OWSM security for a OSB service- authenticate from weblogic security realms

Hello,
I have a requirement to add security to a OSB service.
The user details are configured in weblogic security realms. lets say there are ten different users.
I need to protect my osb service using OWSM policy & the policy should be configured to authenticate the user from realms.
I am new to OWSM & wondering if this is possible?
Can the experts please direct me to any docs or steps?
Thanks
Ganesh

Hi,
Thanks for the links.
I followed the blog and configured it using oracle/wss_username_token_service_policy.
Now my requirement is to send the username,password from proxy to business and to the BPEL. (the bpel needs this username /password & and in header)
The issue I am facing is the proxy service is not sending the soap header details to business service.
I dont want to make the proxy as passthrough. (ie set Process WS-Security Header to NO)
I have to authorize on proxy level and then send the same credential details to business service?
So the question is, how can I retrieve the header after osb process it?
Can anyone please help me here?
Thanks
Ganesh

Similar Messages

  • Completely different AMF request packets for same remote service call from Flex to PHP using ZendAMF

    I was trying to debug why one of the remote-services in our Flex application was failing randomly. What I found was interesting. Completely different AMF request packets were sent for same remote service call from Flex to PHP.
    When the service call succeeds the AMF request packet looks like the following:
    POST /video/flex/bin-debug/gateway.php HTTP/1.1
    Host: localhost
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Cookie: PHPSESSID=j6u30i8uu6c3cvp8f4kipcpf05
    Referer: http://localhost/video/flex/bin-debug/main.swf/[[DYNAMIC]]/5
    Content-type: application/x-amf
    C    ontent-length: 305
    Flex Message (flex.messaging.messages.RemotingMessage)     operation = getMemberFromEvent    clientId = 2F997CD0-7D08-8D09-1A9B-0000422676C8    destination = MembereventService    messageId = B46AB58D-2241-83F0-41E4-9FE745565492    timestamp = 0    timeToLive = 0    body =     [      280    ]    hdr(DSId) = nil
    And when the service fails the AMF request packet looks like this:
    ServiceRequest: getMemberFromEvent; RemoteService; getMemberFromEvent
    (mx.messaging.messages::RemotingMessage)#0
      body = (Array)#1
        [0] 250
      clientId = "1AA4FAAB-AEA5-8109-4B0D-000002B3A9A1"
      destination = "MembereventService"
      headers = (Object)#2
        DSEndpoint = (null)
        DSId = "nil"
      messageId = "2F92E6C0-FE92-A09B-B150-9FE2F28D9738"
      operation = "getMemberFromEvent"
      source = "MembereventService"
      timestamp = 0
      timeToLive = 0
    Also, following is the error message on Flex when the service fails:
    {Fault code=Channel.Call.Failed, Fault string=error, Fault detail=NetConnection.Call.Failed: HTTP: Failed, Destination=MembereventService}
    We are using Swiz as the micro-architecture for Flex development and Zend AMF for remoting between Flex and PHP.
    Any ideas what is wrong here, what is causing Flex to send different request packets for the same service & what I can do to fix it?

    Hi, I know that your post is almost 5 years ago, but have you found the solution to this issue?
    Thanks.

  • How to add security for Azure Cloud Service?

    Hi,
    We have build some API's in azure cloud service.
    We want to add security for Azure Cloud Service.
    How to add security for Azure Cloud Service?

    Hi Santhosh,
    You may add security for your API's by using:
    Mutual certificate authentication
    Using OAuth 2.0
    Manage developer accounts
    Regards,
    Manu Rekhar

  • Error while "Enabling Security for Oracle Management Service"

    Hi,
    I have installed OEM 10GR1 on Solaris 9. I am using 9.2.0 database for repository.
    My first installation of OEM and agent went smoothly, and everything was working fine.
    Then, I tried to follow configurating security for Grid Control Framework. I got following error:
    /oracle/app/oracle/product/10gEM>cd bin
    /oracle/app/oracle/product/10gEM/bin>./emctl secure oms
    Oracle Enterprise Manager 10g Release 10.1.0.3.0.
    Copyright (c) 1996, 2004 Oracle Corporation. All rights reserved.
    Enter Enterprise Manager Root Password :
    Enter Agent Registration password :
    Enter a Hostname for this OMS :
    Checking Repository... Done.
    Checking Repository for an existing Enterprise Manager Root Key... Done.
    Generating Enterprise Manager Root Key (this takes a minute)... Done.
    Fetching Root Certificate from the Repository... Done.
    Generating Registration Password Verifier in the Repository... Done.
    Generating Oracle Wallet Password for Enterprise Manager OMS... Done.
    Generating Oracle Wallet for Enterprise Manager OMS...Missing /oracle/app/oracle/product/10gEM/sysman/wallets/oms.uxtora1/ewallet.p12
    :/oracle/app/oracle/product/10gEM/bin>
    Please help.

    Thanks for response. I had temp space full issue with repository database. After bouncing database, the temp tablespace became empty, and the secure operation went smooth.

  • JAAS authenticate from weblogic fails

    I'm trying to use JAAS to authenticate a login from a webapp in weblogic, and by
    using the t3 address of another weblogic server (the portal).
    The result is :
    LoginException: no LoginModule configured for WokupPortal
    (translated from french)
    "WokupPortal" is the name I'm using in a file jaas.conf declare both in -Djava.security.auth.login.config
    and in java.security and using the weblogic.security.auth.login.UsernamePasswordLoginModule.
    So, I really don't know why it fails since the same code from a simple Java client
    works (with weblogic.jar).

    Hi,
    Thanks for the links.
    I followed the blog and configured it using oracle/wss_username_token_service_policy.
    Now my requirement is to send the username,password from proxy to business and to the BPEL. (the bpel needs this username /password & and in header)
    The issue I am facing is the proxy service is not sending the soap header details to business service.
    I dont want to make the proxy as passthrough. (ie set Process WS-Security Header to NO)
    I have to authorize on proxy level and then send the same credential details to business service?
    So the question is, how can I retrieve the header after osb process it?
    Can anyone please help me here?
    Thanks
    Ganesh

  • Security for a web service

    Hi everyone,
    Scenario :
    I want to securise a web service with SSL.
    I want to call this web service with Java standalone class (not servlet, JSP,...).
    Here is what I've done :
    1) I created a web service with "Secure SOAP" option.
    2) I created a <u>Standalone Proxy</u>.
    3) I created a Java Standalone client and tried to call the web service.
    Here is the code :
         public static void main(String[] args) {
              try {
              Hello1WebServiceImpl service = new Hello1WebServiceImpl();
              Hello1WebServiceViDocument port = (Hello1WebServiceViDocument)service.getLogicalPort();
              System.out.println(port.sayHello1());
              } catch (Exception e) {
                   e.printStackTrace();
    Here is the exception :
    java.rmi.RemoteException: Service call exception; nested exception is:
         java.net.ConnectException: Connection timed out: connect
         at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:80)
         at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:88)
         at SampleComponent.main(SampleComponent.java:23)
    Caused by: java.net.ConnectException: Connection timed out: connect
         at java.net.PlainSocketImpl.socketConnect(Native Method)
         at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
         at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
         at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
         at java.net.Socket.connect(Socket.java:452)
         at java.net.Socket.connect(Socket.java:402)
         at java.net.Socket.<init>(Socket.java:309)
         at java.net.Socket.<init>(Socket.java:124)
         at iaik.security.ssl.SSLSocket.<init>(Unknown Source)
         at com.sap.engine.services.webservices.jaxm.soap.SSLUtilImpl.createSSLSocket(SSLUtilImpl.java:43)
         at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:500)
         at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:422)
         at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:384)
         at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getRequestStream(HTTPTransport.java:337)
         at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:433)
         at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1117)
         at com.proxy.Config1BindingStub.sayHello1(Config1BindingStub.java:73)
         ... 2 more
    Can someone please tell me the steps I must follow ?
    Thanks in advance.
    Message was edited by: David Fryda

    Ive ran into similar proples using normal ssl over http and the issues were with my environmet configuration ... yours may be with somthing totally different... but i fixed my probs by adding the folling code before creating the connection. 
    java.security.Provider provider[] =
      java.security.Security.getProviders();
    for (int i = 0; i < provider.length; i++) {
      java.security.Security.removeProvider(
        provider<i>.getName());
    java.security.Security.insertProviderAt(
    new com.sun.net.ssl.internal.ssl.Provider(), 2);
    java.security.Security.insertProviderAt(
    new sun.security.provider.Sun(), 1);
    System.setProperty(
    "java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    you can also accomplish this by modifying the java.security file found in \jre\lib\security directory.
    Also because this is a stand alone app be sure to have all the necessary jar files in you classpath ... you can accomplish this by using the -classpath option when calling your program or by moving the files into you \bin\lib\ext directory;

  • Information to user who creates PR for spare parts & service PR from order.

    Hi experts,
    Is there any standard workflow available by which the maintenance user will get message in his SAP inbox , whether material has been recieved for the Purchase requisition created through maintenance order as well as manual PR by t-code ME51N.
    Also whether payment has been done to the vendor or not for the service PR created through maintenance order by the maintenance user.
    Please through some rays on this.thanks in advance .
    rgds
    rajib

    Hi Rajib,
    It is possible with std work flow trigger Business object BUS2045
    (Inspection Lot) but nees to have used for QM quality Module.
    inspaection lot created wvent will activate work flow to creator ID.
    Also the same can be used for other application like outlook for information by Std functionlity.
    you may need to take help from your ABAP Team.
    Regards,
    Ramesh

  • Enable PDF security for PDF output of reports from Answers

    In BI publisher, We have options to enable PDF output security like diable printing, Encryption etc, How do we set such options under Oracle Answers. I would like to enable security control for PDF output for all the reports from Oracle Asnwers.
    Hardeep

    Not supported.

  • Security for General Object Services

    Trying to restrict authorizations for GOS at the document type level.
    We are currently in 4.6c.  We are using the authorization object S_WFAR_OBJ to restrict document type, object type, and the activity level.  This authorization object works as expected when a user goes into tcode OAWD(SAP ArchiveLink: Store documents) but if a user goes into another tcode such as XK03(Display vendor (centrally) the user can then attach for any document type using the Global Object Services icon.
    Does anyone have any suggestions on how to control what document types when using the GOS icon?
    Thanks
    Eric

    Eric,
    Try this as it will work for you.
    Using T-code SE16 view table TACTZ
    This will tell you the valid activites ACTVT for you auth object
    Now it should be possible to change the one you don't want in T-code XK03
    Let me know if you want me to eleborate.

  • Im having issues with security for my apple id trying to change security questions

    Having some major issues, apple isn't letting me get to my security questions that I'm trying to change though I remember my answers it isnt accepting them so I go to my id page , and I cant get past it, Is there any way to pass the lock out screen after I wait this eight hours?

    Hello John0620,
    Thanks for the question. If you do not remember the answers to your security questions please refer to the following article:
    Apple ID: All about Apple ID security questions
    http://support.apple.com/kb/HT5665
    What should I do if I don't remember the answers to my Apple ID security questions?
    Try answering them at least once to see if you can get them right, even if you are not sure you remember the answers to your security questions.
    If you are confident you can't remember them, try one of the following:
    If you have three security questions and a rescue email address
         - sign in to My Apple ID and select the Password and Security tab to send an email to your rescue email address to reset your security questions and answers.
    If you have one security question and you know your Apple ID password
         - sign in to My Apple ID and select the Password and Security tab to reset your security question.
    If you have one security question, but don't remember your Apple ID password
         - contact Apple Support for assistance. Learn more about creating a temporary support PIN to help Apple confirm your identity when you contact Apple Support.
    If you continue to have issues, please contact our Account Security Team as outlined in this article:
    Apple ID: Contacting Apple for help with Apple ID account security
    http://support.apple.com/kb/HT5699
    Thanks,
    Matt M.

  • OSB - Service Invocation instance response times

    Hi,
    In my research and discussion with OSB vendor team, I found there is no product feature to gather statistics on per invocation response times for a OSB service.
    My requirement is to gather per invocation response time of service. I am contemplating few ways of doing this
    1. Java call outs before the start and end of service.
    Downside of this approach is in my composite service (composing 10 biz services) with challenging response time requirements, it might be a over head to wrap each biz service with java call outs for measurements. Any thots?
    2. There is a report feature in OSB. How about using SNMP traps for reporting the start and ends. I am wondering if this is any better than java call outs which might be synchronous I/O operation.
    Do you folks see alternate approaches?
    TIA

    I think that generally it's not a good idea to modify production logic (code or configuration) to gather any statistics. It may look simple, but there is still possibility of unexpected failure that would cause failure of your service. Not to mention complexity of such a step.*
    I totally agree.
    This kind of data should be gathered from your infrastructure components. I know that OSB doesn't provide such a feature, but if you have your services published on HTTP protocol, than you can always use some kind of proxy server. In our company, we use feature-rich Apache HTTP server for many reasons. Response time logging is one of such reasons.*
    Interesting. Thanks. This approach might help gather stats on the Proxy services. However the biz services composed inside proxy may not get the stats.
    Another possibility is to use a specialized component. I think that OWSM can be useful. However, I don't have any experience with it and it could be overkill considering your needs. http://www.oracle.com/technology/products/webservices_manager/index.html*
    We are looking into OWSM, as you rightly said, wanted to keep it simple without OWSM.
    Thanks

  • How to deal with security when migrating application from weblogic 5.1 to weblogic 6.1?

    Dear All,
    I have one statement int weblogic 5.1 weblogic.propertis as follow,
    weblogic.security.realmClass=com.tbcn.security.realm.TestRealm
    but after converting to weblogic 6.1 there are no corresponding statement in
    the file config.xml. And when i start the new application, error occured.
    what should I do?
    The error message is:
    <2001/8/27 am 11:33:42> <Notice> <Management> <Loading configuration file
    .\config\tbcn\config.xml
    <2001/8/27 am 11:33:49> <Emergency> <Server> <Unable to initialize the
    server: 'Fatal initializatio
    Throwable: java.lang.NullPointerException
    java.lang.NullPointerException
    at
    weblogic.security.SecurityService.initializeRealm(SecurityService.java:261)
    at
    weblogic.security.SecurityService.initialize(SecurityService.java:115)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:385)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
    at weblogic.Server.main(Server.java:35)
    '>
    The WebLogic Server did not start up properly.
    Exception raised: java.lang.NullPointerException
    java.lang.NullPointerException
    at
    weblogic.security.SecurityService.initializeRealm(SecurityService.java:261)
    at
    weblogic.security.SecurityService.initialize(SecurityService.java:115)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:385)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
    at weblogic.Server.main(Server.java:35)
    Reason: Fatal initialization exception

    Dear Satya,
    My weblogic propertis file as follow,
    # CORE PROPERTIES
    # You should set these before you start the WebLogic Server the first time.
    # If you need more instructions on individual properties in this
    # section, check the same section in the Optional Properties, where
    # we've left the long explanations. Or, better yet, go to our
    # website and read all about properties, at:
    # http://www.weblogic.com/docs51/admindocs/properties.html
    # CORE SYSTEM PROPERTIES
    # TCP/IP port number at which the WebLogic Server listens for connections
    weblogic.system.listenPort=7001
    # CORE SECURITY-RELATED PROPERTIES
    # Read important information about security at:
    # http://www.weblogic.com/docs51/admindocs/properties.html
    # REQUIRED: The system password MUST be set in order to start the
    # WebLogic Server. This password is case-sensitive, at least 8 characters.
    # The username for the privileged user is ALWAYS "system".
    # This username and password also includes httpd access (see
    # HTTPD properties below).
    weblogic.password.system=12345678
    # RECOMMEND Set to 'everyone' if HTTPD is enabled
    weblogic.allow.execute.weblogic.servlet=everyone
    # Set individual ACLs to restrict access to HTTP-related resources,
    # such as the Administration servlets.
    # To make your own servlets generally available, follow this
    # pattern (provide a weblogic.allow.execute) for your packages and
    # set ACLs as appropriate.
    # CORE SECURITY-RELATED PROPERTIES FOR SSL
    # Read important information about SSL at:
    # http://www.weblogic.com/docs51/classdocs/API_secure.html
    # Enable SSL
    # (default if property not defined is false)
    weblogic.security.ssl.enable=true
    # SSL listen port
    weblogic.system.SSLListenPort=7002
    # Servlets for SSL
    # Authentication servlet for creating tokens for applets
    weblogic.httpd.register.authenticated=weblogic.t3.srvr.ClientAuthenticationS
    ervlet
    # Limits number of unclaimed stored tokens
    weblogic.security.certificateCacheSize=3
    # Capture CA root of client servlet
    weblogic.httpd.register.AdminCaptureRootCA=admin.AdminCaptureRootCA
    # Certificates for SSL
    # Name of acceptable CA roots
    # For client authentication change value to a valid .pem file
    #weblogic.security.clientRootCA=SecureServerCA.pem
    # Server certificates for SSL
    weblogic.security.certificate.server=democert.pem
    weblogic.security.key.server=demokey.pem
    weblogic.security.certificate.authority=ca.pem
    # registration for certificate generator servlet
    weblogic.httpd.register.Certificate=utils.certificate
    weblogic.allow.execute.weblogic.servlet.Certificate=system
    # CORE HTTPD ADMINISTRATIVE PROPERTIES
    # True permits the HTTPD to run (default)
    # Uncomment this property to disable HTTPD
    #weblogic.httpd.enable=false
    # If authentication is required, add username/password for each user
    # who will be included in an ACL, as in this commented-out example:
    #weblogic.password.peter=#8gjsL4*
    # SYSTEM PROPERTIES
    # System properties in this section are set to system defaults
    # Performance pack. The shared library must be accessible from your
    # PATH (NT) or from your shared library path (UNIX; the name of the
    # variable varies: LD_LIBRARY_PATH, SHLIB_PATH, etc.)
    weblogic.system.nativeIO.enable=true
    # Outputs logging information to the console as well as to the log file
    weblogic.system.enableConsole=true
    # Sets the directory or URL for the WebLogic Admin help pages
    # The help pages are shipped in the "docs/adminhelp" directory, in the
    # default document root in public_html
    weblogic.system.helpPageURL=/weblogic/myserver/public_html/docs51/adminhelp/
    # If you prefer to access the most recent help pages, you can do so online
    # by commenting out the previous property and uncommenting this one:
    #weblogic.system.helpPageURL=http://www.weblogic.com/docs51/adminhelp/
    # Properties for tuning the server's performance
    # Number of WebLogic Server execute threads.
    weblogic.system.executeThreadCount=15
    # Other optional system properties
    # Limits size of weblogic.log (in K) and versions old log
    weblogic.system.maxLogFileSize=1024
    # Adjust minimum length of password
    weblogic.system.minPasswordLen=8
    # UNIX only: If running on port 80 on UNIX, enable the setUID program
    #weblogic.system.enableSetUID=false
    # UNIX only: Unprivileged user to setUID to after starting up
    # WebLogic Server on port 80
    #weblogic.system.nonPrivUser=nobody
    # CLUSTER-SPECIFIC PROPERTIES
    # Cluster-specific properties in this section are set to system defaults.
    # CLUSTER USERS: Note that ALL Cluster-specific properties should be set
    # in the per-cluster properties file ONLY.
    # Time-to-live (number of hops) for the cluster's multicast messages
    # (default 1, range 1-255).
    #weblogic.cluster.multicastTTL=1
    # Sets the load-balancing algorithm to be used between
    # replicated services if none is specified. If not specified,
    # round-robin is used.
    #weblogic.cluster.defaultLoadAlgorithm=round-robin
    # SERVER-SPECIFIC CLUSTER PROPERTIES
    # Cluster-related properties in this section are set to system defaults.
    # CLUSTER USERS: Note that these server-specific cluster-related properties
    # should be set in the per-server properties file ONLY.
    # Sets the weight of the individual server for the weight-based
    load-balancing.
    # Range is 0 - 100.
    # Larger numbers increase the amount of traffic routed to this server.
    #weblogic.system.weight=100
    # SYSTEM STARTUP FILES - Examples
    # CLUSTER USERS: Note that ONLY startup registrations for pinned RMI
    # objects should be registered in the per-server properties file.
    # All other startup classes should be registered in the per-cluster
    # properties file.
    # For more info on writing and using startup file, see the
    # Developers Guide "Writing a WebLogic Client application," at
    # http://www.weblogic.com/docs51/classdocs/API_t3.html
    # Register a startup class by giving it a virtual name and
    # supplying its full pathname.
    #weblogic.system.startupClass.[virtual_name]=[full_pathname]
    # Add arguments for the startup class
    #weblogic.system.startupArgs.[virtual_name]={argname]=[argvalue]
    # This example shows the entry for examples/t3client/StartupQuery.java
    #weblogic.system.startupClass.doquery=examples.t3client.StartupQuery
    #weblogic.system.startupArgs.doquery=\
    # query=select * from emp,\
    # db=jdbc:weblogic:pool:demoPool
    # SYSTEM SHUTDOWN FILES - Examples
    # For more info on writing and using shutdown file, see the
    # Developers Guide "Writing a WebLogic Client application," at
    # http://www.weblogic.com/docs51/classdocs/API_t3.html
    # Register a shutdown class by giving it a virtual name and
    # supplying its full pathname.
    #weblogic.system.shutdownClass.[virtual_name]=[full_pathname]
    # Add arguments for the shutdown class
    #weblogic.system.shutdownArgs.[virtualName]={argname]=[argvalue]
    # This example shows the entry for examples/t3client/ShutdownTest.java
    #weblogic.system.shutdownClass.ShutdownTest=examples.t3client.ShutdownTest
    #weblogic.system.shutdownArgs.ShutdownTest=\
    # outfile=c:/temp/shutdown.log
    # SECURITY-RELATED PROPERTIES FOR WORKSPACES
    # For backward compatibility, the following entries disable Access
    # Control on Workspaces
    weblogic.allow.read.weblogic.workspace=everyone
    weblogic.allow.write.weblogic.workspace=everyone
    # JOLT FOR WEBLOGIC PROPERTIES
    # These properties configure a BEA Jolt connection pool for use with
    # the simpapp and bankapp examples, and register a servlet for use with
    # with the simpapp example. The default server address provided here
    # points to a public TUXEDO server that is hosted by BEA for use with
    # this example.
    # Servlet registration for simpapp example:
    #weblogic.httpd.register.simpapp=examples.jolt.servlet.simpapp.SimpAppServle
    t
    # Pool creation and cleanup
    # note this example is set up to work with the public
    # demo TUXEDO server available from BEA's website:
    #weblogic.system.startupClass.demojoltpoolStart=\
    # bea.jolt.pool.servlet.weblogic.PoolManagerStartUp
    #weblogic.system.startupArgs.demojoltpoolStart=\
    # poolname=demojoltpool,\
    # appaddrlist=//beademo1.beasys.com:8000,\
    # failoverlist=//beademo1.beasys.com:8000,\
    # minpoolsize=1,\
    # maxpoolsize=3
    #weblogic.system.shutdownClass.demojoltpoolStop=\
    # bea.jolt.pool.servlet.weblogic.PoolManagerShutDown
    #weblogic.system.shutdownArgs.demojoltpoolStop=\
    # poolname=demojoltpool
    # WEBLOGIC ENTERPRISE CONNECTIVITY PROPERTIES
    # The registrations enable a BEA IIOP connection pool and
    # register servlets for use with the simpapp and university examples.
    # Configure for your environment and uncomment to use.
    # Uncommenting these properties requires WebLogic Enterprise Connectivity
    # and an operating WebLogic Enterprise Server.
    # Servlet registration for simpapp servlet example
    #weblogic.httpd.register.SimpappServlet=\
    # examples.wlec.servlets.simpapp.SimpappServlet
    #weblogic.allow.execute.weblogic.servlet.SimpappServlet=everyone
    # Servlet registration for simpapp EJB example
    # (You'll need to add the wlec_ejb_simpapp.jar to the
    # weblogic.ejb.deploy property in this file.)
    #weblogic.httpd.register.ejbSimpappServlet=\
    # examples.wlec.ejb.simpapp.ejbSimpappServlet
    #weblogic.allow.execute.weblogic.servlet.ejbSimpappServlet=everyone
    # Pool creation and cleanup for the simpapp example
    #weblogic.CORBA.connectionPool.simplepool=\
    # appaddrlist=//wlehost:2468,\
    # failoverlist=//wlehost:2468,\
    # minpoolsize=2,\
    # maxpoolsize=3,\
    # username=wleuser,\
    # userrole=developer,\
    # domainname=simpapp
    # Servlet registration for university Servlet example:
    #weblogic.httpd.register.UniversityServlet=\
    # examples.wlec.servlets.university.UniversityServlet
    #weblogic.allow.execute.weblogic.servlet.UniversityServlet=everyone
    # Pool creation and cleanup for the University example:
    #weblogic.CORBA.connectionPool.Univpool=\
    # appaddrlist=//wlehost:2498,\
    # failoverlist=//wlehost:2498,\
    # minpoolsize=2,\
    # maxpoolsize=3,\
    # username=wleuser,\
    # userrole=developer,\
    # apppassword=wlepassword,\
    # domainname=university
    # WEBLOGIC FILE PROPERTIES
    # Maps a volume name to a path, for client file read/write
    #weblogic.io.fileSystem.[volumeName]=[fullPathName]
    # WEBLOGIC JMS DEMO PROPERTIES
    # CLUSTER USERS: Note that ALL JMS deployment should be done in the
    # per-cluster properties file ONLY.
    # You set up a JDBC connection pool if you want persistent messages
    # (including durable subscriptions). To use JMS and EJBs in the same
    # transaction, both must use the same JDBC connection pool. Uncomment
    # the following property to use the default JDBC connection pool
    # 'demo', which is defined in the Demo connection pool section of this file.
    #weblogic.jms.connectionPool=demoPool
    # The JMS Webshare example demonstrates how the ClientID for a
    # durable subscriber is configured in the connection factory:
    #weblogic.jms.topic.webshareTopic=jms.topic.webshareTopic
    #weblogic.jms.connectionFactoryName.webshare=jms.connection.webshareFactory
    #weblogic.jms.connectionFactoryArgs.webshare=ClientID=webshareUser
    #weblogic.httpd.register.webshare=examples.jms.webshare.WebshareServlet
    # The JMS trader example shows how to use JMS with an EJB. In addition
    # to uncommenting the following properties, you must also set up and
    # deploy the EJB example examples.ejb.basic.statelessSession.Trader in
    # ejb_basic_statelessSession.jar to try out this JMS example:
    #weblogic.jms.topic.exampleTopic=javax.jms.exampleTopic
    #weblogic.jms.connectionFactoryName.trader=jms.connection.traderFactory
    #weblogic.jms.connectionFactoryArgs.trader=ClientID=traderReceive
    #weblogic.httpd.register.jmstrader=examples.jms.trader.TraderServlet
    # Registers the underlying servlet
    #weblogic.httpd.register.jmssender=examples.jms.sender.SenderServlet
    # These properties are used with the ServerReceive JMS example,
    # which demonstrates how to establish a JMS message consumer
    # in a startup class:
    #weblogic.system.startupClass.serverReceive=\
    # examples.jms.startup.ServerReceive
    #weblogic.system.startupArgs.serverReceive=\
    # connectionFactory=javax.jms.TopicConnectionFactory,\
    # topic=javax.jms.exampleTopic
    # These properties are used with the PoolReceive JMS example,
    # which demonstrates how to establish a pool of JMS message consumers
    # in a startup class:
    #weblogic.system.startupClass.poolReceive=\
    # examples.jms.startup.PoolReceive
    #weblogic.system.startupArgs.poolReceive=\
    # connectionFactory=javax.jms.TopicConnectionFactory,\
    # topic=javax.jms.exampleTopic
    #weblogic.allow.create.weblogic.jms.ServerSessionPool=everyone
    # WEBLOGIC RMI DEMO PROPERTIES
    # CLUSTER USERS: Note that pinned RMI objects should be registered
    # in the per-server properties file ONLY. All other RMI startup
    # classes should be registered in the per-cluster properties file.
    # Remote classes registered at startup after the pattern:
    #weblogic.system.startupClass.[virtualName]=[fullPackageName]
    # These examples can be compiled to see RMI in action. Uncomment to use:
    #weblogic.system.startupClass.hello=examples.rmi.hello.HelloImpl
    #weblogic.system.startupClass.multihello=examples.rmi.multihello.HelloImpl
    #weblogic.system.startupClass.stock=examples.rmi.stock.StockServer
    # WEBLOGIC EJB DEMO PROPERTIES
    # CLUSTER USERS: Note that ALL EJB deployment should be done in the
    # per-cluster properties file ONLY.
    # See WebLogic Demo Connection Pool below for a connection pool
    # to use with these examples.
    # Deploys EJBeans. Uncomment the appropriate lines below and
    # modify DBMS-related info and paths to match your particular installation:
    # TBCN EJB PROPERTIES
    weblogic.ejb.deploy=\
    C:/weblogic/myserver/AccountSB.jar, \
    C:/weblogic/myserver/AddressEntryDet.jar, \
    C:/weblogic/myserver/AddressEntry.jar, \
    C:/weblogic/myserver/Affiliate.jar, \
    C:/weblogic/myserver/ContactPerson.jar, \
    C:/weblogic/myserver/ContactSB.jar, \
    C:/weblogic/myserver/Factory.jar, \
    C:/weblogic/myserver/FactorySups.jar, \
    c:/weblogic/myserver/LoginUsers.jar, \
    c:/weblogic/myserver/Member.jar, \
    c:/weblogic/myserver/MemberQuotaUsage.jar,\
    c:/weblogic/myserver/MemberToCategory.jar,\
    c:/weblogic/myserver/Organization.jar, \
    c:/weblogic/myserver/Person.jar, \
    c:/weblogic/myserver/QuotaType.jar,\
    c:/weblogic/myserver/Registration.jar, \
    c:/weblogic/myserver/TempAccounts.jar, \
    c:/weblogic/myserver/TempDomain.jar, \
    c:/weblogic/myserver/UserAccount.jar, \
    c:/weblogic/myserver/UserRole.jar, \
    c:/weblogic/myserver/BuyerProducts.jar, \
    c:/weblogic/myserver/Catalog.jar, \
    c:/weblogic/myserver/Categories.jar, \
    c:/weblogic/myserver/CategoryToCategory.jar, \
    c:/weblogic/myserver/CountryToCategory.jar, \
    c:/weblogic/myserver/InvitedMember.jar, \
    c:/weblogic/myserver/ProductOrigin.jar, \
    c:/weblogic/myserver/ProductOtherFee.jar,\
    c:/weblogic/myserver/ProductSups.jar, \
    c:/weblogic/myserver/Products.jar,\
    c:/weblogic/myserver/ProductToCategory.jar, \
    c:/weblogic/myserver/SecondaryQcEntry.jar, \
    c:/weblogic/myserver/CodeClass.jar,\
    c:/weblogic/myserver/ConfirmationSB.jar, \
    c:/weblogic/myserver/PurchasedPackage.jar,\
    c:/weblogic/myserver/RejectReasonCode.jar, \
    c:/weblogic/myserver/ServiceOrder.jar,\
    c:/weblogic/myserver/ServiceOrderLog.jar,\
    c:/weblogic/myserver/ServiceOrderState.jar,\
    c:/weblogic/myserver/ServiceOrderType.jar,\
    c:/weblogic/myserver/ServicePackageDetails.jar, \
    c:/weblogic/myserver/ServicePackage.jar, \
    c:/weblogic/myserver/ServicePayment.jar, \
    c:/weblogic/myserver/ServiceReqSB.jar, \
    c:/weblogic/myserver/TAM.jar, \
    c:/weblogic/myserver/SubscriptionEB.jar, \
    c:/weblogic/myserver/PostingCategoryEB.jar, \
    c:/weblogic/myserver/PostingBrowsedEB.jar, \
    c:/weblogic/myserver/PostingInfoEB.jar, \
    c:/weblogic/myserver/TransactionLogEB.jar, \
    c:/weblogic/myserver/PostingSB.jar
    #weblogic.ejb.deploy=\
    # d:/weblogic/myserver/ejb_basic_beanManaged.jar, \
    # d:/weblogic/myserver/ejb_basic_containerManaged.jar, \
    # d:/weblogic/myserver/ejb_basic_statefulSession.jar, \
    # d:/weblogic/myserver/ejb_basic_statelessSession.jar, \
    # d:/weblogic/myserver/ejb_extensions_finderEnumeration.jar, \
    # d:/weblogic/myserver/ejb_extensions_readMostly.jar, \
    # d:/weblogic/myserver/ejb_subclass.jar, \
    # d:/weblogic/myserver/jolt_ejb_bankapp.jar
    # Servlet used by the EJB basic beanManaged example
    # Uncomment to use:
    weblogic.httpd.register.beanManaged=\
    examples.ejb.basic.beanManaged.Servlet
    # Add a list of users (set the password with
    weblogic.password.[username]=XXX)
    # to set an ACL for this servlet:
    #weblogic.allow.execute.weblogic.servlet.beanManaged=user1,user2,etc
    #weblogic.password.user1=user1Password
    #weblogic.password.user2=user2Password
    # WEBLOGIC XML DEMO PROPERTIES
    # These properties are required to run the XML examples.
    # Uncomment to use.
    # CLUSTER USERS: Note that ALL servlets should be set up
    # in the per-cluster properties file ONLY.
    #weblogic.httpd.register.StockServlet=examples.xml.http.StockServlet
    # BizTalk example properties
    #weblogic.jms.queue.tradeIncoming=biztalk.jms.tradeIncoming
    #weblogic.jms.queue.tradeError=biztalk.jms.tradeError
    #weblogic.httpd.register.BizTalkServer=examples.xml.biztalk.BizHttpProtocolA
    dapter
    #weblogic.httpd.initArgs.BizTalkServer=bizQueue=biztalk.jms.tradeIncoming
    # WEBLOGIC ZAC DEMO PROPERTIES
    # These registrations enable the ZAC Publish Wizard.
    weblogic.zac.enable=true
    # Set the publish root for a WebLogic Server. Edit and
    # uncomment to use.
    #weblogic.zac.publishRoot=d:/weblogic/zac
    # Set an ACL for each package you publish. The [name] is
    # the "Package name" you assign in the ZAC Publish Wizard.
    # Publish a package, edit this property, and uncomment to use.
    #weblogic.allow.read.weblogic.zac.[name]=[user list]
    #weblogic.allow.write.weblogic.zac.[name]=system
    # HTTPD ADMINISTRATIVE PROPERTIES
    # Enables logging of HTTPD info in common log format and
    # sets the log file name (default is "access.log" in "myserver")
    weblogic.httpd.enableLogFile=true
    weblogic.httpd.logFileName=access.log
    # Tracks HTTPD requests with events delivered to WEBLOGIC.LOG.HTTPD
    weblogic.httpd.enableEvents=false
    # Enables HTTP sessions
    weblogic.httpd.session.enable=true
    # Sets an optional cookie name. The default name is "WebLogicSession".
    # Prior to version 4.0, the default was "TengahSession". To make
    # this backward compatible with cookies generated from previous
    # installations, you should set this property to "TengahSession".
    # Uncomment this line and set this to any string of your choice,
    # or comment out this property to use the default.
    #weblogic.httpd.session.cookie.name=WebLogicSession
    # MIME types
    weblogic.httpd.mimeType.text/html=html,htm
    weblogic.httpd.mimeType.image/gif=gif
    weblogic.httpd.mimeType.image/jpeg=jpeg,jpg
    weblogic.httpd.mimeType.application/pdf=pdf
    weblogic.httpd.mimeType.application/zip=zip
    weblogic.httpd.mimeType.application/x-java-vm=class
    weblogic.httpd.mimeType.application/x-java-archive=jar
    weblogic.httpd.mimeType.application/x-java-serialized-object=ser
    weblogic.httpd.mimeType.application/octet-stream=exe
    weblogic.httpd.mimeType.text/vnd.wap.wml=wml
    weblogic.httpd.mimeType.text/vnd.wap.wmlscript=wmls
    weblogic.httpd.mimeType.application/vnd.wap.wmlc=wmlc
    weblogic.httpd.mimeType.application/vnd.wap.wmlscriptc=wmlsc
    weblogic.httpd.mimeType.image/vnd.wap.wbmp=wbmp
    # In seconds, the keep-alive for HTTP and HTTPS requests
    weblogic.httpd.http.keepAliveSecs=60
    weblogic.httpd.https.keepAliveSecs=120
    # WEBLOGIC JDBC DRIVER PROPERTIES
    # Enables JDBC driver logging and sets the file name for the log
    # The weblogic.jdbc.logFile is placed in the per-server
    # directory (default is "myserver")
    weblogic.jdbc.enableLogFile=false
    weblogic.jdbc.logFileName=jdbc.log
    # WEBLOGIC JDBC CONNECTION POOL MANAGEMENT
    # CLUSTER USERS: Note that ALL JDBC connection pools should be set up
    # in the per-cluster properties file ONLY.
    # For creating JDBC connection pools. This example shows a connection
    # pool called "oraclePool" that allows 3 T3Users "guest," "joe," and "jill"
    # to use 4 JDBC connections (with a potential for up to 10 connections,
    # incremented by two at a time, with a delay of 1 second between each
    # attempt to connect to the database), to an Oracle database server called
    # "DEMO." If more than 4 connections are opened, after 15 minutes, unused
    # connections are dropped from the pool until only 4 connections remain
    open.
    # Every 10 minutes, any unused connections in the pool are tested and
    # refreshed if they are not viable.
    #weblogic.jdbc.connectionPool.oraclePool=\
    # url=jdbc:weblogic:oracle,\
    # driver=weblogic.jdbc.oci.Driver,\
    # loginDelaySecs=1,\
    # initialCapacity=4,\
    # maxCapacity=10,\
    # capacityIncrement=2,\
    # allowShrinking=true,\
    # shrinkPeriodMins=15,\
    # refreshMinutes=10,\
    # testTable=dual,\
    # props=user=SCOTT;password=tiger;server=DEMO
    # Get more details on each argument for this property in the
    # Administrators Guide on setting properties at:
    # http://www.weblogic.com/docs51/admindocs/properties.html
    # Set up ACLs for this connection pool with the following:
    weblogic.allow.reserve.weblogic.jdbc.connectionPool.oraclePool=everyone
    # guest,joe,jill
    #weblogic.allow.reset.weblogic.jdbc.connectionPool.oraclePool=\
    # joe,jill
    #weblogic.allow.shrink.weblogic.jdbc.connectionPool.oraclePool=\
    # joe,jill
    # This property is an ACL that specifies the users who can
    # create dynamic connection pools:
    #weblogic.jdbc.connectionPoolcreate.admin=joe,jill
    # Read more about setting up and using connection pools in the
    # developers guide for WebLogic JDBC at:
    # http://www.weblogic.com/docs51/classdocs/API_jdbct3.html#T5a
    # TBCN JDBC CONNECTION POOL MANAGEMENT
    weblogic.jdbc.connectionPool.oraclePool=\
    url=jdbc:oracle:thin:@202.109.102.151:1521:tbcn,\
    driver=oracle.jdbc.driver.OracleDriver,\
    loginDelaySecs=1,\
    initialCapacity=2,\
    maxCapacity=10,\
    capacityIncrement=2,\
    allowShrinking=true,\
    shrinkPeriodMins=15,\
    refreshMinutes=10,\
    testTable=dual,\
    props=user=tbcn;password=ca91768
    weblogic.allow.reserve.weblogic.jdbc.connectionPool.oraclePool=everyone
    weblogic.jdbc.TXDataSource.oracleDataSource=oraclePool
    weblogic.jdbc.DataSource.oracleReadOnlyDataSource=oraclePool
    # WEBLOGIC DEMO CONNECTION POOL PROPERTIES
    # CLUSTER USERS: Note that ALL JDBC connection pools should be set up
    # in the per-cluster properties file ONLY.
    # This connection pool uses the sample Cloudscape database shipped
    # with WebLogic. Used by the EJBean, JHTML, JSP and JMS examples.
    # Uncomment to use:
    #weblogic.jdbc.connectionPool.demoPool=\
    # url=jdbc:cloudscape:demo,\
    # driver=COM.cloudscape.core.JDBCDriver,\
    # initialCapacity=1,\
    # maxCapacity=2,\
    # capacityIncrement=1,\
    # props=user=none;password=none;server=none
    # Add a TXDataSource for the connection pool:
    #weblogic.jdbc.TXDataSource.weblogic.jdbc.jts.demoPool=demoPool
    # Add an ACL for the connection pool:
    #weblogic.allow.reserve.weblogic.jdbc.connectionPool.demoPool=everyone
    # WEBLOGIC HTTP SERVLET PROPERTIES
    # CLUSTER USERS: Note that ALL servlets should be set up
    # in the per-cluster properties file ONLY.
    # WebLogic offers different types of servlets for various uses.
    # Classpath servlet registration
    # The ClasspathServlet is used to serve classes from
    # the system CLASSPATH. It is used by applets to load
    # classes they depend upon, and is registered against
    # the virtual name 'classes' here by default. This means
    # you should set your applet codebase to "/classes".
    # You can register multiple virtual names for this servlet.
    # Note that it can also be used to serve other
    # resources/files from the system CLASSPATH.
    # Don't confuse the ClasspathServlet with the ServletServlet. The
    # ClasspathServlet is used for serving classes for client-side Java only.
    # The ServletServlet is used to invoke unregistered servlets.
    # See the Administrators Guide "Setting up WebLogic as an HTTP server"
    # http://www.weblogic.com/docs51/admindocs/http.html#classfile for more
    info.
    weblogic.httpd.register.classes=weblogic.servlet.ClasspathServlet
    # We also set an open ACL for everyone to call the ClasspathServlet
    # so that applets work without requiring further changes.
    weblogic.allow.execute.weblogic.servlet.classes=everyone
    # File servlet registration
    # FileServlet searches below the documentRoot for the requested file
    # and serves it if found. If the requested file is a directory,
    # FileServlet will append the defaultFilename to the requested path
    # and serve that file if found.
    weblogic.httpd.register.file=weblogic.servlet.FileServlet
    weblogic.httpd.initArgs.file=defaultFilename=index.html
    weblogic.httpd.indexFiles=zh_TW/index.htm
    # ServerSideInclude servlet registration
    # SSIServlet searches below the documentRoot for the
    # requested .shtml file and serves it if found.
    weblogic.httpd.register.*.shtml=weblogic.servlet.ServerSideIncludeServlet
    # Example URL: http://localhost:7001/portside/welcome.shtml
    # for the file /weblogic/myserver/public_html/portside/welcome.shtml
    # PageCompileServlet (used by JHTML)
    # See the information below under WebLogic JHTML
    # JSPServlet (used by JSP)
    # See the information below under WebLogic JSP
    # ServletServlet registration
    # Allows unregistered servlets in the servlet classpath (see Servlet
    # reload properties below) to be r

  • Error during JNDI lookup Accessing Remote EJB (access to web service restricted using declarative security model)

    Hello everyone,
    I developed a Web Service prototype accessing remote EJB using the EJB
    control with special syntax in the jndi-name attribute: @jws:ejb
    home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
    Everything works fine, but I get an error when I restrict access to my web
    service with a declarative security model by implementing steps provided in
    help doc:
    - Define the web resource you wish to protect
    - Define which security role is required to access the web resource
    - Define which users are granted the required security role
    - Configure WebLogic Server security for my web service(Compatibility
    Security/Users)
    I launch the service by entering the address in a web browser. When prompted
    to accept the digital certificate, click Yes, when prompted for network
    authentication information, enter username and password, navigate to the
    Test Form tab of Test View, invoke the method by clicking the button and I
    get the following exception:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
    name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed
    for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
    </detail>
    </error>
    I have a simple Hello method as well in my WebService (which is also
    restricted) and it works fine, but remote EJB access doesn't. I tested my
    prototype on Weblogic 7.2 and 8.1 platforms - same result.
    Is that a bug or I am missing some additional configuration in order to get
    that working. Has anyone seen similar behavior? Is there a known resolution?
    Or a suggested way to work around the problem?
    Thank you.
    Andre

    Andre,
    It would be best if this issue is handled as an Eval Support case. Please
    BEA Customer Support at http://support.beasys.com along with the required
    files, and request that an Eval support case be created for this issue.
    Thanks
    Raj Alagumalai
    WebLogic Workshop Support
    "Andre Shergin" <[email protected]> wrote in message
    news:[email protected]...
    Anurag,
    I removed "t3", still get an error but a different one (Unable to create
    InitialContext:null):
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
    create InitialContext:null]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB[Unable to
    create InitialContext:null] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetVisaHistoryTransactions.getVisaHistoryTxn(GetVisaHistoryTransactions
    .jws:67) </jwErrorDetail>
    </detail>
    </error>
    Note: inter-domain communication is configured properly. The Web Service to
    remote EJB works fine without a declarative security.
    Any other ideas?
    Thank you for your help.
    Andre
    "Anurag" <[email protected]> wrote in message
    news:[email protected]...
    Andre,
    It seems you are using the URL
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB
    whereas you should not be specifying the "t3:" protocol.
    The URL should be like
    jndi://secuser1:[email protected]:7131/AccountDelegatorEJB
    Please do let me know if you see any issues with this.
    Note that this will only allow you to access remote EJBs in the same WLS
    domain. For accessing EJBs on another domain, you need to configure
    inter-domain communication by
    following a few simple steps as mentioned at
    http://e-docs.bea.com/wls/docs81/ConsoleHelp/jta.html#1106135. This link has
    been provided in the EJB Control Workshop documentation.
    Regards,
    Anurag
    "Andre Shergin" <[email protected]> wrote in message
    news:[email protected]...
    Raj,
    I tried that before, it didn't help. I got similar error message:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
    failed for
    name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB]</faultstr
    ing>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during JNDI
    lookup from
    jndi:t3://secuser1:[email protected]:7131/AccountDelegatorEJB[Lookup
    failed for
    name:t3://secuser1:[email protected]:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260) at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64) </jwErrorDetail>
    </detail>
    </error>
    Anything else should I try?
    P.S. AccountDelegatorEJB, the remote EJB my Web Service calls is NOTaccess
    restricted.
    I hope there is a solution.
    Thanks,
    Andre
    "Raj Alagumalai" <[email protected]> wrote in message
    news:[email protected]...
    Andre,
    Can you try using the following url with username and password
    jndi://username:password@host:7001/my.resource.jndi.object ?
    once you add webapp level security, the authenticated is the user who
    invokes the EJB.
    http://e-docs.bea.com/workshop/docs81/doc/en/workshop/guide/controls/ejb/con
    CreatingANewEJBControl.html?skipReload=true
    has more info on using remote EJB's.
    Hope this helps.
    Thanks
    Raj Alagumalai
    WebLogic Workshop Support
    "Alla Resnik" <[email protected]> wrote in message
    news:[email protected]...
    Hello everyone,
    I developed a Web Service prototype accessing remote EJB using the EJB
    control with special syntax in the jndi-name attribute: @jws:ejb
    home-jndi-name="t3://10.10.245.70:7131/AccountDelegatorEJB"
    Everything works fine, but I get an error when I restrict access to my
    web
    service with a declarative security model by implementing steps
    provided
    in
    help doc:
    - Define the web resource you wish to protect
    - Define which security role is required to access the web resource
    - Define which users are granted the required security role
    - Configure WebLogic Server security for my web service(Compatibility
    Security/Users)
    I launch the service by entering the address in a web browser. Whenprompted
    to accept the digital certificate, click Yes, when prompted for
    network
    authentication information, enter username and password, navigate tothe
    Test Form tab of Test View, invoke the method by clicking the buttonand
    I
    get the following exception:
    <error>
    <faultcode>JWSError</faultcode>
    <faultstring>Error during JNDI lookup from
    jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookup failed for
    name:t3://10.10.245.70:7131/AccountDelegatorEJB]</faultstring>
    <detail>
    <jwErrorDetail> weblogic.jws.control.ControlException: Error during
    JNDI
    lookup from jndi:t3://10.10.245.70:7131/AccountDelegatorEJB[Lookupfailed
    for name:t3://10.10.245.70:7131/AccountDelegatorEJB] at
    weblogic.knex.control.EJBControlImpl.acquireResources(EJBControlImpl.java:27
    8) at
    weblogic.knex.context.JwsInternalContext.acquireResources(JwsInternalContext
    .java:220) at
    weblogic.knex.control.ControlHandler.invoke(ControlHandler.java:260)at
    ibas.AccountControl.getTransactionHistory(AccountControl.ctrl) at
    ibas.GetSecure.retrieveVisaHistoryTxn(GetSecure.jws:64)</jwErrorDetail>
    </detail>
    </error>
    I have a simple Hello method as well in my WebService (which is also
    restricted) and it works fine, but remote EJB access doesn't. I testedmy
    prototype on Weblogic 7.2 and 8.1 platforms - same result.
    Is that a bug or I am missing some additional configuration in order
    to
    get
    that working. Has anyone seen similar behavior? Is there a knownresolution?
    Or a suggested way to work around the problem?
    Thank you.
    Andre

  • Weblogic.security.service.NotYetInitializedException using JMX

    Hi there,
    I'm trying to use JMX to add a notification listener to listen for attribute changes to a WLS 8.1 MBean. My code when setting up the listener is as so:
    String url = "t3://localhost:7001";
    String serverName = "Server1";
    String userName = "weblogic";
    String password = "weblogic";
    MBeanHome home = null;
    RemoteMBeanServer rmbs = null;
    Environment env = new Environment();
    env.setProviderUrl(url);
    env.setSecurityPrincipal(userName);
    env.setSecurityCredentials(password);
    try {
         Context ctx = env.getInitialContext();
         home = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
    } catch (NamingException e) {
         e.printStackTrace();
    rmbs = home.getMBeanServer();
    WLListener listener = new WLListener();
    WebLogicObjectName mbeanName = new WebLogicObjectName("examplesServer", "Server", "examples");
    rmbs.addNotificationListener(mbeanName, listener, null, null);This seems to work fine, I do not get any error messages. As you can see I'm using the server started through the examples, and I'm adding a notification listener to the ServerMBean.
    My notification listener code is as so:
    public void handleNotification(Notification notification, Object arg1) {
         AttributeChangeNotification changedAttrib = (AttributeChangeNotification) notification;
         try {
              System.out.println("Changed value from: " + changedAttrib.getOldValue() + " to " + changedAttrib.getNewValue());
         } catch (Exception ex) {
              ex.printStackTrace();
    public boolean isNotificationEnabled(Notification arg0) {
         return true;
    }Only when a notification happens and I call getOldValue() I get:
    weblogic.security.service.NotYetInitializedException: [Security:090392]SecurityServiceManager not yet initialized.
         at weblogic.security.service.SecurityServiceManagerDelegateImpl.getSecurityService(SecurityServiceManagerDelegateImpl.java:156)
         at weblogic.security.service.SecurityServiceManager.getSecurityService(SecurityServiceManager.java:175)
         at weblogic.management.internal.SecurityHelper.getRoleManager(SecurityHelper.java:402)
         at weblogic.management.internal.SecurityHelper.access$100(SecurityHelper.java:54)
         at weblogic.management.internal.SecurityHelper$IsAccessAllowedPrivilegeAction.run(SecurityHelper.java:493)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
         at weblogic.management.internal.SecurityHelper.isAccessAllowed(SecurityHelper.java:393)
         at weblogic.management.internal.AttributeChangeNotification.getOldValue(AttributeChangeNotification.java:136)
         at com.xxxx.password.PasswordBme$WLListener.handleNotification(PasswordBme.java:76)
         at com.xxxx.password.PasswordBme$WLListener_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
         at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
         at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
         at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)Is there a step I'm missing out? The entry for this message in the documentation suggests calling BEA support.

    Hi there,
    I'm trying to use JMX to add a notification listener to listen for attribute changes to a WLS 8.1 MBean. My code when setting up the listener is as so:
    String url = "t3://localhost:7001";
    String serverName = "Server1";
    String userName = "weblogic";
    String password = "weblogic";
    MBeanHome home = null;
    RemoteMBeanServer rmbs = null;
    Environment env = new Environment();
    env.setProviderUrl(url);
    env.setSecurityPrincipal(userName);
    env.setSecurityCredentials(password);
    try {
         Context ctx = env.getInitialContext();
         home = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
    } catch (NamingException e) {
         e.printStackTrace();
    rmbs = home.getMBeanServer();
    WLListener listener = new WLListener();
    WebLogicObjectName mbeanName = new WebLogicObjectName("examplesServer", "Server", "examples");
    rmbs.addNotificationListener(mbeanName, listener, null, null);This seems to work fine, I do not get any error messages. As you can see I'm using the server started through the examples, and I'm adding a notification listener to the ServerMBean.
    My notification listener code is as so:
    public void handleNotification(Notification notification, Object arg1) {
         AttributeChangeNotification changedAttrib = (AttributeChangeNotification) notification;
         try {
              System.out.println("Changed value from: " + changedAttrib.getOldValue() + " to " + changedAttrib.getNewValue());
         } catch (Exception ex) {
              ex.printStackTrace();
    public boolean isNotificationEnabled(Notification arg0) {
         return true;
    }Only when a notification happens and I call getOldValue() I get:
    weblogic.security.service.NotYetInitializedException: [Security:090392]SecurityServiceManager not yet initialized.
         at weblogic.security.service.SecurityServiceManagerDelegateImpl.getSecurityService(SecurityServiceManagerDelegateImpl.java:156)
         at weblogic.security.service.SecurityServiceManager.getSecurityService(SecurityServiceManager.java:175)
         at weblogic.management.internal.SecurityHelper.getRoleManager(SecurityHelper.java:402)
         at weblogic.management.internal.SecurityHelper.access$100(SecurityHelper.java:54)
         at weblogic.management.internal.SecurityHelper$IsAccessAllowedPrivilegeAction.run(SecurityHelper.java:493)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
         at weblogic.management.internal.SecurityHelper.isAccessAllowed(SecurityHelper.java:393)
         at weblogic.management.internal.AttributeChangeNotification.getOldValue(AttributeChangeNotification.java:136)
         at com.xxxx.password.PasswordBme$WLListener.handleNotification(PasswordBme.java:76)
         at com.xxxx.password.PasswordBme$WLListener_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
         at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:144)
         at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:415)
         at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)Is there a step I'm missing out? The entry for this message in the documentation suggests calling BEA support.

  • Web services login from python

    As described in a previous post, I'm trying to develop a thin client in python on a Raspberry PI that gets data from a Web Services program. I wrote a simple "Hello World" vi that requires authorization. If I access the URL from IE, Safari, etc, it gives me the Silverlight login screen, and then it works. If I write a simple client using the HTTP Get vi, it works. If I access the URL from Python:
    r = requests.get("http://127.0.0.1:8001/DISE/hello"
    auth=('username', 'password'))
     I get 404. I've Read The Fine Manual. Suggestions?

    It seems to me that the responders to the OP do not, in fact, understand the issue at play here.
    NI has two pieces of security for the web services: digital signing and authentication.  The digitial signing is documented and the OP knows how to do this in python.  The authentication is not documented anywhere I know of.  The fact that it works in the browser does not mean anything.  What happens with a browser request for a service which requires authentication is that the response is a new page with a Silverlight app to perform the authentication with the NI-auth service.   The question the OP has is what goes on inside that Silverlight app?  That was written by NI, not the browser developers, so it could be answered by the folks at NI and this is as good a place as any to request that info.  The VIs referenced by the OP recreate the same functionality, presumably by calling into a CLFN.
    In the meantime, here is some information that may or may not be of use.  I used to use web services now and then, but issues like this (and the use of silverlight) drove me away eventually.
    The NI-auth server apparently uses the SRP protocol to validate username/password combinations.  You send a GET request to hostort/login?username=user.  The response has a header which is something like 'X-NI-AUTH-PARAMS' with the server parameters for the SRP protocol in base-64 encoding.  Then you send a POST request back to the login uri with the client parameters inside the body and the content type is 'application/x-www-form-urlencoded'  If all goes well the final response from the server has a cookie which you can use in further requests.
    You will have to play a bit to determine some details like which hash function is used inside the SRP protocol.  The beauty of python is that hashlib, srp, and request modules are already there for you.
    If you get it sorted out, let me know.  I figured out enough to do some spoofing, I am curious to fill in the missing gaps.  I'll try to dig into my old code some more for details.

Maybe you are looking for