OWSM security for a OSB service- authenticate from weblogic security realms
Hello,
I have a requirement to add security to a OSB service.
The user details are configured in weblogic security realms. lets say there are ten different users.
I need to protect my osb service using OWSM policy & the policy should be configured to authenticate the user from realms.
I am new to OWSM & wondering if this is possible?
Can the experts please direct me to any docs or steps?
Thanks
Ganesh
Hi,
Thanks for the links.
I followed the blog and configured it using oracle/wss_username_token_service_policy.
Now my requirement is to send the username,password from proxy to business and to the BPEL. (the bpel needs this username /password & and in header)
The issue I am facing is the proxy service is not sending the soap header details to business service.
I dont want to make the proxy as passthrough. (ie set Process WS-Security Header to NO)
I have to authorize on proxy level and then send the same credential details to business service?
So the question is, how can I retrieve the header after osb process it?
Can anyone please help me here?
Thanks
Ganesh
Similar Messages
-
Completely different AMF request packets for same remote service call from Flex to PHP using ZendAMF
I was trying to debug why one of the remote-services in our Flex application was failing randomly. What I found was interesting. Completely different AMF request packets were sent for same remote service call from Flex to PHP.
When the service call succeeds the AMF request packet looks like the following:
POST /video/flex/bin-debug/gateway.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Cookie: PHPSESSID=j6u30i8uu6c3cvp8f4kipcpf05
Referer: http://localhost/video/flex/bin-debug/main.swf/[[DYNAMIC]]/5
Content-type: application/x-amf
C ontent-length: 305
Flex Message (flex.messaging.messages.RemotingMessage) operation = getMemberFromEvent clientId = 2F997CD0-7D08-8D09-1A9B-0000422676C8 destination = MembereventService messageId = B46AB58D-2241-83F0-41E4-9FE745565492 timestamp = 0 timeToLive = 0 body = [ 280 ] hdr(DSId) = nil
And when the service fails the AMF request packet looks like this:
ServiceRequest: getMemberFromEvent; RemoteService; getMemberFromEvent
(mx.messaging.messages::RemotingMessage)#0
body = (Array)#1
[0] 250
clientId = "1AA4FAAB-AEA5-8109-4B0D-000002B3A9A1"
destination = "MembereventService"
headers = (Object)#2
DSEndpoint = (null)
DSId = "nil"
messageId = "2F92E6C0-FE92-A09B-B150-9FE2F28D9738"
operation = "getMemberFromEvent"
source = "MembereventService"
timestamp = 0
timeToLive = 0
Also, following is the error message on Flex when the service fails:
{Fault code=Channel.Call.Failed, Fault string=error, Fault detail=NetConnection.Call.Failed: HTTP: Failed, Destination=MembereventService}
We are using Swiz as the micro-architecture for Flex development and Zend AMF for remoting between Flex and PHP.
Any ideas what is wrong here, what is causing Flex to send different request packets for the same service & what I can do to fix it?Hi, I know that your post is almost 5 years ago, but have you found the solution to this issue?
Thanks. -
How to add security for Azure Cloud Service?
Hi,
We have build some API's in azure cloud service.
We want to add security for Azure Cloud Service.
How to add security for Azure Cloud Service?Hi Santhosh,
You may add security for your API's by using:
Mutual certificate authentication
Using OAuth 2.0
Manage developer accounts
Regards,
Manu Rekhar -
Error while "Enabling Security for Oracle Management Service"
Hi,
I have installed OEM 10GR1 on Solaris 9. I am using 9.2.0 database for repository.
My first installation of OEM and agent went smoothly, and everything was working fine.
Then, I tried to follow configurating security for Grid Control Framework. I got following error:
/oracle/app/oracle/product/10gEM>cd bin
/oracle/app/oracle/product/10gEM/bin>./emctl secure oms
Oracle Enterprise Manager 10g Release 10.1.0.3.0.
Copyright (c) 1996, 2004 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root Password :
Enter Agent Registration password :
Enter a Hostname for this OMS :
Checking Repository... Done.
Checking Repository for an existing Enterprise Manager Root Key... Done.
Generating Enterprise Manager Root Key (this takes a minute)... Done.
Fetching Root Certificate from the Repository... Done.
Generating Registration Password Verifier in the Repository... Done.
Generating Oracle Wallet Password for Enterprise Manager OMS... Done.
Generating Oracle Wallet for Enterprise Manager OMS...Missing /oracle/app/oracle/product/10gEM/sysman/wallets/oms.uxtora1/ewallet.p12
:/oracle/app/oracle/product/10gEM/bin>
Please help.Thanks for response. I had temp space full issue with repository database. After bouncing database, the temp tablespace became empty, and the secure operation went smooth.
-
JAAS authenticate from weblogic fails
I'm trying to use JAAS to authenticate a login from a webapp in weblogic, and by
using the t3 address of another weblogic server (the portal).
The result is :
LoginException: no LoginModule configured for WokupPortal
(translated from french)
"WokupPortal" is the name I'm using in a file jaas.conf declare both in -Djava.security.auth.login.config
and in java.security and using the weblogic.security.auth.login.UsernamePasswordLoginModule.
So, I really don't know why it fails since the same code from a simple Java client
works (with weblogic.jar).Hi,
Thanks for the links.
I followed the blog and configured it using oracle/wss_username_token_service_policy.
Now my requirement is to send the username,password from proxy to business and to the BPEL. (the bpel needs this username /password & and in header)
The issue I am facing is the proxy service is not sending the soap header details to business service.
I dont want to make the proxy as passthrough. (ie set Process WS-Security Header to NO)
I have to authorize on proxy level and then send the same credential details to business service?
So the question is, how can I retrieve the header after osb process it?
Can anyone please help me here?
Thanks
Ganesh -
Hi everyone,
Scenario :
I want to securise a web service with SSL.
I want to call this web service with Java standalone class (not servlet, JSP,...).
Here is what I've done :
1) I created a web service with "Secure SOAP" option.
2) I created a <u>Standalone Proxy</u>.
3) I created a Java Standalone client and tried to call the web service.
Here is the code :
public static void main(String[] args) {
try {
Hello1WebServiceImpl service = new Hello1WebServiceImpl();
Hello1WebServiceViDocument port = (Hello1WebServiceViDocument)service.getLogicalPort();
System.out.println(port.sayHello1());
} catch (Exception e) {
e.printStackTrace();
Here is the exception :
java.rmi.RemoteException: Service call exception; nested exception is:
java.net.ConnectException: Connection timed out: connect
at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:80)
at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:88)
at SampleComponent.main(SampleComponent.java:23)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at java.net.Socket.<init>(Socket.java:309)
at java.net.Socket.<init>(Socket.java:124)
at iaik.security.ssl.SSLSocket.<init>(Unknown Source)
at com.sap.engine.services.webservices.jaxm.soap.SSLUtilImpl.createSSLSocket(SSLUtilImpl.java:43)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:500)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:422)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:384)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getRequestStream(HTTPTransport.java:337)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:433)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1117)
at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:73)
... 2 more
Can someone please tell me the steps I must follow ?
Thanks in advance.
Message was edited by: David FrydaIve ran into similar proples using normal ssl over http and the issues were with my environmet configuration ... yours may be with somthing totally different... but i fixed my probs by adding the folling code before creating the connection.
java.security.Provider provider[] =
java.security.Security.getProviders();
for (int i = 0; i < provider.length; i++) {
java.security.Security.removeProvider(
provider<i>.getName());
java.security.Security.insertProviderAt(
new com.sun.net.ssl.internal.ssl.Provider(), 2);
java.security.Security.insertProviderAt(
new sun.security.provider.Sun(), 1);
System.setProperty(
"java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
you can also accomplish this by modifying the java.security file found in \jre\lib\security directory.
Also because this is a stand alone app be sure to have all the necessary jar files in you classpath ... you can accomplish this by using the -classpath option when calling your program or by moving the files into you \bin\lib\ext directory; -
Information to user who creates PR for spare parts & service PR from order.
Hi experts,
Is there any standard workflow available by which the maintenance user will get message in his SAP inbox , whether material has been recieved for the Purchase requisition created through maintenance order as well as manual PR by t-code ME51N.
Also whether payment has been done to the vendor or not for the service PR created through maintenance order by the maintenance user.
Please through some rays on this.thanks in advance .
rgds
rajibHi Rajib,
It is possible with std work flow trigger Business object BUS2045
(Inspection Lot) but nees to have used for QM quality Module.
inspaection lot created wvent will activate work flow to creator ID.
Also the same can be used for other application like outlook for information by Std functionlity.
you may need to take help from your ABAP Team.
Regards,
Ramesh -
Enable PDF security for PDF output of reports from Answers
In BI publisher, We have options to enable PDF output security like diable printing, Encryption etc, How do we set such options under Oracle Answers. I would like to enable security control for PDF output for all the reports from Oracle Asnwers.
HardeepNot supported.
-
Security for General Object Services
Trying to restrict authorizations for GOS at the document type level.
We are currently in 4.6c. We are using the authorization object S_WFAR_OBJ to restrict document type, object type, and the activity level. This authorization object works as expected when a user goes into tcode OAWD(SAP ArchiveLink: Store documents) but if a user goes into another tcode such as XK03(Display vendor (centrally) the user can then attach for any document type using the Global Object Services icon.
Does anyone have any suggestions on how to control what document types when using the GOS icon?
Thanks
EricEric,
Try this as it will work for you.
Using T-code SE16 view table TACTZ
This will tell you the valid activites ACTVT for you auth object
Now it should be possible to change the one you don't want in T-code XK03
Let me know if you want me to eleborate. -
Im having issues with security for my apple id trying to change security questions
Having some major issues, apple isn't letting me get to my security questions that I'm trying to change though I remember my answers it isnt accepting them so I go to my id page , and I cant get past it, Is there any way to pass the lock out screen after I wait this eight hours?
Hello John0620,
Thanks for the question. If you do not remember the answers to your security questions please refer to the following article:
Apple ID: All about Apple ID security questions
http://support.apple.com/kb/HT5665
What should I do if I don't remember the answers to my Apple ID security questions?
Try answering them at least once to see if you can get them right, even if you are not sure you remember the answers to your security questions.
If you are confident you can't remember them, try one of the following:
If you have three security questions and a rescue email address
- sign in to My Apple ID and select the Password and Security tab to send an email to your rescue email address to reset your security questions and answers.
If you have one security question and you know your Apple ID password
- sign in to My Apple ID and select the Password and Security tab to reset your security question.
If you have one security question, but don't remember your Apple ID password
- contact Apple Support for assistance. Learn more about creating a temporary support PIN to help Apple confirm your identity when you contact Apple Support.
If you continue to have issues, please contact our Account Security Team as outlined in this article:
Apple ID: Contacting Apple for help with Apple ID account security
http://support.apple.com/kb/HT5699
Thanks,
Matt M. -
OSB - Service Invocation instance response times
Hi,
In my research and discussion with OSB vendor team, I found there is no product feature to gather statistics on per invocation response times for a OSB service.
My requirement is to gather per invocation response time of service. I am contemplating few ways of doing this
1. Java call outs before the start and end of service.
Downside of this approach is in my composite service (composing 10 biz services) with challenging response time requirements, it might be a over head to wrap each biz service with java call outs for measurements. Any thots?
2. There is a report feature in OSB. How about using SNMP traps for reporting the start and ends. I am wondering if this is any better than java call outs which might be synchronous I/O operation.
Do you folks see alternate approaches?
TIAI think that generally it's not a good idea to modify production logic (code or configuration) to gather any statistics. It may look simple, but there is still possibility of unexpected failure that would cause failure of your service. Not to mention complexity of such a step.*
I totally agree.
This kind of data should be gathered from your infrastructure components. I know that OSB doesn't provide such a feature, but if you have your services published on HTTP protocol, than you can always use some kind of proxy server. In our company, we use feature-rich Apache HTTP server for many reasons. Response time logging is one of such reasons.*
Interesting. Thanks. This approach might help gather stats on the Proxy services. However the biz services composed inside proxy may not get the stats.
Another possibility is to use a specialized component. I think that OWSM can be useful. However, I don't have any experience with it and it could be overkill considering your needs. http://www.oracle.com/technology/products/webservices_manager/index.html*
We are looking into OWSM, as you rightly said, wanted to keep it simple without OWSM.
Thanks -
Dear All,
I have one statement int weblogic 5.1 weblogic.propertis as follow,
weblogic.security.realmClass=com.tbcn.security.realm.TestRealm
but after converting to weblogic 6.1 there are no corresponding statement in
the file config.xml. And when i start the new application, error occured.
what should I do?
The error message is:
<2001/8/27 am 11:33:42> <Notice> <Management> <Loading configuration file
.\config\tbcn\config.xml
<2001/8/27 am 11:33:49> <Emergency> <Server> <Unable to initialize the
server: 'Fatal initializatio
Throwable: java.lang.NullPointerException
java.lang.NullPointerException
at
weblogic.security.SecurityService.initializeRealm(SecurityService.java:261)
at
weblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:385)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
'>
The WebLogic Server did not start up properly.
Exception raised: java.lang.NullPointerException
java.lang.NullPointerException
at
weblogic.security.SecurityService.initializeRealm(SecurityService.java:261)
at
weblogic.security.SecurityService.initialize(SecurityService.java:115)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:385)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exceptionDear Satya,
My weblogic propertis file as follow,
# CORE PROPERTIES
# You should set these before you start the WebLogic Server the first time.
# If you need more instructions on individual properties in this
# section, check the same section in the Optional Properties, where
# we've left the long explanations. Or, better yet, go to our
# website and read all about properties, at:
# http://www.weblogic.com/docs51/admindocs/properties.html
# CORE SYSTEM PROPERTIES
# TCP/IP port number at which the WebLogic Server listens for connections
weblogic.system.listenPort=7001
# CORE SECURITY-RELATED PROPERTIES
# Read important information about security at:
# http://www.weblogic.com/docs51/admindocs/properties.html
# REQUIRED: The system password MUST be set in order to start the
# WebLogic Server. This password is case-sensitive, at least 8 characters.
# The username for the privileged user is ALWAYS "system".
# This username and password also includes httpd access (see
# HTTPD properties below).
weblogic.password.system=12345678
# RECOMMEND Set to 'everyone' if HTTPD is enabled
weblogic.allow.execute.weblogic.servlet=everyone
# Set individual ACLs to restrict access to HTTP-related resources,
# such as the Administration servlets.
# To make your own servlets generally available, follow this
# pattern (provide a weblogic.allow.execute) for your packages and
# set ACLs as appropriate.
# CORE SECURITY-RELATED PROPERTIES FOR SSL
# Read important information about SSL at:
# http://www.weblogic.com/docs51/classdocs/API_secure.html
# Enable SSL
# (default if property not defined is false)
weblogic.security.ssl.enable=true
# SSL listen port
weblogic.system.SSLListenPort=7002
# Servlets for SSL
# Authentication servlet for creating tokens for applets
weblogic.httpd.register.authenticated=weblogic.t3.srvr.ClientAuthenticationS
ervlet
# Limits number of unclaimed stored tokens
weblogic.security.certificateCacheSize=3
# Capture CA root of client servlet
weblogic.httpd.register.AdminCaptureRootCA=admin.AdminCaptureRootCA
# Certificates for SSL
# Name of acceptable CA roots
# For client authentication change value to a valid .pem file
#weblogic.security.clientRootCA=SecureServerCA.pem
# Server certificates for SSL
weblogic.security.certificate.server=democert.pem
weblogic.security.key.server=demokey.pem
weblogic.security.certificate.authority=ca.pem
# registration for certificate generator servlet
weblogic.httpd.register.Certificate=utils.certificate
weblogic.allow.execute.weblogic.servlet.Certificate=system
# CORE HTTPD ADMINISTRATIVE PROPERTIES
# True permits the HTTPD to run (default)
# Uncomment this property to disable HTTPD
#weblogic.httpd.enable=false
# If authentication is required, add username/password for each user
# who will be included in an ACL, as in this commented-out example:
#weblogic.password.peter=#8gjsL4*
# SYSTEM PROPERTIES
# System properties in this section are set to system defaults
# Performance pack. The shared library must be accessible from your
# PATH (NT) or from your shared library path (UNIX; the name of the
# variable varies: LD_LIBRARY_PATH, SHLIB_PATH, etc.)
weblogic.system.nativeIO.enable=true
# Outputs logging information to the console as well as to the log file
weblogic.system.enableConsole=true
# Sets the directory or URL for the WebLogic Admin help pages
# The help pages are shipped in the "docs/adminhelp" directory, in the
# default document root in public_html
weblogic.system.helpPageURL=/weblogic/myserver/public_html/docs51/adminhelp/
# If you prefer to access the most recent help pages, you can do so online
# by commenting out the previous property and uncommenting this one:
#weblogic.system.helpPageURL=http://www.weblogic.com/docs51/adminhelp/
# Properties for tuning the server's performance
# Number of WebLogic Server execute threads.
weblogic.system.executeThreadCount=15
# Other optional system properties
# Limits size of weblogic.log (in K) and versions old log
weblogic.system.maxLogFileSize=1024
# Adjust minimum length of password
weblogic.system.minPasswordLen=8
# UNIX only: If running on port 80 on UNIX, enable the setUID program
#weblogic.system.enableSetUID=false
# UNIX only: Unprivileged user to setUID to after starting up
# WebLogic Server on port 80
#weblogic.system.nonPrivUser=nobody
# CLUSTER-SPECIFIC PROPERTIES
# Cluster-specific properties in this section are set to system defaults.
# CLUSTER USERS: Note that ALL Cluster-specific properties should be set
# in the per-cluster properties file ONLY.
# Time-to-live (number of hops) for the cluster's multicast messages
# (default 1, range 1-255).
#weblogic.cluster.multicastTTL=1
# Sets the load-balancing algorithm to be used between
# replicated services if none is specified. If not specified,
# round-robin is used.
#weblogic.cluster.defaultLoadAlgorithm=round-robin
# SERVER-SPECIFIC CLUSTER PROPERTIES
# Cluster-related properties in this section are set to system defaults.
# CLUSTER USERS: Note that these server-specific cluster-related properties
# should be set in the per-server properties file ONLY.
# Sets the weight of the individual server for the weight-based
load-balancing.
# Range is 0 - 100.
# Larger numbers increase the amount of traffic routed to this server.
#weblogic.system.weight=100
# SYSTEM STARTUP FILES - Examples
# CLUSTER USERS: Note that ONLY startup registrations for pinned RMI
# objects should be registered in the per-server properties file.
# All other startup classes should be registered in the per-cluster
# properties file.
# For more info on writing and using startup file, see the
# Developers Guide "Writing a WebLogic Client application," at
# http://www.weblogic.com/docs51/classdocs/API_t3.html
# Register a startup class by giving it a virtual name and
# supplying its full pathname.
#weblogic.system.startupClass.[virtual_name]=[full_pathname]
# Add arguments for the startup class
#weblogic.system.startupArgs.[virtual_name]={argname]=[argvalue]
# This example shows the entry for examples/t3client/StartupQuery.java
#weblogic.system.startupClass.doquery=examples.t3client.StartupQuery
#weblogic.system.startupArgs.doquery=\
# query=select * from emp,\
# db=jdbc:weblogic:pool:demoPool
# SYSTEM SHUTDOWN FILES - Examples
# For more info on writing and using shutdown file, see the
# Developers Guide "Writing a WebLogic Client application," at
# http://www.weblogic.com/docs51/classdocs/API_t3.html
# Register a shutdown class by giving it a virtual name and
# supplying its full pathname.
#weblogic.system.shutdownClass.[virtual_name]=[full_pathname]
# Add arguments for the shutdown class
#weblogic.system.shutdownArgs.[virtualName]={argname]=[argvalue]
# This example shows the entry for examples/t3client/ShutdownTest.java
#weblogic.system.shutdownClass.ShutdownTest=examples.t3client.ShutdownTest
#weblogic.system.shutdownArgs.ShutdownTest=\
# outfile=c:/temp/shutdown.log
# SECURITY-RELATED PROPERTIES FOR WORKSPACES
# For backward compatibility, the following entries disable Access
# Control on Workspaces
weblogic.allow.read.weblogic.workspace=everyone
weblogic.allow.write.weblogic.workspace=everyone
# JOLT FOR WEBLOGIC PROPERTIES
# These properties configure a BEA Jolt connection pool for use with
# the simpapp and bankapp examples, and register a servlet for use with
# with the simpapp example. The default server address provided here
# points to a public TUXEDO server that is hosted by BEA for use with
# this example.
# Servlet registration for simpapp example:
#weblogic.httpd.register.simpapp=examples.jolt.servlet.simpapp.SimpAppServle
t
# Pool creation and cleanup
# note this example is set up to work with the public
# demo TUXEDO server available from BEA's website:
#weblogic.system.startupClass.demojoltpoolStart=\
# bea.jolt.pool.servlet.weblogic.PoolManagerStartUp
#weblogic.system.startupArgs.demojoltpoolStart=\
# poolname=demojoltpool,\
# appaddrlist=//beademo1.beasys.com:8000,\
# failoverlist=//beademo1.beasys.com:8000,\
# minpoolsize=1,\
# maxpoolsize=3
#weblogic.system.shutdownClass.demojoltpoolStop=\
# bea.jolt.pool.servlet.weblogic.PoolManagerShutDown
#weblogic.system.shutdownArgs.demojoltpoolStop=\
# poolname=demojoltpool
# WEBLOGIC ENTERPRISE CONNECTIVITY PROPERTIES
# The registrations enable a BEA IIOP connection pool and
# register servlets for use with the simpapp and university examples.
# Configure for your environment and uncomment to use.
# Uncommenting these properties requires WebLogic Enterprise Connectivity
# and an operating WebLogic Enterprise Server.
# Servlet registration for simpapp servlet example
#weblogic.httpd.register.SimpappServlet=\
# examples.wlec.servlets.simpapp.SimpappServlet
#weblogic.allow.execute.weblogic.servlet.SimpappServlet=everyone
# Servlet registration for simpapp EJB example
# (You'll need to add the wlec_ejb_simpapp.jar to the
# weblogic.ejb.deploy property in this file.)
#weblogic.httpd.register.ejbSimpappServlet=\
# examples.wlec.ejb.simpapp.ejbSimpappServlet
#weblogic.allow.execute.weblogic.servlet.ejbSimpappServlet=everyone
# Pool creation and cleanup for the simpapp example
#weblogic.CORBA.connectionPool.simplepool=\
# appaddrlist=//wlehost:2468,\
# failoverlist=//wlehost:2468,\
# minpoolsize=2,\
# maxpoolsize=3,\
# username=wleuser,\
# userrole=developer,\
# domainname=simpapp
# Servlet registration for university Servlet example:
#weblogic.httpd.register.UniversityServlet=\
# examples.wlec.servlets.university.UniversityServlet
#weblogic.allow.execute.weblogic.servlet.UniversityServlet=everyone
# Pool creation and cleanup for the University example:
#weblogic.CORBA.connectionPool.Univpool=\
# appaddrlist=//wlehost:2498,\
# failoverlist=//wlehost:2498,\
# minpoolsize=2,\
# maxpoolsize=3,\
# username=wleuser,\
# userrole=developer,\
# apppassword=wlepassword,\
# domainname=university
# WEBLOGIC FILE PROPERTIES
# Maps a volume name to a path, for client file read/write
#weblogic.io.fileSystem.[volumeName]=[fullPathName]
# WEBLOGIC JMS DEMO PROPERTIES
# CLUSTER USERS: Note that ALL JMS deployment should be done in the
# per-cluster properties file ONLY.
# You set up a JDBC connection pool if you want persistent messages
# (including durable subscriptions). To use JMS and EJBs in the same
# transaction, both must use the same JDBC connection pool. Uncomment
# the following property to use the default JDBC connection pool
# 'demo', which is defined in the Demo connection pool section of this file.
#weblogic.jms.connectionPool=demoPool
# The JMS Webshare example demonstrates how the ClientID for a
# durable subscriber is configured in the connection factory:
#weblogic.jms.topic.webshareTopic=jms.topic.webshareTopic
#weblogic.jms.connectionFactoryName.webshare=jms.connection.webshareFactory
#weblogic.jms.connectionFactoryArgs.webshare=ClientID=webshareUser
#weblogic.httpd.register.webshare=examples.jms.webshare.WebshareServlet
# The JMS trader example shows how to use JMS with an EJB. In addition
# to uncommenting the following properties, you must also set up and
# deploy the EJB example examples.ejb.basic.statelessSession.Trader in
# ejb_basic_statelessSession.jar to try out this JMS example:
#weblogic.jms.topic.exampleTopic=javax.jms.exampleTopic
#weblogic.jms.connectionFactoryName.trader=jms.connection.traderFactory
#weblogic.jms.connectionFactoryArgs.trader=ClientID=traderReceive
#weblogic.httpd.register.jmstrader=examples.jms.trader.TraderServlet
# Registers the underlying servlet
#weblogic.httpd.register.jmssender=examples.jms.sender.SenderServlet
# These properties are used with the ServerReceive JMS example,
# which demonstrates how to establish a JMS message consumer
# in a startup class:
#weblogic.system.startupClass.serverReceive=\
# examples.jms.startup.ServerReceive
#weblogic.system.startupArgs.serverReceive=\
# connectionFactory=javax.jms.TopicConnectionFactory,\
# topic=javax.jms.exampleTopic
# These properties are used with the PoolReceive JMS example,
# which demonstrates how to establish a pool of JMS message consumers
# in a startup class:
#weblogic.system.startupClass.poolReceive=\
# examples.jms.startup.PoolReceive
#weblogic.system.startupArgs.poolReceive=\
# connectionFactory=javax.jms.TopicConnectionFactory,\
# topic=javax.jms.exampleTopic
#weblogic.allow.create.weblogic.jms.ServerSessionPool=everyone
# WEBLOGIC RMI DEMO PROPERTIES
# CLUSTER USERS: Note that pinned RMI objects should be registered
# in the per-server properties file ONLY. All other RMI startup
# classes should be registered in the per-cluster properties file.
# Remote classes registered at startup after the pattern:
#weblogic.system.startupClass.[virtualName]=[fullPackageName]
# These examples can be compiled to see RMI in action. Uncomment to use:
#weblogic.system.startupClass.hello=examples.rmi.hello.HelloImpl
#weblogic.system.startupClass.multihello=examples.rmi.multihello.HelloImpl
#weblogic.system.startupClass.stock=examples.rmi.stock.StockServer
# WEBLOGIC EJB DEMO PROPERTIES
# CLUSTER USERS: Note that ALL EJB deployment should be done in the
# per-cluster properties file ONLY.
# See WebLogic Demo Connection Pool below for a connection pool
# to use with these examples.
# Deploys EJBeans. Uncomment the appropriate lines below and
# modify DBMS-related info and paths to match your particular installation:
# TBCN EJB PROPERTIES
weblogic.ejb.deploy=\
C:/weblogic/myserver/AccountSB.jar, \
C:/weblogic/myserver/AddressEntryDet.jar, \
C:/weblogic/myserver/AddressEntry.jar, \
C:/weblogic/myserver/Affiliate.jar, \
C:/weblogic/myserver/ContactPerson.jar, \
C:/weblogic/myserver/ContactSB.jar, \
C:/weblogic/myserver/Factory.jar, \
C:/weblogic/myserver/FactorySups.jar, \
c:/weblogic/myserver/LoginUsers.jar, \
c:/weblogic/myserver/Member.jar, \
c:/weblogic/myserver/MemberQuotaUsage.jar,\
c:/weblogic/myserver/MemberToCategory.jar,\
c:/weblogic/myserver/Organization.jar, \
c:/weblogic/myserver/Person.jar, \
c:/weblogic/myserver/QuotaType.jar,\
c:/weblogic/myserver/Registration.jar, \
c:/weblogic/myserver/TempAccounts.jar, \
c:/weblogic/myserver/TempDomain.jar, \
c:/weblogic/myserver/UserAccount.jar, \
c:/weblogic/myserver/UserRole.jar, \
c:/weblogic/myserver/BuyerProducts.jar, \
c:/weblogic/myserver/Catalog.jar, \
c:/weblogic/myserver/Categories.jar, \
c:/weblogic/myserver/CategoryToCategory.jar, \
c:/weblogic/myserver/CountryToCategory.jar, \
c:/weblogic/myserver/InvitedMember.jar, \
c:/weblogic/myserver/ProductOrigin.jar, \
c:/weblogic/myserver/ProductOtherFee.jar,\
c:/weblogic/myserver/ProductSups.jar, \
c:/weblogic/myserver/Products.jar,\
c:/weblogic/myserver/ProductToCategory.jar, \
c:/weblogic/myserver/SecondaryQcEntry.jar, \
c:/weblogic/myserver/CodeClass.jar,\
c:/weblogic/myserver/ConfirmationSB.jar, \
c:/weblogic/myserver/PurchasedPackage.jar,\
c:/weblogic/myserver/RejectReasonCode.jar, \
c:/weblogic/myserver/ServiceOrder.jar,\
c:/weblogic/myserver/ServiceOrderLog.jar,\
c:/weblogic/myserver/ServiceOrderState.jar,\
c:/weblogic/myserver/ServiceOrderType.jar,\
c:/weblogic/myserver/ServicePackageDetails.jar, \
c:/weblogic/myserver/ServicePackage.jar, \
c:/weblogic/myserver/ServicePayment.jar, \
c:/weblogic/myserver/ServiceReqSB.jar, \
c:/weblogic/myserver/TAM.jar, \
c:/weblogic/myserver/SubscriptionEB.jar, \
c:/weblogic/myserver/PostingCategoryEB.jar, \
c:/weblogic/myserver/PostingBrowsedEB.jar, \
c:/weblogic/myserver/PostingInfoEB.jar, \
c:/weblogic/myserver/TransactionLogEB.jar, \
c:/weblogic/myserver/PostingSB.jar
#weblogic.ejb.deploy=\
# d:/weblogic/myserver/ejb_basic_beanManaged.jar, \
# d:/weblogic/myserver/ejb_basic_containerManaged.jar, \
# d:/weblogic/myserver/ejb_basic_statefulSession.jar, \
# d:/weblogic/myserver/ejb_basic_statelessSession.jar, \
# d:/weblogic/myserver/ejb_extensions_finderEnumeration.jar, \
# d:/weblogic/myserver/ejb_extensions_readMostly.jar, \
# d:/weblogic/myserver/ejb_subclass.jar, \
# d:/weblogic/myserver/jolt_ejb_bankapp.jar
# Servlet used by the EJB basic beanManaged example
# Uncomment to use:
weblogic.httpd.register.beanManaged=\
examples.ejb.basic.beanManaged.Servlet
# Add a list of users (set the password with
weblogic.password.[username]=XXX)
# to set an ACL for this servlet:
#weblogic.allow.execute.weblogic.servlet.beanManaged=user1,user2,etc
#weblogic.password.user1=user1Password
#weblogic.password.user2=user2Password
# WEBLOGIC XML DEMO PROPERTIES
# These properties are required to run the XML examples.
# Uncomment to use.
# CLUSTER USERS: Note that ALL servlets should be set up
# in the per-cluster properties file ONLY.
#weblogic.httpd.register.StockServlet=examples.xml.http.StockServlet
# BizTalk example properties
#weblogic.jms.queue.tradeIncoming=biztalk.jms.tradeIncoming
#weblogic.jms.queue.tradeError=biztalk.jms.tradeError
#weblogic.httpd.register.BizTalkServer=examples.xml.biztalk.BizHttpProtocolA
dapter
#weblogic.httpd.initArgs.BizTalkServer=bizQueue=biztalk.jms.tradeIncoming
# WEBLOGIC ZAC DEMO PROPERTIES
# These registrations enable the ZAC Publish Wizard.
weblogic.zac.enable=true
# Set the publish root for a WebLogic Server. Edit and
# uncomment to use.
#weblogic.zac.publishRoot=d:/weblogic/zac
# Set an ACL for each package you publish. The [name] is
# the "Package name" you assign in the ZAC Publish Wizard.
# Publish a package, edit this property, and uncomment to use.
#weblogic.allow.read.weblogic.zac.[name]=[user list]
#weblogic.allow.write.weblogic.zac.[name]=system
# HTTPD ADMINISTRATIVE PROPERTIES
# Enables logging of HTTPD info in common log format and
# sets the log file name (default is "access.log" in "myserver")
weblogic.httpd.enableLogFile=true
weblogic.httpd.logFileName=access.log
# Tracks HTTPD requests with events delivered to WEBLOGIC.LOG.HTTPD
weblogic.httpd.enableEvents=false
# Enables HTTP sessions
weblogic.httpd.session.enable=true
# Sets an optional cookie name. The default name is "WebLogicSession".
# Prior to version 4.0, the default was "TengahSession". To make
# this backward compatible with cookies generated from previous
# installations, you should set this property to "TengahSession".
# Uncomment this line and set this to any string of your choice,
# or comment out this property to use the default.
#weblogic.httpd.session.cookie.name=WebLogicSession
# MIME types
weblogic.httpd.mimeType.text/html=html,htm
weblogic.httpd.mimeType.image/gif=gif
weblogic.httpd.mimeType.image/jpeg=jpeg,jpg
weblogic.httpd.mimeType.application/pdf=pdf
weblogic.httpd.mimeType.application/zip=zip
weblogic.httpd.mimeType.application/x-java-vm=class
weblogic.httpd.mimeType.application/x-java-archive=jar
weblogic.httpd.mimeType.application/x-java-serialized-object=ser
weblogic.httpd.mimeType.application/octet-stream=exe
weblogic.httpd.mimeType.text/vnd.wap.wml=wml
weblogic.httpd.mimeType.text/vnd.wap.wmlscript=wmls
weblogic.httpd.mimeType.application/vnd.wap.wmlc=wmlc
weblogic.httpd.mimeType.application/vnd.wap.wmlscriptc=wmlsc
weblogic.httpd.mimeType.image/vnd.wap.wbmp=wbmp
# In seconds, the keep-alive for HTTP and HTTPS requests
weblogic.httpd.http.keepAliveSecs=60
weblogic.httpd.https.keepAliveSecs=120
# WEBLOGIC JDBC DRIVER PROPERTIES
# Enables JDBC driver logging and sets the file name for the log
# The weblogic.jdbc.logFile is placed in the per-server
# directory (default is "myserver")
weblogic.jdbc.enableLogFile=false
weblogic.jdbc.logFileName=jdbc.log
# WEBLOGIC JDBC CONNECTION POOL MANAGEMENT
# CLUSTER USERS: Note that ALL JDBC connection pools should be set up
# in the per-cluster properties file ONLY.
# For creating JDBC connection pools. This example shows a connection
# pool called "oraclePool" that allows 3 T3Users "guest," "joe," and "jill"
# to use 4 JDBC connections (with a potential for up to 10 connections,
# incremented by two at a time, with a delay of 1 second between each
# attempt to connect to the database), to an Oracle database server called
# "DEMO." If more than 4 connections are opened, after 15 minutes, unused
# connections are dropped from the pool until only 4 connections remain
open.
# Every 10 minutes, any unused connections in the pool are tested and
# refreshed if they are not viable.
#weblogic.jdbc.connectionPool.oraclePool=\
# url=jdbc:weblogic:oracle,\
# driver=weblogic.jdbc.oci.Driver,\
# loginDelaySecs=1,\
# initialCapacity=4,\
# maxCapacity=10,\
# capacityIncrement=2,\
# allowShrinking=true,\
# shrinkPeriodMins=15,\
# refreshMinutes=10,\
# testTable=dual,\
# props=user=SCOTT;password=tiger;server=DEMO
# Get more details on each argument for this property in the
# Administrators Guide on setting properties at:
# http://www.weblogic.com/docs51/admindocs/properties.html
# Set up ACLs for this connection pool with the following:
weblogic.allow.reserve.weblogic.jdbc.connectionPool.oraclePool=everyone
# guest,joe,jill
#weblogic.allow.reset.weblogic.jdbc.connectionPool.oraclePool=\
# joe,jill
#weblogic.allow.shrink.weblogic.jdbc.connectionPool.oraclePool=\
# joe,jill
# This property is an ACL that specifies the users who can
# create dynamic connection pools:
#weblogic.jdbc.connectionPoolcreate.admin=joe,jill
# Read more about setting up and using connection pools in the
# developers guide for WebLogic JDBC at:
# http://www.weblogic.com/docs51/classdocs/API_jdbct3.html#T5a
# TBCN JDBC CONNECTION POOL MANAGEMENT
weblogic.jdbc.connectionPool.oraclePool=\
url=jdbc:oracle:thin:@202.109.102.151:1521:tbcn,\
driver=oracle.jdbc.driver.OracleDriver,\
loginDelaySecs=1,\
initialCapacity=2,\
maxCapacity=10,\
capacityIncrement=2,\
allowShrinking=true,\
shrinkPeriodMins=15,\
refreshMinutes=10,\
testTable=dual,\
props=user=tbcn;password=ca91768
weblogic.allow.reserve.weblogic.jdbc.connectionPool.oraclePool=everyone
weblogic.jdbc.TXDataSource.oracleDataSource=oraclePool
weblogic.jdbc.DataSource.oracleReadOnlyDataSource=oraclePool
# WEBLOGIC DEMO CONNECTION POOL PROPERTIES
# CLUSTER USERS: Note that ALL JDBC connection pools should be set up
# in the per-cluster properties file ONLY.
# This connection pool uses the sample Cloudscape database shipped
# with WebLogic. Used by the EJBean, JHTML, JSP and JMS examples.
# Uncomment to use:
#weblogic.jdbc.connectionPool.demoPool=\
# url=jdbc:cloudscape:demo,\
# driver=COM.cloudscape.core.JDBCDriver,\
# initialCapacity=1,\
# maxCapacity=2,\
# capacityIncrement=1,\
# props=user=none;password=none;server=none
# Add a TXDataSource for the connection pool:
#weblogic.jdbc.TXDataSource.weblogic.jdbc.jts.demoPool=demoPool
# Add an ACL for the connection pool:
#weblogic.allow.reserve.weblogic.jdbc.connectionPool.demoPool=everyone
# WEBLOGIC HTTP SERVLET PROPERTIES
# CLUSTER USERS: Note that ALL servlets should be set up
# in the per-cluster properties file ONLY.
# WebLogic offers different types of servlets for various uses.
# Classpath servlet registration
# The ClasspathServlet is used to serve classes from
# the system CLASSPATH. It is used by applets to load
# classes they depend upon, and is registered against
# the virtual name 'classes' here by default. This means
# you should set your applet codebase to "/classes".
# You can register multiple virtual names for this servlet.
# Note that it can also be used to serve other
# resources/files from the system CLASSPATH.
# Don't confuse the ClasspathServlet with the ServletServlet. The
# ClasspathServlet is used for serving classes for client-side Java only.
# The ServletServlet is used to invoke unregistered servlets.
# See the Administrators Guide "Setting up WebLogic as an HTTP server"
# http://www.weblogic.com/docs51/admindocs/http.html#classfile for more
info.
weblogic.httpd.register.classes=weblogic.servlet.ClasspathServlet
# We also set an open ACL for everyone to call the ClasspathServlet
# so that applets work without requiring further changes.
weblogic.allow.execute.weblogic.servlet.classes=everyone
# File servlet registration
# FileServlet searches below the documentRoot for the requested file
# and serves it if found. If the requested file is a directory,
# FileServlet will append the defaultFilename to the requested path
# and serve that file if found.
weblogic.httpd.register.file=weblogic.servlet.FileServlet
weblogic.httpd.initArgs.file=defaultFilename=index.html
weblogic.httpd.indexFiles=zh_TW/index.htm
# ServerSideInclude servlet registration
# SSIServlet searches below the documentRoot for the
# requested .shtml file and serves it if found.
weblogic.httpd.register.*.shtml=weblogic.servlet.ServerSideIncludeServlet
# Example URL: http://localhost:7001/portside/welcome.shtml
# for the file /weblogic/myserver/public_html/portside/welcome.shtml
# PageCompileServlet (used by JHTML)
# See the information below under WebLogic JHTML
# JSPServlet (used by JSP)
# See the information below under WebLogic JSP
# ServletServlet registration
# Allows unregistered servlets in the servlet classpath (see Servlet
# reload properties below) to be r -
Hello everyone,
I developed a Web Service prototype accessing remote EJB using the EJB
control with special syntax in the jndi-name attribute: @jws:ejb
home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
Everything works fine, but I get an error when I restrict access to my web
service with a declarative security model by implementing steps provided in
help doc:
- Define the web resource you wish to protect
- Define which security role is required to access the web resource
- Define which users are granted the required security role
- Configure WebLogic Server security for my web service(Compatibility
Security/Users)
I launch the service by entering the address in a web browser. When prompted
to accept the digital certificate, click Yes, when prompted for network
authentication information, enter username and password, navigate to the
Test Form tab of Test View, invoke the method by clicking the button and I
get the following exception:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed
for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
</detail>
</error>
I have a simple Hello method as well in my WebService (which is also
restricted) and it works fine, but remote EJB access doesn't. I tested my
prototype on Weblogic 7.2 and 8.1 platforms - same result.
Is that a bug or I am missing some additional configuration in order to get
that working. Has anyone seen similar behavior? Is there a known resolution?
Or a suggested way to work around the problem?
Thank you.
AndreAndre,
It would be best if this issue is handled as an Eval Support case. Please
BEA Customer Support at http://support.beasys.com along with the required
files, and request that an Eval support case be created for this issue.
Thanks
Raj Alagumalai
WebLogic Workshop Support
"Andre Shergin" <[email protected]> wrote in message
news:[email protected]...
Anurag,
I removed "t3", still get an error but a different one (Unable to create
InitialContext:null):
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
create InitialContext:null]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
create InitialContext:null] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetVisaHistoryTransactions.getVisaHistoryTxn(GetVisaHistoryTransactions
.jws:67) </jwErrorDetail>
</detail>
</error>
Note: inter-domain communication is configured properly. The Web Service to
remote EJB works fine without a declarative security.
Any other ideas?
Thank you for your help.
Andre
"Anurag" <[email protected]> wrote in message
news:[email protected]...
Andre,
It seems you are using the URL
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB
whereas you should not be specifying the "t3:" protocol.
The URL should be like
jndi://secuser1:[email protected]:7131/AccountDelegatorEJB
Please do let me know if you see any issues with this.
Note that this will only allow you to access remote EJBs in the same WLS
domain. For accessing EJBs on another domain, you need to configure
inter-domain communication by
following a few simple steps as mentioned at
http://e-docs.bea.com/wls/docs81/ConsoleHelp/jta.html#1106135. This link has
been provided in the EJB Control Workshop documentation.
Regards,
Anurag
"Andre Shergin" <[email protected]> wrote in message
news:[email protected]...
Raj,
I tried that before, it didn't help. I got similar error message:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
failed for
name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB]</faultstr
ing>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
lookup from
jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
failed for
name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
</detail>
</error>
Anything else should I try?
P.S. AccountDelegatorEJB, the remote EJB my Web Service calls is NOTaccess
restricted.
I hope there is a solution.
Thanks,
Andre
"Raj Alagumalai" <[email protected]> wrote in message
news:[email protected]...
Andre,
Can you try using the following url with username and password
jndi://username:password@host:7001/my.resource.jndi.object ?
once you add webapp level security, the authenticated is the user who
invokes the EJB.
http://e-docs.bea.com/workshop/docs81/doc/en/workshop/guide/controls/ejb/con
CreatingANewEJBControl.html?skipReload=true
has more info on using remote EJB's.
Hope this helps.
Thanks
Raj Alagumalai
WebLogic Workshop Support
"Alla Resnik" <[email protected]> wrote in message
news:[email protected]...
Hello everyone,
I developed a Web Service prototype accessing remote EJB using the EJB
control with special syntax in the jndi-name attribute: @jws:ejb
home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
Everything works fine, but I get an error when I restrict access to my
web
service with a declarative security model by implementing steps
provided
in
help doc:
- Define the web resource you wish to protect
- Define which security role is required to access the web resource
- Define which users are granted the required security role
- Configure WebLogic Server security for my web service(Compatibility
Security/Users)
I launch the service by entering the address in a web browser. Whenprompted
to accept the digital certificate, click Yes, when prompted for
network
authentication information, enter username and password, navigate tothe
Test Form tab of Test View, invoke the method by clicking the buttonand
I
get the following exception:
<error>
<faultcode>JWSError</faultcode>
<faultstring>Error during JNDI lookup from
jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
<detail>
<jwErrorDetail> weblogic.jws.control.ControlException: Error during
JNDI
lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookupfailed
for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
8) at
weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
.java:220) at
weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260)at
ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64)</jwErrorDetail>
</detail>
</error>
I have a simple Hello method as well in my WebService (which is also
restricted) and it works fine, but remote EJB access doesn't. I testedmy
prototype on Weblogic 7.2 and 8.1 platforms - same result.
Is that a bug or I am missing some additional configuration in order
to
get
that working. Has anyone seen similar behavior? Is there a knownresolution?
Or a suggested way to work around the problem?
Thank you.
Andre -
Weblogic.security.service.NotYetInitializedException using JMX
Hi there,
I'm trying to use JMX to add a notification listener to listen for attribute changes to a WLS 8.1 MBean. My code when setting up the listener is as so:
String url = "t3://localhost:7001";
String serverName = "Server1";
String userName = "weblogic";
String password = "weblogic";
MBeanHome home = null;
RemoteMBeanServer rmbs = null;
Environment env = new Environment();
env.setProviderUrl(url);
env.setSecurityPrincipal(userName);
env.setSecurityCredentials(password);
try {
Context ctx = env.getInitialContext();
home = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
} catch (NamingException e) {
e.printStackTrace();
rmbs = home.getMBeanServer();
WLListener listener = new WLListener();
WebLogicObjectName mbeanName = new WebLogicObjectName("examplesServer", "Server", "examples");
rmbs.addNotificationListener(mbeanName, listener, null, null);This seems to work fine, I do not get any error messages. As you can see I'm using the server started through the examples, and I'm adding a notification listener to the ServerMBean.
My notification listener code is as so:
public void handleNotification(Notification notification, Object arg1) {
AttributeChangeNotification changedAttrib = (AttributeChangeNotification) notification;
try {
System.out.println("Changed value from: " + changedAttrib.getOldValue() + " to " + changedAttrib.getNewValue());
} catch (Exception ex) {
ex.printStackTrace();
public boolean isNotificationEnabled(Notification arg0) {
return true;
}Only when a notification happens and I call getOldValue() I get:
weblogic.security.service.NotYetInitializedException: [Security:090392]SecurityServiceManager not yet initialized.
at weblogic.security.service.SecurityServiceManagerDelegateImpl.getSecurityService(SecurityServiceManagerDelegateImpl.java:156)
at weblogic.security.service.SecurityServiceManager.getSecurityService(SecurityServiceManager.java:175)
at weblogic.management.internal.SecurityHelper.getRoleManager(SecurityHelper.java:402)
at weblogic.management.internal.SecurityHelper.access$100(SecurityHelper.java:54)
at weblogic.management.internal.SecurityHelper$IsAccessAllowedPrivilegeAction.run(SecurityHelper.java:493)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.management.internal.SecurityHelper.isAccessAllowed(SecurityHelper.java:393)
at weblogic.management.internal.AttributeChangeNotification.getOldValue(AttributeChangeNotification.java:136)
at com.xxxx.password.PasswordBme$WLListener.handleNotification(PasswordBme.java:76)
at com.xxxx.password.PasswordBme$WLListener_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)Is there a step I'm missing out? The entry for this message in the documentation suggests calling BEA support.Hi there,
I'm trying to use JMX to add a notification listener to listen for attribute changes to a WLS 8.1 MBean. My code when setting up the listener is as so:
String url = "t3://localhost:7001";
String serverName = "Server1";
String userName = "weblogic";
String password = "weblogic";
MBeanHome home = null;
RemoteMBeanServer rmbs = null;
Environment env = new Environment();
env.setProviderUrl(url);
env.setSecurityPrincipal(userName);
env.setSecurityCredentials(password);
try {
Context ctx = env.getInitialContext();
home = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
} catch (NamingException e) {
e.printStackTrace();
rmbs = home.getMBeanServer();
WLListener listener = new WLListener();
WebLogicObjectName mbeanName = new WebLogicObjectName("examplesServer", "Server", "examples");
rmbs.addNotificationListener(mbeanName, listener, null, null);This seems to work fine, I do not get any error messages. As you can see I'm using the server started through the examples, and I'm adding a notification listener to the ServerMBean.
My notification listener code is as so:
public void handleNotification(Notification notification, Object arg1) {
AttributeChangeNotification changedAttrib = (AttributeChangeNotification) notification;
try {
System.out.println("Changed value from: " + changedAttrib.getOldValue() + " to " + changedAttrib.getNewValue());
} catch (Exception ex) {
ex.printStackTrace();
public boolean isNotificationEnabled(Notification arg0) {
return true;
}Only when a notification happens and I call getOldValue() I get:
weblogic.security.service.NotYetInitializedException: [Security:090392]SecurityServiceManager not yet initialized.
at weblogic.security.service.SecurityServiceManagerDelegateImpl.getSecurityService(SecurityServiceManagerDelegateImpl.java:156)
at weblogic.security.service.SecurityServiceManager.getSecurityService(SecurityServiceManager.java:175)
at weblogic.management.internal.SecurityHelper.getRoleManager(SecurityHelper.java:402)
at weblogic.management.internal.SecurityHelper.access$100(SecurityHelper.java:54)
at weblogic.management.internal.SecurityHelper$IsAccessAllowedPrivilegeAction.run(SecurityHelper.java:493)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.management.internal.SecurityHelper.isAccessAllowed(SecurityHelper.java:393)
at weblogic.management.internal.AttributeChangeNotification.getOldValue(AttributeChangeNotification.java:136)
at com.xxxx.password.PasswordBme$WLListener.handleNotification(PasswordBme.java:76)
at com.xxxx.password.PasswordBme$WLListener_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)Is there a step I'm missing out? The entry for this message in the documentation suggests calling BEA support. -
Web services login from python
As described in a previous post, I'm trying to develop a thin client in python on a Raspberry PI that gets data from a Web Services program. I wrote a simple "Hello World" vi that requires authorization. If I access the URL from IE, Safari, etc, it gives me the Silverlight login screen, and then it works. If I write a simple client using the HTTP Get vi, it works. If I access the URL from Python:
r = requests.get("http://127.0.0.1:8001/DISE/hello"
auth=('username', 'password'))
I get 404. I've Read The Fine Manual. Suggestions?It seems to me that the responders to the OP do not, in fact, understand the issue at play here.
NI has two pieces of security for the web services: digital signing and authentication. The digitial signing is documented and the OP knows how to do this in python. The authentication is not documented anywhere I know of. The fact that it works in the browser does not mean anything. What happens with a browser request for a service which requires authentication is that the response is a new page with a Silverlight app to perform the authentication with the NI-auth service. The question the OP has is what goes on inside that Silverlight app? That was written by NI, not the browser developers, so it could be answered by the folks at NI and this is as good a place as any to request that info. The VIs referenced by the OP recreate the same functionality, presumably by calling into a CLFN.
In the meantime, here is some information that may or may not be of use. I used to use web services now and then, but issues like this (and the use of silverlight) drove me away eventually.
The NI-auth server apparently uses the SRP protocol to validate username/password combinations. You send a GET request to hostort/login?username=user. The response has a header which is something like 'X-NI-AUTH-PARAMS' with the server parameters for the SRP protocol in base-64 encoding. Then you send a POST request back to the login uri with the client parameters inside the body and the content type is 'application/x-www-form-urlencoded' If all goes well the final response from the server has a cookie which you can use in further requests.
You will have to play a bit to determine some details like which hash function is used inside the SRP protocol. The beauty of python is that hashlib, srp, and request modules are already there for you.
If you get it sorted out, let me know. I figured out enough to do some spoofing, I am curious to fill in the missing gaps. I'll try to dig into my old code some more for details.
Maybe you are looking for
-
PCM 10 Export Cost data via batch processes (BOM model)
Hi there, Is there a way to schedule batch processes to export PCM Cost data ? Regards.
-
Changing properties in JavaScript
<af:inputText id="it1" autoSubmit="false"> <af:clientListener type="valueChange" method="changed"/> </af:inputText> <af:commandButton text="Unchanged" id="cb1"/> <af:resource type="javascript"> function changed(event) { var it = event.getSource(); it
-
Differentiating between two opened pdfs in plugin.
hi, I have a digital signature creation and validation plugin which i wrote for acrobat 9 and above. I need to get the active pdf's file path at some points. To achieve this i have registered for AVDocDidOpen notification and from the AVDoc i get i e
-
"Adobe Premiere CC" free trial says "Go to Subscription Manager..."
I downloaded the "Adobe Premiere CC" free trial, and, when I try opening it, it says "Go to Subcription Manager to renew subscription"...?
-
Set isolatedHtmlContainer height when displaying portal page
Hi, I have a portal application which displays portal pages from the pcd in isolatedHtmlContainer. The page's content is dynamic so the height is not fixed and therefore in the page's properties the height's value set to 'Automatic' However, when wor