One custom security realm for many wl servers?
Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server.
Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server.
Similar Messages
-
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
Accessing Custom Security Realm and NotOwnerException.
I have installed the RDBMS example security realm, which appears to work fine. However when I attempt to access this realm from a Servlet via Realm.getRealm("name") I get an NotOwnerException being thrown.
Ideas ?
regards,
Jeff.We did something similar in a past project, and it turned out to be more of a mess than
it was worth it (not only the "chicken-egg" dilemma with system, guest, administrator
users, etc., but also with various lookup and threading issues.) We ended up ripping
out the code and writing a new one which does not use an EJB.
EJB are supposed to be written in terms of container services (which security being one
of the services the container provides) but in this scenario you'd be writing one of the
container services in terms of EJBs, so it "breaks" the proper layering.
In our case, we wanted to "encapsulate" our security code from Weblogic's propreitary
realm mechanism, at the end we still achieved without having to create a session bean
(sometimes regular Java classes work just fine) :-)
regards,
-Ade
"watscheck" <[email protected]> wrote in message news:[email protected]..
>
Hi,
i want to use a sessonEJB as my security store for the custom security realm in
weblogic server 6.1.
Has anyone experience with that?
First i have to pass all filerealm users through my custom realm (csr) because
it is not possible to authenticate the system and guest users before the sessionEJB
itself is loaded.
OK, but my problem is the authentication of the csr at the sessionEJB, which is
itself secured by method-permission in it's assemblydesciptor. So i have to get
an initialcontext with an authorized user for the sessionEJB an invoke all protected
methods with this principal.
But Bea WLS has a problem with propagating this user back to the actual application.
Is there a way that the application (web-app and ejbs) is not affected by the
authentification of the csr at the sessionEJB (security store)?
And is it right that the new initialcontext in the csr always overrides the bea
context and with that the servlet request of the web-app?
thanks in advance
watscheck -
What is the best way to deploy/update custom security realm classes to WLS 6.0?
From the WLS 6.0 console, I see that I can specify the Java class that
implements my custom security realm but I am wondering what is the best way
to deploy/update this code. I don't see a way to do this from the console.
Does this mean that I have to manually copy the class files over that
implement my custom security realm?Thanks Danut,
A jar file seems to be a good way to package it up but it sounds like it
still needs to be manually copied to each Weblogic server install directory
post-installation and whenever it is updated. I thought it would be nice to
be able to deploy/update the custom security realm by uploading it through
the Console just as you can with web applications and EJBs.
Brian
"Danut Prisacaru" <[email protected]> wrote in message
news:3aba2db0$[email protected]..
You have to have your Custom Realm class in the class path. I usually havea
jar file with all the Custom Realm classes and that jar I copy it in thelib
folder. Then I modify "startWebLogic.cmd" and I add to the classpath
".\lib\CustomRealm.jar"
set
CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar;.\lib\CustomRealm.jar;
>
Be aware that in order to have you custom realm besides creating thecustom
realm using the console you also have to create a custom caching andchoose
that one as your default caching realm.
Here is how the security settings are looking in my "config.xml"
<CustomRealm Name="CustomRealm"
RealmClassName="Custom.appserver.weblogic.security.CustomRealm"/>
<CachingRealm BasicRealm="CustomRealm" CacheCaseSensitive="true"
Name="CustomCachingRealm"/>
<Realm CachingRealm="CustomCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_realm"/>
<FileRealm Name="wl_default_file_realm"/>
<Security GuestDisabled="false"
Name="mydomain" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm"/>
Danut -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
Sample Security realm for OpenLDAP and WLS7
Hello,
I would like to set up WLS 7 so it uses the Oracle implementation of OpenLDAP.
I am looking for a Custom Security Provider for OpenLDAP for WLS7. I can not use
the embedded LDAP as it does not allow me to programatically create new users.
If anyone has a sample implementation, please send it to me. I would really appreciate
it.
Thanks
GavinIt is possible to create new users programatically in embedded LDAP. Here
is an example
package test.jmx;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import weblogic.jndi.Environment;
import weblogic.management.*;
import weblogic.management.security.authentication.*;
import weblogic.security.providers.authentication.*;
import javax.management.*;
import weblogic.management.configuration.*;
import weblogic.management.runtime.*;
import java.util.*;
public class Test {
public static void main(String[] args) {
String url = "t3://localhost:7001"; //URL of the Administration server
String username = "weblogic";
String password = "weblogic";
MBeanHome home = null;
SecurityConfigurationMBean conBean;
weblogic.management.security.RealmMBean realmBean;
AuthenticationProviderMBean authBean;
AuthenticationProviderMBean[] authBeans;
DefaultAuthenticatorMBean defBean;
try {
Environment env = new Environment();
env.setSecurityPrincipal(username);
env.setSecurityCredentials(password);
env.setProviderUrl(url);
Context ctx = env.getInitialContext();
home = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
System.out.println("Got the MBeanHome: " + home);
System.out.println("\n\n");
WebLogicObjectName objName = new
WebLogicObjectName("mydomain:Name=mydomain,Type=SecurityConfiguration");
conBean = (SecurityConfigurationMBean) home.getMBean(objName);
System.out.println("Security configuration MBean: " + conBean);
System.out.println("\n\n"); realmBean = conBean.findDefaultRealm();
System.out.println("Got the default realm: " + realmBean);
System.out.println("\n\n");
authBeans = realmBean.getAuthenticationProviders(); //is it the
defaultAuthenticationProviderMBean???
defBean = (DefaultAuthenticatorMBean)authBeans[0];
defBean.createUser("test","weblogic","just a test of wls70 security");
System.out.println("\ncreate successfully!");
System.out.println("\n\n");
} catch (Exception e) { e.printStackTrace(); } } }
"Gavin" <[email protected]> wrote in message
news:[email protected]...
>
Hello,
I would like to set up WLS 7 so it uses the Oracle implementation ofOpenLDAP.
I am looking for a Custom Security Provider for OpenLDAP for WLS7. I cannot use
the embedded LDAP as it does not allow me to programatically create newusers.
>
If anyone has a sample implementation, please send it to me. I wouldreally appreciate
it.
Thanks
Gavin -
How can i open my iphone if some one but wrong password for many time?
how can i open my iphone if some one but wrong password for many time (i want my files) ?
See here
http://support.apple.com/kb/HT1212 -
Hi,
I have different sets of users coming from different databases and using different
roles mapping for each of my web applications. I would like to configure a specific
security realm per application in my weblogic server 7.0 . Is it possible ?
I try to specify the realm-name of the login-config tag from the web-xml deployement
descriptor but it doesn't make any difference. The default realm is always used.
I also would like to tell the Weblogic server to use the default realm in case
the realm isn't specified or isn't found. For example, the default would contains
my admin users.
Thanks a lot for your answer.
IzI thik this is a common mistake the ralm-name tag in the deployment descriptor is used
just by the browser for display purposes (when it opens the basic auth dialog box) so as
of now there is only 1 active realm which can have multiple providers as Kevin pointed
out
Kevin Lewis wrote:
WebLogic 7 now ignores the realm-name tag (I found that out yesterday).
My understanding is that there is only one realm active at a time for a domain
(I would be interested in being contradicted in this).
However, you can have multiple providers in each category of a realm: authentication,
authorization, etc. Therefore, what you can do is key authentication, et al,
off of some other information. We have our users enter their company, for example,
and use the TextInputCallback to get it. You could also encode something in the
initial page, based on the URL they hit, or whatever, and get that back in your
callback.
You can store that information in your own Principal implementation, and key off
of that in your authorization provider, going to a different database as appropriate,
or abstaining when a specific provider doesn’t have anything to say about a subject.
Anyway, there should be a way to do it, even if it's more complex than you would
have hoped.
--Kevin -
Proper security realm for ecommerce user
I would like to use j2ee security on our ecommerce site (isUserInRole, getUserPrincipal,
web.xml declarative functionality to protect resources), but my problem is not
knowing what security realm to I use to manage the user. The site has thousands
of users and they need the ability to create an account which will determine their
"role" based on what membership fee they paid. After they have an account they
can login an have access to sections of the site that are permitted to them based
on role. All the examples I've seen about weblogic security is using LDAPs or
their internal RDMS. How can I have weblogic use our own database or is there
a best practice to accomplish the task I need? Any information would be helpful!!It sounds like you have many users in your database, but not that many roles
& policies.
Probably you can use the DefaultRoleMapper and DefaultAuthorizer for your
roles & policies.
You need a database based authentication provider. Check out the sample
dbms authentication provider on the dev2dev center:
http://dev2dev.bea.com/codelibrary/code/sec_rdbms.jsp
-tm
"fed " <[email protected]> wrote in message
news:4010111d$[email protected]..
>
I would like to use j2ee security on our ecommerce site (isUserInRole,getUserPrincipal,
web.xml declarative functionality to protect resources), but my problem isnot
knowing what security realm to I use to manage the user. The site hasthousands
of users and they need the ability to create an account which willdetermine their
"role" based on what membership fee they paid. After they have an accountthey
can login an have access to sections of the site that are permitted tothem based
on role. All the examples I've seen about weblogic security is usingLDAPs or
their internal RDMS. How can I have weblogic use our own database or isthere
a best practice to accomplish the task I need? Any information would behelpful!! -
How to configure security realm for Active Directory ?
Hi,
Can any body suggest how to configure security realm in weblogic 8.1
I have simple login page where in user can enter his credentials, and i have MS-Active Directory where we maintain all users.
users who loged into web application has to be authenticated from Active Directory.
please suggest what are the steps that we need to follow
thanks in advanceHi Sankar,
You can login to the weblogic server admin console and create a new realm.
Once you have created the realm you can add the authentication provider.You add the Active Authentication Provider.But you must have the the configuration inforamation of MS AD.You can read my blog http://dev2dev.bea.com/blog/bishnu_kumar/
where the integration is with iPlanet LDAP.Steps will be similar.
You must have a login portlet in your portal application and that should have been in accordance with j2ee security standards.For example you may use basic authentication or userlogin control or p13n API
Regards
Bishnu -
Configure security realm for external Access Manager in App server 8.1
Hi All,
I would like to protect my j2ee application using access manager running on an external host.
I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
external host & port of AM is:
http://svrd234d.dnn.com.au:58765
Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
classname="com.sun.amagent.as.realm.AgentRealm"
property name="jaas-context" value="agentRealm"
property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
property name="hostURL " value="http://svrd234d.dnn.com.au:58765"Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
Jerry -
Groups possible for many managed servers?
Hi,
we have to manage 30+ servers in 6 different locations.
In Microsoft Remote Desktop for Mac V 8.0.15 there is only one main group called "My Desktops" and all servers are listed in this group. I don't see a function to add more groups to have a ordered list. Is this possible?Hi,
Sorry to say but still there is no such way to add other group in ordered list.
Thanks for your understanding!
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
How to set up different realms for each server ?
I am using weblogic 6 sp1.I have a domain with several servers. i want to assoicate or use different custom security realm for each server.However -on weblogic console- there is no 'Target' tab in the Security node ,and no way to set up multiple Security nodes.How ca i do this (or can i)?
Main reason why is this:
Imagine situation I have 2 servers A and B both of them bellongs to domain SomeDomain.
Server A is as WebServer and server B hosts all EJBs. And server A is outside
firewall (does not have DB access). But i would like to use RDBMS realm so what
to do in this situation. Place both servers in different domains and in server
A install proxy realm for RDBS realm ?
"Tom Moreau" <[email protected]> wrote:
>
You can't have a different realm for each
server. There is only one realm for all
servers - think of it as there is only
one set of authentication & authorization
information (that is users/groups/permissions)
and it applies to all servers.
Why do you want each server to have its
own realm? If someone tries to log in,
do you want WLS to automatically route
them to a server who is capable of logging
them in? I'm having trouble understanding
why you want this feature.
Thanks,
-Tom Moreau
Rachel <[email protected]> wrote:
I am using weblogic 6 sp1.I have a domain with several servers. i want
to assoicate or use different custom security realm for each server.However
-on weblogic console- there is no 'Target' tab in the Security node
,and no way to set up multiple Security nodes.How ca i do this (or can
i)? -
JSF 2.0 Custom security tag
We are migrating a JSF 1.2 application to JSF 2.0. Earlier we have developed a custom security by extending BodyTagSupport. In JSF 2.0 I have replaced BodyTagSupport with TagSupport and no compilation issues. In my taglib.xml if I configure this Tag with a handler-class[Which is how it was earlier] While running I am getting a class cast exception of not able to cast to TagHandler and If I configure this tag as component[I extended UIComponentELTag] I am getting error message as not able to cast to UIComponent.
Has any one developed a custom security tag, for examle check user role and if allowed dynamically display set of buttons or skip the particualr body part completely. By doStartTag()[EVAL_BODY_INCLUDE/SKIP_BODY]?
Edited by: user11864278 on Apr 14, 2011 1:07 PMWe are not extending TagHandler, I am trying to develop a custom EL Body tag that was earlier done with BodyTagSupport in JSF 1.2. In JSF 2.0 I believe I need to do this by extedning FacetTag in JSF 2.0, when I extend FacetTag and register it as a <handler-class> in taglib.xml I get a TagHandler class cast exception, as by default any Tag configured as Handler-class get cast into TAGHANDLER in JSF 2.0.
To make my question better, How can I develop a custom tag extending FacetTag? -
Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan
Maybe you are looking for
-
In accounting tab, The valuation category is looking grey - Materail exten
I extended the material to a new plant, But i see a field in gray(Valuation category) in Accounting tab in MM01 or MM02 I can see values in the field. How do i make active, so that, i can enter a valuation category. - Sudhir Krishna Kumar Singh
-
How To Clearing GL Account Open Items for Prepaid Tax
Dear All, I have a problem to do cleaaring Open GL GL Aaccount items for Prepaid Tax. I'am using currency USD for transaction. I did a clearing with Tcode F-03. By the time the error appears Simulate "The Difference is too large" What should I do to
-
Public abstract interface FilterConfig
public abstract interface FilterConfig what is this class actually . is it abstract class or interface?
-
Pointer disappears when changing displays
Often when I have been working on my PB at the office, then put it to sleep and take it home and plug it into my 20" display and wake it up, there is no mouse pointer visible on the screen. The windows I was working on will have transferred to the bi
-
Disk utility and diskutil information doesn't match.
I'm trying to figure out the layout on one of my mac's. I've been doing unix for about 20 years, but have only just recently started using MAC OS. $ diskutil list /dev/disk0 #: TYPE NAME SIZE IDENTIFIER