Javax.security.auth.Subject and weblogic.security.acl.User
Hello,
We are trying to move some old authentication code (Weblogic 5.1) to JAAS
which comes with Weblogic 6.1. Here is my problem:
I can succesfully authenticate the Subject through my RDBMS Realm. But then, the rest of my code uses weblogic.security.acl.User
and not javax.security.auth.Subject for authorization and other tasks. So, how can I extract weblogic.security.acl.User from javax.security.auth.Subject?
I tried subject.getPrincipals(), since User indirectly implements Principal, but it comes back empty.
Any suggestions?
Hello,
We are trying to move some old authentication code (Weblogic 5.1) to JAAS
which comes with Weblogic 6.1. Here is my problem:
I can succesfully authenticate the Subject through my RDBMS Realm. But then, the rest of my code uses weblogic.security.acl.User
and not javax.security.auth.Subject for authorization and other tasks. So, how can I extract weblogic.security.acl.User from javax.security.auth.Subject?
I tried subject.getPrincipals(), since User indirectly implements Principal, but it comes back empty.
Any suggestions?
Similar Messages
-
Weblogic.security.acl.User extends java.security.Identity which is deprecated
I have been developing a custom realm for WLS5.1 and I discovered that the
weblogic classes seem to be based on JDK1.1 classes some of which
have been deprecated (e.g. java.security.Identity). I checked the docs
for WLS6.0 and it also uses the same classes.
When do you (BEA) intend to bring the weblogic security classes up
to date? JDK 1.2 has been out for a LONG time!The WLS security group is currently looking into this.
-Nelson -
ClassCastException: weblogic.security.acl.internal.FileRealm
Hi,
I am trying to create new user through the CachingRealm.newUser(?,?,?) method..What
I do is -
weblogic.security.acl.BasicRealm baseRealm =
(weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
baseRealm;
However it is not able to classcast to CachingRealm , it gives the exception -
java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
Do I need to do anything else ?
ThxHi Kumar,
I took a look at config.xml
Looks like you do not have an alternate realm hooked into WebLogic and that is the
source of the problem.
If you try to cast anything to CachingRealm and call methods on it, when you don't have
an alternate realm, then the cast will fail with ClassCastException.
For example, take a look at the very, very simple JSP code
<%@ page import="
import java.util.*,
import weblogic.common.*,
import javax.servlet.*,
import javax.servlet.http.*,
import java.io.*,
import weblogic.security.*,
import weblogic.security.acl.User,
import weblogic.security.acl.Security,
import weblogic.security.acl.Realm,
import weblogic.security.acl.CachingRealm,
import weblogic.security.acl.*,
import java.security.acl.*,
import java.security.acl.Permission,
import java.security.Principal,
import javax.servlet.http.*,
import weblogic.html.*,
import weblogic.common.internal.WLColor
"%>
<%
response.setContentType("text/html");
BasicRealm basicRealm = Security.getRealm();
try {
((CachingRealm) basicRealm).clearCaches();
} catch (ClassCastException ce) {
out.println("There is a class cast.. getRealm ain't no returned a
CachingRealm");
out.println("This probably means that you don't have a pluggable realm hooked
into WebLogic.");
out.println("No pluggable Realm = no Cachingrealm!");
%>
This JSP will give you a class cast if you do not have some alternate realm hooked up
(LDAP, NTREalm, UnixRealm, RDBMSRealm)
But will work just fine if you do have an alternate realm hooked up .
I think that this is what you are seeing.
Hope this helps
Joe Jerry
kumar wrote:
Hi Jerry,
Thanks for your response.
I have attached my config.xml . It is a very small config.xml with all the default
configurations. Please look at it ..
Thx
Jerry <[email protected]> wrote:
Hi Kumar,
Do you have an alternate realm hooked into WebLogic (LDAP, UNIXrealm,
NTRealm,
CustomRealm)?
Thanks,
Joe Jerry
kumar wrote:
Hi,
I am trying to create new user through the CachingRealm.newUser(?,?,?)method..What
I do is -
weblogic.security.acl.BasicRealm baseRealm =
(weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
baseRealm;
However it is not able to classcast to CachingRealm , it gives theexception -
java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
Do I need to do anything else ?
Thx
Name: config.xml
config.xml Type: XML Document (text/xml)
Encoding: base64 -
Using javax.security.auth.LoginContext to generate a renewable ticket
Hi,
I tired to use javax.security.auth.LoginContext (with kerberos) to generate a forwardable and renewable ticket. With this ticket I authenticate the user at an other server.
My problem is, that the code generates a forwardable ticket, but not a renewable one. If I use the kinit (console tool) I am able to generate a renewable one.
Here is the JAVA-code:
System.setProperty("sun.security.krb5.debug","true");
System.setProperty("java.security.krb5.conf", "krb5.conf");
System.setProperty("java.security.auth.login.config", "login.conf");
lc = new LoginContext("SampleCXF",new LoginGuiCallbackHandler());
try {
lc.login();
}catch(Exception e) {
e.printStackTrace();
System.exit(1);
Subject subject = lc.getSubject();
KerberosTicket kt = (KerberosTicket) subject.getPrivateCredentials().iterator().next();
System.out.println(kt);
Subject.doAsPrivileged(subject, new PrivilegedAction<byte[]>() {
@Override
public byte[] run() {
try {
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(TestService.class);
factory.setAddress("https://server.at/TestProjektServer/services/TestService");
TestService client = (TestService) factory.create();
String message = client.service1("param service 1");
//String message = client.service1("param service 1");
}catch(Exception e) {
e.printStackTrace();
return null;
}, null);
the login.conf contains:
SampleCXF {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true debug=true renewTGT=true doNotPront=true;
the krb5.conf contains:
[libdefaults]
default_realm = TESTREALM
kinit = {
forwardable = true
proxiable = true
renew_lifetime = 5d 0h 0m 0s
[realms]
TESTREALM = {
kdc = aba.hostingcenter.uclv.net
admin_server = aba.hostingcenter.uclv.net
[domain_realm]
*.test.net = TESTREALM
.test.net = TESTREALM
[logging]
default = FILE:/var/log/kdc.log
kdc = FILE:/var/log/kdc.log
[appdefaults]
pam = {
renewable = true
forwardable = true
renew_lifetime = 5d 0h 0m 0s
If I use my client principal and password a ticket will be generated. This ticket is not renewable!!
If I use the ticket cache (kinit -r, and kinit -R), a renewable ticket was loaded. On the server side the forwarded ticket is not renewable. It seams that the client generates a new ticket with the forwarded flag, but the renewable flag is not set.
does anyone have an idea?
Thanks a lot
Ludi
Edited by: user6714014 on Dec 13, 2011 7:34 AMnobody knows?
-
Authentication Failed: User xelsysadm javax.security.auth.login.FailedLogin
Hi All,
I have an critical ssue to be solved on Production environemt :(,
we have oim installed on cluster in production(OIM11g installed on server ), the configuration is as mentioned below
cluster 1--oim1,soa1--server1--holds admin server
cluster 2--oim2,soa2--server2--managed server and no admin server
This instance was working fine, we had to restart the server machine for some reason and i am not able to start OIM server :( after that.
following is the exception i get when i start the OIM server , Please help :(
2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFApplicationLifecycleListener.preStop. Cleaning up Application caches.
[2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Clean up Application Caches
[2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[*2011-05-13T13:42:30.193+05:30] [wls_oim1] [ERROR] [] [OIM Authenticator] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Error while retrieving user xelsysadm*
*[2011-05-13T13:42:30.224+05:30] [wls_oim1] [ERROR] [IAM-0020011] [oracle.iam.platform.auth.client] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Login Exception encountered when trying to login as admin {0}[[*
*javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied*
at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:62)
at oracle.iam.platform.OIMClient.login(OIMClient.java:134)
at oracle.iam.platform.OIMClient.login(OIMClient.java:114)
at oracle.iam.platform.OIMInternalClient.loginAsAdmin(OIMInternalClient.java:69)
at oracle.iam.scheduler.impl.util.SchedulerUtil.getSchedulerService(SchedulerUtil.java:735)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.resetRunningJobStatus(SchedulerStartupServlet.java:247)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.stopScheduler(SchedulerStartupServlet.java:123)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.destroy(SchedulerStartupServlet.java:261)
at weblogic.servlet.internal.StubSecurityHelper$ServletDestroyAction.run(StubSecurityHelper.java:303)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.StubSecurityHelper.destroyServlet(StubSecurityHelper.java:81)
at weblogic.servlet.internal.StubLifecycleHelper.destroyOneInstance(StubLifecycleHelper.java:144)
at weblogic.servlet.internal.StubLifecycleHelper.destroy(StubLifecycleHelper.java:134)
at weblogic.servlet.internal.ServletStubImpl.destroy(ServletStubImpl.java:438)
at weblogic.servlet.internal.WebAppServletContext.destroyServlets(WebAppServletContext.java:3232)
at weblogic.servlet.internal.WebAppServletContext.destroy(WebAppServletContext.java:3192)
at weblogic.servlet.internal.ServletContextManager.destroyContext(ServletContextManager.java:241)
at weblogic.servlet.internal.HttpServer.unloadWebApp(HttpServer.java:461)
at weblogic.servlet.internal.WebAppModule.destroyContexts(WebAppModule.java:1540)
at weblogic.servlet.internal.WebAppModule.deactivate(WebAppModule.java:513)
at weblogic.application.internal.flow.ModuleStateDriver$2.previous(ModuleStateDriver.java:389)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.flow.ModuleStateDriver.deactivate(ModuleStateDriver.java:141)
at weblogic.application.internal.flow.ScopedModuleDriver.deactivate(ScopedModuleDriver.java:207)
at weblogic.application.internal.flow.ModuleListenerInvoker.deactivate(ModuleListenerInvoker.java:261)
at weblogic.application.internal.flow.DeploymentCallbackFlow$2.previous(DeploymentCallbackFlow.java:538)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:182)
at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:175)
at weblogic.application.internal.BaseDeployment$2.previous(BaseDeployment.java:1281)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.BaseDeployment.deactivate(BaseDeployment.java:453)
at weblogic.application.internal.EarDeployment.deactivate(EarDeployment.java:58)
at weblogic.application.internal.DeploymentStateChecker.deactivate(DeploymentStateChecker.java:199)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.deactivate(AppContainerInvoker.java:98)
at weblogic.deploy.internal.targetserver.BasicDeployment.deactivate(BasicDeployment.java:263)
at weblogic.deploy.internal.targetserver.BasicDeployment.deactivateFromServerLifecycle(BasicDeployment.java:458)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doDeactivate(DeploymentAdapter.java:74)
at weblogic.management.deploy.internal.DeploymentAdapter.deactivate(DeploymentAdapter.java:215)
at weblogic.management.deploy.internal.AppTransition$6.transitionApp(AppTransition.java:67)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.deactivate(ConfiguredDeployments.java:199)
at weblogic.management.deploy.internal.ConfiguredDeployments.undeploy(ConfiguredDeployments.java:191)
at weblogic.management.deploy.internal.DeploymentServerService.shutdownApps(DeploymentServerService.java:195)
at weblogic.management.deploy.internal.DeploymentServerService.shutdownHelper(DeploymentServerService.java:127)
at weblogic.application.ApplicationShutdownService.stop(ApplicationShutdownService.java:106)
at weblogic.t3.srvr.ServerServicesManager.stopInternal(ServerServicesManager.java:495)
at weblogic.t3.srvr.ServerServicesManager.stop(ServerServicesManager.java:316)
at weblogic.t3.srvr.T3Srvr.shutdown(T3Srvr.java:1036)
at weblogic.t3.srvr.T3Srvr.gracefulShutdown(T3Srvr.java:939)
at weblogic.t3.srvr.GracefulShutdownRequest.run(GracefulShutdownRequest.java:41)
at weblogic.work.ContextWrap.run(ContextWrap.java:41)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Thanks in advanceAgreed with all above pointers.
I think you have to raise SR with oracle, because it is prod environment.
If you still want to do some R&D.
1. Also check this URL might help, but not sure.
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAJCEEF
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAEFAGF
2. Restart all servers (along with Admin server and DB). -
NotSerializableException: javax.security.auth.login.LoginContext
Hi,
I'm using the JAAS-API for a JDBC-based user login procedure.
Although it worked fine for months, suddenly it doesn't work anymore (i.e., after user enters name+password and clicks login-button, nothing happens besides the browser bottom line 'waiting for localhost'). I tried to debug this, but then Creator always crashed.
I just looked inside the server-log-files and found the following exception stack trace. It was stored in the files during every login procedure.
Because it worked fine before, this issue probably is not critical and could be solved by reinstalling Creator, but anyway I would greatly appreciate, if someone would have an idea what the problem is.
Regards,
Felix
[#|2006-07-10T17:41:50.494+0200|INFO|sun-appserver-pe8.2|org.apache.catalina.session.ManagerBase|_ThreadID=17;|Cannot serialize session attribute SessionBean1 for session 5918037189ed39ffffffffc4ba0330aded7d1
java.io.NotSerializableException: javax.security.auth.login.LoginContext
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1075)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1369)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1341)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1284)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1073)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:291)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1775)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:985)
at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:543)
at org.apache.catalina.session.StandardManager.unload(StandardManager.java:482)
at org.apache.catalina.session.StandardManager.stop(StandardManager.java:711)
at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4675)
at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:956)
at com.sun.enterprise.web.WebContainer.unloadWebModule(WebContainer.java:2122)
at com.sun.enterprise.server.WebModuleDeployEventListener.moduleUndeployed(WebModuleDeployEventListener.java:198)
at com.sun.enterprise.server.WebModuleDeployEventListener.moduleUndeployed(WebModuleDeployEventListener.java:278)
at com.sun.enterprise.admin.event.AdminEventMulticaster.invokeModuleDeployEventListener(AdminEventMulticaster.java:920)
at com.sun.enterprise.admin.event.AdminEventMulticaster.handleModuleDeployEvent(AdminEventMulticaster.java:905)
at com.sun.enterprise.admin.event.AdminEventMulticaster.processEvent(AdminEventMulticaster.java:427)
at com.sun.enterprise.admin.event.AdminEventMulticaster.multicastEvent(AdminEventMulticaster.java:139)
at com.sun.enterprise.admin.server.core.DeploymentNotificationHelper.multicastEvent(DeploymentNotificationHelper.java:288)
at com.sun.enterprise.deployment.phasing.DeploymentServiceUtils.multicastEvent(DeploymentServiceUtils.java:155)
at com.sun.enterprise.deployment.phasing.ServerDeploymentTarget.sendStopEvent(ServerDeploymentTarget.java:283)
at com.sun.enterprise.deployment.phasing.StopPhase.runPhase(StopPhase.java:126)
at com.sun.enterprise.deployment.phasing.DeploymentPhase.executePhase(DeploymentPhase.java:71)
at com.sun.enterprise.deployment.phasing.PEDeploymentService.executePhases(PEDeploymentService.java:639)
at com.sun.enterprise.deployment.phasing.PEDeploymentService.stop(PEDeploymentService.java:409)
at com.sun.enterprise.deployment.phasing.PEDeploymentService.stop(PEDeploymentService.java:444)
at com.sun.enterprise.admin.mbeans.ApplicationsConfigMBean.stop(ApplicationsConfigMBean.java:725)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.sun.enterprise.admin.MBeanHelper.invokeOperationInBean(MBeanHelper.java:305)
at com.sun.enterprise.admin.config.BaseConfigMBean.invoke(BaseConfigMBean.java:360)
at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
at sun.reflect.GeneratedMethodAccessor25.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.sun.enterprise.admin.util.proxy.ProxyClass.invoke(ProxyClass.java:54)
at $Proxy1.invoke(Unknown Source)
at com.sun.enterprise.admin.server.core.jmx.SunoneInterceptor.invoke(SunoneInterceptor.java:272)
at com.sun.enterprise.admin.jmx.remote.server.callers.InvokeCaller.call(InvokeCaller.java:38)
at com.sun.enterprise.admin.jmx.remote.server.MBeanServerRequestHandler.handle(MBeanServerRequestHandler.java:92)
at com.sun.enterprise.admin.jmx.remote.server.servlet.RemoteJmxConnectorServlet.processRequest(RemoteJmxConnectorServlet.java:69)
at com.sun.enterprise.admin.jmx.remote.server.servlet.RemoteJmxConnectorServlet.doPost(RemoteJmxConnectorServlet.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
at sun.reflect.GeneratedMethodAccessor82.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:132)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:189)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.doProcess(ProcessorTask.java:604)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:475)
at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:371)
at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:264)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:281)
at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:83)
|#]just to make it clearer, the important Exception seems to be the following line:
java.io.NotSerializableException: javax.security.auth.login.LoginContext
The first thought of mine was to add an implements Serializable to the class, but that's not possible, because the class is read-only.
So does anyone know, how this could be solved? -
Javax.security.auth.login.LoginException: No LoginModules configured
Hi all,
I am trying out the implementation of custom login module with a j2ee web application.
I followed this<a href="http://help.sap.com/saphelp_nw04/helpdata/en/b9/9482887ddb3e47bd1a738c3e900195/frameset.htm">link</a>to create the login module.
When i run the application i get the error-
javax.security.auth.login.LoginException: No LoginModules configured for MyLoginModule.
This exception is pointing to my servlet where i've written the code-
LoginContext lc = new LoginContext("MyLoginModule");
try {
// start authentication
lc.login();
// user authenticated successfully
} catch (LoginException le) {
throw new Exception("Error authenticating user");
where <i>MyLoginModule</i> is the name of the custom login module i have implemented and registered in the security provider!
Message was edited by:
swarnadeepika subramanianHi,
this is the code in my login module class-
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
this.callbackHandler = callbackHandler;
this.subject = subject;
this.sharedState = sharedState;
this.options = options;
this.successful = false;
this.nameSet = false;
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[1];
callbacks[0] = new HttpGetterCallback();
((HttpGetterCallback) callbacks[0]).setType(HttpCallback.REQUEST_PARAMETER);
((HttpGetterCallback) callbacks[0]).setName("username");
try {
callbackHandler.handle(callbacks);
} catch (UnsupportedCallbackException e) {
return false;
} catch (IOException e) {
throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
//Returns an array of all request parameters with name "user_name".
String[] requestParameters = (String[]) ((HttpGetterCallback) callbacks[0]).getValue();
if ((requestParameters != null) && requestParameters.length > 0) {
userName = requestParameters[0];
if (userName == null) {
throwNewLoginException("No user name provided.");
try {
refreshUserInfo(userName);
} catch (SecurityException e) {
throwUserLoginException(e);
String prefix = (String) options.get("user_name_prefix");
if ((prefix != null) && !userName.startsWith(prefix))
throwNewLoginException("The user is not trusted.");
if (sharedState.get(AbstractLoginModule.NAME) == null) {
sharedState.put(AbstractLoginModule.NAME, userName);
nameSet = true;
successful = true;
return true;
public boolean commit() throws LoginException {
if (successful)
Principal principal = new Principal(userName);
subject.getPrincipals().add(principal);
if (nameSet)
sharedState.put(AbstractLoginModule.PRINCIPAL, principal);
else
userName = null;
return true;
public boolean abort() throws LoginException
if (successful)
userName = null;
successful = false;
return true;
public boolean logout() throws LoginException
if (successful)
subject.getPrincipals(Principal.class).clear();
successful = false;
return true;
From my understanding, this module gets the value that i enter in the(basic authentication) window and compares it with the prefix tat is set in the visual admin
am i right?
Can you elaborate about the HttpCallBackHandler? without understanding the code i dont think debugging is possible!
Regards
Deepika. -
JAAS Exception : javax.security.auth.login.FailedLoginException: Password
Hi All,
I am using JBOSS 4.0.5 GA Application Server. Eclipse3.0 IDE. Using JAAS 1.0 for authentication in login module.
While it is running under command prompt it was running successfully as below.......................
F:\Sample_Jaas1>java myapp.SomeStandAloneClient
Logging in user: testUser
Inside initialize method of SampleLoginModule
Inside login method of SampleLoginModule
Before call to callback handler
After call to call back handler
[SampleLoginModule] user entered username: testUser
[SampleLoginModule] user entered password: testPassword
[SampleLoginModule] authentication succeeded
[SampleLoginModule] added SamplePrincipal to Subject
Successfully logged in user: testUser
User logged in successfull
//Login.java
final String authFile = "Some.config";
System.out.println("Before setting system properties");
System.setProperty("java.security.auth.login.config", authFile);
System.out.println("After setting system properties");
MyCallbackHandler handler = new MyCallbackHandler(username,password);
try {
LoginContext lc = new LoginContext("someXYZLogin",handler);
System.out.println("Instantiate Login Context");
lc.login();
//*****when i am calling lc.login() method it is throwing the exceptions***
System.out.println("After calling login method");
System.out.println("Successfully logged in user: " + username);
} catch (LoginException le) {
System.out.println("Login failed");
le.printStackTrace();
//Some.config ---Config file
someXYZLogin{
dao.SampleLoginModule required debug=true;
//SampleLoginModule.java
public boolean login() throws LoginException {
System.out.println("Inside login method of SampleLoginModule");
if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
"to garner authentication information from the user");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("SampleModule username: ");
callbacks[1] = new PasswordCallback("SampleModule password: ", false);
try {
System.out.println("Before call to callback handler");
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
System.out.println("After call to call back handler");
if (tmpPassword == null) {
// treat a NULL password as an empty password
tmpPassword = new char[0];
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0,
password, 0, tmpPassword.length);
((PasswordCallback)callbacks[1]).clearPassword();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString() +
" not available to garner authentication information " +
"from the user");
When it was running with JBOSS Server it is throwing the following exception:
09:45:21,484 ERROR [STDERR] javax.security.auth.login.FailedLoginException: Pass
word Incorrect/Password Required
09:45:21,484 ERROR [STDERR] at org.jboss.security.auth.spi.UsernamePasswordL
oginModule.login(UsernamePasswordLoginModule.java:213)
09:45:21,500 ERROR [STDERR] at org.jboss.security.auth.spi.UsersRolesLoginMo
dule.login(UsersRolesLoginModule.java:152)
09:45:21,500 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(
Native Method)
09:45:21,500 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(U
nknown Source)
09:45:21,500 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invo
ke(Unknown Source)
09:45:21,500 ERROR [STDERR] at java.lang.reflect.Method.invoke(Unknown Sourc
e)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext.invoke
(Unknown Source)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext.access
$000(Unknown Source)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext$4.run(
Unknown Source)
09:45:21,500 ERROR [STDERR] at java.security.AccessController.doPrivileged(N
ative Method)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext.invoke
Module(Unknown Source)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext.login(
Unknown Source)
Please tell me any body what might be the problem.....
Thanks in AdvanceFranky Ronald D'Souza wrote:
I am trying to connect to SQL Server 2000 from a JSP (Weblogic 7.0) using a
connection pool. (Without datasource etc). I am getting the above mentioned
exception.
If i connect through sun.jdbc.odbc it works fine. I dont know what i am
doing wrong. Can anyone help out with this problem.Whose SQLServer drier are you using? Can you connect to the DBMS using the
driver in a simple standalone program?
Joe
>
>
thnx in advance.
Franky -
Javax.security.auth.AuthPermission createLoginContext.Userpass
Hi,
I am working on authentication using JAAS.
I have created small application and calling it in one of the jsp file. When I try to access the jsp I am getting the following error:
createLoginContext.Userpass : access denied
(javax.security.auth.AuthPermission createLoginContext.Userpass)
When i run the java application it is authenticating the user but when I try to run it by calling it from JSP it is giving the above error.
I have java.policy file and I have modified that too and it is able to give permissions to all the jar file accept the one which I have created.
Can any body suggest how to give permission to (javax.security.auth.AuthPermission createLoginContext.Userpass).
Edited by: Vaibhav818 on Jun 30, 2008 2:54 AMThe error occurs because you don't grant createLoginContext permission to the Sample jar file in your policy file or you do but you don't specify your policy file. Below is example for authorization sample.
grant codebase "file:./SampleAzn.jar" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
Cheers
Zi -
Javax.security.auth.login.LoginException: Cannot authenticate X509(Urgent!)
I'm trying to sign my messages between client & webservice using X509 certificates. I've created a keystore and imported:
privatekey1, certificate1(public key) and trustedCertAuthority that published certificates.
I've configured webservice & client to use that keystore and privatekey1 to sign request/response, but web service keeps throwing following exception:
javax.security.auth.login.LoginException: Cannot authenticate X509 certificate, User EMAILADDRESS=[email protected], CN=testUser, ... does not exist in our system
How can I configure web service to find that certificate?
Thnx for help.Yes, I did. I found the problem..
I had also checked to Authenticate with X509 certificate... and obviously I should somehow set the Securtiy provider, although, I don't know how (but it's not so important right now).
But I do have another question - how can I use private key & public key in certificate X509 to encrypt messages. In the sample you mentioned, it's written that there shoud be separate key for signature & encryption, but I have separate keystores for client (with client private key & server public certificate) and for server (with server private key & client certificate). But I can't get it to work... It seems to me that in that case signature key alias at service should be the same as key needed to decrypt the message?
Am i missing something again?
Thanks. -
Weblogic.security.acl in Weblogic 6
I came across the following in the migration documention
(http://edocs.bea.com/wls/docs60/notes/migrate.html#1026915):
I'm assuming that this is just a typo or wording issue but it currently
reads "weblogic.security.acl" is deprecated? Can't be the whole package.
Anyone else notice this?
Deprecated APIs and Features
The following APIs and features are deprecated in anticipation of future
removal from the product:
a.. weblogic.security.acl
b.. WebLogic Events
WebLogic Events are deprecated and should be replaced by JMS messages with
NO_ACKNOWLEDGE or MULTICAST_NO_ACKNOWLEDGE delivery modes. See Programming
WebLogic JMS for more information.
c.. WebLogic HTMLKona
d.. T3 Driverrequest.getRemoteUser() still works fine for me after I implented a custom
Autthenication / LoginModule.
"patrik" <[email protected]> wrote in message
news:[email protected]..
>
Yes, I have. see:
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.develo
per.interest.security&item=8553&utag=
>
But if you've managed to get out the information from it I'd be gratefulto know
how.
/Patrik
"Utpal" <[email protected]> wrote:
Have you tried weblogic.security.Security.getCurrentSubject() ??
-utpal -
Weblogic.security.acl.realm.authentication... Exception
Hello All
the reason I'm moving a post-question from JMS to this section is people there
suggested this. anyway,
when I tried to use an applet which implemented MessageListener to send message,
I got the following exception ( the port 7001 had been granted to connect, resolve
in java.policy)
javax.naming.AuthenticationException [root exception is java.lang.SecurityException:Authentication
for user admin denied in realm webogic start server side trace: java.lang.SecurityException:Authentication
for user admin denied in realm weblogic at weblogic.security.acl.Realm.authentication(Realm.java
212) at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java 233) at weblogic.security.acl.internal.Security.authenticate(Security.java
135) at weblogic.kernel.bootSevicesImp.authenticat(BootServicesImp.java 119) at
weblogic.kernel.ExecuteThread.run(ExcuteThread.java:120 ..
My Question is why servlet or swing or other application out of applet don't generate
such exceptions even most codes are similar ? How to deal with this?
Thanks
John
Hello All
the reason I'm moving a post-question from JMS to this section is people there
suggested this. anyway,
when I tried to use an applet which implemented MessageListener to send message,
I got the following exception ( the port 7001 had been granted to connect, resolve
in java.policy)
javax.naming.AuthenticationException [root exception is java.lang.SecurityException:Authentication
for user admin denied in realm webogic start server side trace: java.lang.SecurityException:Authentication
for user admin denied in realm weblogic at weblogic.security.acl.Realm.authentication(Realm.java
212) at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java 233) at weblogic.security.acl.internal.Security.authenticate(Security.java
135) at weblogic.kernel.bootSevicesImp.authenticat(BootServicesImp.java 119) at
weblogic.kernel.ExecuteThread.run(ExcuteThread.java:120 ..
My Question is why servlet or swing or other application out of applet don't generate
such exceptions even most codes are similar ? How to deal with this?
Thanks
John
-
Weblogic.security.acl.internal.AuthenticatedSubject not resolved
Hi guys,
when I try to implement that code:
CallbackHandler handler = new URLCallbackHandler(username,
password);
Subject mySubject =
weblogic.security.services.Authentication.login(handler);
weblogic.servlet.security.ServletAuthentication.runAs(mySubject, request);
// Where request is the httpservletrequest object.
in my servlet I get that issue in workshop 9.2:
The type weblogic.security.acl.internal.AuthenticatedSubject cannot be resolved. It is indirectly
referenced from required .class files
Any idea??
Thanks a lot
L.solved!
simply import weblogic.jar in the project -
Javax.security.auth.login.LoginException:
Hi,
I am trying to set Windows Desktop SSO.
I am configuring kerberos and i got the following in the kdc.log:
PREAUTH_FAILED: HTTP/[email protected] for kadmin/[email protected], Preauthentication failed
and from the amAuthWindowsSSO the following:
javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) - Preauthentication failed
Can anyone help me to get this fixed?
Thanks,
Scottynobody knows?
-
Location of weblogic.security.acl.internal.AuthenticatedSubject
I'm trying to compile this code:
CallbackHandler handler = new URLCallbackHandler(userName, password);
Subject subject = Authentication.login(handler);
ServletAuthentication.runAs(subject, request);
But ServletAuthentication.runAs complains that it relies on class weblogic.security.acl.internal.AuthenticatedSubject which is not found.
i agree, i don't find it in either weblogic.jar or wls-api.jar from the 10.3.4 lib directory.
Where do i get this code?Found it!
It's in
com.bea.core.weblogic.security.identity.jar in the Middleware/modules directory
Maybe you are looking for
-
Problem with iTunes and sync'n Contacts
I'm a new user to the iPod and iTunes in general. Unfortunately I've encountered a few problems with putting contacts on my iPod. I have the new video 5th generation iPod and Microsoft Outlook 2003, however when I try and sync the contacts to the iPo
-
Sales Order Settlement to Only WBS
Hi, I have scenario like Sales Order Settlement to only WBS in make to order. Again from WBS settlement to COPA. So far I know WBS settlement to COPA and I am not sure in the 1 st scenario. Can you any body tell me where I need to configure, is it on
-
How do i create multiple triggers in one image?
Hi there, I have an image which consists of multiple sections. (It's a circle with pie-pieces: see attachment) I want every segment of the image to be a seperate trigger: when you hover or click other segments will turn gray and a text will appear. A
-
IPod Touch 1st Generation doesn't work directly out of the box?
I just bought a first generation iPod touch and first things first I plug it into my PC. Nothing happens on the iPod and on iTunes I immediately get a message saying "iTunes has detected an iPod in recovery mode. You must restore it before it is usab
-
How to set up RV042 as PPTP client?
Hello all, I'm trying to set up an local RV042 soho router (behind a double-NAT) as a PPTP VPN client to a remote RV042 set up as a PPTP server on a public IP. Because of the double NAT and the fact that I can't control the local NAT router, I have t