSchema
Please help me.
Thanks in Advance.
Regards

"javadoc: invalid flag: -d" when using "-doclet"

When i change the options of javadoc to use a custom doclet (by adding -doclet and -docletpath) javadoc just throws an error saying:
javadoc: invalid flag: -d
Is this a known bug?

Hi there, I have the same problem now.
My doclet works fine when calling without ant.
(Of course with -d parameter.)
Also I tried to address the original sun doclet
in an <javadoc ...
<doclet>
statement, and also with this doclet got the error
"javadoc: invalid flag: -d". So I am sure it is a bug
in the combination of ant and javadoc.
I tried "ant -v mydoclet", but saw nothing wrong (despite the
error message and break of javadoc):
[mkdir] Created dir: Z:\pegcore\docu\library
[javadoc] Generating Javadoc
[javadoc] Executing 'C:\j2sdk1.4.2\bin\javadoc.exe' with arguments:
[javadoc] '-d'
[javadoc] 'Z:\pegcore\docu\library'
[javadoc] '-verbose'
[javadoc] '-J-Xmx512m'
[javadoc] '-classpath'
[javadoc] 'Z:\pegasus07\jar\comm.jar;Z:\pegasus07\jar\mail.jar;Z:\pegasus07\jar\OB.jar
[.........];Z:\pegasus07\jar\com.jar'
[javadoc] '-sourcepath'
[javadoc] 'Z:\pegcore'
[javadoc] '-doclet'
[javadoc] 'DocuLibraryDoclet'
[javadoc] '-docletpath'
[javadoc] 'Z:\pegcore\tools\docuBuilder\Doclet'
[javadoc] 'pegasus'
[javadoc] 'pegasus.common'
[javadoc] 'pegasus.common.getOpt'
[javadoc] 'pegasus.common.xml'
[javadoc] 'pegasus.common.pegasusExceptions'
[javadoc] 'pegasus.common.pegasusMail'
[javadoc] 'pegasus.common.action'
[javadoc] 'pegasus.common.stateEvent'
[javadoc] 'pegasus.protocols.sip.jain.protocol.ip.sip.header'
[javadoc] 'pegasus.protocols.sip.jain.protocol.ip.sip.message'
[javadoc]
[javadoc] The ' characters around the executable and arguments are
[javadoc] not part of the command.
[javadoc] Javadoc execution
[javadoc] javadoc: invalid flag: -d
[javadoc] usage: javadoc [options] [packagenames] [sourcefiles] [............]
Are there any new findings, what can help?
Best regards,
Thomas

BUG: "Error: javac: invalid flag: path/file.sqlj"

I sometimes get this type of error when I make a file or a project in JDev 10g EA1, when all of the following conditions apply:
- I use make (using rebuild it never happens)
- I use javac (using ojc it never happens)
- I make a file/projects that somehow depends on a SQLJ file (with java-only scope it never happens)
- I use either JDK1.4.2_02 or JDK1.5.0_05
- My JDev, the JDKs, and my project data are all on paths without any spaces.
- Project size is ~1000 source files, source root path length is 25 chars.
Perhaps JDev tries to send SQLJ files by mistake to javac for compilation?
Regards,
Yaniv

I've tried to prepare a test case, but before I barely started I narrowed it down to the simplest possible case:
1) Create a new empty project
2) Set the project to use jdk1.5.0_05
3) Set compiler options to use javac
4) Create a new class, use defaults
5) File/Rename Class1.java to Class1.sqlj
6) Right-click the file and choose Make
This reproduces everytime I modify the file and make it or the project.
Could not reproduce it using ojc, or using 142_02 (with javac or ojc).
I believe this bug can be traced to either command-line formatting by JDev or jdk1.5.0_05's low-tolerance for passing non-java files to javac.

"Error: javac: invalid flag: Program" in 10.3.1

Howdy All,
A very strange error is suddenly occuring when I try to build my Swing project. I think I am missing some quotes somewhere and the compiler is choking on the 'Program' bit when it should be 'Program Files/....', but I am clueless as to where this error is happenning.
Does anyone know where I can start to pinpoint the problem? The message below is from JDeveloper.
Cheers.
Compiling
C:\j2sdk1.4.2_06\bin\javac.exe -verbose -deprecation -source 1.4 -target 1.4 -encoding Cp1252 -g -classpath "C:\j2sdk1.4.2_06\jre\lib\rt.jar;C:\j2sdk1.4.2_06\jre\lib\i18n.jar;C:\j2sdk1.4.2_06\jre\lib\sunrsasign.jar;C:\j2sdk1.4.2_06\jre\lib\jsse.jar;C:\j2sdk1.4.2_06\jre\lib\jce.jar;C:\j2sdk1.4.2_06\jre\lib\charsets.jar;C:\j2sdk1.4.2_06\jre\classes;C:\Program Files\jdeveloper10.3\jdev\mywork\EndoSwing\classes;C:\Program Files\jdeveloper10.3\j2ee\home\lib\ojsp.jar;C:\Program Files\jdeveloper10.3\j2ee\home\jsp\lib\taglib\ojsputil.jar;C:\Program Files\jdeveloper10.3\j2ee\home\oc4j.jar;C:\Program Files\jdeveloper10.3\j2ee\home\lib\oc4j-internal.jar;C:\Program Files\jdeveloper10.3\j2ee\home\lib\servlet.jar;C:\Program Files\jdeveloper10.3\jdev\lib\ojc.jar;C:\Program Files\jdeveloper10.3\jsf-ri\jsf-api.jar;C:\Program Files\jdeveloper10.3\jsf-ri\jsf-impl.jar;C:\Program Files\jdeveloper10.3\jakarta-taglibs\commons-beanutils-1.6.1\commons-beanutils.jar;C:\Program Files\jdeveloper10.3\jakarta-taglibs\commons-digester-1.5\commons-digester.jar;C:\Program Files\jdeveloper10.3\jakarta-taglibs\commons-logging-1.0.3\commons-logging-api.jar;C:\Program Files\jdeveloper10.3\jakarta-taglibs\commons-logging-1.0.3\commons-logging.jar;C:\Program Files\jdeveloper10.3\jakarta-taglibs\commons-collections-2.1\commons-collections.jar;C:\Program Files\jdeveloper10.3\jakarta-taglibs\jstl-1.1\lib\jstl.jar;C:\Program Files\jdeveloper10.3\jakarta-taglibs\jstl-1.1\lib\standard.jar;C:\Program Files\jdeveloper10.3\jlib\adf-faces-impl-ea16.jar;C:\Program Files\jdeveloper10.3\jlib\adf-faces-api-ea16.jar;C:\Program Files\jdeveloper10.3\jlib\share.jar;C:\Program Files\jdeveloper10.3\jlib\jewt4.jar;C:\Program Files\jdeveloper10.3\jlib\inspect4.jar;C:\Program Files\jdeveloper10.3\jlib\help4.jar;C:\Program Files\jdeveloper10.3\jdev\lib\jdev-rt.jar" -sourcepath "C:\Program Files\jdeveloper10.3\jdev\mywork\EndoSwing\src" -d "C:\Program Files\jdeveloper10.3\jdev\mywork\EndoSwing\classes" @C:\DOCUME~1\elam\LOCALS~1\Temp\javac1056.tmp

Elam,
it looks about right except for the list of source files to be compiled where it shows a file name which doesn't make any sense at all:
@C:\DOCUME~1\elam\LOCALS~1\Temp\javac1056.tmp
Can you please check if this is a real file which happens to be part of your project?
Another thing to try:
+ compile a single file of your project; does this work?
or
+ use Run|Clean <project name> and then recompile project
Georg
JDev Team

Bug with -J flag in new javadoc again?

Hi,
I want to run javadoc from within another java application with the following:
String[] javadocargs= {"-J-version"};
com.sun.tools.javadoc.Main.execute(javadocargs);
Actually I am trying a bit more compilcated, but the error is the same. Whenn running this I get:
javadoc: invalid flag: -J-version
I read that there was a bug in 1.2 versions of the sdk that is fixed now. See http://developer.java.sun.com/developer/bugParade/bugs/4079009.html. But I am using the sdk 1.4.2 and the javadoc from that version. What is the problem here? Oh, and this only happens from within a program. When running javadoc on the console it works just fine.
Can anyone help me?

Hi,
You have to remember that:
javadoc -J-version
is equivalent to:
java -classpath tools.jar -version com.sun.tools.javadoc.Main
Given that information, I don't think that you can use -J<flag> from within a program. The code to process the -J<flag> is bypassed when you execute javadoc from within a program. All other javadoc options should work using Main.execute(). If you really need to access the version of Java you are using, you should use:
System.getProperty("java.version")
-Jamie

Not Able to run Report 10g through Web Layout Option

I have installed Oracle Developer 10g on my Laptop, I am able to run form, Report(In paper layout) successfully but when I try to run Report in Web Layout Mode, I am getting following error, Is there any setting is missing, could you provide some hint that would help me in resolving my issue.
Thanks
Kamlesh
500 Internal Server Error
OracleJSP: oracle.jsp.provider.JspCompileException:
Errors compiling:C:\Documents and Settings\kamlesh\Local Settings\Temp\docroot\3000\default\defaultWebApp\persistence\_pages\\_MODULE1001201432.java
javac: invalid flag: Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip;;C:\Dev10g\j2ee\home\lib/ejb.jar;C:\Dev10g\j2ee\home\lib/servlet.jar;C:\Dev10g\j2ee\home\lib/ojsp.jar;C:\Dev10g\j2ee\home\lib/jndi.jar;C:\Dev10g\j2ee\home\lib/jdbc.jar;C:\Dev10g\j2ee\home\iiop.jar;C:\Dev10g\j2ee\home\iiop_gen_bin.jar;C:\Dev10g\j2ee\home\lib/jms.jar;C:\Dev10g\j2ee\home\lib/jta.jar;C:\Dev10g\j2ee\home\lib/jmxri.jar;C:\Dev10g\j2ee\home\lib/javax77.jar;C:\Dev10g\j2ee\home\lib/javax88.jar;C:\Dev10g\j2ee\home\../../opmn/lib/ons.jar;C:\Dev10g\j2ee\home\../../opmn/lib/optic.jar;C:\Dev10g\j2ee\home\../../lib/dms.jar;C:\Dev10g\j2ee\home\../../dms/lib/dms.jar;C:\Dev10g\j2ee\home\../../diagnostics/lib/ojdl.jar;C:\Dev10g\j2ee\home\../../dms/diagnostics/lib/ojdl.jar;C:\Dev10g\j2ee\home\lib/connector.jar;C:\Dev10g\j2ee\home\lib/bcel.jar;C:\Dev10g\j2ee\home\lib/cos.jar;C:\Dev10g\j2ee\home\lib/jsse.jar;C:\Dev10g\j2ee\home\../../oracle/lib/jsse.jar;C:\Dev10g\j2ee\home\lib/jnet.jar;C:\Dev10g\j2ee\home\lib/jcert.jar;C:\Dev10g\j2ee\home\lib/activation.jar;C:\Dev10g\j2ee\home\lib/mail.jar;C:\Dev10g\j2ee\home\../../javavm/lib/jasper.zip;C:\Dev10g\j2ee\home\../../lib/xmlparserv2.jar;C:\Dev10g\j2ee\home\../../oracle/lib/xmlparserv2.jar;C:\Dev10g\j2ee\home\../../jlib/orai18n.jar;C:\Dev10g\j2ee\home\../../oracle/jlib/orai18n.jar;C:\Dev10g\j2ee\home\lib/jaxp.jar;C:\Dev10g\j2ee\home\lib/jaas.jar;C:\Dev10g\j2ee\home\jazn.jar;C:\Dev10g\j2ee\home\../../jdbc/lib/classes12dms.jar;C:\Dev10g\j2ee\home\../../oracle/jdbc/lib/classes12dms.jar;C:\Dev10g\j2ee\home\../../jdbc/lib/nls_charset12.jar;C:\Dev10g\j2ee\home\../../oracle/jdbc/lib/nls_charset12.jar;C:\Dev10g\j2ee\home\jaxb-rt-1.0-ea.jar;C:\Dev10g\j2ee\home\../../soap/lib/soap.jar;C:\Dev10g\j2ee\home\../../webservices/lib/wsserver.jar;C:\Dev10g\j2ee\home\../../webservices/lib/wsdl.jar;C:\Dev10g\j2ee\home\../../rdbms/jlib/aqapi.jar;C:\Dev10g\j2ee\home\lib/jem.jar;C:\Dev10g\j2ee\home\../../javacache/lib/cache.jar;C:\Dev10g\j2ee\home\lib/http_client.jar;C:\Dev10g\j2ee\home\../../jlib/jssl-1_1.jar;C:\Dev10g\j2ee\home\../../oracle/jlib/jssl-1_1.jar;C:\Dev10g\j2ee\home\../../jlib/repository.jar;C:\Dev10g\j2ee\home\../../oracle/jlib/repository.jar;C:\Dev10g\j2ee\home\lib/jaasmodules.jar;C:\Dev10g\j2ee\home\../../sqlj/lib/runtime12ee.jar;C:\Dev10g\j2ee\home\../../sqlj/lib/translator.jar;C:\Dev10g\j2ee\home\lib/crimson.jar;C:\Dev10g\j2ee\home\../../jlib/ojpcs.jar;C:\Dev10g\j2ee\home\../../oracle/jlib/ojpcs.jar;C:\Dev10g\j2ee\home\../../jlib/ojpcp.jar;C:\Dev10g\j2ee\home\../../oracle/jlib/ojpcp.jar;C:\Dev10g\j2ee\home\../../jlib/ojpse.jar;C:\Dev10g\j2ee\home\../../oracle/jlib/ojpse.jar;C:\Dev10g\j2ee\home\../../jlib/ojpsmime.jar;C:\Dev10g\j2ee\home\../../oracle/jlib/ojpsmime.jar;C:\Dev10g\j2ee\home\../../jlib/ojpcms.jar;C:\Dev10g\j2ee\home\../../oracle/jlib/ojpcms.jar;;;C:\Documents and Settings\kamlesh\Local Settings\Temp\docroot\WEB-INF\lib\reports_tld.jar;C:\Documents and Settings\kamlesh\Local Settings\Temp\docroot\WEB-INF\classes;C:\Documents and Settings\kamlesh\Local Settings\Temp\docroot\WEB-INF\lib\reports_tld.jar;.
Usage: javac
where possible options include:
-g Generate all debugging info
-g:none Generate no debugging info
-g:{lines,vars,source} Generate only some debugging info
-nowarn Generate no warnings
-verbose Output messages about what the compiler is doing
-deprecation Output source locations where deprecated APIs are used
-classpath Specify where to find user class files
-sourcepath Specify where to find input source files
-bootclasspath Override location of bootstrap class files
-extdirs Override location of installed extensions
-d Specify where to place generated class files
-encoding Specify character encoding used by source files
-source Provide source compatibility with specified release
-target Generate class files for specific VM version
-help Print a synopsis of standard options

Hello,
The problem seems to be a space in the Classpath :
javac: invalid flag: Files\Java\j2re1.4.2_01
Files\Java\j2re1.4.2_01 seems to be the end of c:\Program Files\Java\j2re1.4.2_01 ..
Check REPORTS_CLASSPATH
regards

Idsyncwin does not invalidate old passwords

I am using Identity Synchronization for Windows (part of DSEE 11g) to replicate MSAD accounts into an organization maintained in DSEE, one-way. This works acceptably, except for one nit, which may be a problem to complete the POC demonstration: a change of user password in MSAD does not propagate into DSEE reliably.
To be more specific, when the password is changed in Active Directory, ISW does detect the change and sets dspswvalidate:true as is expected. If the DSEE user logs in with the new MSAD password, this password is validated against MSAD, succeeds, and is saved into DSEE. Likewise, login with a random password fails as expected.
However, if the user logs in with his old DSEE password, the validation against MSAD is logged as successful (which is apparently wrong), but the old DSEE password remains in place. The dspswvalidate flag is cleared and the user no longer has a chance to log in with a Windows password - the old DSEE password remains in place.
I see that when provisioning new users, ISW can place an invalid string into userpassword attribute... can it do the same when it detects changes in the upstream MSAD data, so the user has no possibility to log in with an obsolete password?
Since the ISW is a bit of esoteric and old product with little change from DS5.x times (though works fine with current DSEE and MSAD), possibly a solution would be to make some plugin for DSEE that would detect changes to the dspswvalidate flag and invalidate a password?.. Any ideas how to do this, if all else fails?
Thanks in advance,
//Jim Klimov

So... status update: the problem has been traced to MSAD - the domain controllers trust both the user's new password and the previous password for 5 minutes, which leads to DSEE testing the old passwords if the clients request it to (i.e. regular mail checks), trusting them and saving them for posterity (and removing the flag to verify passwords via MSAD).
The Windows team was not able to remove this behaviour from domain controllers. It is also probably infeasible to change their password-changing procedure to change it twice (so as to forget the previous password completely), or to instantly (programmatically?) log in to DSEE via convergence or ldapsearch or whatever with the new password, or to manually change the email password as well - especially when end-users can change their domain passwords too.
So the problem remains: old passwords are verifiable via MSAD and thus trusted by DSEE, so for example regular messaging tasks running on behalf of users might practically prevent propagation of updated passwords from MSAD domain into DSEE/CommSuite.
One solution that I see is to have DSEE (maybe via its ISW plugin) not remove the dspswvalidate flag for a configurable timeout after it first detected the password-change event on another directory source. This way for some 10 minutes (for example) after the MSAD-initiated password invalidation, DSEE would re-validate against the domain, ultimately making sure that the saved-to-trust password is the new one.
Another idea is to test the user-provided cleartext password against (a copy of) the old DSEE userPassword hashed value, and not save the password if it is positive against both the MSAD domain and old DSEE password.
Both of those ideas rely on changes to the ISW plugin which we can not do to the closed-source program.
A bolt-on solution might be to make a script that runs every minute from crontab, detects new DSEE invalidations and saves a timestamp. Then for those example 10 minutes it would restore the requirement to validate against MSAD, if it detects the invalidation flag cleared during this time. I can foresee how this would NOT work and increase helpdesk calls, with lags upon logins after the password change, on-and-off trust of DSEE to one or another password, and mostly with automated email tasks firing within that minute between script runs so that the password change event, setting of the flag, validation of old password and clearing of the flag all happen before the bolt-on script would detect that anything happened.
MAYBE though, it can parse cn=changelog for a verifiable history of events to detect appearances of the validation flag - even if it has been cleared by the time the script runs...
Still, the bolt-on sounds like an unreliable solution, though doable.
Are there any other ideas or practical advices, remaining withing the constraints of MSAD + DSEE + IdSyncWin? (Implementation of IAMS in particular, to unify this and other identity management is considered, but as a separate project and purchase - so some solution is needed for what they have today)
Thanks,
//Jim Klimov

Security realm - Security:097533 - Developing own authentication provider

hi everyone,
i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server encountered the below Exeption:
<10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
Truncated. see log file for complete stacktrace
this is the config.xml :
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>base_domain</name>
<domain-version>12.1.1.0</domain-version>
<security-configuration>
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
<sec:name>AS400Realm</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:user-lockout-manager>
<sec:lockout-enabled>false</sec:lockout-enabled>
</sec:user-lockout-manager>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:security-dd-model>DDOnly</sec:security-dd-model>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
<cross-domain-security-enabled>true</cross-domain-security-enabled>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>localhost</listen-address>
<staging-mode>nostage</staging-mode>
</server>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.1.0</configuration-version>
this is the mbean xml (A400Realmmbean.xml):
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
Package = "co.com.claro.security"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
Writeable = "false"
Default =
""co.com.claro.AS400Realm""
/>
<MBeanAttribute Name = "Description" Type = "java.lang.String"
Writeable = "false" Default = ""My Identity Assertion Provider""
/>
<MBeanAttribute Name = "Version" Type = "java.lang.String"
Writeable = "false" Default = ""1.0""
/>
</MBeanType>
and the runtime class:
AS400Realm.java:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public final class AS400Realm implements AuthenticationProviderV2
private String description;
// private SimpleSampleAuthenticatorDatabase database;
private LoginModuleControlFlag controlFlag;
// public String PARAM_JAAS_CONTEXT = "jaas-context";
// public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
// public String DEFAULT_GROUP_NAME = "default";
public void initialize(ProviderMBean mbean, SecurityServices services)
System.out.println("AS400Realm.initialize");
AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
// database = new SimpleSampleAuthenticatorDatabase(myMBean);
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("invalid flag value" + flag);
public String getDescription()
return description;
public void shutdown()
System.out.println("AS400Realm.shutdown");
private AppConfigurationEntry getConfiguration(HashMap options)
options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
return new
AppConfigurationEntry(
"co.com.claro.security.AS400LoginModule",
controlFlag,
options
public AppConfigurationEntry getLoginModuleConfiguration()
HashMap options = new HashMap();
return getConfiguration(options);
public AppConfigurationEntry getAssertionModuleConfiguration()
HashMap options = new HashMap();
options.put("IdentityAssertion","true");
return getConfiguration(options);
public PrincipalValidator getPrincipalValidator()
return new PrincipalValidatorImpl();
public IdentityAsserterV2 getIdentityAsserter()
return null;
AS400LoginModule.java :
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import com.ibm.as400.access.AS400;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* @author dmunoz
final public class AS400LoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
private String DEFAULT_GROUP_NAME = "default";
// Determine whether this is a login or assert identity
private boolean isIdentityAssertion;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsForSubject = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// only called (once!) after the constructor and before login
System.out.println("SimpleSampleLoginModuleImpl.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
// Check for Identity Assertion option
isIdentityAssertion =
"true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
private boolean authenticateAS400(String user, String passwd) throws Exception {
String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
AS400 as400System;
as400System = new AS400(host, user, passwd);
return as400System.validateSignon();
public boolean login() throws LoginException {
// only called (once!) after initialize
System.out.println("SimpleSampleLoginModuleImpl.login");
// loginSucceeded should be false
// principalsInSubject should be false
Callback[] callbacks = getCallbacks();
String userName = getUserName(callbacks);
if (userName.length() > 0) {
if (!isIdentityAssertion) {
String passwordHave = getPasswordHave(userName, callbacks);
try{
loginSucceeded = authenticateAS400(userName, passwordHave);
}catch(Exception e){
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
throw new LoginException(e.getMessage());
} else {
// anonymous login - let it through?
System.out.println("\tempty userName");
if (loginSucceeded) {
principalsForSubject.add(new WLSUserImpl(userName));
addGroupsForSubject(userName);
return loginSucceeded;
public boolean commit() throws LoginException {
// only called (once!) after login
// loginSucceeded should be true or false
// principalsInSubject should be false
// user should be null if !loginSucceeded, null or not-null otherwise
// group should be null if user == null, null or not-null otherwise
System.out.println("SimpleSampleLoginModule.commit");
if (loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
// The abort method is called to abort the authentication process. This is
// phase 2 of authentication when phase 1 fails. It is called if the
// LoginContext's overall authentication failed.
// loginSucceeded should be true or false
// user should be null if !loginSucceeded, otherwise null or not-null
// group should be null if user == null, otherwise null or not-null
// principalsInSubject should be false if user is null, otherwise true
// or false
System.out.println("SimpleSampleLoginModule.abort");
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsForSubject);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
// should never be called
System.out.println("SimpleSampleLoginModule.logout");
return true;
private void throwLoginException(String msg) throws LoginException {
System.out.println("Throwing LoginException(" + msg + ")");
throw new LoginException(msg);
private void throwFailedLoginException(String msg) throws FailedLoginException {
System.out.println("Throwing FailedLoginException(" + msg + ")");
throw new FailedLoginException(msg);
private Callback[] getCallbacks() throws LoginException {
if (callbackHandler == null) {
throwLoginException("No CallbackHandler Specified");
Callback[] callbacks;
if (isIdentityAssertion) {
callbacks = new Callback[1];
} else {
callbacks = new Callback[2];
callbacks[1] = new PasswordCallback("password: ", false);
callbacks[0] = new NameCallback("username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throwLoginException(e.toString() + " " + e.getCallback().toString());
return callbacks;
private String getUserName(Callback[] callbacks) throws LoginException {
String userName = ((NameCallback) callbacks[0]).getName();
if (userName == null) {
throwLoginException("Username not supplied.");
System.out.println("\tuserName\t= " + userName);
return userName;
private void addGroupsForSubject(String userName) {
try {
for (Enumeration e = getGroupNamesAS400(userName);
e.hasMoreElements();) {
String groupName = (String) e.nextElement();
System.out.println("\tgroupName\t= " + groupName);
principalsForSubject.add(new WLSGroupImpl(groupName));
} catch (Exception ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
public Enumeration getGroupNamesAS400(String usuario)
throws Exception {
if(usuario == null) {
throw new Exception("Usuario no puede ser vacio");
Vector<String> grupos = new Vector<String>();
grupos.add(DEFAULT_GROUP_NAME);
Connection conn = null;
ResultSet rs = null;
PreparedStatement statement = null;
try {
Context c = new InitialContext();
DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
conn = dst.getConnection();
String query = "SELECT COD_ROL AS ROL " +
"FROM gestionnew.us_rol_perfil " +
"JOIN gestionnew.usuarios " +
"ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
"WHERE upper(usuarios.usuariorr) = ?";
statement = conn.prepareStatement(query);
statement.setString(1, usuario.toUpperCase());
rs = statement.executeQuery();
while (rs.next()) {
grupos.add(rs.getString("ROL"));
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
return grupos.elements();
private String getPasswordHave(String userName, Callback[] callbacks) throws
LoginException {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
char[] password = passwordCallback.getPassword();
passwordCallback.clearPassword();
if (password == null || password.length < 1) {
throwLoginException("Authentication Failed: User " + userName +
". Password not supplied");
String passwd = new String(password);
System.out.println("\tpasswordHave\t= " + passwd);
return passwd;
thanks

hi everyone,
i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server encountered the below Exeption:
<10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
Truncated. see log file for complete stacktrace
this is the config.xml :
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>base_domain</name>
<domain-version>12.1.1.0</domain-version>
<security-configuration>
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
<sec:name>AS400Realm</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:user-lockout-manager>
<sec:lockout-enabled>false</sec:lockout-enabled>
</sec:user-lockout-manager>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:security-dd-model>DDOnly</sec:security-dd-model>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
<cross-domain-security-enabled>true</cross-domain-security-enabled>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>localhost</listen-address>
<staging-mode>nostage</staging-mode>
</server>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.1.0</configuration-version>
this is the mbean xml (A400Realmmbean.xml):
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
Package = "co.com.claro.security"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
Writeable = "false"
Default =
""co.com.claro.AS400Realm""
/>
<MBeanAttribute Name = "Description" Type = "java.lang.String"
Writeable = "false" Default = ""My Identity Assertion Provider""
/>
<MBeanAttribute Name = "Version" Type = "java.lang.String"
Writeable = "false" Default = ""1.0""
/>
</MBeanType>
and the runtime class:
AS400Realm.java:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public final class AS400Realm implements AuthenticationProviderV2
private String description;
// private SimpleSampleAuthenticatorDatabase database;
private LoginModuleControlFlag controlFlag;
// public String PARAM_JAAS_CONTEXT = "jaas-context";
// public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
// public String DEFAULT_GROUP_NAME = "default";
public void initialize(ProviderMBean mbean, SecurityServices services)
System.out.println("AS400Realm.initialize");
AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
// database = new SimpleSampleAuthenticatorDatabase(myMBean);
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("invalid flag value" + flag);
public String getDescription()
return description;
public void shutdown()
System.out.println("AS400Realm.shutdown");
private AppConfigurationEntry getConfiguration(HashMap options)
options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
return new
AppConfigurationEntry(
"co.com.claro.security.AS400LoginModule",
controlFlag,
options
public AppConfigurationEntry getLoginModuleConfiguration()
HashMap options = new HashMap();
return getConfiguration(options);
public AppConfigurationEntry getAssertionModuleConfiguration()
HashMap options = new HashMap();
options.put("IdentityAssertion","true");
return getConfiguration(options);
public PrincipalValidator getPrincipalValidator()
return new PrincipalValidatorImpl();
public IdentityAsserterV2 getIdentityAsserter()
return null;
AS400LoginModule.java :
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import com.ibm.as400.access.AS400;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* @author dmunoz
final public class AS400LoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
private String DEFAULT_GROUP_NAME = "default";
// Determine whether this is a login or assert identity
private boolean isIdentityAssertion;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsForSubject = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// only called (once!) after the constructor and before login
System.out.println("SimpleSampleLoginModuleImpl.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
// Check for Identity Assertion option
isIdentityAssertion =
"true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
private boolean authenticateAS400(String user, String passwd) throws Exception {
String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
AS400 as400System;
as400System = new AS400(host, user, passwd);
return as400System.validateSignon();
public boolean login() throws LoginException {
// only called (once!) after initialize
System.out.println("SimpleSampleLoginModuleImpl.login");
// loginSucceeded should be false
// principalsInSubject should be false
Callback[] callbacks = getCallbacks();
String userName = getUserName(callbacks);
if (userName.length() > 0) {
if (!isIdentityAssertion) {
String passwordHave = getPasswordHave(userName, callbacks);
try{
loginSucceeded = authenticateAS400(userName, passwordHave);
}catch(Exception e){
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
throw new LoginException(e.getMessage());
} else {
// anonymous login - let it through?
System.out.println("\tempty userName");
if (loginSucceeded) {
principalsForSubject.add(new WLSUserImpl(userName));
addGroupsForSubject(userName);
return loginSucceeded;
public boolean commit() throws LoginException {
// only called (once!) after login
// loginSucceeded should be true or false
// principalsInSubject should be false
// user should be null if !loginSucceeded, null or not-null otherwise
// group should be null if user == null, null or not-null otherwise
System.out.println("SimpleSampleLoginModule.commit");
if (loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
// The abort method is called to abort the authentication process. This is
// phase 2 of authentication when phase 1 fails. It is called if the
// LoginContext's overall authentication failed.
// loginSucceeded should be true or false
// user should be null if !loginSucceeded, otherwise null or not-null
// group should be null if user == null, otherwise null or not-null
// principalsInSubject should be false if user is null, otherwise true
// or false
System.out.println("SimpleSampleLoginModule.abort");
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsForSubject);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
// should never be called
System.out.println("SimpleSampleLoginModule.logout");
return true;
private void throwLoginException(String msg) throws LoginException {
System.out.println("Throwing LoginException(" + msg + ")");
throw new LoginException(msg);
private void throwFailedLoginException(String msg) throws FailedLoginException {
System.out.println("Throwing FailedLoginException(" + msg + ")");
throw new FailedLoginException(msg);
private Callback[] getCallbacks() throws LoginException {
if (callbackHandler == null) {
throwLoginException("No CallbackHandler Specified");
Callback[] callbacks;
if (isIdentityAssertion) {
callbacks = new Callback[1];
} else {
callbacks = new Callback[2];
callbacks[1] = new PasswordCallback("password: ", false);
callbacks[0] = new NameCallback("username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throwLoginException(e.toString() + " " + e.getCallback().toString());
return callbacks;
private String getUserName(Callback[] callbacks) throws LoginException {
String userName = ((NameCallback) callbacks[0]).getName();
if (userName == null) {
throwLoginException("Username not supplied.");
System.out.println("\tuserName\t= " + userName);
return userName;
private void addGroupsForSubject(String userName) {
try {
for (Enumeration e = getGroupNamesAS400(userName);
e.hasMoreElements();) {
String groupName = (String) e.nextElement();
System.out.println("\tgroupName\t= " + groupName);
principalsForSubject.add(new WLSGroupImpl(groupName));
} catch (Exception ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
public Enumeration getGroupNamesAS400(String usuario)
throws Exception {
if(usuario == null) {
throw new Exception("Usuario no puede ser vacio");
Vector<String> grupos = new Vector<String>();
grupos.add(DEFAULT_GROUP_NAME);
Connection conn = null;
ResultSet rs = null;
PreparedStatement statement = null;
try {
Context c = new InitialContext();
DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
conn = dst.getConnection();
String query = "SELECT COD_ROL AS ROL " +
"FROM gestionnew.us_rol_perfil " +
"JOIN gestionnew.usuarios " +
"ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
"WHERE upper(usuarios.usuariorr) = ?";
statement = conn.prepareStatement(query);
statement.setString(1, usuario.toUpperCase());
rs = statement.executeQuery();
while (rs.next()) {
grupos.add(rs.getString("ROL"));
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
return grupos.elements();
private String getPasswordHave(String userName, Callback[] callbacks) throws
LoginException {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
char[] password = passwordCallback.getPassword();
passwordCallback.clearPassword();
if (password == null || password.length < 1) {
throwLoginException("Authentication Failed: User " + userName +
". Password not supplied");
String passwd = new String(password);
System.out.println("\tpasswordHave\t= " + passwd);
return passwd;
thanks

Two questions on ASM for Grid Installation

Grid Infrastructure version : 11.2.0.3
Platform : Oracle Enterprise Linux 5.6
Question1.
oracle:dba will be owner of our Grid software (not grid user). What should be permission set for LUNs ( /dev/sda1, ..) before the grid installation ?
Question2.
Currently, the shared LUNs appear as
/dev/sdb ,
/dev/sdc,
/dev/sdd
does a single partition need to be created before presenting LUN to ASM ?
For example, I should choose p (primary partition ) below. Right ?
# fdisk /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x8b157fd2.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').
Command (m for help): c
DOS Compatibility flag is not set
Command (m for help): u
Changing display/entry units to sectors
Command (m for help): n
Command action
   e   extended
p   primary partition (1-4)

Check the step 5 here.You use oracleasm utility which changes permission.
Installing Grid Infrastructure for a Standalone Server
Ta
Jag

Error while executing the compilation process

Hi,
ISA Framework: com.sap.engine.services.servlets_jsp.server.jsp.exceptions.CompilingException: Error while executing the compilation process: javac: invalid flag: "/usr/sap/CJP/J06/j2ee/cluster/server2/apps/sap.com/crm~isauseradm/servlet_jsp/isauseradm/work/jsp_login XXXXXXXXXXX.java" Usage: javac <options> <source files> where possible options include: -g Generate all debugging info -g:none Generate no debugging info -g:{lines,vars,source} Generate only some debugging info -nowarn Generate no warnings -verbose Output messages about what the compiler is doing -deprecation Output source locations where deprecated APIs are used -classpath <path> Specify where to find user class files -sourcepath <path> Specify where to find input source files -bootclasspath <path> Override location of bootstrap class files -extdirs <dirs> Override location of installed extensions -d <directory> Specify where to place generated class files -encoding <encoding> Specify character encoding used by source files -source <release> Provide source compatibility with specified release -target <release> Generate class files for specific VM version -help Print a synopsis of standard options ].
We get this message periodically then we login to isauseradm-application or shopadmin-application.
How we can solve this issue? Why it's appears in system?
/nwa shows this error:
Process after commit failed - may be hanging internal locks mut be removed manually.
Where I can see hanging internal locks ?
Denis

to add some information,
in runtime workbench, component monitoring, performance monitoring and all other thing except message monitoring is OK.

ER unable to compile using javac with java 1.3.1 library (JDEV 10.1.3.0.4)

Hi !
When I try to compile in JDev with javac and the java 1.3.1 library, I get the following error :
Error: javac: invalid flag: -source
The command line generated by JDev looks like :
C:\jdk1.3.1_03\bin\javac.exe -J-mx512m -verbose -deprecation -source 1.3 -target 1.3 -encoding Cp1252 -g -classpath [...] -sourcepath [...] -d [...] @C:\DOCUME~1\user\LOCALS~1\Temp\javac54193.tmp
It seems that -source and -target flags do not exist in this version of javac.
But it does not seem possible to remove these flags generated by JDev, so I'm unable to compile with javac 1.3.1 and JDev.
So i'm looking for :
- A workaround to prevent JDev from adding the -source and -target flags.
- A future release of JDev where you could disable these flags, or, much better, where JDev automatically disables these flags when it detects a 1.3.1 library (there may be other incompatible flags I did not mention).
Thank you for your answers :)

Hi,
when you open the project properties and choose the compiler option to tht the compiler to "javac" and then the "source" and "target" to 1.3, wouldn't this compile it for Java 3? I don't think that it is necesary to use JDK 1.3 for compiling the sources
Cross-Compilation Options
By default, classes are compiled against the bootstrap and extension classes of the platform that javac shipped with. But javac also supports cross-compiling, where classes are compiled against a bootstrap and extension classes of a different Java platform implementation. It is important to use -bootclasspath and -extdirs when cross-compiling; see Cross-Compilation Example below.
-target version
Generate class files that will work on VMs with the specified version. The default is to generate class files to be compatible with the 1.2 VM in the Java 2 SDK. The versions supported by javac in the Java 2 SDK are:
1.1
Ensure that generated class files will be compatible with 1.1 and VMs in the Java 2 SDK.
1.2
Generate class files that will run on VMs in the Java 2 SDK, v 1.2 and later, but will not run on 1.1 VMs. This is the default.
1.3
Generate class files that will run on VMs in the Java 2 SDK, v 1.3 and later, but will not run on 1.1 or 1.2 VMs.
1.4
Generate class files that are compatible only with 1.4 VMs.
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/javac.html
Frank

Invalid Flag

Similar Messages

Maybe you are looking for