Java.security.acl.NotOwnerException when Administration Port is set
I get the NOE, posted below, when I start some of my managed servers, while other managed servers
start fine. After some scrutiny I discover the differences is that in /console, I've set some of my
managed server's Administration Port to that of my admin server, and these are the ones that are
busted! Those that I left as default '0' start up just fine. Hence the question: "What the heck
is the use of this field???"
<Apr 3, 2001 3:12:02 PM PDT> <Info> <WebLogicServer> <IIOP subsystem enabled.>
<Apr 3, 2001 3:12:02 PM PDT> <Emergency> <Server> <Unable to initialize the server: 'Fatal
initialization exception
Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
Gene Chuang
Join Kiko.com!
Ah, I see! The introduction of an "admin server" in 6.0 caused the confusion for me. The
Administration Port is NOT the port number of the admin server!
Gene
"Kumar Allamraju" <[email protected]> wrote in message news:[email protected]...
This is equivalent to weblogic.system.AdministrationPort in 451/510.
In 451/51 if you start WLS server with
java -Dweblogic.system.administrativePort=2000 weblogic.Server
and then executing
D:\releases\510>java weblogic.Admin admin://localhost:2000 VERSION
returns the WLS version.
WebLogic Build: 5.1.0 Service Pack 8 12/20/2000 16:34:54 #95137
Bottom line is, once you set admin port, all admin stuff can be done on admin protocol only.
It appears this is not happening/broken in 6.0 . There's already an engg issue filed on thisproblem.
>
Kumar
Gene Chuang wrote:
I get the NOE, posted below, when I start some of my managed servers, while other managed
servers
start fine. After some scrutiny I discover the differences is that in /console, I've set someof my
managed server's Administration Port to that of my admin server, and these are the ones that are
busted! Those that I left as default '0' start up just fine. Hence the question: "What theheck
is the use of this field???"
<Apr 3, 2001 3:12:02 PM PDT> <Info> <WebLogicServer> <IIOP subsystem enabled.>
<Apr 3, 2001 3:12:02 PM PDT> <Emergency> <Server> <Unable to initialize the server: 'Fatal
initialization exception
Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at
weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at
weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java
:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:894)
at weblogic.management.Admin.start(Admin.java:311)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
Gene Chuang
Join Kiko.com!
Similar Messages
-
Acl.NotOwnerException when starting managed server
I have installed the evaluation version of WL 6.0 and sp1 on Solaris and can run
applications
using the administration server.
I created a new server with the WL console, and then tried to start it as a managed
server,
but I get a java.security.acl.notOwnerException. I start the admin server and
the managed
server using the same user account. When prompted for the boot password, I use
the same
password to start each server.
Is there anything I can change in my setup to get around this problem?
This is the trace of the error:
startManagedWebLogic.sh myserver2 http://localhost:7501
p1= myserver2
p2= http://localhost:7501
LD_LIBRARY_PATH=/private/weblogic/weblogic6.0/wlserver6.0/lib/solaris
<Mar 29, 2001 2:31:16 PM PST> <Info> <Security> <Getting boot password from user.>
Enter password to boot WebLogic server:systempswd
Starting WebLogic Server ....
Connecting to http://localhost:7501...
log file: /private/weblogic/weblogic6.0/wlserver6.0/./myserver2.log
<Mar 29, 2001 2:31:26 PM PST> <Info> <Logging> <Only log messages of severity
"Error" or worse will be displayed in this window. This can be changed at Admin
Console> mydomain> Servers> myserver2> Logging> General> Stdout severity threshold>
<Mar 29, 2001 2:31:26 PM PST> <Emergency> <Server> <Unable to initialize the server:
'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:888)
at weblogic.management.Admin.start(Admin.java:303)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:888)
at weblogic.management.Admin.start(Admin.java:303)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
Thanks in advance for any help.
JoanHi Joan
Go to the Managedserver Confiuration and give the Correct listen Port and SSL.I hope this will help you.
Nagesh Rao
Joan Silverman wrote:
I have installed the evaluation version of WL 6.0 and sp1 on Solaris and can run
applications
using the administration server.
I created a new server with the WL console, and then tried to start it as a managed
server,
but I get a java.security.acl.notOwnerException. I start the admin server and
the managed
server using the same user account. When prompted for the boot password, I use
the same
password to start each server.
Is there anything I can change in my setup to get around this problem?
This is the trace of the error:
startManagedWebLogic.sh myserver2 http://localhost:7501
p1= myserver2
p2= http://localhost:7501
LD_LIBRARY_PATH=/private/weblogic/weblogic6.0/wlserver6.0/lib/solaris
<Mar 29, 2001 2:31:16 PM PST> <Info> <Security> <Getting boot password from user.>
Enter password to boot WebLogic server:systempswd
Starting WebLogic Server ....
Connecting to http://localhost:7501...
log file: /private/weblogic/weblogic6.0/wlserver6.0/./myserver2.log
<Mar 29, 2001 2:31:26 PM PST> <Info> <Logging> <Only log messages of severity
"Error" or worse will be displayed in this window. This can be changed at Admin
Console> mydomain> Servers> myserver2> Logging> General> Stdout severity threshold>
<Mar 29, 2001 2:31:26 PM PST> <Emergency> <Server> <Unable to initialize the server:
'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:888)
at weblogic.management.Admin.start(Admin.java:303)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:91)
at weblogic.security.acl.Realm.getRealm(Realm.java:36)
at weblogic.security.acl.Realm.authenticate(Realm.java:183)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:116)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:429)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:272)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:244)
at weblogic.jndi.Environment.getContext(Environment.java:135)
at weblogic.jndi.Environment.getInitialContext(Environment.java:118)
at weblogic.management.Admin.initializeRemoteAdminHome(Admin.java:888)
at weblogic.management.Admin.start(Admin.java:303)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:331)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
Thanks in advance for any help.
Joan -
Weblogic implementation of java.security.acl.Group
hi guys
Do you know of any specific reason why there isnt a implementation of the
java.security.acl.Group interface in the weblogic jar.
I am trying to create a simple user manager service which uses the mbeans
exposed by weblogic. However the interface I am coding to expects me to return
java.security.acl.Group when I create a Group. This has resulted in a deadlock
as I havent been able to locate a non deprecated implementation.
Thanks
anandYes, you can do this.
Alexandre Vauthey wrote:
Hi,
If I write my own securrity realm, am I able to use my own implementaion of
'java.security.acl.Acl' and 'java.security.acl.AclEntry' or do I have to use
the implementation provided by weblogic ? When Security.checkPermission() is
called, does it solely rely on APIs defined in 'java.security.acl' or does
it really expect to talk to an instance of weblogic 'AclImpl' ?
Thanks, Alexandre.
Alexandre Vauthey
Software Engineer
Application Networks
444 Ramona street
Palo Alto, CA 94301 -
Can I provide my own implementation of java.security.acl.Acl ?
Hi,
If I write my own securrity realm, am I able to use my own implementaion of
'java.security.acl.Acl' and 'java.security.acl.AclEntry' or do I have to use
the implementation provided by weblogic ? When Security.checkPermission() is
called, does it solely rely on APIs defined in 'java.security.acl' or does
it really expect to talk to an instance of weblogic 'AclImpl' ?
Thanks, Alexandre.
Alexandre Vauthey
Software Engineer
Application Networks
444 Ramona street
Palo Alto, CA 94301Yes, you can do this.
Alexandre Vauthey wrote:
Hi,
If I write my own securrity realm, am I able to use my own implementaion of
'java.security.acl.Acl' and 'java.security.acl.AclEntry' or do I have to use
the implementation provided by weblogic ? When Security.checkPermission() is
called, does it solely rely on APIs defined in 'java.security.acl' or does
it really expect to talk to an instance of weblogic 'AclImpl' ?
Thanks, Alexandre.
Alexandre Vauthey
Software Engineer
Application Networks
444 Ramona street
Palo Alto, CA 94301 -
The role of java.security.acl in Java 2 security
I have been trying to assess the role of the java.security.acl package within the Java 2 Security architecture. I have some questions regarding it.
First where in the JVM are the interfaces of java.security.acl used? Are there any examples out there to guide developers in understanding their proper implementation?
What is the relationship between this package and the core security package? There seems to be a Permission interface in the acl sub-package and an abstract Permission class in the core security package. Why is this the case? Why is the core abstract class not used instead of declaring a new Permission interface within the acl subpackage?
Are not PermissionCollections and Permissions analogous to ACLs? If so then wouldn't that fact make the acl subpackage redundant?
JSR 115 tries to bridge the gap between Java 2 Security in the SDK with security in J2EE. Namely enabling the RBAC-like approach to security in J2EE while using the AccessController of the J2SE to do the evalualtion of J2EE (Servlet/EJB) Permissions. Why are the Group and Owner interfaces defined here not leveraged in both JSR 115 and in general for Role Based Access Control?
Could someone give some background on the vision behind creating the acl subpackage and how it relates to the historical progression of security advances in Java security architectures?
Thanks much,
Alex KarasuluI see from the defined interfaces that its an attempt at a formal approach to RBAC. However RBAC can be implemented without it all together using existing J2SE and JAAS based constructs. This does not answer the redundancy question. Could you elaborate a little bit more?
Thanks,
Alex -
Hello world,
To anybody who receives this irritating error in a Java client
application attempting to access Weblogic Server 6.1 (and possibly
weblogic server 6):
javax.naming.AuthenticationException. Root exception is
java.lang.SecurityException: attempting to add an object which is not
an instance of java.security.Principal to a Subject's Principal Set
The cause of your problem is having JAAS explicitly in your classpath.
It somehow messes up authentication to WebLogic. Remove it and your
problem will disappear.
The complete exception was:
javax.naming.AuthenticationException. Root exception is
java.lang.SecurityException: attempting to add an object which is not
an instance of java.security.Principal to a Subject's Principal Set
at javax.security.auth.Subject$SecureSet.add(Subject.java:1098)
at weblogic.common.internal.BootServicesStub.writeUserInfoToSubject(BootServicesStub.java:72)
at weblogic.common.internal.BootServicesStub.authenticate(BootServicesStub.java:80)
at weblogic.security.acl.internal.Security.authenticate(Security.java:108)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:509)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:364)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:336)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:208)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
at javax.naming.InitialContext.init(InitialContext.java:222)
at javax.naming.InitialContext.<init>(InitialContext.java:198)
at au.com.orrcon.orrconcentral.Application.<init>(Application.java:87)
at au.com.orrcon.orrconcentral.Application.getApp(Application.java:52)
at au.com.orrcon.orrconcentral.orrconCentral.<init>(orrconCentral.java:130)
at au.com.orrcon.orrconcentral.orrconCentral.main(orrconCentral.java:219)Steve Wesemeyer <[email protected]> wrote:
I have encountered the same problem and I do not have JAAS on my classpath
at all (unless it's there by default). Are there any other possible
causes for this?
Cheers,
SteveA note to all who read this thread:
I also had to remove Sun's j2ee (version 1.2) from my client's classpath before
the same problem went away. 1 programmer day down the drain....
Regards,
MG -
NotOwnerException When Using DataSource
Hi,
Unless I have something configured wrong, it appears WebLogic restricts the usage of
DataSource to only allowing the getConnection() and not the getConnection(user, pass)
for pooled JDBC connections. Has anyone ever tried configuring a DataSource other
than that supplied by WebLogic? If so, could you please point me in the right direction?
Here's the details:
I have configured a JDBC connection pool and Data Source through the WL Admin Console
(this is not a requirement though). I am connecting to an Oracle 8i database.
Either while I am in the process of getting the connection or once I have grabbed a
connection from the pool, I am wanting to identify myself as a different user to the
database.
I have put the code "Connection con = ds.getConnection( user, pass );" into an EJB
deployed on the WL server. However, it always throws the following error on the client:
Start server side stack trace:
java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:94)
at weblogic.security.acl.Realm.getRealm(Realm.java:39)
at weblogic.security.acl.Realm.authenticate(Realm.java:186)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:236)
at weblogic.security.acl.internal.Security.authenticate(Security.java:136)
at weblogic.security.acl.Security.doAsPrivileged(Security.java:507)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:149)
at test.TestDBBean.getName(TestDBBean.java:88)
at test.TestDBBean_hdmb9c_EOImpl.getName(TestDBBean_hdmb9c_EOImpl.java:46)
at test.TestDBBean_hdmb9c_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:342)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:103)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:313)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:156)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:137)
End server side stack trace
; nested exception is:
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
The user has been defined in WebLogic with full administrator rights and is a valid
user in the database.
If I use "ds.getConnection()" with no arguments, the code works just fine. The
project I'm on needs the performance of a common connection pool and the ability to
track the named user activities within the database.
Any assistance would be greatly appreciated.
Thanks,
BillTry setting up an ACL for the user to reserve from that connection pool. I
know that this should get you by this NotOwnerException, but I do not know
if/how you can really "identify" yourself as a different user to the
database after getting the connection. You maybe able to get better answers
with the database identification on the weblogic.developer.interest.security
newsgroup.
Joseph Nguyen
BEA Support
"Bill R." <[email protected]> wrote in message
news:[email protected]...
Hi,
Unless I have something configured wrong, it appears WebLogic restrictsthe usage of
DataSource to only allowing the getConnection() and not thegetConnection(user, pass)
for pooled JDBC connections. Has anyone ever tried configuring aDataSource other
than that supplied by WebLogic? If so, could you please point me in theright direction?
>
Here's the details:
I have configured a JDBC connection pool and Data Source through the WLAdmin Console
(this is not a requirement though). I am connecting to an Oracle 8idatabase.
>
Either while I am in the process of getting the connection or once I havegrabbed a
connection from the pool, I am wanting to identify myself as a differentuser to the
database.
I have put the code "Connection con = ds.getConnection( user, pass );"into an EJB
deployed on the WL server. However, it always throws the following erroron the client:
>
>
Start server side stack trace:
java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
at weblogic.security.acl.Realm.getRealm(Realm.java:94)
at weblogic.security.acl.Realm.getRealm(Realm.java:39)
at weblogic.security.acl.Realm.authenticate(Realm.java:186)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:236)
atweblogic.security.acl.internal.Security.authenticate(Security.java:136)
at weblogic.security.acl.Security.doAsPrivileged(Security.java:507)
atweblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java
:149)
at test.TestDBBean.getName(TestDBBean.java:88)
attest.TestDBBean_hdmb9c_EOImpl.getName(TestDBBean_hdmb9c_EOImpl.java:46)
at test.TestDBBean_hdmb9c_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:342)
atweblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java
:103)
atweblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:313)
atweblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:3
0)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:156)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:137)
End server side stack trace
; nested exception is:
java.lang.IllegalAccessError: java.security.acl.NotOwnerException
The user has been defined in WebLogic with full administrator rights andis a valid
user in the database.
If I use "ds.getConnection()" with no arguments, the code works just fine.The
project I'm on needs the performance of a common connection pool and theability to
track the named user activities within the database.
Any assistance would be greatly appreciated.
Thanks,
Bill -
NotOwnerException when trying sample RDBMSRealm
Hi,
Currently, i'm using WL6.0 on NT and trying out RDBMSRealm from console. I could make it work the way it is described, but when I try to change any of the permission to any group or user, i get following error msgs. I logged in as a "system" and trying to grant "write" permission (to "disk" ACL) to user "scott" from a console. I get following exceptions... What could be going wrong here ?
Thanks a lot for yr help....
V.S
java.security.acl.NotOwnerException
at weblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:753)
at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
java.lang.InternalError: aclOwner not owner
at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:772)
at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)For the record:
Suresh,
Update on my case....
Having downloaded and configured the latest release of WL server (beta 2), I could successfully test some of our requirements using WL Realm.
As a first step part of an iterative process, I tried creating users, groups and ACLs (Access control lists similar to permission ) , then associated users to groups , granted specific privilege to principals (users/groups) so on... Everything seems to be working fine...
Next, I'll be making it work with RDBMS since right now it uses FileRealm not the databaseRealm. I'll update you on this as I progress...
Thanks a lot for yr continued support...
Regards,
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 4:17 PM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help
Vishal
Nope. Beta refresh is somewhere around mid Nov.
thanks
At 04:09 PM 11/22/00 -0500, [email protected] wrote:
I think, i'm using 6.0 beta. WebLogic Server (6.0.0b1 10/06/2000 22:34:17 >#86762)
b1 signify beta refresh ?
Thanks
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 4:08 PM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help
Hi Vishal
fileRealm is the default realm with WebLogic Server. If an operation fails >on an alternate realm, usually it will failover to the default >Realm(stored in fileRealm.properties). If the failover is not handled >well, the server may throw an exception. I believe the issue of FileRealm >not getting refreshed in the console is fixed in the later loads, I'm not >sure its fixed in Beta refresh though. Are u using beta or beta refresh of >6.0? Will get back to u whether this is available in beta refresh later.
thanks
At 03:48 PM 11/22/00 -0500, you wrote:
Suresh,
Thanks once again.
I could create a user, group and ACLs , ("vshah", "Trader", "Trade > (Buy, >Sell , Buy&Sell permissions) but the changes don't reflect > immediately. I >had to bring down the server and restart it again.
Having looked around , i then found out that this new information > gets >stored in "FileRealm.properties" file (security realm ???) and not > updated >to the database.(cloudscape)
Shouldn't the changes persist to DB ? As per the documentation it says,
A Sample Custom Security Realm
The weblogic.security.rdbmsrealm package in > the >samples/examples/security/rdbmsrealm directory is a custom security > realm >that uses a relational database for its security store. Attached > is a >FileRealm.properties file
Regards,
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 1:41 PM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help
Vishal
This is what I gathered from the developer for the Realm stuff:
RDBMS realm is only partially manageable. The operation supported are:
(1) Users - Create, Delete and Change Password
(2) Groups - Delete, Modify(Create is not supported)
(3) Acls - No operations are supported
Plz let me know if you're having problems with any of the operations > that >are supported.
thanks
At 12:09 PM 11/22/00 -0500, you wrote:
Thanks, See u on Monday.
Have a wondeful thanksgiving.
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 12:11 PM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help
Vishal
I'm sorry. Yes, RDBMS realm is the only manageable realm out of the > four
alternate realms we support. I may not be able to answer your question
today. I'll get back to you with an answer by Monday.
thanks
At 11:54 AM 11/22/00 -0500, you wrote:
Hi Suresh,
There are couple of things going on...
First, I could add user "vshah" with password "vshah", added group"Trader"
and made "vshah" belonging to this group. Then created a new ACL > "Trade"
with two permissions "Buy" and "Sell" and granted
"vshah" to these perm. So far so good.
Next, I tried adding few more users, and followed very similiar > patternas
in the first case to create groups, ACLS and grant permissions to > thesenew
users. But, nothing works. Sometimes, when I grant a permission to anuser,
it immediately reflects on the console and sometimes it doesn't. The
behaviour is not quite consistent. Even I restart the server, i > > don't see
those new users, groups and ACLs.
I'm extracting few lines from a log file that would help....
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090049>
<System user unperson does not exist, creating it.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090044>
<Principal rdoust does not exist thus cannot be added to group > > SuperTFA.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090047>
<Principal jpatel does not exist thus cannot be added to ACL Trade.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090047>
<Principal jpatel does not exist thus cannot be added to ACL Trade.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090047>
<Principal rdoust does not exist thus cannot be added to ACL Trade.>
####<Nov 22, 2000 11:00:25 AM EST> <Warning> <Security> <><examplesServer>
<main> <> <> <090047>
<Principal rdoust does not exist thus cannot be added to ACL Trade.>
For existing ACLs as part of a sample example (RDBMSRealm) , i > couldn't
add/modify/remove any permissions to any users/groups.
I looked at RDBMSRealm source code and it extends"AbstractManageableRealm"
so it should allow changes to the realm.
Thanks again
P.S. Attached pl see the screen dumps and log file...
<<screenshots.zip>> <<weblogic.log>>
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 11:23 AM
To: Shah, Vishal
Subject: RE: NotOwnerException thrown... pl help [Shah, > Vishal]
Vishal
For now modify the table in the database directly. I can keep you
posted
about realm enhancements in the next release if you're interested.
thanks
At 11:16 AM 11/22/00 -0500, you wrote:
Hi,
Thanks for a prompt answer.
You got me right, i'm trying to add/modify/create new ACLs > and > change
permissions to users thro' console.
How would I go about doing this ?
Thanks again...
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
-----Original Message-----
From: Suresh Vallabhaneni [SMTP:[email protected]]
Sent: Wednesday, November 22, 2000 11:16 AM
To: Shah, Vishal
Subject: Re: NotOwnerException thrown... pl help
Hi Vishal
RDBMS Realm is a Listable realm not a Manageable realm, meaning
you
cannot
make any changes to a user, group or acl defined in the RDBMS
Realm. I
guess you're trying to modify the acl defined in the RDBMS > Realmthru
console. You cannot do that thru the console. If this is > not whatyou're
doing and I didnot interpret your problem correctly, plz let me
know.
thanks
At 06:59 PM 11/21/00 -0500, you wrote:
Hi Suresh,
Instead of posting this msg to newgroup, I thought of > addressing
directly
to
u so that I can answer immidiately from a bea person.
Currently, i'm using WL6.0 on NT and trying out RDBMSRealm > from
console.
I
could make it work the way it is described, but when I try to
change
any
of
the permission to any group or user, i get following error > msgs.
I
logged
in
as a "system" and trying to grant "write" permission (to > "disk"
ACL)
to
user "scott" from a console. I get following exceptions... > What
could
be
going wrong here ?
Thanks a lot for yr help....
java.security.acl.NotOwnerException
atweblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
at
weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.ja > va > :753
at
weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java: > 2079)
atweblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.internal.DynamicMBeanImpl.invokeLocally(Dynamic > MB > eanI
mpl
.java:536)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanIm > pl > .jav
a:5
22)
at java.lang.reflect.Method.invoke(Native Method)
at
javax.management.MBeanServer.invoke(MBeanServer.java:1543)
atjavax.management.MBeanServer.invoke(MBeanServer.java:1501)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
atweblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
atweblogic.management.configuration.AclMBean_CachingStub.grantPermiss > io > n(Ac
lMB
ean_CachingStub.jav
at
weblogic.management.console.pages._panels._mbean._aclpermissiontabl > e. > _jsp
Ser
vice(_aclpermission
at > > weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStub > Im > pl.j
ava
:209)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebApp > Se > rvle
tCo
ntext.java:1114)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequest > Im > pl.j
ava
:1388)
at
weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at
weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
java.lang.InternalError: aclOwner not owner
atweblogic.security.acl.internal.FileRealm.setPermission(FileRealm.ja > va > :772
at
weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java: > 2079)
atweblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
atweblogic.management.internal.DynamicMBeanImpl.invokeLocally(Dynamic > MB > eanI
mpl
.java:536)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanIm > pl > .jav
a:5
22)
at java.lang.reflect.Method.invoke(Native Method)
at
javax.management.MBeanServer.invoke(MBeanServer.java:1543)
atjavax.management.MBeanServer.invoke(MBeanServer.java:1501)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
atweblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
atweblogic.management.configuration.AclMBean_CachingStub.grantPermiss > io > n(Ac
lMB
ean_CachingStub.jav
at
weblogic.management.console.pages._panels._mbean._aclpermissiontabl > e. > _jsp
Ser
vice(_aclpermission
at > > weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStub > Im > pl.j
ava
:209)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebApp > Se > rvle
tCo
ntext.java:1114)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequest > Im > pl.j
ava
:1388)
at
weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at
weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
Vishal Shah
EBS Dealing Resources
Hazelnut Development
Parsippany
* 1.973.257.6904
"Suresh Vallabhaneni" <[email protected]> wrote:
>
Vishal
I'm sorry. Yes, RDBMS realm is the only manageable realm out of the four alternate realms we support. I may not be able to answer your question today. I'll get back to you with an answer by Monday.
thanks
"Suresh Vallabhaneni" <[email protected]> wrote:
Hi Vishal
RDBMS Realm is a Listable realm not a Manageable realm, meaning you cannot make any changes to a user, group or acl defined in the RDBMS Realm. I guess you're trying to modify the acl defined in the RDBMS Realm. You cannot do that thru the console. If this is not what you're doing and I didnot interpret your problem correctly, plz let me know.
thanks
"V Shah" <[email protected]> wrote:
Hi,
Currently, i'm using WL6.0 on NT and trying out RDBMSRealm from console. I could make it work the way it is described, but when I try to change any of the permission to any group or user, i get following error msgs. I logged in as a "system" and trying to grant "write" permission (to "disk" ACL) to user "scott" from a console. I get following exceptions... What could be going wrong here ?
Thanks a lot for yr help....
V.S
java.security.acl.NotOwnerException
at weblogic.security.acl.AclImpl.removeEntry(AclImpl.java:245)
at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:753)
at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116)
java.lang.InternalError: aclOwner not owner
at weblogic.security.acl.internal.FileRealm.setPermission(FileRealm.java:772)
at weblogic.security.acl.CachingRealm.setPermission(CachingRealm.java:2079)
at weblogic.management.mbeans.custom.Acl.grantPermission(Acl.java:69)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:536)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:522)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.MBeanServer.invoke(MBeanServer.java:1543)
at javax.management.MBeanServer.invoke(MBeanServer.java:1501)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:386)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:168)
at $Proxy60.grantPermission(Unknown Source)
at weblogic.management.configuration.AclMBean_CachingStub.grantPermission(AclMBean_CachingStub.jav
at weblogic.management.console.pages._panels._mbean._aclpermissiontable._jspService(_aclpermission
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:209)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:1114)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:1388)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:133)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:116) -
ClassCastException: weblogic.security.acl.internal.FileRealm
Hi,
I am trying to create new user through the CachingRealm.newUser(?,?,?) method..What
I do is -
weblogic.security.acl.BasicRealm baseRealm =
(weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
baseRealm;
However it is not able to classcast to CachingRealm , it gives the exception -
java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
Do I need to do anything else ?
ThxHi Kumar,
I took a look at config.xml
Looks like you do not have an alternate realm hooked into WebLogic and that is the
source of the problem.
If you try to cast anything to CachingRealm and call methods on it, when you don't have
an alternate realm, then the cast will fail with ClassCastException.
For example, take a look at the very, very simple JSP code
<%@ page import="
import java.util.*,
import weblogic.common.*,
import javax.servlet.*,
import javax.servlet.http.*,
import java.io.*,
import weblogic.security.*,
import weblogic.security.acl.User,
import weblogic.security.acl.Security,
import weblogic.security.acl.Realm,
import weblogic.security.acl.CachingRealm,
import weblogic.security.acl.*,
import java.security.acl.*,
import java.security.acl.Permission,
import java.security.Principal,
import javax.servlet.http.*,
import weblogic.html.*,
import weblogic.common.internal.WLColor
"%>
<%
response.setContentType("text/html");
BasicRealm basicRealm = Security.getRealm();
try {
((CachingRealm) basicRealm).clearCaches();
} catch (ClassCastException ce) {
out.println("There is a class cast.. getRealm ain't no returned a
CachingRealm");
out.println("This probably means that you don't have a pluggable realm hooked
into WebLogic.");
out.println("No pluggable Realm = no Cachingrealm!");
%>
This JSP will give you a class cast if you do not have some alternate realm hooked up
(LDAP, NTREalm, UnixRealm, RDBMSRealm)
But will work just fine if you do have an alternate realm hooked up .
I think that this is what you are seeing.
Hope this helps
Joe Jerry
kumar wrote:
Hi Jerry,
Thanks for your response.
I have attached my config.xml . It is a very small config.xml with all the default
configurations. Please look at it ..
Thx
Jerry <[email protected]> wrote:
Hi Kumar,
Do you have an alternate realm hooked into WebLogic (LDAP, UNIXrealm,
NTRealm,
CustomRealm)?
Thanks,
Joe Jerry
kumar wrote:
Hi,
I am trying to create new user through the CachingRealm.newUser(?,?,?)method..What
I do is -
weblogic.security.acl.BasicRealm baseRealm =
(weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
baseRealm;
However it is not able to classcast to CachingRealm , it gives theexception -
java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
Do I need to do anything else ?
Thx
Name: config.xml
config.xml Type: XML Document (text/xml)
Encoding: base64 -
NoRoutetoHostException on installing Java Security Config Assistant in 10G
Hi
I am trying to install the infrastructure for Oracle 10G AS 9.0.4 on Red Hat Linux 2.1 Advanced Server. The installation proceeds smoothly upto the time that I have to install the Java Security Configuration Assistant when it throws the No Route to Host Exception. No clue in logs either. Please hellllllllllllllppppppp!!!!Hi Sayali!
Check if you network cfg is ok before you start the installation.
What works with me is:
a) Check /etc/hosts
first entry should be
- insert your ip address --
192.168.1.2 yourmachine.yourdomain.com machine
127.0.0.1 localhost
b) in /etc/sysctl.conf
kernel.domainname = yourdomain.com
execute as root sysctl -p
c) Set /etc/nsswitch.conf to use files for names resoultion
d) if you use dns make sure that you receive the right answer for your name and ip address
e) make sure that the firewall on the RH machine is off (iptables)
cu
Andreas -
jaas sample progrma in weblogic 6.1 giving the following error java.lang.SecurityException:
attempting to add an object which is not an instance of java.security.Principal
to a Subjec
on runnig the program during the call of method Authenticate.authenticate(env,
subject); giving following exceptions Error: Login Exception on authenticate,
java.lang.SecurityException: attempting to add an object which is not an instance
of java.security.Principal to a Subjec t's Principal Set Authentication Failed:
Unexpected Exception, javax.security.auth.login.LoginExce ption: java.lang.SecurityException:
attempting to add an object which is not an instance of java.security.Principal
to a Subject's Principal Set javax.security.auth.login.LoginException: javax.security.auth.login.LoginExcepti
on: java.lang.SecurityException: attempting to add an object which is not an ins
tance of java.security.Principal to a Subject's Principal Set at examples.security.jaas.SampleLoginModule.login(SampleLoginModule.java
:192) at java.lang.reflect.Method.invoke(Native Method) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 25) at
javax.security.auth.login.LoginContext$3.run(LoginContext.java:531) at java.security.AccessController.doPrivileged(Native
Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java
:528) at javax.security.auth.login.LoginContext.login(LoginContext.java:449) at
examples.security.jaas.SampleClient.main(SampleClient.java:96)
1)what is the reason for this problem
2)in weblogic document they told to edit server.policy file in webligic\lib folder
a)what the modification is needed in this file..?Hi jerry
i already got that problem solved by removing jaas.jar file
from class path.
i don'nt how it is working with out in classpath...?
Jerry <[email protected]> wrote:
Hi Nivas,
I think that the problem you are seeing has something to do with the
placement of jaas.jar in your classpath
On WebLogic server, put jaas.jar in the classpath after weblogic.jar.
I would bet that you have it placed before weblogic.jar right now.
I don't think the exception that you're seeing right now has anything
to do with your weblogic.policy file right now, so I think it is
safe to not worry about it right now.
Hope this helps,
Joe Jerry -
How to monitor WebLogic Server when enable the Administration Port
It works fine when use Listenport 7001, but when enable the Administration Port(9002), it does not work.
Maybe I should do something to set the system environment property, but how?
help~
Sorry for my poor English~
Thanks~HI,
If the admin port is enabled then you have to use these parameters to run any scripts
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.TrustKeyStore=DemoTrust
-The you can use Admin URL: t3s://localhost:9002 with Admin Port and Secure Protocol.
Example:
java -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=DemoTrust weblogic.WLST application_status.py
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3s://localhost:9002 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_7001'.
.Regards,
Ravish Mody
http://middlewaremagic.com/weblogic
Come, Join Us and Experience The Magic… -
When deploying BPEL Process through JDeveloper java.security.AccessControlE
1.) Navigated to the Connections tab of JDeveloper 10.1.3.2.
2.) Under the Application Server node, created a new Application Server
connection, provided the relevant information on Type, Authentication
& Connection's tab.
3.) On Authentication Tab, provided the username as oc4jadmin.
The password was not modified.
4.) On the Test Tab after clicking on Test Connection,
the connection was created successfully.
5.) Under the Integration Server node,created a new Integration Server
connection, provided the relevant information on Name & Connection
Tab's.
6.) On the Test Tab after clicking on Test Connection,
the connection was created successfully.
7.) Went to the Applications Navigator tab of JDeveloper 10.1.3.2.
8.) Here a simple BPEL Process was created.
9.) When trying to deploy the BPEL Process through JDeveloper,
the below exception was thrown.
We are using Oracle's SOA Suite 10.1.3.1 :-
Buildfile: C:\TerminationDevelopment\TerminationProcess\build.xml
validateTask:
[echo]
| Validating
workflow
[validateTask] url is file:/C:/JDevStudioBaseDevelopment/integration/bpm/support/files/WorkflowTaskDef
inition.xsd
[validateTask] url is file:/C:/JDevStudioBaseDevelopment/integration/bpm/support/files/WorkflowTaskDef
inition.xsd
[validateTask] url is file:/C:/JDevStudioBaseDevelopment/integration/bpm/support/files/WorkflowTaskDef
inition.xsd
[validateTask] url is file:/C:/JDevStudioBaseDevelopment/integration/bpm/support/files/WorkflowTaskDef
inition.xsd
[validateTask] Validation of workflow task definitions is completed without errors
deployProcess:
[echo]
| Deploying bpel process TerminationProcess on 172.16.100.85, port
7778
[deployProcess] Deploying process C:\TerminationDevelopment\TerminationProcess\output\bpel_TerminationProcess_1.1.
jar
BUILD FAILED
C:\TerminationDevelopment\TerminationProcess\build.xml:79: A problem occured while connecting to server "172.16.100.85" using port "7778":
java.security.AccessControlException: access denied
(com.collaxa.security.DomainPermission default read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264
at java.security.AccessController.checkPermission(AccessController.java:427)
at com.collaxa.security.OC4JSecurityService.checkAccess(OC4JSecurityService.java:16
at com.collaxa.security.SecurityService.checkDomainAccess(SecurityService.java:26)
Text continued in next action...Hello
I have the same problem , please see the solution if you have fixed that.
Thanks -
Java.security.AccessControlException when calling web service from applet
I have an applet that calls a webservce (Xmethods' delayed stock quote service). When I run the applet in appletviewer, I get the following:
[SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.security.AccessControlException: access denied (java.net.SocketPermission 66.28.98.121:9090 connect,resolve); targetException=java.lang.IllegalArgumentException:
Error opening socket: java.security.AccessControlException:
access denied
etc.....
My code works fine as an application, but not as an applet. (This was after I eventually had to extract the necessary SOAP .jar files into the same directory as my applet, but that's another topic...or maybe not?)
Help!
Regards,
John KirkseyThe default security settings does not give an applet to connect to any other server apart from the one from which it was downloaded. This is your problem. To mitigate that you have to change the security setting of the applet conatiner i.e the JVM in the browser.
Ironluca -
Java.security.AccessControlException when executing java from the DB
Hello
I'm running a Oracle 10.1.0.3.0 on Linux
I'm having trouble with executing some java code from the DB.
I created following java stored procedure used to create the directory given by the parameter
package be.vlaamsparlement.dis.os_commands;
import java.io.*;
import java.lang.*;
import java.sql.*;
import java.util.*;
public class ManageOSDirectory {
public static String createDir(String directoryName) throws Exception
if ((new File(directoryName)).mkdirs())
{ return ("TRUE");}
else
{ return ("FALSE");}
Wrapped it in a pl/sql procedure an execute it as follows under DB schema DIS :
begin
declare
b boolean;
begin
b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/jan/1/');
end;
end;
Where /data/files/vp_docs/schv/ already exist, so the proc needs to create the direcories '2004-2005', 'jan' and '1'
this gives me following error :
ORA-29532: Java call terminated by uncaught Java exception: java.security.AccessControlException:
the Permission (java.io.FilePermission /data/files/vp_docs/schv/2004-2005/month/1 write) has not been granted to DIS.
The PL/SQL to grant this is dbms_java.grant_permission( 'DIS', 'SYS:java.io.FilePermission', '/data/files/vp_docs/schv/2004-2005/jan/1', 'write' )
I can't give this permission as the given directory does not yet exist. File permissions on os are ok and when i execute
the code on the os (not from the DB) it works fine.
This also worked on a Windows 10G DB without any extra grants.
Also, i can execute the followint
b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/');
but if i then execute
b := pck$os_commands.CreateDir('/data/files/vp_docs/schv/2004-2005/jan/');
I get the same error. So i can only creaet 1 directory beneath the schv directory
Any ideas anyone ?The Error message is right.
You need to:
Ensure the Directory exist in Unix.
Create the Directory in the Database as SYS.
Grant Read,Write permission on th DIrectory to DIS
Grant Java permission on th DIrectory to DIS (using the syntax already shown in the Error message).
See my example below (10g R1)
SQL> connect /as sysdba
Connected.
SQL> GRANT CONNECT,RESOURCE TO DIS IDENTIFIED BY DIS;
Grant succeeded.
SQL> create or replace directory DIS_DOWNLOAD_DIR as '/data/files/vp_docs/schv/2004-2005/month/1';
Directory created.
SQL> col DIRECTORY_PATH format a50
SQL> select * from dba_directories;
OWNER DIRECTORY_NAME DIRECTORY_PATH
SYS DIS_DOWNLOAD_DIR /data/files/vp_docs/schv/2004-2005/month/1
1 row selected.
SQL> GRANT READ,WRITE ON DIRECTORY "SYS"."DIS_DOWNLOAD_DIR" TO "DIS";
Grant succeeded.
SQL> EXECUTE DBMS_JAVA.GRANT_PERMISSION( 'DIS', 'SYS:java.io.FilePermission', '/data/files/vp_docs/schv/2004-2005/jan/1', 'write' )
2 /
PL/SQL procedure successfully completed.
SQL>
Maybe you are looking for
-
ADE 4.0.1 and Windows 8.1
Is Adobe 4.0.1 compatible with Windows 8.1? The highest Windows-version on the Adobe-website, that I have found for ADE 4.0.1 is: 7. Can't find anything about ADE 4 and W8.1. thx Willem
-
1.PerfLogs, 2.Program Files, 3.ProgramData, 4.Users, 5.Windows and 6.autoexec These were the six folders listed inside windows.old folder. I tried to paste a snapshot of that folder, but I don't know how..
-
Number of iterations is not defined in file
My environment HP Performance Center PC Standalone Edition 11.52.341Internal Components BuildOTA Client 11.52.341.0 User Interface 11.52.341.0 WebGate Client 11.52.341.0 Test Run Scheduler 11.52.341.0 Site Administration Client Not Available Sprinter
-
After burning 500 pictures to a CD I found out that iPhoto created different files on the CD for all of the pictures that I edited. One file was original photos, another was modified photos and a third file was named data. I discovered this when I vi
-
I updated my 4s to iOS 6, and my photos were fine. A week later, and my photos have disappeared, though the album names are there. (I don't have access to a PC, so I can't use the iExplorer trick to find the photo files.) All of my photos exist on