Java.security.acl.NotOwnerException when Administration Port is set

Similar Messages

• Acl.NotOwnerException when starting managed server

  I have installed the evaluation version of WL 6.0 and sp1 on Solaris and can run
  applications
  using the administration server.
  I created a new server with the WL console, and then tried to start it as a managed
  server,
  but I get a java.security.acl.notOwnerException. I start the admin server and
  the managed
  server using the same user account. When prompted for the boot password, I use
  the same
  password to start each server.
  Is there anything I can change in my setup to get around this problem?
  This is the trace of the error:
  startManagedWebLogic.sh myserver2 http://localhost:7501
  p1= myserver2
  p2= http://localhost:7501
  LD_LIBRARY_PATH=/private/weblogic/weblogic6.0/wlserver6.0/lib/solaris
  <Mar 29, 2001 2:31:16 PM PST> <Info> <Security> <Getting boot password from user.>
  Enter password to boot WebLogic server:systempswd
  Starting WebLogic Server ....
  Connecting to http://localhost:7501...
  log file: /private/weblogic/weblogic6.0/wlserver6.0/./myserver2.log
  <Mar 29, 2001 2:31:26 PM PST> <Info> <Logging> <Only log messages of severity
  "Error" or worse will be displayed in this window. This can be changed at Admin
  Console> mydomain> Servers> myserver2> Logging> General> Stdout severity threshold>
  <Mar 29, 2001 2:31:26 PM PST> <Emergency> <Server> <Unable to initialize the server:
  'Fatal initialization exception
  Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  at weblogic.security.acl.Realm.getRealm(Realm.java:91)
  at weblogic.security.acl.Realm.getRealm(Realm.java:36)
  at weblogic.security.acl.Realm.authenticate(Realm.java:183)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
  at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
  at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:244)
  at weblogic.jndi.Environment.getContext(Environment.java:135)
  at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
  at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:888)
  at weblogic.management.Admin.start(Admin.java:303)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  '>
  The WebLogic Server did not start up properly.
  Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  at weblogic.security.acl.Realm.getRealm(Realm.java:91)
  at weblogic.security.acl.Realm.getRealm(Realm.java:36)
  at weblogic.security.acl.Realm.authenticate(Realm.java:183)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
  at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
  at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:244)
  at weblogic.jndi.Environment.getContext(Environment.java:135)
  at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
  at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:888)
  at weblogic.management.Admin.start(Admin.java:303)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Reason: Fatal initialization exception
  Thanks in advance for any help.
  Joan

  Hi Joan
  Go to the Managedserver Confiuration and give the Correct listen Port and SSL.I hope this will help you.
  Nagesh Rao
  Joan Silverman wrote:
  I have installed the evaluation version of WL 6.0 and sp1 on Solaris and can run
  applications
  using the administration server.
  I created a new server with the WL console, and then tried to start it as a managed
  server,
  but I get a java.security.acl.notOwnerException. I start the admin server and
  the managed
  server using the same user account. When prompted for the boot password, I use
  the same
  password to start each server.
  Is there anything I can change in my setup to get around this problem?
  This is the trace of the error:
  startManagedWebLogic.sh myserver2 http://localhost:7501
  p1= myserver2
  p2= http://localhost:7501
  LD_LIBRARY_PATH=/private/weblogic/weblogic6.0/wlserver6.0/lib/solaris
  <Mar 29, 2001 2:31:16 PM PST> <Info> <Security> <Getting boot password from user.>
  Enter password to boot WebLogic server:systempswd
  Starting WebLogic Server ....
  Connecting to http://localhost:7501...
  log file: /private/weblogic/weblogic6.0/wlserver6.0/./myserver2.log
  <Mar 29, 2001 2:31:26 PM PST> <Info> <Logging> <Only log messages of severity
  "Error" or worse will be displayed in this window. This can be changed at Admin
  Console> mydomain> Servers> myserver2> Logging> General> Stdout severity threshold>
  <Mar 29, 2001 2:31:26 PM PST> <Emergency> <Server> <Unable to initialize the server:
  'Fatal initialization exception
  Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  at weblogic.security.acl.Realm.getRealm(Realm.java:91)
  at weblogic.security.acl.Realm.getRealm(Realm.java:36)
  at weblogic.security.acl.Realm.authenticate(Realm.java:183)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
  at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
  at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:244)
  at weblogic.jndi.Environment.getContext(Environment.java:135)
  at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
  at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:888)
  at weblogic.management.Admin.start(Admin.java:303)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  '>
  The WebLogic Server did not start up properly.
  Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  at weblogic.security.acl.Realm.getRealm(Realm.java:91)
  at weblogic.security.acl.Realm.getRealm(Realm.java:36)
  at weblogic.security.acl.Realm.authenticate(Realm.java:183)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
  at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
  at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:244)
  at weblogic.jndi.Environment.getContext(Environment.java:135)
  at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
  at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:888)
  at weblogic.management.Admin.start(Admin.java:303)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Reason: Fatal initialization exception
  Thanks in advance for any help.
  Joan

• Weblogic implementation of java.security.acl.Group

  hi guys
  Do you know of any specific reason why there isnt a implementation of the
  java.security.acl.Group interface in the weblogic jar.
  I am trying to create a simple user manager service which uses the mbeans
  exposed by weblogic. However the interface I am coding to expects me to return
  java.security.acl.Group when I create a Group. This has resulted in a deadlock
  as I havent been able to locate a non deprecated implementation.
  Thanks
  anand

  Yes, you can do this.
  Alexandre Vauthey wrote:
  Hi,
  If I write my own securrity realm, am I able to use my own implementaion of
  'java.security.acl.Acl' and 'java.security.acl.AclEntry' or do I have to use
  the implementation provided by weblogic ? When Security.checkPermission() is
  called, does it solely rely on APIs defined in 'java.security.acl' or does
  it really expect to talk to an instance of weblogic 'AclImpl' ?
  Thanks, Alexandre.
  Alexandre Vauthey
  Software Engineer
  Application Networks
  444 Ramona street
  Palo Alto, CA 94301

• Can I provide my own implementation of java.security.acl.Acl ?

  Hi,
  If I write my own securrity realm, am I able to use my own implementaion of
  'java.security.acl.Acl' and 'java.security.acl.AclEntry' or do I have to use
  the implementation provided by weblogic ? When Security.checkPermission() is
  called, does it solely rely on APIs defined in 'java.security.acl' or does
  it really expect to talk to an instance of weblogic 'AclImpl' ?
  Thanks, Alexandre.
  Alexandre Vauthey
  Software Engineer
  Application Networks
  444 Ramona street
  Palo Alto, CA 94301

  Yes, you can do this.
  Alexandre Vauthey wrote:
  Hi,
  If I write my own securrity realm, am I able to use my own implementaion of
  'java.security.acl.Acl' and 'java.security.acl.AclEntry' or do I have to use
  the implementation provided by weblogic ? When Security.checkPermission() is
  called, does it solely rely on APIs defined in 'java.security.acl' or does
  it really expect to talk to an instance of weblogic 'AclImpl' ?
  Thanks, Alexandre.
  Alexandre Vauthey
  Software Engineer
  Application Networks
  444 Ramona street
  Palo Alto, CA 94301

• The role of java.security.acl in Java 2 security

  I have been trying to assess the role of the java.security.acl package within the Java 2 Security architecture. I have some questions regarding it.
  First where in the JVM are the interfaces of java.security.acl used? Are there any examples out there to guide developers in understanding their proper implementation?
  What is the relationship between this package and the core security package? There seems to be a Permission interface in the acl sub-package and an abstract Permission class in the core security package. Why is this the case? Why is the core abstract class not used instead of declaring a new Permission interface within the acl subpackage?
  Are not PermissionCollections and Permissions analogous to ACLs? If so then wouldn't that fact make the acl subpackage redundant?
  JSR 115 tries to bridge the gap between Java 2 Security in the SDK with security in J2EE. Namely enabling the RBAC-like approach to security in J2EE while using the AccessController of the J2SE to do the evalualtion of J2EE (Servlet/EJB) Permissions. Why are the Group and Owner interfaces defined here not leveraged in both JSR 115 and in general for Role Based Access Control?
  Could someone give some background on the vision behind creating the acl subpackage and how it relates to the historical progression of security advances in Java security architectures?
  Thanks much,
  Alex Karasulu

  I see from the defined interfaces that its an attempt at a formal approach to RBAC. However RBAC can be implemented without it all together using existing J2SE and JAAS based constructs. This does not answer the redundancy question. Could you elaborate a little bit more?
  Thanks,
  Alex

• Solution to: javax.naming.AuthenticationException.  Root exception is java.lang.SecurityException: attempting to add an object which is not an instance of java.security.Principal to a Subject's Principal Set

  Hello world,
  To anybody who receives this irritating error in a Java client
  application attempting to access Weblogic Server 6.1 (and possibly
  weblogic server 6):
  javax.naming.AuthenticationException. Root exception is
  java.lang.SecurityException: attempting to add an object which is not
  an instance of java.security.Principal to a Subject's Principal Set
  The cause of your problem is having JAAS explicitly in your classpath.
  It somehow messes up authentication to WebLogic. Remove it and your
  problem will disappear.
  The complete exception was:
  javax.naming.AuthenticationException. Root exception is
  java.lang.SecurityException: attempting to add an object which is not
  an instance of java.security.Principal to a Subject's Principal Set
       at javax.security.auth.Subject$SecureSet.add(Subject.java:1098)
       at weblogic.common.internal.BootServicesStub.writeUserInfoToSubject(BootServicesStub.java:72)
       at weblogic.common.internal.BootServicesStub.authenticate(BootServicesStub.java:80)
       at weblogic.security.acl.internal.Security.authenticate(Security.java:108)
       at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:509)
       at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:364)
       at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:336)
       at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:208)
       at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
       at javax.naming.InitialContext.init(InitialContext.java:222)
       at javax.naming.InitialContext.<init>(InitialContext.java:198)
       at au.com.orrcon.orrconcentral.Application.<init>(Application.java:87)
       at au.com.orrcon.orrconcentral.Application.getApp(Application.java:52)
       at au.com.orrcon.orrconcentral.orrconCentral.<init>(orrconCentral.java:130)
       at au.com.orrcon.orrconcentral.orrconCentral.main(orrconCentral.java:219)

  Steve Wesemeyer <[email protected]> wrote:
  I have encountered the same problem and I do not have JAAS on my classpath
  at all (unless it's there by default). Are there any other possible
  causes for this?
  Cheers,
  SteveA note to all who read this thread:
  I also had to remove Sun's j2ee (version 1.2) from my client's classpath before
  the same problem went away. 1 programmer day down the drain....
  Regards,
  MG

• NotOwnerException When Using DataSource

  Hi,
  Unless I have something configured wrong, it appears WebLogic restricts the usage of
  DataSource to only allowing the getConnection() and not the getConnection(user, pass)
  for pooled JDBC connections. Has anyone ever tried configuring a DataSource other
  than that supplied by WebLogic? If so, could you please point me in the right direction?
  Here's the details:
  I have configured a JDBC connection pool and Data Source through the WL Admin Console
  (this is not a requirement though). I am connecting to an Oracle 8i database.
  Either while I am in the process of getting the connection or once I have grabbed a
  connection from the pool, I am wanting to identify myself as a different user to the
  database.
  I have put the code "Connection con = ds.getConnection( user, pass );" into an EJB
  deployed on the WL server. However, it always throws the following error on the client:
  Start server side stack trace:
  java.rmi.RemoteException: EJB Exception: ; nested exception is:
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  at weblogic.security.acl.Realm.getRealm(Realm.java:94)
  at weblogic.security.acl.Realm.getRealm(Realm.java:39)
  at weblogic.security.acl.Realm.authenticate(Realm.java:186)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:236)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:136)
  at weblogic.security.acl.Security.doAsPrivileged(Security.java:507)
  at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:149)
  at test.TestDBBean.getName(TestDBBean.java:88)
  at test.TestDBBean_hdmb9c_EOImpl.getName(TestDBBean_hdmb9c_EOImpl.java:46)
  at test.TestDBBean_hdmb9c_EOImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:342)
  at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:103)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:313)
  at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:156)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:137)
  End server side stack trace
  ; nested exception is:
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  The user has been defined in WebLogic with full administrator rights and is a valid
  user in the database.
  If I use "ds.getConnection()" with no arguments, the code works just fine. The
  project I'm on needs the performance of a common connection pool and the ability to
  track the named user activities within the database.
  Any assistance would be greatly appreciated.
  Thanks,
  Bill

  Try setting up an ACL for the user to reserve from that connection pool. I
  know that this should get you by this NotOwnerException, but I do not know
  if/how you can really "identify" yourself as a different user to the
  database after getting the connection. You maybe able to get better answers
  with the database identification on the weblogic.developer.interest.security
  newsgroup.
  Joseph Nguyen
  BEA Support
  "Bill R." <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  Unless I have something configured wrong, it appears WebLogic restrictsthe usage of
  DataSource to only allowing the getConnection() and not thegetConnection(user, pass)
  for pooled JDBC connections. Has anyone ever tried configuring aDataSource other
  than that supplied by WebLogic? If so, could you please point me in theright direction?
  >
  Here's the details:
  I have configured a JDBC connection pool and Data Source through the WLAdmin Console
  (this is not a requirement though). I am connecting to an Oracle 8idatabase.
  >
  Either while I am in the process of getting the connection or once I havegrabbed a
  connection from the pool, I am wanting to identify myself as a differentuser to the
  database.
  I have put the code "Connection con = ds.getConnection( user, pass );"into an EJB
  deployed on the WL server. However, it always throws the following erroron the client:
  >
  >
  Start server side stack trace:
  java.rmi.RemoteException: EJB Exception: ; nested exception is:
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  at weblogic.security.acl.Realm.getRealm(Realm.java:94)
  at weblogic.security.acl.Realm.getRealm(Realm.java:39)
  at weblogic.security.acl.Realm.authenticate(Realm.java:186)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:236)
  atweblogic.security.acl.internal.Security.authenticate(Security.java:136)
  at weblogic.security.acl.Security.doAsPrivileged(Security.java:507)
  atweblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java
  :149)
  at test.TestDBBean.getName(TestDBBean.java:88)
  attest.TestDBBean_hdmb9c_EOImpl.getName(TestDBBean_hdmb9c_EOImpl.java:46)
  at test.TestDBBean_hdmb9c_EOImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:342)
  atweblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java
  :103)
  atweblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:313)
  atweblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:3
  0)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:156)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:137)
  End server side stack trace
  ; nested exception is:
  java.lang.IllegalAccessError: java.security.acl.NotOwnerException
  The user has been defined in WebLogic with full administrator rights andis a valid
  user in the database.
  If I use "ds.getConnection()" with no arguments, the code works just fine.The
  project I'm on needs the performance of a common connection pool and theability to
  track the named user activities within the database.
  Any assistance would be greatly appreciated.
  Thanks,
  Bill

• NotOwnerException when trying sample RDBMSRealm

  Hi,
  Currently, i'm using WL6.0 on NT and trying out RDBMSRealm from console. I could make it work the way it is described, but when I try to change any of the permission to any group or user, i get following error msgs. I logged in as a "system" and trying to grant "write" permission (to "disk" ACL) to user "scott" from a console. I get following exceptions... What could be going wrong here ?
  Thanks a lot for yr help....
  V.S
  java.security.acl.NotOwnerException
  at weblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
  at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:753)
  at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
  at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
  at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
  at java.lang.reflect.Method.invoke(Native Method)
  at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
  at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
  at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
  at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
  at $Proxy60.grantPermission(Unknown Source)
  at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
  at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
  java.lang.InternalError: aclOwner not owner
  at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:772)
  at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
  at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
  at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
  at java.lang.reflect.Method.invoke(Native Method)
  at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
  at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
  at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
  at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
  at $Proxy60.grantPermission(Unknown Source)
  at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
  at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)

  For the record:
  Suresh,
  Update on my case....
  Having downloaded and configured the latest release of WL server (beta 2), I could successfully test some of our requirements using WL Realm.
  As a first step part of an iterative process, I tried creating users, groups and ACLs (Access control lists similar to permission ) , then associated users to groups , granted specific privilege to principals (users/groups) so on... Everything seems to be working fine...
  Next, I'll be making it work with RDBMS since right now it uses FileRealm not the databaseRealm. I'll update you on this as I progress...
  Thanks a lot for yr continued support...
  Regards,
  -----Original Message-----
  From: Suresh Vallabhaneni [SMTP:[email protected]]
  Sent: Wednesday, November 22, 2000 4:17 PM
  To: Shah, Vishal
  Subject: RE: NotOwnerException thrown... pl help
  Vishal
  Nope. Beta refresh is somewhere around mid Nov.
  thanks
  At 04:09 PM 11/22/00 -0500, [email protected] wrote:
  I think, i'm using 6.0 beta. WebLogic Server (6.0.0b1 10/06/2000 22:34:17 >#86762)
  b1 signify beta refresh ?
  Thanks
  Vishal Shah
  EBS Dealing Resources
  Hazelnut Development
  Parsippany
  * 1.973.257.6904
  -----Original Message-----
  From: Suresh Vallabhaneni [SMTP:[email protected]]
  Sent: Wednesday, November 22, 2000 4:08 PM
  To: Shah, Vishal
  Subject: RE: NotOwnerException thrown... pl help
  Hi Vishal
  fileRealm is the default realm with WebLogic Server. If an operation fails >on an alternate realm, usually it will failover to the default >Realm(stored in fileRealm.properties). If the failover is not handled >well, the server may throw an exception. I believe the issue of FileRealm >not getting refreshed in the console is fixed in the later loads, I'm not >sure its fixed in Beta refresh though. Are u using beta or beta refresh of >6.0? Will get back to u whether this is available in beta refresh later.
  thanks
  At 03:48 PM 11/22/00 -0500, you wrote:
  Suresh,
  Thanks once again.
  I could create a user, group and ACLs , ("vshah", "Trader", "Trade > (Buy, >Sell , Buy&Sell permissions) but the changes don't reflect > immediately. I >had to bring down the server and restart it again.
  Having looked around , i then found out that this new information > gets >stored in "FileRealm.properties" file (security realm ???) and not > updated >to the database.(cloudscape)
  Shouldn't the changes persist to DB ? As per the documentation it says,
  A Sample Custom Security Realm
  The weblogic.security.rdbmsrealm package in > the >samples/examples/security/rdbmsrealm directory is a custom security > realm >that uses a relational database for its security store. Attached > is a >FileRealm.properties file
  Regards,
  Vishal Shah
  EBS Dealing Resources
  Hazelnut Development
  Parsippany
  * 1.973.257.6904
  -----Original Message-----
  From: Suresh Vallabhaneni [SMTP:[email protected]]
  Sent: Wednesday, November 22, 2000 1:41 PM
  To: Shah, Vishal
  Subject: RE: NotOwnerException thrown... pl help
  Vishal
  This is what I gathered from the developer for the Realm stuff:
  RDBMS realm is only partially manageable. The operation supported are:
  (1) Users - Create, Delete and Change Password
  (2) Groups - Delete, Modify(Create is not supported)
  (3) Acls - No operations are supported
  Plz let me know if you're having problems with any of the operations > that >are supported.
  thanks
  At 12:09 PM 11/22/00 -0500, you wrote:
  Thanks, See u on Monday.
  Have a wondeful thanksgiving.
  Vishal Shah
  EBS Dealing Resources
  Hazelnut Development
  Parsippany
  * 1.973.257.6904
  -----Original Message-----
  From: Suresh Vallabhaneni [SMTP:[email protected]]
  Sent: Wednesday, November 22, 2000 12:11 PM
  To: Shah, Vishal
  Subject: RE: NotOwnerException thrown... pl help
  Vishal
  I'm sorry. Yes, RDBMS realm is the only manageable realm out of the > four
  alternate realms we support. I may not be able to answer your question
  today. I'll get back to you with an answer by Monday.
  thanks
  At 11:54 AM 11/22/00 -0500, you wrote:
  Hi Suresh,
  There are couple of things going on...
  First, I could add user "vshah" with password "vshah", added group"Trader"
  and made "vshah" belonging to this group. Then created a new ACL > "Trade"
  with two permissions "Buy" and "Sell" and granted
  "vshah" to these perm. So far so good.
  Next, I tried adding few more users, and followed very similiar > patternas
  in the first case to create groups, ACLS and grant permissions to > thesenew
  users. But, nothing works. Sometimes, when I grant a permission to anuser,
  it immediately reflects on the console and sometimes it doesn't. The
  behaviour is not quite consistent. Even I restart the server, i > > don't see
  those new users, groups and ACLs.
  I'm extracting few lines from a log file that would help....
  ####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
  <main> <> <> <090049>
  <System user unperson does not exist, creating it.>
  ####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
  <main> <> <> <090044>
  <Principal rdoust does not exist thus cannot be added to group > > SuperTFA.>
  ####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
  <main> <> <> <090047>
  <Principal jpatel does not exist thus cannot be added to ACL Trade.>
  ####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
  <main> <> <> <090047>
  <Principal jpatel does not exist thus cannot be added to ACL Trade.>
  ####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
  <main> <> <> <090047>
  <Principal rdoust does not exist thus cannot be added to ACL Trade.>
  ####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
  <main> <> <> <090047>
  <Principal rdoust does not exist thus cannot be added to ACL Trade.>
  For existing ACLs as part of a sample example (RDBMSRealm) , i > couldn't
  add/modify/remove any permissions to any users/groups.
  I looked at RDBMSRealm source code and it extends"AbstractManageableRealm"
  so it should allow changes to the realm.
  Thanks again
  P.S. Attached pl see the screen dumps and log file...
  <<screenshots.zip>> <<weblogic.log>>
  Vishal Shah
  EBS Dealing Resources
  Hazelnut Development
  Parsippany
  * 1.973.257.6904
  -----Original Message-----
  From: Suresh Vallabhaneni [SMTP:[email protected]]
  Sent: Wednesday, November 22, 2000 11:23 AM
  To: Shah, Vishal
  Subject: RE: NotOwnerException thrown... pl help [Shah, > Vishal]
  Vishal
  For now modify the table in the database directly. I can keep you
  posted
  about realm enhancements in the next release if you're interested.
  thanks
  At 11:16 AM 11/22/00 -0500, you wrote:
  Hi,
  Thanks for a prompt answer.
  You got me right, i'm trying to add/modify/create new ACLs > and > change
  permissions to users thro' console.
  How would I go about doing this ?
  Thanks again...
  Vishal Shah
  EBS Dealing Resources
  Hazelnut Development
  Parsippany
  * 1.973.257.6904
  -----Original Message-----
  From: Suresh Vallabhaneni [SMTP:[email protected]]
  Sent: Wednesday, November 22, 2000 11:16 AM
  To: Shah, Vishal
  Subject: Re: NotOwnerException thrown... pl help
  Hi Vishal
  RDBMS Realm is a Listable realm not a Manageable realm, meaning
  you
  cannot
  make any changes to a user, group or acl defined in the RDBMS
  Realm. I
  guess you're trying to modify the acl defined in the RDBMS > Realmthru
  console. You cannot do that thru the console. If this is > not whatyou're
  doing and I didnot interpret your problem correctly, plz let me
  know.
  thanks
  At 06:59 PM 11/21/00 -0500, you wrote:
  Hi Suresh,
  Instead of posting this msg to newgroup, I thought of > addressing
  directly
  to
  u so that I can answer immidiately from a bea person.
  Currently, i'm using WL6.0 on NT and trying out RDBMSRealm > from
  console.
  I
  could make it work the way it is described, but when I try to
  change
  any
  of
  the permission to any group or user, i get following error > msgs.
  I
  logged
  in
  as a "system" and trying to grant "write" permission (to > "disk"
  ACL)
  to
  user "scott" from a console. I get following exceptions... > What
  could
  be
  going wrong here ?
  Thanks a lot for yr help....
  java.security.acl.NotOwnerException
  atweblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
  at
  weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.ja > va > :753
  at
  weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java: > 2079)
  atweblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
  at java.lang.reflect.Method.invoke(Native Method)
  atweblogic.management.internal.DynamicMBeanImpl.invokeLocally(Dynamic > MB > eanI
  mpl
  .java:536)
  at
  weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanIm > pl > .jav
  a:5
  22)
  at java.lang.reflect.Method.invoke(Native Method)
  at
  javax.management.MBeanServer.invoke(MBeanServer.java:1543)
  atjavax.management.MBeanServer.invoke(MBeanServer.java:1501)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
  atweblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
  at $Proxy60.grantPermission(Unknown Source)
  atweblogic.management.configuration.AclMBean_CachingStub.grantPermiss > io > n(Ac
  lMB
  ean_CachingStub.jav
  at
  weblogic.management.console.pages._panels._mbean._aclpermissiontabl > e. > _jsp
  Ser
  vice(_aclpermission
  at > > weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStub > Im > pl.j
  ava
  :209)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebApp > Se > rvle
  tCo
  ntext.java:1114)
  at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequest > Im > pl.j
  ava
  :1388)
  at
  weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
  at
  weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
  java.lang.InternalError: aclOwner not owner
  atweblogic.security.acl.internal.FileRealm.setPermission(FileRealm.ja > va > :772
  at
  weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java: > 2079)
  atweblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
  at java.lang.reflect.Method.invoke(Native Method)
  atweblogic.management.internal.DynamicMBeanImpl.invokeLocally(Dynamic > MB > eanI
  mpl
  .java:536)
  at
  weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanIm > pl > .jav
  a:5
  22)
  at java.lang.reflect.Method.invoke(Native Method)
  at
  javax.management.MBeanServer.invoke(MBeanServer.java:1543)
  atjavax.management.MBeanServer.invoke(MBeanServer.java:1501)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
  atweblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
  at $Proxy60.grantPermission(Unknown Source)
  atweblogic.management.configuration.AclMBean_CachingStub.grantPermiss > io > n(Ac
  lMB
  ean_CachingStub.jav
  at
  weblogic.management.console.pages._panels._mbean._aclpermissiontabl > e. > _jsp
  Ser
  vice(_aclpermission
  at > > weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStub > Im > pl.j
  ava
  :209)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebApp > Se > rvle
  tCo
  ntext.java:1114)
  at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequest > Im > pl.j
  ava
  :1388)
  at
  weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
  at
  weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
  Vishal Shah
  EBS Dealing Resources
  Hazelnut Development
  Parsippany
  * 1.973.257.6904
  "Suresh Vallabhaneni" <[email protected]> wrote:
  >
  Vishal
  I'm sorry. Yes, RDBMS realm is the only manageable realm out of the four alternate realms we support. I may not be able to answer your question today. I'll get back to you with an answer by Monday.
  thanks
  "Suresh Vallabhaneni" <[email protected]> wrote:
  Hi Vishal
  RDBMS Realm is a Listable realm not a Manageable realm, meaning you cannot make any changes to a user, group or acl defined in the RDBMS Realm. I guess you're trying to modify the acl defined in the RDBMS Realm. You cannot do that thru the console. If this is not what you're doing and I didnot interpret your problem correctly, plz let me know.
  thanks
  "V Shah" <[email protected]> wrote:
  Hi,
  Currently, i'm using WL6.0 on NT and trying out RDBMSRealm from console. I could make it work the way it is described, but when I try to change any of the permission to any group or user, i get following error msgs. I logged in as a "system" and trying to grant "write" permission (to "disk" ACL) to user "scott" from a console. I get following exceptions... What could be going wrong here ?
  Thanks a lot for yr help....
  V.S
  java.security.acl.NotOwnerException
  at weblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
  at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:753)
  at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
  at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
  at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
  at java.lang.reflect.Method.invoke(Native Method)
  at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
  at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
  at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
  at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
  at $Proxy60.grantPermission(Unknown Source)
  at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
  at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
  java.lang.InternalError: aclOwner not owner
  at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:772)
  at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
  at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
  at java.lang.reflect.Method.invoke(Native Method)
  at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
  at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
  at java.lang.reflect.Method.invoke(Native Method)
  at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
  at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
  at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
  at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
  at $Proxy60.grantPermission(Unknown Source)
  at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
  at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)

• ClassCastException: weblogic.security.acl.internal.FileRealm

  Hi,
  I am trying to create new user through the CachingRealm.newUser(?,?,?) method..What
  I do is -
  weblogic.security.acl.BasicRealm baseRealm =
  (weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
  weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
  baseRealm;
  However it is not able to classcast to CachingRealm , it gives the exception -
  java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
  Do I need to do anything else ?
  Thx

  Hi Kumar,
  I took a look at config.xml
  Looks like you do not have an alternate realm hooked into WebLogic and that is the
  source of the problem.
  If you try to cast anything to CachingRealm and call methods on it, when you don't have
  an alternate realm, then the cast will fail with ClassCastException.
  For example, take a look at the very, very simple JSP code
  <%@ page import="
  import java.util.*,
  import weblogic.common.*,
  import javax.servlet.*,
  import javax.servlet.http.*,
  import java.io.*,
  import weblogic.security.*,
  import weblogic.security.acl.User,
  import weblogic.security.acl.Security,
  import weblogic.security.acl.Realm,
  import weblogic.security.acl.CachingRealm,
  import weblogic.security.acl.*,
  import java.security.acl.*,
  import java.security.acl.Permission,
  import java.security.Principal,
  import javax.servlet.http.*,
  import weblogic.html.*,
  import weblogic.common.internal.WLColor
  "%>
  <%
  response.setContentType("text/html");
  BasicRealm basicRealm = Security.getRealm();
  try {
  ((CachingRealm) basicRealm).clearCaches();
  } catch (ClassCastException ce) {
  out.println("There is a class cast.. getRealm ain't no returned a
  CachingRealm");
  out.println("This probably means that you don't have a pluggable realm hooked
  into WebLogic.");
  out.println("No pluggable Realm = no Cachingrealm!");
  %>
  This JSP will give you a class cast if you do not have some alternate realm hooked up
  (LDAP, NTREalm, UnixRealm, RDBMSRealm)
  But will work just fine if you do have an alternate realm hooked up .
  I think that this is what you are seeing.
  Hope this helps
  Joe Jerry
  kumar wrote:
  Hi Jerry,
  Thanks for your response.
  I have attached my config.xml . It is a very small config.xml with all the default
  configurations. Please look at it ..
  Thx
  Jerry <[email protected]> wrote:
  Hi Kumar,
  Do you have an alternate realm hooked into WebLogic (LDAP, UNIXrealm,
  NTRealm,
  CustomRealm)?
  Thanks,
  Joe Jerry
  kumar wrote:
  Hi,
  I am trying to create new user through the CachingRealm.newUser(?,?,?)method..What
  I do is -
  weblogic.security.acl.BasicRealm baseRealm =
  (weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
  weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
  baseRealm;
  However it is not able to classcast to CachingRealm , it gives theexception -
  java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
  Do I need to do anything else ?
  Thx
  Name: config.xml
  config.xml Type: XML Document (text/xml)
  Encoding: base64

• NoRoutetoHostException on installing Java Security Config Assistant in 10G

  Hi
  I am trying to install the infrastructure for Oracle 10G AS 9.0.4 on Red Hat Linux 2.1 Advanced Server. The installation proceeds smoothly upto the time that I have to install the Java Security Configuration Assistant when it throws the No Route to Host Exception. No clue in logs either. Please hellllllllllllllppppppp!!!!

  Hi Sayali!
  Check if you network cfg is ok before you start the installation.
  What works with me is:
  a) Check /etc/hosts
  first entry should be
  - insert your ip address --
  192.168.1.2 yourmachine.yourdomain.com machine
  127.0.0.1 localhost
  b) in /etc/sysctl.conf
  kernel.domainname = yourdomain.com
  execute as root sysctl -p
  c) Set /etc/nsswitch.conf to use files for names resoultion
  d) if you use dns make sure that you receive the right answer for your name and ip address
  e) make sure that the firewall on the RH machine is off (iptables)
  cu
  Andreas

• Jaas sample progrma in weblogic 6.1 giving the following error java.lang.SecurityException: attempting to add an object which is not an instance of java.security.Principal to a Subjec

  jaas sample progrma in weblogic 6.1 giving the following error java.lang.SecurityException:
  attempting to add an object which is not an instance of java.security.Principal
  to a Subjec
  on runnig the program during the call of method Authenticate.authenticate(env,
  subject); giving following exceptions Error: Login Exception on authenticate,
  java.lang.SecurityException: attempting to add an object which is not an instance
  of java.security.Principal to a Subjec t's Principal Set Authentication Failed:
  Unexpected Exception, javax.security.auth.login.LoginExce ption: java.lang.SecurityException:
  attempting to add an object which is not an instance of java.security.Principal
  to a Subject's Principal Set javax.security.auth.login.LoginException: javax.security.auth.login.LoginExcepti
  on: java.lang.SecurityException: attempting to add an object which is not an ins
  tance of java.security.Principal to a Subject's Principal Set at examples.security.jaas.SampleLoginModule.login(SampleLoginModule.java
  :192) at java.lang.reflect.Method.invoke(Native Method) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 25) at
  javax.security.auth.login.LoginContext$3.run(LoginContext.java:531) at java.security.AccessController.doPrivileged(Native
  Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java
  :528) at javax.security.auth.login.LoginContext.login(LoginContext.java:449) at
  examples.security.jaas.SampleClient.main(SampleClient.java:96)
  1)what is the reason for this problem
  2)in weblogic document they told to edit server.policy file in webligic\lib folder
  a)what the modification is needed in this file..?

  Hi jerry
  i already got that problem solved by removing jaas.jar file
  from class path.
  i don'nt how it is working with out in classpath...?
  Jerry <[email protected]> wrote:
  Hi Nivas,
  I think that the problem you are seeing has something to do with the
  placement of jaas.jar in your classpath
  On WebLogic server, put jaas.jar in the classpath after weblogic.jar.
  I would bet that you have it placed before weblogic.jar right now.
  I don't think the exception that you're seeing right now has anything
  to do with your weblogic.policy file right now, so I think it is
  safe to not worry about it right now.
  Hope this helps,
  Joe Jerry

• How to monitor WebLogic Server when enable the Administration Port

  It works fine when use Listenport 7001, but when enable the Administration Port(9002), it does not work.
  Maybe I should do something to set the system environment property, but how?
  help~
  Sorry for my poor English~
  Thanks~

  HI,
  If the admin port is enabled then you have to use these parameters to run any scripts
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  -Dweblogic.security.TrustKeyStore=DemoTrust
  -The you can use Admin URL: t3s://localhost:9002 with Admin Port and Secure Protocol.
  Example:
  java -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=DemoTrust  weblogic.WLST application_status.py
  Initializing WebLogic Scripting Tool (WLST) ...
  Welcome to WebLogic Server Administration Scripting Shell
  Type help() for help on available commands
  Connecting to t3s://localhost:9002 with userid weblogic ...
  Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_7001'.
  .Regards,
  Ravish Mody
  http://middlewaremagic.com/weblogic
  Come, Join Us and Experience The Magic…

• When deploying BPEL Process through JDeveloper java.security.AccessControlE

  1.) Navigated to the Connections tab of JDeveloper 10.1.3.2.
  2.) Under the Application Server node, created a new Application Server
  connection, provided the relevant information on Type, Authentication
  & Connection's tab.
  3.) On Authentication Tab, provided the username as oc4jadmin.
  The password was not modified.
  4.) On the Test Tab after clicking on Test Connection,
  the connection was created successfully.
  5.) Under the Integration Server node,created a new Integration Server
  connection, provided the relevant information on Name & Connection
  Tab's.
  6.) On the Test Tab after clicking on Test Connection,
  the connection was created successfully.
  7.) Went to the Applications Navigator tab of JDeveloper 10.1.3.2.
  8.) Here a simple BPEL Process was created.
  9.) When trying to deploy the BPEL Process through JDeveloper,
  the below exception was thrown.
  We are using Oracle's SOA Suite 10.1.3.1 :-
  Buildfile: C:\TerminationDevelopment\TerminationProcess\build.xml
  validateTask:
  [echo]
  | Validating
  workflow
  [validateTask] url is file:/C:/JDevStudioBaseDevelopment/integration/bpm/support/files/WorkflowTaskDef
  inition.xsd
  [validateTask] url is file:/C:/JDevStudioBaseDevelopment/integration/bpm/support/files/WorkflowTaskDef
  inition.xsd
  [validateTask] url is file:/C:/JDevStudioBaseDevelopment/integration/bpm/support/files/WorkflowTaskDef
  inition.xsd
  [validateTask] url is file:/C:/JDevStudioBaseDevelopment/integration/bpm/support/files/WorkflowTaskDef
  inition.xsd
  [validateTask] Validation of workflow task definitions is completed without errors
  deployProcess:
  [echo]
  | Deploying bpel process TerminationProcess on 172.16.100.85, port
  7778
  [deployProcess] Deploying process C:\TerminationDevelopment\TerminationProcess\output\bpel_TerminationProcess_1.1.
  jar
  BUILD FAILED
  C:\TerminationDevelopment\TerminationProcess\build.xml:79: A problem occured while connecting to server "172.16.100.85" using port "7778":
  java.security.AccessControlException: access denied
  (com.collaxa.security.DomainPermission default read)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264
  at java.security.AccessController.checkPermission(AccessController.java:427)
  at com.collaxa.security.OC4JSecurityService.checkAccess(OC4JSecurityService.java:16
  at com.collaxa.security.SecurityService.checkDomainAccess(SecurityService.java:26)
  Text continued in next action...

  Hello
  I have the same problem , please see the solution if you have fixed that.
  Thanks

• Java.security.AccessControlException when calling web service from applet

  I have an applet that calls a webservce (Xmethods' delayed stock quote service). When I run the applet in appletviewer, I get the following:
  [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.security.AccessControlException: access denied (java.net.SocketPermission 66.28.98.121:9090 connect,resolve); targetException=java.lang.IllegalArgumentException:
  Error opening socket: java.security.AccessControlException:
  access denied
  etc.....
  My code works fine as an application, but not as an applet. (This was after I eventually had to extract the necessary SOAP .jar files into the same directory as my applet, but that's another topic...or maybe not?)
  Help!
  Regards,
  John Kirksey                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  The default security settings does not give an applet to connect to any other server apart from the one from which it was downloaded. This is your problem. To mitigate that you have to change the security setting of the applet conatiner i.e the JVM in the browser.
  Ironluca

• Java.security.AccessControlException when executing java from the DB

  Hello
  I'm running a Oracle 10.1.0.3.0 on Linux
  I'm having trouble with executing some java code from the DB.
  I created following java stored procedure used to create the directory given by the parameter
  package be.vlaamsparlement.dis.os_commands;
  import java.io.*;
  import java.lang.*;
  import java.sql.*;
  import java.util.*;
  public class ManageOSDirectory {
  public static String createDir(String directoryName) throws Exception
  if ((new File(directoryName)).mkdirs())
  { return ("TRUE");}
  else
  { return ("FALSE");}
  Wrapped it in a pl/sql procedure an execute it as follows under DB schema DIS :
  begin
  declare
  b boolean;
  begin
  b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/jan/1/');
  end;
  end;
  Where /data/files/vp_docs/schv/ already exist, so the proc needs to create the direcories '2004-2005', 'jan' and '1'
  this gives me following error :
  ORA-29532: Java call terminated by uncaught Java exception: java.security.AccessControlException:
  the Permission (java.io.FilePermission /data/files/vp_docs/schv/2004-2005/month/1 write) has not been granted to DIS.
  The PL/SQL to grant this is dbms_java.grant_permission( 'DIS', 'SYS:java.io.FilePermission', '/data/files/vp_docs/schv/2004-2005/jan/1', 'write' )
  I can't give this permission as the given directory does not yet exist. File permissions on os are ok and when i execute
  the code on the os (not from the DB) it works fine.
  This also worked on a Windows 10G DB without any extra grants.
  Also, i can execute the followint
  b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/');
  but if i then execute
  b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/jan/');
  I get the same error. So i can only creaet 1 directory beneath the schv directory
  Any ideas anyone ?

  The Error message is right.
  You need to:
  Ensure the Directory exist in Unix.
  Create the Directory in the Database as SYS.
  Grant Read,Write permission on th DIrectory to DIS
  Grant Java permission on th DIrectory to DIS (using the syntax already shown in the Error message).
  See my example below (10g R1)
  SQL> connect /as sysdba
  Connected.
  SQL> GRANT CONNECT,RESOURCE TO DIS IDENTIFIED BY DIS;
  Grant succeeded.
  SQL> create or replace directory DIS_DOWNLOAD_DIR as '/data/files/vp_docs/schv/2004-2005/month/1';
  Directory created.
  SQL> col DIRECTORY_PATH format a50
  SQL> select * from dba_directories;
  OWNER DIRECTORY_NAME DIRECTORY_PATH
  SYS DIS_DOWNLOAD_DIR /data/files/vp_docs/schv/2004-2005/month/1
  1 row selected.
  SQL> GRANT READ,WRITE ON DIRECTORY "SYS"."DIS_DOWNLOAD_DIR" TO "DIS";
  Grant succeeded.
  SQL> EXECUTE DBMS_JAVA.GRANT_PERMISSION( 'DIS', 'SYS:java.io.FilePermission', '/data/files/vp_docs/schv/2004-2005/jan/1', 'write' )
  2 /
  PL/SQL procedure successfully completed.
  SQL>