NT domain authentication impelmented in weblogic server
hello Sir,
I would like to find out if there is any package with weblogic server that will allow me to authenticate the users of weblogic using an NT domain authentication.
Any user of weblogic should be an authenticated user of an NT domain and i am in need of a package that will do this for me. I heard that BEA has some package that implements this functionality.
Your help is very much appreciated.
Thank You
Raji Arumugam
Hi Raji,
I think that what you want is "NTRealm" for WebLogic.
Look at http://e-docs.bea.com/wls/docs61/////ConsoleHelp/ntrealm.html which should help you.
Cheers,
Joe Jerry
Raji Arumugam wrote:
hello Sir,
I would like to find out if there is any package with weblogic server that will allow me to authenticate the users of weblogic using an NT domain authentication.
Any user of weblogic should be an authenticated user of an NT domain and i am in need of a package that will do this for me. I heard that BEA has some package that implements this functionality.
Your help is very much appreciated.
Thank You
Raji Arumugam
Similar Messages
-
Start multiple domains simultaneously on 1 Weblogic server installation?
Is it okay to start and run multiple domains simultaneously. Better yet, when having multiple domains on 1 WLS server, should each domain have a different port number in order to be run simultaneously?
Here's my scenario - I installed Oracle Business Intellgence, which by default installs and configures WLS server for certain Business Intelligence applications (BI Publisher). This instance was running fine and good and still is.
Then I had another application, Oracle Data Integrator, which has a Console piece that requires a domain on WLS. So instead of modifying the existing domain for Oracle Business Intelligence, I created a new domain via the Configuration Wizard and selected those components for Oracle Data Integrator.
therefore current domains:
...\domains\bifoundation_domain --> installed automatically as part of Oracle Business Intelligence
...\domains\odi11g --> I created this domain after I
Now I have 2 domains under 1 WLS Server (windows 7 64bit), but if I startWeblogic.cmd for the bifoundation_domain, and I startWeblogic.cmd for the odi11g...then only the components for the bifoundation_domain become available via the WLS Console.
Questions:
- Can I run both domains simultaneously?
- Should I have modified the bifoundation_domain to include Oracle Data Integrator component; therefore only having 1 domain but having everything run under that domain?
- Does the Port for each domain matter? both bifounddation_domain and odi11g domain use ports 7001
Are there any other considerations? Thanks much.Hi,
It is perfectly OK to run multiple domains on a single Weblogic server installation. Only constraint would be you have enough capacity available on your server to start multiple instances.
Things to note is, if your domain1 is running on listen address : port { localhost : 7001 } then your other domain should be configured on a different port say {localhost : 8001 }. If you want both domain to run on same port then go for virtual IP's to be plumbed on your physical network interface and configure as,
domain1 - { ip1 : 7001 }
domain2 - { ip2 : 7001 }
this way you will can access both domain admin console on same port.
Remember, Weblogic resources cannot be shared between domain, however a single nodemanager will be enough to monitor both the domains.
* rank it if answer is helpful :) *
Thanks,
Ranjan -
How to remove custom authentication provider in weblogic server 11g
Hi ,
I am trying to remove the custom authentication provider in weblogic server 11g, It disappears when i delete it from list of authentication providers. But upon server restart it appears again.
Documentation for 10g says delete it from service administration but i couldn't find one in 11g. Please help me in removing the custom authentication provider
Thanks
SandeepYou can try editing the config.xml file and removing it there. (Re: After provider reorder I cannot login admin server console
If you are referring to a jar file - custom authenticators are usually placed in the <middleware-home>wlserver_10.3/server/lib/mbeantypes/ directory. -
Cross Domain user security Authentication in Oracle Weblogic Server 10.3.3
Now i have configure the cross domain user configuration in the oracle weblogic 10.3.3 server. But i am not able to configure.
I have mentioned the below oracle document to configure the cross domain configuration.
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/domain.html#domain_interop
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13752/toc.htm#INTRO120
http://download.oracle.com/docs/cd/E14571_01/apirefs.1111/e13952/taskhelp/security/EnableTrustBetweenDomains.html
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/ConsoleHelp/taskhelp/security/ConfigureConnectionFiltering.html
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/security/con_filtr.html#wp1030656
Regards,
S.Vinoth Babusorry,wrong forum
move to Weblogic Server Section
Edited by: inchlin on Apr 1, 2009 9:39 AM -
Get Domain directory path in weblogic server 10gR3
Hi all,
Does anyone know how to get the directory path of to a domin in WLS 10gR3 using JMX?
Basically, I am trying to create a timer in WLI manually using Java code but for that to work, I
need to know the domain directory path as below.
BTW, I know it can be created in WLST with ease... but I want to try using Java code
import com.bea.wli.mbconnector.timer.TimerConnGenerator;
public class WLITimerTest {
public static void main(String args[]) {
String domainDir = <path of domain>; // e.g. C:\bea103\user_projects\domains\mydomain
String domainDir = "C:/bea103/user_projects/domains/esis_domain";
try {
TimerConnGenerator.main(new String[] {"-inName", "timerName", "-outfile",
domainDir +"/WLITimerEG_" + "timerName" + ".jar"});
} catch (Exception e) {
e.printStackTrace();
Thanks
SamJust to answer my own question. It's System.getenv('DOMAIN_HOME') where DOMAIN_HOME is set in setDomainEnv.cmd of your domain.
-
Failed to start Admin Server for Weblogic Server Domain
I Created a domain named mydomain in weblogic server 10.3 in server 2003.But when i start Admin Server for Weblogic Server Domain from startmenu, it failed.
I examined the log under domains\mydomain\servers\AdminServer\logs\AdminServer.log and got the following information:
java.lang.NoClassDefFoundError:weblogic/ldap/EmbeddedLDAPChange
at weblogic.ldap.EntryChangeListenerImpl.receiveEntryChanges(EntryChangeListenerImpl.java:28)
Caused by :java.lang.ClassNotFoundException: weblogic.ldap.EmbeddedLDAPChange
at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
Caused by :java.util.zip.ZipException: error reading zip file
at java.util.zip.ZipFile.read(Native Method)
at java.util.zip.ZipFile.access$1200(ZipFile.java:29)
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attemping to load LDIF for provider RoleMapper from file ...\domains\mydomain\security\XACMLRoleMapperInit.ldift.
at ...(CommonSecurityServiceManagerDelegateImpl.java:465)
Caused by: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attemping to load LDIF for provider RoleMapper from file ...\domains\mydomain\security\XACMLRoleMapperInit.ldift.
at .. (ServiceEngineImpl.java:365)
Caused by: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attemping to load LDIF for provider RoleMapper from file ...\domains\mydomain\security\XACMLRoleMapperInit.ldift.
at .. (BootStrapServiceImpl.java:910)
Caused by: <openjpa-1.1.1-SNAPSHOT-r422266:891341 nofatal user error>kodo.jdo.UserException: This operation cannot be perfomed while a Transaction is active.
at org.apache.openjpa.kernel.BrokerImpl.close(BrokerImpl.java:4087)
####<Critical><WebLogicServer><SOA><Adminserver><main><<WLS Kernel>><><><1282012271468><BEA-000362><Server failed. Reason:
There are 1 nested errors:
weblogic.security.service.SecurityServiceRuntimeException: [Security:090399] Security Services Unavailable
at weblogic.security.service.CommonSecurityserviceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:916)
I ignored some detailed error message.The runtime environment is server 2003 Enterprise Edition sp2.
Thx in advance for any reply.Hello Djam,
Please review the following:
The FMW WebLogic Server (WLS) installation has been configured to use a non-default Java temporary files directory,
i.e. the following has been set in the WebLogic startup or setDomainEnv.sh script:
EXTRA_JAVA_PROPERTIES="-Djava.io.tmpdir=/appl/oracle/temp_java_files ${EXTRA_JAVA_PROPERTIES}"
Reference: How to Change the WebLogic Server Location for Temporary Files (Doc ID 1336002.1)
When the Middleware home was restored the directory specified by java.io.tmpdir parameter was missing,
Therefore an IOException occurred when opening the wallet and WLS was unable to initialize the OPSS successfully.
To resolve the issue re-create the directory specified by the java.io.tmp dir parameter, and make sure the owner and group access are the same as for the FMW installation.
Unable Start AdminServer: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException (Doc ID 1923395.1)
Bogdan -
Swapping Domains in Weblogic Server Console!!
Hi All,
I have created two domains under the weblogic server. Currently i could see the first domain available in the weblogic server console. I am not able to see the second domain name in the console(http://<IP-Address>:7001/). Please tell me how to see all the domains or swap the domains in the weblogic server11g console.
Thanksprabhu,
Change the Port details with in config.xml file for Admin Server.
By default is 7001 and if it you will never see port details under AdminServer but you can change them by following way.
<listen-port>7003</listen-port>
Regards,
Kal -
Weblogic server is not responding
Hi Friends, I installed weblogic server 10.3 on Rec Hat Linux 5.
My hardware configuration is 3 GB RAM , 150 GB hard drive, pentium 4 , DELL OPTIPLUX DX520.
32 Bit OS.
I installed weblogic on this ,created a domain, and started the weblogic server. Created 2 machines and assgined nodemanagers.After that started nodemanager, and created 2 managed servers and added those managed servers to the machine , so that I can start them from console using the nodemanager.
Now I created 1 cluster, added the above mentioned managed server to this cluster.
The problem with the system is every 10 mins my admin console, stops working. (by the way i started the console on firefox), If we clcik any thing , the cursor shows waiting mode of the cursor ,but no response, then I need to kill the process and again need to restart the admin server, next , again restart the admin console and do the next 10 mins work after that again it stops, then again same process , killing the admin server's process and restart the server and again , do 10 mins work.
I am not able to understad , why it was happning to my server, every 10 mins I need to start the admin server again and again.
Am I doing any thing wrong , pelase advice, to sovle this problem.
Thanks a lot
Peter.Hi Thanks a lot for your response,
(1) I tried to take the thread dumps for admin server by fidning the PID and used the kill -3 command as well, but it is not giving any informartion.
I gave as shown below
kill -3 <pid> > ./threads.txt but no use. It is creating file with '0' size.
(2)The below is the AdminServer.log file.
line
####<Feb 8, 2010 10:15:57 PM CST> <Info> <WebLogicServer> <localhost.localdomain> <> <Main Thread> <> <> <> <1265688957348> <BEA-000214> <WebLogic Server "AdminServer" version:
WebLogic Server 10.3.2.0 Tue Oct 20 12:16:15 PDT 2009 1267925 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Feb 8, 2010 10:15:57 PM CST> <Notice> <Log Management> <localhost.localdomain> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1265688957616> <BEA-170019> <The server log file /usr/local/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>
####<Feb 8, 2010 10:15:57 PM CST> <Info> <Log Management> <localhost.localdomain> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1265688957642> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Feb 8, 2010 10:15:57 PM CST> <Info> <Diagnostics> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688957784> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Store> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958119> <BEA-280050> <Persistent store "WLS_DIAGNOSTICS" opened: directory="/usr/local/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/data/store/diagnostics" writePolicy="Disabled" blockSize=512 directIO=false driver="wlfileio2">
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958392> <BEA-002622> <The protocol "t3" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958393> <BEA-002622> <The protocol "t3s" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958393> <BEA-002622> <The protocol "http" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958393> <BEA-002622> <The protocol "https" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958394> <BEA-002622> <The protocol "iiop" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958395> <BEA-002622> <The protocol "iiops" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958396> <BEA-002622> <The protocol "ldap" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958397> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958398> <BEA-002622> <The protocol "cluster" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958400> <BEA-002622> <The protocol "clusters" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958416> <BEA-002622> <The protocol "snmp" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958416> <BEA-002622> <The protocol "admin" is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958417> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <RJVM> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958479> <BEA-000570> <Network Configuration for Channel "AdminServer"
Listen Address :7001
Public Address N/A
Http Enabled true
Tunneling Enabled false
Outbound Enabled false
Admin Traffic Enabled true>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958576> <BEA-002609> <Channel Service initialized.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Socket> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958684> <BEA-000436> <Allocating 3 reader threads.>
####<Feb 8, 2010 10:15:58 PM CST> <Info> <Socket> <localhost.localdomain> <AdminServer> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688958687> <BEA-000446> <Native IO Enabled.>
####<Feb 8, 2010 10:15:59 PM CST> <Info> <IIOP> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688959251> <BEA-002014> <IIOP subsystem enabled.>
####<Feb 8, 2010 10:16:01 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688961950> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Feb 8, 2010 10:16:02 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688962102> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_0chd9TLuyI2FMidSlnoptUL+LVM=>
####<Feb 8, 2010 10:16:02 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688962261> <BEA-090516> <The Authenticator provider has preexisting LDAP data.>
####<Feb 8, 2010 10:16:02 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688962858> <BEA-090516> <The Authorizer provider has preexisting LDAP data.>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963299> <BEA-000000> <Parsing class "com.bea.common.security.store.data.Top".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963389> <BEA-000000> <Parsing class "com.bea.common.security.store.data.DomainRealmScope".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963399> <BEA-000000> <Parsing class "com.bea.common.security.store.data.RegistryScope".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963400> <BEA-000000> <Parsing class "com.bea.common.security.store.data.PKITypeScope".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963401> <BEA-000000> <Parsing class "com.bea.common.security.store.data.XACMLTypeScope".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963401> <BEA-000000> <Parsing class "com.bea.common.security.store.data.BEASAMLPartner".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963402> <BEA-000000> <Parsing class "com.bea.common.security.store.data.Credential".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963403> <BEA-000000> <Parsing class "com.bea.common.security.store.data.CredentialMap".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963405> <BEA-000000> <Parsing class "com.bea.common.security.store.data.XACMLEntry".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963410> <BEA-000000> <Parsing class "com.bea.common.security.store.data.BEASAMLAssertingParty".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963418> <BEA-000000> <Parsing class "com.bea.common.security.store.data.BEASAMLRelyingParty".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963420> <BEA-000000> <Parsing class "com.bea.common.security.store.data.PasswordCredential".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963422> <BEA-000000> <Parsing class "com.bea.common.security.store.data.UserPasswordCredential".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963423> <BEA-000000> <Parsing class "com.bea.common.security.store.data.PasswordCredentialMap".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963424> <BEA-000000> <Parsing class "com.bea.common.security.store.data.ResourceMap".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963426> <BEA-000000> <Parsing class "com.bea.common.security.store.data.PKIResourceMap".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963428> <BEA-000000> <Parsing class "com.bea.common.security.store.data.WLSCertRegEntry".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963429> <BEA-000000> <Parsing class "com.bea.common.security.store.data.WLSCredMapCollectionInfo".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963431> <BEA-000000> <Parsing class "com.bea.common.security.store.data.WLSPolicyCollectionInfo".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963432> <BEA-000000> <Parsing class "com.bea.common.security.store.data.WLSRoleCollectionInfo".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963434> <BEA-000000> <Parsing class "com.bea.common.security.store.data.XACMLAuthorizationPolicy".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963435> <BEA-000000> <Parsing class "com.bea.common.security.store.data.XACMLRoleAssignmentPolicy".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963437> <BEA-000000> <Parsing class "com.bea.common.security.store.data.Endpoint".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963439> <BEA-000000> <Parsing class "com.bea.common.security.store.data.Partner".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963442> <BEA-000000> <Parsing class "com.bea.common.security.store.data.SPPartner".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963446> <BEA-000000> <Parsing class "com.bea.common.security.store.data.IdPPartner".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963450> <BEA-000000> <Parsing class "com.bea.common.security.store.data.SAML2CacheEntry".>
####<Feb 8, 2010 10:16:03 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688963451> <BEA-000000> <Parsing class "com.bea.common.security.store.data.SchemaVersion".>
####<Feb 8, 2010 10:16:04 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688964403> <BEA-090516> <The CredentialMapper provider has preexisting LDAP data.>
####<Feb 8, 2010 10:16:04 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688964419> <BEA-090516> <The RoleMapper provider has preexisting LDAP data.>
####<Feb 8, 2010 10:16:04 PM CST> <Info> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688964752> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server AdminServer for security realm myrealm.>
####<Feb 8, 2010 10:16:04 PM CST> <Notice> <Security> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688964753> <BEA-090082> <Security initializing using security realm myrealm.>
####<Feb 8, 2010 10:16:05 PM CST> <Info> <Server> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688965811> <BEA-002622> <The protocol "[snmp, https, t3, cluster-broadcast-secure, ldaps, cluster-broadcast, ldap, http, iiop, admin, t3s, iiops]" is now configured.>
####<Feb 8, 2010 10:16:05 PM CST> <Info> <XML> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688965903> <BEA-130036> <Initializing XMLRegistry.>
####<Feb 8, 2010 10:16:05 PM CST> <Info> <messaging.interception> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688965921> <BEA-400000> <Initializing message interception service>
####<Feb 8, 2010 10:16:06 PM CST> <Info> <Store> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688966791> <BEA-280050> <Persistent store "_WLS_AdminServer" opened: directory="/usr/local/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/data/store/default" writePolicy="Direct-Write" blockSize=512 directIO=true driver="wlfileio2">
####<Feb 8, 2010 10:16:07 PM CST> <Info> <JDBC> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688967062> <BEA-001135> <Initializing the JDBC service.>
####<Feb 8, 2010 10:16:07 PM CST> <Info> <JDBC> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688967090> <BEA-001137> <Initialization complete.>
####<Feb 8, 2010 10:16:07 PM CST> <Info> <JDBC> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688967091> <BEA-001138> <Resuming the JDBC service.>
####<Feb 8, 2010 10:16:07 PM CST> <Info> <JDBC> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688967095> <BEA-001140> <Resume complete.>
####<Feb 8, 2010 10:16:07 PM CST> <Info> <Connector> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688967205> <BEA-190000> <Initializing J2EE Connector Service>
####<Feb 8, 2010 10:16:07 PM CST> <Info> <Connector> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688967206> <BEA-190001> <J2EE Connector Service initialized successfully>
####<Feb 8, 2010 10:16:07 PM CST> <Info> <JMS> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688967410> <BEA-040305> <JMS service is initialized and in standby mode.>
####<Feb 8, 2010 10:16:07 PM CST> <Info> <JMS> <localhost.localdomain> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1265688967483> <BEA-040090> <Deployed 8 default connection factories.>
Continue in the below post -
Query regarding GraphApplet on Weblogic Server
Hi,
I have downloaded a "Domain Monitoring tool" for weblogic server from sourgeforge.net. It is a war file.
The problem is that the applet (rather the graph) is not getting displayed if the URL is not accssed within the console.
The code used to display the applet is
out.println("<APPLET code=\"weblogic.management.console.applets.GraphApplet\" codebase=\"/console/domain/Server.jsp\" archive=\"/console/applets.jar\" name=\"" + newBean + "." + attributes[i] + "\" width=\"" + paramWidth + "\" height=\"" + paramHeight + "\">" + "<PARAM name=\"debug\" value=\"false\">" + "<PARAM name=\"servlet\" value=\"/console/domain/graphSamples.jsp\">" + "<PARAM name=\"min\" value=\"" + paramMin + "\">" + "<PARAM name=\"max\" value=\"" + paramMax + "\">" + "<PARAM name=\"gridsize\" value=\"" + paramGridsize + "\">" + "<PARAM name=\"samplekey\" value=\"" + bean.getFullName() + "." + attributes[i] + "\"> <PARAM name=\"type\" value=\"" + paramType + "\">" + "<PARAM name=\"poll\" value=\"" + paramPoll + "\"></APPLET><BR>");
If anyone has any solution, please do tell me.Go to
http://jakarta.apache.org/tomcat/index.html
get Tomcat 3 or 4 -
ClassCircularityError in JAAS Authorization with Weblogic Server 10.3
We are implementing JAAS authorization in which roles and policies are stored in a custom JAAS policy file and users are stored in the embedded LDAP server provided by Weblogic. We are facing problem is authorizing users using the custom policy created.
We have implemented the JAAS authentication service with weblogic server 10g R3 and user's information stored in embedded LDAP server provided WLS. Given below are the details of implementation for JAAS Authorization:
Following are the custom classes created:
1. Custom Principal Class
public class Principal implements java.security.Principal, java.io.Serializable {
private String name;
public Principal() {
name = "";
public Principal(String newName) {
name = newName;
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (o instanceof Principal) {
if (((Principal) o).getName().equals(name))
return true;
else
return false;
else
return false;
public int hashCode() {
return name.hashCode();
public String toString() {
return name;
public String getName() {
return name;
2. Custom Permission Class
public class ActionPermission extends Permission {
public ActionPermission(String name) {
super(name);
@Override
public boolean equals(Object obj) {
if ((obj instanceof ActionPermission)
&& ((ActionPermission) obj).getName().equals(this.getName())) {
return true;
} else {
return false;
@Override
public String getActions() {
return "";
@Override
public int hashCode() {
return this.getName().hashCode();
@Override
public boolean implies(Permission permission) {
if (!(permission instanceof ActionPermission)) {
return false;
String thisName = this.getName();
String permName = permission.getName();
if (this.getName().equals("*")) {
return true;
if (thisName.endsWith("*")
&& permName.startsWith(thisName.substring(0, thisName
.lastIndexOf("*")))) {
return true;
if (thisName.equals(permName)) {
return true;
return false;
Following are the configuration changes:
1. Added custom policy to weblogic.policy.
grant Principal com.scotia.security.authorization.Principal "test" <User defined in the embedded LDAP server of WLS>{
permission com.scotia.security.authorization.permission.ActionPermission "viewScreen";
2. Set the java security manager in startWeblogic.cmd file.
%JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -Dweblogic.Name=%SERVER_NAME% -Djava.security.manager -Djava.security.policy=%WL_HOME%\server\lib\weblogic.policy %PROXY_SETTINGS% %SERVER_CLASS%
3. Set Realm "Security Model" to "Custom Roles and Policies".
Right now we are facing the given below exception:
java.lang.ClassCircularityError: com/scotia/security/authorization/THORPrincipal
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1381)
at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1268)
at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1231)
at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1167)
at sun.security.provider.PolicyFile.implies(PolicyFile.java:1122)
at weblogic.security.service.WLSPolicy.implies(Unknown Source)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at weblogic.utils.classloaders.DirectoryClassFinder.getSource(DirectoryClassFinder.java:36)
Please help if anyone has some clue regarding this exception. We tried checking the jdk version used by eclipse and weblogic and found it to be same.1. Custom Principal Class
public class Principal implements java.security.Principal, java.io.Serializable {Rename it. You are asking for trouble naming a class after an interface it implements.
java.lang.ClassCircularityError: com/scotia/security/authorization/THORPrincipalWhat's that class? You haven't shown us. -
Authentication for user weblogic denied problem when starting managed serve
Hi All,
I have a strange situation here. I installed WLS and SOA and BAM servers. Initially I could start both WLS and SOA.
Later I changed some files (possibly startManagedWebLogic.sh or deleted soa_server1/data/ldap/ or AdminServer/security/boot.properties), but later I remember I changed them back. I am now seeing that my WLS is starting up fine, but SOA is not. I am always getting the error:
<Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
>
I tried to go to admin console to change/verify the password for weblogic user, and then put plaintext password in AdminServer/security/boot.properties, then restart Adminserver. But I still cannot start SOA server.
Could you please let me know how to resolve this issue? I do want to save my environment at this point. Many thanks.Hi,
My understanding is admin user server is coming up fine but when you try to bring the soa_server1(managed instance) is not coming up due the below mentioned exception.
If not please correct me.
I have a few query, please give me comment on this.
1) Admin and managed instances are running on the same box or different
2) Did you try to reset the password from console or using weblogic.security command
3) Did you cleared the soa_server1 temp directory(server/soa_server1/*)
Solution-1 (If Domain running on different box)
=============================
1) Copy the DefaultAuthenticatorInit.ldift file from Domain_dir/Security/ to Remote machine - Domain_dir/Security/
Note- Remote machine - take a backup of DefaultAuthenticatorInit file.
2) Remote machine- rename or take a backup of ldap directory and boot.properties file
/servers/soa_server1/ldap
/servers/soa_server1/security/boot.properties.
3) Now try to brought up the soa_server1.It will prompt you the username and password.
Please let me know.
Thanks,
Rajkumar -
Issues with starting weblogic server for my domain
This is part of the adminserver log file:
####<Apr 29, 2009 3:47:18 PM EDT> <Critical> <WebLogicServer> <mycomputername> <AdminServer> <main> <<WLS Kernel>> <> <> <1241034438142> <BEA-000386> <Server subsystem failed. Reason: java.lang.AssertionError: java.lang.reflect.InvocationTargetException
java.lang.AssertionError: java.lang.reflect.InvocationTargetException
at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService._invokeServiceMethod(AbstractDescriptorBean.java:1011)
at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService.decrypt(AbstractDescriptorBean.java:1039)
at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService.access$200(AbstractDescriptorBean.java:963)
at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:960)
What could the issue be?I finally got so frustrated that I uninstall and reinstalled it. I did not import any projects at this time, but created a simple, out-of-the-box domain. Then tried to start the server under that domain, and now I get:
Invalid table name "USERS" specified at position
Please find part of log output below (I don't see a place in this forum to attach a file). I've copied the portions out of the log that reference exceptions. I appreciate the help!
ava.sql.SQLException: Invalid table name "USERS" specified at position 23.
at com.pointbase.net.netJDBCPrimitives.handleResponse(DashoA13*..:335)
at com.pointbase.net.netJDBCPrimitives.handleJDBCObjectResponse(DashoA13*..:383)
at com.pointbase.net.netJDBCConnection.prepareStatement(DashoA13*..:545)
at weblogic.security.providers.authentication.DBMSSQLReadOnlyDatabaseConnectionImpl.getPreparedStatement(DBMSSQLReadOnlyDatabaseConnectionImpl.java:37)
at weblogic.security.providers.authentication.shared.DBMSSQLRuntimeQueryImpl.passwordStringQuery(DBMSSQLRuntimeQueryImpl.java:78)
at weblogic.security.providers.authentication.shared.DBMSSQLRuntimeQueryImpl.executeUserPassword(DBMSSQLRuntimeQueryImpl.java:71)
at weblogic.security.providers.authentication.shared.DBMSAtnLoginModuleImpl.authenticateDBMS(DBMSAtnLoginModuleImpl.java:666)
at weblogic.security.providers.authentication.shared.DBMSAtnLoginModuleImpl.login(DBMSAtnLoginModuleImpl.java:270)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:91)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:61)
at $Proxy17.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:80)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:61)
at $Proxy19.authenticate(Unknown Source)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:366)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:911)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1029)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:854)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
>
####<May 1, 2009 7:50:55 AM EDT> <Critical> <Security> <lmv25-ite89695> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1241178655172> <BEA-090403> <Authentication for user weblogic denied>
####<May 1, 2009 7:50:55 AM EDT> <Critical> <WebLogicServer> <mycomputername> <AdminServer> <main> <<WLS Kernel>> <> <> <1241178655172> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:947)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1029)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:854)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181) -
Enabling Trust Between WebLogic Server Domains
Hi everyone,
We have two sites, each one running one WL 8.1 instance. The problem is that we have different users in each one, and they need to access both sites (using a RMI call).
When the user is created in both sites, there is no problem. But we do not want to replicate all users in all sites.
So this is what we are trying to do:
Create the user in one site and enable trust between Weblogic Server domains (giving both sites the same password), so once one user is authenticated, the other site will not try to authenticate this user again. But since this user does not exist in the other site, he has no permission to do anything at all. Because of that we receive the following error message: "User a7ax does not have permission on br to perform lookup operation."
Does anyone have any idea about how we can handle this, and enable the users to use other sites, without creating the user in both sites?
Thanks in advance.
CesarIn order to debug this issue you need to determine which kind of security has been applied on the web service deployed on remote weblogic server.
Whether it requires username/password from the calling web service ?
or it requires any kind of digital certificate from the calling web service etc......
the most usual secnario where cross-domain security is required is as:
If a user- Test calls a service- ServiceA on Weblogic Domain-domainA and provides its credentials and is authenticated properly.
Then if this service requires to call another service -ServiceB on another Weblogic Domain - DomainB which is also secured then there should be a cross-domain trust should be enabled between the domains DomainA and DomainB so that the subject populated in the domainA can be transferred to DomainB.
Now you should determine whether this is the secnario you are trying to achieve or it is something else.
Also try to use the following debug flag in the DomainB where the provider service is deployed to get the exact reason why it is failing to verify the security check.
-Dweblogic.DebugSecurityAtn=true
This debug flag is enabled as JAVA_OPTIONS.
Thanks,
Sandeep -
Error while building the default domain for intigrated weblogic server
Hi,
An error occurred while building the default domain for integrated weblogic server
log file contains fallowing details about error
"C:\Oracle\Middleware\oracle_common\common\bin\wlst.cmd" "C:\Oracle\Middleware\jdeveloper\MyWork\system11.1.1.5.38.61.26\o.j2ee.adrs\CreateDefaultDomain.py"
Process started
wlst >
wlst > CLASSPATH=C:\Oracle\Middleware\patch_wls1035\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\Middleware\patch_jdev1111\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\Middleware\jdk160_24\lib\tools.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic_sp.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar;C:\Oracle\Middleware\modules\features\weblogic.server.modules_10.3.5.0.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\webservices.jar;C:\Oracle\Middleware\modules\org.apache.ant_1.7.1/lib/ant-all.jar;C:\Oracle\Middleware\modules\net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar;;C:\Oracle\Middleware\oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar;C:\Oracle\Middleware\oracle_common\common\wlst\lib\adf-share-mbeans-wlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\lib\adfscripting.jar;C:\Oracle\Middleware\oracle_common\common\wlst\lib\applcore-diagnostics-wlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\lib\mdswlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\auditwlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\igfwlsthelp.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\jps-wlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\jrf-wlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\oamap_help.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\oamAuthnProvider.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\ossoiap.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\ossoiap_help.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\ovdwlsthelp.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\sslconfigwlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\wsm-wlst.jar
wlst >
wlst > PATH=C:\Oracle\Middleware\patch_wls1035\profiles\default\native;C:\Oracle\Middleware\patch_jdev1111\profiles\default\native;C:\Oracle\Middleware\wlserver_10.3\server\native\win\32;C:\Oracle\Middleware\wlserver_10.3\server\bin;C:\Oracle\Middleware\modules\org.apache.ant_1.7.1\bin;C:\Oracle\Middleware\jdk160_24\jre\bin;C:\Oracle\Middleware\jdk160_24\bin;;C:\Oracle\Middleware\wlserver_10.3\server\native\win\32\oci920_8
wlst >
wlst > Your environment has been set.
wlst >
wlst > CLASSPATH=C:\Oracle\Middleware\patch_wls1035\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\Middleware\patch_jdev1111\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\Middleware\jdk160_24\lib\tools.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic_sp.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar;C:\Oracle\Middleware\modules\features\weblogic.server.modules_10.3.5.0.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\webservices.jar;C:\Oracle\Middleware\modules\org.apache.ant_1.7.1/lib/ant-all.jar;C:\Oracle\Middleware\modules\net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar;;C:\Oracle\Middleware\oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar;C:\Oracle\Middleware\oracle_common\common\wlst\lib\adf-share-mbeans-wlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\lib\adfscripting.jar;C:\Oracle\Middleware\oracle_common\common\wlst\lib\applcore-diagnostics-wlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\lib\mdswlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\auditwlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\igfwlsthelp.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\jps-wlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\jrf-wlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\oamap_help.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\oamAuthnProvider.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\ossoiap.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\ossoiap_help.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\ovdwlsthelp.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\sslconfigwlst.jar;C:\Oracle\Middleware\oracle_common\common\wlst\resources\wsm-wlst.jar;C:\Oracle\Middleware\utils\config\10.3\config-launch.jar;C:\Oracle\Middleware\wlserver_10.3\common\derby\lib\derbynet.jar;C:\Oracle\Middleware\wlserver_10.3\common\derby\lib\derbyclient.jar;C:\Oracle\Middleware\wlserver_10.3\common\derby\lib\derbytools.jar;;
wlst >
wlst > Initializing WebLogic Scripting Tool (WLST) ...
wlst >
wlst > Welcome to WebLogic Server Administration Scripting Shell
wlst >
wlst > Type help() for help on available commands
wlst >
wlst > Creating Default Domain
wlst > Reading template: /C:/Oracle/Middleware/wlserver_10.3/common/templates/domains/wls.jar
wlst > Setting Name to 'DefaultServer'
wlst > Setting ListenAddress to ''
wlst > Setting ListenPort to 7101
wlst > Setting domain administrator to 'FAAdmin'
wlst > Setting domain password.
wlst > Problem invoking WLST - Traceback (innermost last):
wlst > File "C:\Oracle\Middleware\jdeveloper\MyWork\system11.1.1.5.38.61.26\o.j2ee.adrs\CreateDefaultDomain.py", line 59, in ?
wlst > at com.oracle.cie.domain.script.jython.WLSTSecurityPrincipal.set(WLSTSecurityPrincipal.java:70)
wlst >
wlst > at com.oracle.cie.domain.script.jython.WLSTSecurityUser.setPassword(WLSTSecurityUser.java:33)
wlst >
wlst > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
wlst >
wlst > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
wlst >
wlst > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
wlst >
wlst > at java.lang.reflect.Method.invoke(Method.java:597)
wlst >
wlst >
wlst > com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException: java.lang.Exception: The password must be at least 8 alphanumeric characters with at least one number or special character.
wlst >
rohitHi,
you see that message: "The password must be at least 8 alphanumeric characters with at least one number or special character." ?
The password: The weblogic password you provide when prompted
must be at least: minimal condition for secure passwords enforced on WLS by default
at least 8 alphanumeric characters: no 7 but eight or more characters
with at least one number or special character: password should have a number in it or an "@" "-" or similar
E.g.
weblogic1
is one password option that would meet that requirement
Frank -
Weblogic Server 10.3.0 and LDAP authentication Issue
Hi - I have configured my WebLogic Server 10.3.0 for LDAP authentication (OID = 10.1.4.3.0) and so far the authentication works fine but I am having issue in terms of authorization.
I am not able to access the default web logic administrator console app using any of the LDAP user, getting Forbiden message.
It appears to me that the Weblogic Server is not pulling out the proper groups from the LDAP where user belongs too.
Can anyone please point me towards the right direction to get this resolved.
Thanks,
STEPS
Here are my steps I have followed:
- Created a group called Administrators in OID.
- Created a test user call uid=myadmin in the OID and assigned the above group to this user.
- Added a new Authentication Provider to the Weblogic and configured it what is required to communicate with OID (the config.xml file snipet is below)
<sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
<sec:name>OIDAuthentication</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:host>pmpdeva-idm.ncr.pwgsc.gc.ca</wls:host>
<wls:port>1389</wls:port>
<wls:principal>cn=orcladmin</wls:principal>
<wls:user-base-dn>ou=AppAdmins, o=gc, c=ca</wls:user-base-dn>
<wls:credential-encrypted>removed from here</wls:credential-encrypted>
<wls:group-base-dn>ou=IDM, ou=ServiceAccounts, o=gc, c=ca</wls:group-base-dn>
</sec:authentication-provider>
- Marked the default authentication provider as sufficient as well.
- Re-ordered the authentication provide such that the OIDauthentication is first in the list and default one is the last.
- Looking at the log file I see there are no groups returned for this user and that is the problem in my opinion.
<LDAP Atn Login username: myadmin>
<getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<authenticate user:myadmin>
<getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<authentication succeeded>
<returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<LDAP Atn Authenticated User myadmin>
<List groups that member: myadmin belongs to>
<getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
*<search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>*
*<Result has more elements: false>*
<returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<login succeeded for username myadmin>
- I see the XACML RoleMapper getRoles() only returning the Anonymous role as oppose to Admin (because the OID user is a part of Administrators group in OID then it should be returning Admin as fars I can tell. Here is the log entry that shows that:
<XACML RoleMapper getRoles(): returning roles Anonymous>
- I did a ldap search and I found no issues in getting the results back:
C:\>ldapsearch -h localhost -p 1389 -b"ou=IDM, ou=ServiceAccounts, o=gc, c=ca" -D cn=orcladmin -w "removed from here" (uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupOfUniqueNames)
cn=Administrators,ou=IDM,ou=ServiceAccounts,o=gc,c=ca
objectclass=groupOfUniqueNames
objectclass=orclGroup
objectclass=top
END
Here are the log entries:
<1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
<1291668685624> <BEA-000000> <LDAP Atn Login>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will use NameCallback to retrieve name>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle got username from callbacks[0], UserName=myadmin>
<1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
<1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
<1291668685624> <BEA-000000> <authenticate user:myadmin>
<1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685624> <BEA-000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
<1291668685624> <BEA-000000> <[Security:090302]Authentication Failed: User myadmin denied>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize LoginModuleClassName=weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize ClassLoader=java.net.URLClassLoader@facf0b>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize created delegate login module>
<1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
<1291668685624> <BEA-000000> <LDAP Atn Login>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle did not get username from a callback>
<1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
<1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685624> <BEA-000000> <authenticate user:myadmin>
<1291668685624> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685671> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685671> <BEA-000000> <authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685671> <BEA-000000> <authentication succeeded>
<1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <LDAP Atn Authenticated User myadmin>
<1291668685686> <BEA-000000> <List groups that member: myadmin belongs to>
<1291668685686> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685686> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685686> <BEA-000000> <search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>
<1291668685686> <BEA-000000> <Result has more elements: false>
<1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <login succeeded for username myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login delegated, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
<1291668685686> <BEA-000000> <LDAP Atn Commit>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning false>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
<1291668685686> <BEA-000000> <LDAP Atn Commit>
<1291668685686> <BEA-000000> <LDAP Atn Principals Added>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login logged in>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login subject=Subject:
Principal: myadmin
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principals)>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) Principal=myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator handles this PrincipalClass>
<1291668685686> <BEA-000000> <Signed WLS principal myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator signed the principal>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) All required PrincipalValidators signed this PrincipalClass, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login identity=Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate succeeded for user myadmin, Identity=Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.UserLockoutServiceImpl$ServiceImpl.isLocked(myadmin)>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate login succeeded and myadmin was not previously locked out>
<1291668685702> <BEA-000000> <Using Common RoleMappingService>
<1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity>
<1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity will use common security service>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals)>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) Principal=myadmin>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator handles this PrincipalClass>
<1291668685702> <BEA-000000> <Validate WLS principal myadmin returns true>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator said the principal is valid>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) One or more PrincipalValidators handled this PrincipalClass, returning true>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals) validated all principals>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Identity=Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): input arguments:>
<1291668685702> <BEA-000000> < Subject: 1
Principal = weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> < Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp>
<1291668685702> <BEA-000000> < Parent: type=<app>, application=consoleapp>
<1291668685702> <BEA-000000> < Parent: type=<url>>
<1291668685702> <BEA-000000> < Parent: null>
<1291668685702> <BEA-000000> < Context Handler: >
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AdminChannelUsers,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AdminChannelUser:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AdminChannelUser: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AppTesters,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AppTester:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AppTester: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(everyone,[everyone,users]) -> true>
<1291668685702> <BEA-000000> <primary-rule evaluates to Permit>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Anonymous:, 1.0 evaluates to Permit>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Anonymous: GRANTED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Monitors,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Monitor:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Monitor: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Operators,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Operator:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Operator: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(CrossDomainConnectors,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:CrossDomainConnector:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role CrossDomainConnector: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Deployers,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Deployer:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Deployer: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, SC=null, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Administrators,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Admin:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Admin: DENIED>
<1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): returning roles Anonymous>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles returning [ "Anonymous" ]>
<1291668685702> <BEA-000000> <AuthorizationManager will use common security for ATZ>
<1291668685702> <BEA-000000> <weblogic.security.service.WLSAuthorizationServiceWrapper.isAccessAllowed>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Identity=Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Roles=[ "Anonymous" ]>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Direction=ONCE>
<1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
<1291668685702> <BEA-000000> < Subject: 1
Principal = weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> < Roles:Anonymous>
<1291668685702> <BEA-000000> < Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> < Direction: ONCE>
<1291668685702> <BEA-000000> < Context Handler: >
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:role, SC=null, Value=Anonymous>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of([Admin,Operator,Deployer,Monitor],Anonymous) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): returning DENY>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed AccessDecision returned DENY>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Results=[ DENY ]>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <DefaultAdjudicatorImpl.adjudicate results: DENY >
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Adjudictor returned false, returning that value>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: false>Okay Finally the issue is resolved. Here is the findings to help others in case they ran into the same issue.
The OID version that we are using is not returning the groups the way Weblogic is building the ldapsearch command. We captured the ldap traffic to go deeper and noticed the filters and attributes list that wls was asking. For example, the filter was like:
"(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" cn
its was the "cn" attribute that was causing the result set to be empty.
from a command line we tried
"(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" uniquemember
and got the results back.
Then we start looking into OID configuration and one of my coworker pointed me towards the orclinmemfiltprocess attributes in cn=dsaconfig entry and told me that they had lot of issues in the past in relation to this attribute.
So as a test we removed the groupofuniquenames objectclass from the orclinmemfiltprocess attribute list and bingo it worked!
Since we needed the groupofuniquenames in this list for performance/other reasons and decided to use a different objectclass for our groups instead i.e. orclGroup.
Thanks everyone for showing interest on the problem and providing suggestions.
Maybe you are looking for
-
Hi: I am posting in FI with wbs,the system gives me the following error message: Item 001 WBS element ******** budget exceeded Message no. BP604 Diagnosis In document item 001 WBS element ***, budget for WBS element *******for fiscal year 200
-
I have created a new project. I click on Media, then Photos, then select Library. When I scroll down to find the photos I want to use, iMovie unexpectedly quits. I have replicated this several times with the same results. Powerbook G4 Mac OS X (10.
-
TS1389 iTunes authorization not accepting my new apple id and password
I plugged in my ipod to sync it and it asked to authorize my computer. I entered my password and I got an error message. I got an email to reset my password. I did. I go back to iTunes and I get the same error. I get another email to reset my passwor
-
Hi All, In Java EE Application i have created two JSF pages. When i click a button in first JSF, the second JSF page should appear in a pop up window. Is that possible. Let me also know how to add a pop up in JSF. Regards, Manickka.
-
How to create Dynamic field so it appears the file name
Hi, I was wondering if anyone knows how to create a dynamic text field so it automatically appears the file name created of the document. thanks alot !!! Jack [email protected]