NT Security Realm Question
Hi,
I an trying to set up WL 6.0 to use an NT Realm for authentication. My
question is how do you find or determine the class name of the Windows NT
Security realm that is to be supplied in the Basic Realm field?
thanks
Mike Horn
never mind... dumb question. it seems that the console supplies the class
name for me as weblogic.security.ntrealm.NTRealm
cheers
"Mike Horn" <[email protected]> wrote in message
news:[email protected]..
Hi,
I an trying to set up WL 6.0 to use an NT Realm for authentication. My
question is how do you find or determine the class name of the Windows NT
Security realm that is to be supplied in the Basic Realm field?
thanks
Mike Horn
Similar Messages
-
Weblogic security authentication; question to interact with the realm
Hi, I have a quick question about weblogic security authentication....
We are using weblogic 81sp3. We have user-group info in an Novell eDirectory LDAP server.
Currently, a Novell Authenticator provider is configured under : Security > Realms > myRealm > Providers > Authentication This tells Weblogic from where to get the user and groups. Weblogic caches this information of the logged on users for certain time ( example : 60 secs ) after which it cleans the cache for all inactive users. We want to interact with the Weblogic cache. Add more user profile information to this cache and use it in our application .
Does somebody know how to programmatically interact with Weblogic user-group cache - read , write , update and delete user-group info in cache and control time to live for the cache ?already checked
TTLCache class which weblogic provides. But they seem to depracetd it
help ? -
Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan -
OWSM security for a OSB service- authenticate from weblogic security realms
Hello,
I have a requirement to add security to a OSB service.
The user details are configured in weblogic security realms. lets say there are ten different users.
I need to protect my osb service using OWSM policy & the policy should be configured to authenticate the user from realms.
I am new to OWSM & wondering if this is possible?
Can the experts please direct me to any docs or steps?
Thanks
GaneshHi,
Thanks for the links.
I followed the blog and configured it using oracle/wss_username_token_service_policy.
Now my requirement is to send the username,password from proxy to business and to the BPEL. (the bpel needs this username /password & and in header)
The issue I am facing is the proxy service is not sending the soap header details to business service.
I dont want to make the proxy as passthrough. (ie set Process WS-Security Header to NO)
I have to authorize on proxy level and then send the same credential details to business service?
So the question is, how can I retrieve the header after osb process it?
Can anyone please help me here?
Thanks
Ganesh -
RDBMS Security realm 6.1-8.1 migration
I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
Security' node appearing in the left-hand console pane. The contents of the Users
and Groups nodes visible under this node look correct (ie as defined in the underlying
database).
However, to get to this point I had to initially hardwire the values for the database
driver, url, user and password as these were null when obtained from the associated
RDBMSRealmMBean object, causing the server to fail to start. This enabled me
to bootstrap the process so that I could use the console to enter these values
on the Database tab for the Realm I had defined for Compatibility Security. I
see no mention of this step in the instructions referred to above and therefore
missed out this vital step.
When WLS8.1 starts it displays:
<date&time> <Notice> <Security> <BEA-090082> <Security initializing using security
realm myrealm.>
myrealm is a Realm listed under Security but I would have expected the realm to
be the specially-defined realm associated with Compatibility Security. So, question
number 1 - does this output from WLS indicate that it is using the Compatibility
Security realm or the default realm?
Although the console displays the expected set of users and groups , my application
is failing to associate a user with a 'role' - the Groups node shows that user
U is in group G but when the application invokes the SessionContext method isCallerInRole(String
role) where the caller is U and the role is G the result of the invocation is
false. Question number 2 - why does this not return true in this case?
Note, this code (that I have inherited) worked fine in WLS6.1 and the only significant
change I needed to make for WLS8.1 is in the wrapper classes, in particular the
code to get the required RDBMSRealmMBean. Having now successfully got hold of
this object I would have expected the rest of the code to work fine (ok, 'expected'
is a bit optimisitic - but I'm not aware that there are any functional differences
beyond obtaining the RDBMSRealmMBean object).
Many thanks in advance for any assistance with this.
DavidMehrshad
I wasn't involved in the original WL6.1 code development but this is based on
the example code that BEA provide with the WLS6.1 installation - it should therefore
be visible at ~bea/wlserver6.1/samples/examples/security/rdbmsrealm
HTH
David
"Mehrshad Setayesh" <[email protected]> wrote:
>
David:
I am trying to do the same thing and can not find which RealmClassName
to use
in 8.1. In our previous version, 6.1, I was using com.bea.wlpi.rdbmsrealm.RDBMSRealm.
What is the mapping
Java class in 8.1? Thanks.
Regards
Mehrshad
"David Franklin" <[email protected]> wrote:
I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
Security' node appearing in the left-hand console pane. The contents
of the Users
and Groups nodes visible under this node look correct (ie as defined
in the underlying
database).
However, to get to this point I had to initially hardwire the values
for the database
driver, url, user and password as these were null when obtained from
the associated
RDBMSRealmMBean object, causing the server to fail to start. This enabled
me
to bootstrap the process so that I could use the console to enter these
values
on the Database tab for the Realm I had defined for Compatibility Security.
I
see no mention of this step in the instructions referred to above and
therefore
missed out this vital step.
When WLS8.1 starts it displays:
<date&time> <Notice> <Security> <BEA-090082> <Security initializingusing
security
realm myrealm.>
myrealm is a Realm listed under Security but I would have expected the
realm to
be the specially-defined realm associated with Compatibility Security.
So, question
number 1 - does this output from WLS indicate that it is using the Compatibility
Security realm or the default realm?
Although the console displays the expected set of users and groups ,
my application
is failing to associate a user with a 'role' - the Groups node shows
that user
U is in group G but when the application invokes the SessionContextmethod
isCallerInRole(String
role) where the caller is U and the role is G the result of the invocation
is
false. Question number 2 - why does this not return true in this case?
Note, this code (that I have inherited) worked fine in WLS6.1 and the
only significant
change I needed to make for WLS8.1 is in the wrapper classes, in particular
the
code to get the required RDBMSRealmMBean. Having now successfully got
hold of
this object I would have expected the rest of the code to work fine(ok,
'expected'
is a bit optimisitic - but I'm not aware that there are any functional
differences
beyond obtaining the RDBMSRealmMBean object).
Many thanks in advance for any assistance with this.
David -
Weblogic security realm mapping to DB
I have one question about Weblogic 7.01 security.
I have created USER, GROUP and ROLES table in my RDBMS.
Can I use the RDBMS realm if my users are in a database
table already? Can I tune Weblogic security realm to my database tables?
Any advice or links will be very appreciate.
Thanks a lot for any help, Volodymyr Shram.Thanks, criokeeper for your fast answer.
Woould you so kind to explain me one moment.
At http://e-docs.bea.com/wls/docs70/ConsoleHelp/domain_rdbmsrealm_config_general.html I found that "To use the RDBMS security realm, you need to use Compatibility security. The use of the RDBMS security realm is deprecated in WebLogic Server 7.0."
What does that means? Have I use the Compatibility security or it's jaust for ver. 6.x to ver.7.0 migration?
Thanks a lot for your answer.
Regards, Volodymyr. -
Is this possible to use no default security realm?
Hi,
I created new security ReadOnlySQLAuthentication provider in the default realm and it works. Now I have all the users from all applications in one realm. If they use the same enterprise roles, user can log to one application with login and password from another application. To prevent it I created another security realm. I've added ReadOnlySQLAuthentication provider, set in my application new realm name - in jazn-data.xml and web.xml. But it doesn't work. My questions are:
It is possible to use few realms? So one application will use default realm, another no default realm.
If so, how to bind an application to no default realm?
BartHi,
A WLS instance only supports a single realm. So the answer unfortunately is no (was different with OC4J)
Frank -
How to implement a tree like security realm?
hi all:
i am working on a project . it's a very complex one and most importantly there's
so many
functions( 1000 or more) and every fuction should be protected resources. so i have
to define many roles and map the roles to the many functions. it's a very tiring
job and
i am not sure the role to function mapping is stable one. because the mapping is
saved in
a xml file and this file is depolyed with the application, so if there s any changes
we have to redeploy all the application and restart the server.
there s still another problem. we want security realm to be a tree instead of
a flat one( weblogic's group is a flat one ) . if we assign a node to a role all
its children
belong to the same role.
so is there way to do this. any solution?
regards
daniel wangmaybe you could exploit the way ACLs have dotted names to reflect your tree
structure, so the acl root applies to all functions, root.branch1 only
applies to functions on branch branch1, and root.branch1.branch2 applies to
functions on branch2 of branch1. there´s an api that gets the most specific
acl given a path to a node.
i'm not it´s acls that you want to correspond to nodes, but maybe you can
work out some kind of scheme that gives you what you want.
andrew
"daniel" <[email protected]> escribió en el mensaje
news:3d16efc7$[email protected]..
>
hi all:
i am working on a project . it's a very complex one and mostimportantly there's
so many
functions( 1000 or more) and every fuction should be protected resources.so i have
to define many roles and map the roles to the many functions. it's a verytiring
job and
i am not sure the role to function mapping is stable one. because themapping is
saved in
a xml file and this file is depolyed with the application, so if there sany changes
we have to redeploy all the application and restart the server.
there s still another problem. we want security realm to be a treeinstead of
a flat one( weblogic's group is a flat one ) . if we assign a node to arole all
its children
belong to the same role.
so is there way to do this. any solution?
regards
daniel wang -
How to retrieve Global Roles in a the current security realm?
Is there a WLS API available that obtains a list of mapped global roles (defined in a security realm) from an application?
I want to be able to do a getRoles call against an authenticated user. So far, I'm only able to use isUserInRole. What I need is a list of all global roles mapped to a user's group.
Thanks all...
Message was edited by:
raymondngYou can refer to the api
http://e-docs.bea.com/wls/docs81/javadocs/weblogic/management/security/authorization/RoleReaderMBean.html#getRoleExpression
-Ramkumar -
Adding a user to the File Security Realm
Hello,
When I attempt to add a new user to the file realm with Application Server->Security-Realms->file-> Manage Users, I get the error:
A "com.sun.enterprise.tools.guiframework.exception.FrameworkError" was caught. The message from the exception: "Unable to get View for ViewDescriptor 'fileUsers'"
The root cause is "java.lang.ArrayIndexOutOfBoundsException: 0"
See the HTML source for more detailed (stack trace) information.
When I look at the file C:\Sun\AppServer\domains\samples/config/keyfile I see the new user added, but the Admin Console is not happy...
Please advise.
-- POCThere are some issues in admin gui for managing security service in beta.
I have verified that this has been fixed in FCS branch.
Since the user and password has been written to keyfile in your scenario, it may be OK.
You can try to use the user. If this is not working, then restarting the server should work.
Another way is to create user by using asadmin command. This is working fine in beta. -
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
What is the best way to deploy/update custom security realm classes to WLS 6.0?
From the WLS 6.0 console, I see that I can specify the Java class that
implements my custom security realm but I am wondering what is the best way
to deploy/update this code. I don't see a way to do this from the console.
Does this mean that I have to manually copy the class files over that
implement my custom security realm?Thanks Danut,
A jar file seems to be a good way to package it up but it sounds like it
still needs to be manually copied to each Weblogic server install directory
post-installation and whenever it is updated. I thought it would be nice to
be able to deploy/update the custom security realm by uploading it through
the Console just as you can with web applications and EJBs.
Brian
"Danut Prisacaru" <[email protected]> wrote in message
news:3aba2db0$[email protected]..
You have to have your Custom Realm class in the class path. I usually havea
jar file with all the Custom Realm classes and that jar I copy it in thelib
folder. Then I modify "startWebLogic.cmd" and I add to the classpath
".\lib\CustomRealm.jar"
set
CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar;.\lib\CustomRealm.jar;
>
Be aware that in order to have you custom realm besides creating thecustom
realm using the console you also have to create a custom caching andchoose
that one as your default caching realm.
Here is how the security settings are looking in my "config.xml"
<CustomRealm Name="CustomRealm"
RealmClassName="Custom.appserver.weblogic.security.CustomRealm"/>
<CachingRealm BasicRealm="CustomRealm" CacheCaseSensitive="true"
Name="CustomCachingRealm"/>
<Realm CachingRealm="CustomCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_realm"/>
<FileRealm Name="wl_default_file_realm"/>
<Security GuestDisabled="false"
Name="mydomain" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm"/>
Danut -
Not able to get rid of security-related questions in runtime
Hi,
I am simply using NetBeans 6.0.1 and the emulator QwertyDevice and the emulator platform WTK 2.5.2 for CLDC.
I have chosen Alias as trusted in the signing option in the project configuration page. however still I am getting security confirmation questions in runtime to access the local files for instance.
Would anyone please advise me how to get rid of that?
Also I have deployed the application on SonyEricsson k800i and would like to get rid of the security confirmations on that device as well. What is the guideline?
Thank youRight clicking on it is not even an option, just hovering over it seems to induce a "nuclear" reset of the whole desktop and graphic card on the iMac.
Have meanwhile found a possible solution by erasing the dock preference file in the user/library/preferences folder to reset the dock to it's default state. Will try this out through a Skype conversation with that Buddy.
Was seen here :
https://discussions.apple.com/message/16447109#16447109
Thank you for stepping in. Good to know that people are still willing to help in this community.
Greetz to the UK from France -
Authentication via weblogic security realm
My servlet needs to access a session bean. The action in the session bean requires
that a user has been authorized, i.e. at some point the session been calls
String name = d_ctx.getCallerPrincipal().getName()
This name may not be null at this time.
What I would like to have is that the user executing the URL gets authenticated
by my server realm 'myrealm' and that the associated prinicpal gets passed to
the session bean. Is this possible. If so, how can the user pass along the username
and password as this query is executed programmatically?
markus
http://www.weblogic.com/docs51/classdocs/API_acl.html
Michael Girdley
BEA Systems Inc
"gennot" <[email protected]> wrote in message
news:[email protected]..
Could you send me the complete URL of these example, please?
Thanks
Enrico
Michael Girdley <[email protected]> wrote in message
39b87078$[email protected]..
The passing of the client's certificate should be automatic to WebLogic.We
have an example of getting the client side certificate from inside of
WebLogic in our documentation.
This does not require for SSL to be used from the Web server to
WebLogic.
>>
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Bob Simonoff" <[email protected]> wrote in message
news:[email protected]..
I have read through the docs and haven't found anything that would
address
the following confusion:
Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
the back end application server (obviously). I have the need to use 2way
SSL authentication. As I understand it the following applies:
Client (browser) has a certificate as does the web server. Theyauthenticate
each other.
Now, the web server and weblogic need to communicate. WebLogic, in our
environment does authentication via the security realm.
What do I have to do to get the the web server (Apache or IPlanet) to
communicate the client's certificate to WebLogic so the WebLogic canperform
the authentication?
Does the communication between the web server and WebLogic also need
to
be
SSL?
Thanks
Bob Simonoff -
Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URL admins
user name and password. I want to be able to interface this connection to access
the LDAP and make changes to user information within in the ldap. Right now in
my code I make a connection to the LDAP and supply the same user name and password
set up in the LDAP security realm. I want to be able to rather then re-supply
the URL and user name and password in my code I want to be able to just get that
(or create a connection simil;ar to a jdbc connection pool) connection to the
LDAP that configured in the Security Realm. Is this possible? And how would I
go about it if so?
Thanks
Sjbthe LDAPConnection pool which is used WLS Realm is not accessible to public
for programming.
thanks
kiran
"Sjb" <[email protected]> wrote in message
news:3f5744c1$[email protected]..
>
Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URLadmins
user name and password. I want to be able to interface this connection toaccess
the LDAP and make changes to user information within in the ldap. Rightnow in
my code I make a connection to the LDAP and supply the same user name andpassword
set up in the LDAP security realm. I want to be able to rather thenre-supply
the URL and user name and password in my code I want to be able to justget that
(or create a connection simil;ar to a jdbc connection pool) connection tothe
LDAP that configured in the Security Realm. Is this possible? And howwould I
go about it if so?
Thanks
Sjb
Maybe you are looking for
-
How can i add subfolders in the mailsystem to classified my mails
how can i add subfolders in the mailsystem to classified my mails similar to outlook. Somebody with idea?-
-
Spectrasonics & Third Party Instruments
I just upgraded from Pro 6 to Logic 8 , and I can't seem to get it to recognize any of my spectrasonics instruments. After creating a new instrument, no third party software shows up in the list of instruments, only the Apple instruments. I've tried
-
I want to return by product. What phone number do I call.
-
Need to Unpair from Logitech 880 Every Time I "Watch Apple TV"
Hi, I set up a "Watch Apple TV" activity for the first time today on my Logitech 880 remote. One problem I am seeing is that every time I select "off" on the Logitech to end the activity and then turn the activity back "on" again, I need to choose "u
-
RH8: How do I choose a stylesheet to apply for all topics?
I have a RH project created by importing a FrameMaker doc (foo.fm). All (most, but I'm not going to worry about that) of the topics came in okay, and a stylesheet was created and added to my Project Manager: "foo.css". Now, I have a different .css fi