Policies in WLS 7.0
hi,
We are probably doing something stupid (not doing something we should) and
b4 you all say RTFM - we have been trying fo rthe last two days.
Just give us a pointer where we look.
We can't seem to get any policy settings to work at the EJB level.
We create a user, add him to a group - create roles - assign the roles to
the group.
We then set the policies on the EJB (session and entity)
We find that if we use a null user and password access is granted (is this
because of the everybody group - if so how do we disable it ).
We find that if we provide a user password he gets in. If we then revoke the
role access to the beans (by not granting them) - he still gets throuigh (is
this because of everybody group also).
Please help with this - a simple pointer to the manual page would help.
cheers
brian
Hi Neil,
I am not able to find the info about Dweblogic.security.fullyDelegateAuthorization.
Can you please provide a link for release notes you are referring to?
thanks
Venkata
"Eugene Khosid" <[email protected]> wrote:
Is SP1 available?
"Neil Smithline" <[email protected]> wrote in message
news:[email protected]..
Upgrade to SP1, see the release notes on the
-Dweblogic.security.fullyDelegateAuthorization flag.
- Neil
Brian Robinson wrote:
hi,
We are probably doing something stupid (not doing something we should)
and
b4 you all say RTFM - we have been trying fo rthe last two days.
Just give us a pointer where we look.
We can't seem to get any policy settings to work at the EJB level.
We create a user, add him to a group - create roles - assign theroles
to
the group.
We then set the policies on the EJB (session and entity)
We find that if we use a null user and password access is granted(is
this
because of the everybody group - if so how do we disable it ).
We find that if we provide a user password he gets in. If we thenrevoke
the
role access to the beans (by not granting them) - he still gets throuigh(is
this because of everybody group also).
Please help with this - a simple pointer to the manual page wouldhelp.
cheers
brian
Similar Messages
-
Invalid scripts for migrating ADF11g app Credentials and Policies to WLS
I following the instructions posted on the OTN to migrate ADF 11g application credential/policies to WLS:
http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html
The instructions were written back on Oct 8, 2008, the following things need to be updated for the provided migration scripts "build.xml" & "jps-config.xml" to work properly:
1. The "oracle" directory no longer exists in the <DOMAIN_HOME>/config. The scripts reference this directory for cwallet.sso and system-jazn-data.xml.
For the latest ADF 11g R1 installation, the "fmwconfig" directory is the directory where the credential/policies files are stored.
2. The "build.xml" script copies the following WLST script files from the "<MIDDLEWARE_INSTALLATION_HOME>/modules/oracle.jps_11.1.1/scripts"
> migrateSecurityStore.py
> validate.py
> cmdHelp.py
For the latest ADF 11g R1 installation, the "<MIDDLEWARE_INSTALLATION_HOME>/jdeveloper/modules/oracle.jps_11.1.1/scripts" does not exist any more.
I can find the "migrationSecurityStore.py" under "<MIDDLEWARE_INSTALLATION_HOME>/jdeveloper/modules/oracle.jps_11.1.1/common/wlstscripts" directory.
But I can't find the "validate.py" and "cmdHelp.py" anywhere.
When I modify the build.xml to use "migrationSecurityStore.py" in the new directory, it failed with errors that related to what parameters need to be passed.
I am not familiar with WLST so I am not able to fix the script myself.
Is there a updated version of the build.xml and jps-config.xml that will work for the latest ADF 11g R1 installation ?
Where can I find out how to call "migrationSecurityStore.py" properly to make the migration script work?This is the current documentation on that topic. It supercedes my whitepaper from the 11.1.1.0.0 timeframe.
-
Need help configuring Attribute Change in WLS 6.1
Hi there,
I did all it said in the documentation, lacking any sight of an SNMP
trap. I want to receive a SNMP trap if the
InvalidLoginAttemptsTotalCount changes (MBean: ServerSecurityRuntime).
I use
Attribute MBean Type: ServerSecurityRuntime
Attribute MBean Name:
petstore:Location=petstoreServer,Name=petstoreServer,Type=ServerSecurityRuntime
Attribute Name: InvalidLoginAttemptsTotalCount
I enabled SNMP, configure my TrapHost and started my trapdaemon. But I
don't get any trap even though I increased the counter by doing some
logins with the wrong password. Parallel to my attribute change I also
configured a counter monitor on the same attribute, with the same
disappointing result =:-(
Can anyone help ?
Greetings,
AlexYou need to set a target for the pool. Without target
pool service won't start. Also you need to provide
initial and maximum size for the pool.
Regards,
Slava Imeshev
"Nadeem" <[email protected]> wrote in message
news:3d6d9268$[email protected]..
>
Hi Slava, thanks for the reply. Here is the connection pool definition asextracted
from config.xml. Do you see any errors in this which would cause theexception
mentioned below?
-Nadeem
************* Connection Pool element in config.xml ********
<JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver"
Name="MyJDBC Connection Pool"
Properties="user=system;password=manager" TestTableName="cabin"URL="192.168.0.11:1521:tacit"/>
"Slava Imeshev" <[email protected]> wrote:
Hi Nadeem,
Could you show us the connection pool definition?
It can be extracted from config.xml
Regards,
Slava Imeshev
"Nadeem" <[email protected]> wrote in message
news:[email protected]..
Hi,
I need to create a connection pool in WLS 7. Here are the specificsof my
environment:
1. RDBMS: Oracle 8i
2. Driver I want to use: Oracle thin 8.17 (provided with WLS 7)
3. IP address of machine on which database resides: 192.168.0.5
4. Port number: 1521
5. Name of database: MyDB
6. user: scott
7. password: tiger
Given the above,I do not know exactly what to fill out in the
following
fields
that appear in the Admin Console's connection pool creation form:
1. Name of connection pool (OK, this one I know!)
2. URL string (exactly what should it be, given above info?)
3. Driver Classname (I want to use Oracle thin 8.17, so what shouldI fill
here?)
4. Properties (exactly what should I fill here, given above info?)
5. ACL Name (completely stumped here! Documentation says ACLs havebeen
replaced
by policies in WLS 7 - so what to fill here?)
Could someone please help me correctly fill out these fields usingthe
information
I provided in the first paragraph.
BTW, I'm logged into WLS as Administrator.
Much obliged,
Nadeem -
WLS 7 Console loginform.jsp Fields
Just curious how the loginform.jsp page for logging into the admin console pre-populates
the username and password fields. With user domains, it seems to remember the
last value for username and password is blank. For the examples domain it pre-fills
in the correct username and password. How do you controls this behavior one way
or another.
Thanks
JeffYou need to set a target for the pool. Without target
pool service won't start. Also you need to provide
initial and maximum size for the pool.
Regards,
Slava Imeshev
"Nadeem" <[email protected]> wrote in message
news:3d6d9268$[email protected]..
>
Hi Slava, thanks for the reply. Here is the connection pool definition asextracted
from config.xml. Do you see any errors in this which would cause theexception
mentioned below?
-Nadeem
************* Connection Pool element in config.xml ********
<JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver"
Name="MyJDBC Connection Pool"
Properties="user=system;password=manager" TestTableName="cabin"URL="192.168.0.11:1521:tacit"/>
"Slava Imeshev" <[email protected]> wrote:
Hi Nadeem,
Could you show us the connection pool definition?
It can be extracted from config.xml
Regards,
Slava Imeshev
"Nadeem" <[email protected]> wrote in message
news:[email protected]..
Hi,
I need to create a connection pool in WLS 7. Here are the specificsof my
environment:
1. RDBMS: Oracle 8i
2. Driver I want to use: Oracle thin 8.17 (provided with WLS 7)
3. IP address of machine on which database resides: 192.168.0.5
4. Port number: 1521
5. Name of database: MyDB
6. user: scott
7. password: tiger
Given the above,I do not know exactly what to fill out in the
following
fields
that appear in the Admin Console's connection pool creation form:
1. Name of connection pool (OK, this one I know!)
2. URL string (exactly what should it be, given above info?)
3. Driver Classname (I want to use Oracle thin 8.17, so what shouldI fill
here?)
4. Properties (exactly what should I fill here, given above info?)
5. ACL Name (completely stumped here! Documentation says ACLs havebeen
replaced
by policies in WLS 7 - so what to fill here?)
Could someone please help me correctly fill out these fields usingthe
information
I provided in the first paragraph.
BTW, I'm logged into WLS as Administrator.
Much obliged,
Nadeem -
User weblogic is not permitted to boot the server
Hi,
I am new to OES and after running the configtool, creating the ASIAuthorizationProvider and ASIRoleMapperProvider (both has Defaul Identity Directory: wls_dir and Application Deployment Parent: //app/policy/wls_app), binding the SSM, i get this error when starting the WLS admin server:
15:33:26.312 EVENT Starting Jetty/4.2.25
15:33:26.859 WARN!! Delete existing temp dir C:\BEA_HOME_10\ales32-ssm\wls-ssm\i
nstance\wls_ssm\work\jar_temp\Jetty__8000__ for WebApplicationContext[/,jar:file
:/C:/BEA_HOME_10/ales32-ssm/wls-ssm/webapp/arme.war!/]
15:33:30.515 EVENT Started WebApplicationContext[,ARMEService]
15:33:32.562 EVENT Started SocketListener on 0.0.0.0:8000
15:33:32.562 EVENT Started org.mortbay.jetty.Server@176bf9e
ARME is started now
<Mar 5, 2010 3:33:33 PM SGT> <Notice> <Security> <BEA-090082> <Security initiali
zing using security realm wls.>
<Mar 5, 2010 3:33:34 PM SGT> <Critical> <Security> <BEA-090404> <User weblogic i
s not permitted to boot the server; The server policy may have changed in such a
way that the user is no longer able to boot the server.Reboot the server with t
he administrative user account or contact the system administrator to update the
server policy definitions.>
<Mar 5, 2010 3:33:34 PM SGT> <Critical> <WebLogicServer> <BEA-000386> <Server su
bsystem failed. Reason: weblogic.security.SecurityInitializationException: User
weblogic is not permitted to boot the server; The server policy may have changed
in such a way that the user is no longer able to boot the server.Reboot the ser
ver with the administrative user account or contact the system administrator to
update the server policy definitions.
weblogic.security.SecurityInitializationException: User weblogic is not permitte
d to boot the server; The server policy may have changed in such a way that the
user is no longer able to boot the server.Reboot the server with the administrat
ive user account or contact the system administrator to update the server policy
definitions.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
BootAuthorization(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
itialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown S
ource)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
>
<Mar 5, 2010 3:33:34 PM SGT> <Notice> <WebLogicServer> <BEA-000365> <Server stat
e changed to FAILED>
<Mar 5, 2010 3:33:34 PM SGT> <Error> <WebLogicServer> <BEA-000383> <A critical s
ervice failed. The server will shut itself down>
<Mar 5, 2010 3:33:34 PM SGT> <Notice> <WebLogicServer> <BEA-000365> <Server stat
e changed to FORCE_SHUTTING_DOWN>
Stopping PointBase server...
PointBase server stopped.
from the WLS AdminServer.log:
####<Mar 5, 2010 3:33:05 PM SGT> <Info> <Socket> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774385687> <BEA-000436> <Allocating 3 reader threads.>
####<Mar 5, 2010 3:33:05 PM SGT> <Info> <Socket> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774385687> <BEA-000446> <Native IO Enabled.>
####<Mar 5, 2010 3:33:06 PM SGT> <Info> <IIOP> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774386531> <BEA-002014> <IIOP subsystem enabled.>
####<Mar 5, 2010 3:33:11 PM SGT> <Info> <Security> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774391656> <BEA-000000> <Starting OpenJPA 1.0.0.1>
####<Mar 5, 2010 3:33:17 PM SGT> <Info> <Security> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774397171> <BEA-090516> <The Authenticator provider has preexisting LDAP data.>
####<Mar 5, 2010 3:33:33 PM SGT> <Info> <Security> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774413421> <BEA-090516> <The CredentialMapper provider has preexisting LDAP data.>
####<Mar 5, 2010 3:33:33 PM SGT> <Info> <Security> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774413500> <BEA-090663> <The DeployableRoleMapper "com.bea.security.providers.authorization.asi.RoleProviderStub" implements the deprecated DeployableRoleProvider interface.>
####<Mar 5, 2010 3:33:33 PM SGT> <Info> <Security> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774413531> <BEA-090662> <The DeployableAuthorizer "com.bea.security.providers.authorization.asi.AuthorizationProviderStub" implements the deprecated DeployableAuthorizationProvider interface.>
####<Mar 5, 2010 3:33:33 PM SGT> <Info> <Security> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774413796> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server AdminServer for security realm wls.>
####<Mar 5, 2010 3:33:33 PM SGT> <Notice> <Security> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774413796> <BEA-090082> <Security initializing using security realm wls.>
####<Mar 5, 2010 3:33:34 PM SGT> <Critical> <Security> <SGBLM010> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1267774414234> <BEA-090404> <User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.>
####<Mar 5, 2010 3:33:34 PM SGT> <Critical> <WebLogicServer> <SGBLM010> <AdminServer> <main> <<WLS Kernel>> <> <> <1267774414234> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
weblogic.security.SecurityInitializationException: User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(Unknown Source)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
>
####<Mar 5, 2010 3:33:34 PM SGT> <Notice> <WebLogicServer> <SGBLM010> <AdminServer> <main> <<WLS Kernel>> <> <> <1267774414328> <BEA-000365> <Server state changed to FAILED>
####<Mar 5, 2010 3:33:34 PM SGT> <Error> <WebLogicServer> <SGBLM010> <AdminServer> <main> <<WLS Kernel>> <> <> <1267774414328> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Mar 5, 2010 3:33:34 PM SGT> <Notice> <WebLogicServer> <SGBLM010> <AdminServer> <main> <<WLS Kernel>> <> <> <1267774414328> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Mar 5, 2010 3:33:34 PM SGT> <Info> <WebLogicServer> <SGBLM010> <AdminServer> <main> <<WLS Kernel>> <> <> <1267774414359> <BEA-000236> <Stopping execute threads.>
also, i just noticed that when staring OES admin server i get the following from the logs:
system_console.log:
2010-03-05 15:19:04,218 [JettySSLListener1-1] ERROR com.wles.soap.BLM.BlmBindingImpl - getUndistributedAttributeChanges has not been implemented properly.
2010-03-05 15:27:17,656 [Thread-31] WARN com.bea.security.ssl.axis.AxisClientSocketFactory - Error during SSL handshake; host: SGBLM010, port: 8,000.
2010-03-05 15:27:17,687 [Thread-31] ERROR com.bea.security.pdws.Distributor - unable to bind unbound arme
Communication Error:; nested exception is:
javax.net.ssl.SSLHandshakeException: Error during SSL handshake; host: SGBLM010, port: 8,000.
2010-03-05 15:27:17,687 [Thread-31] ERROR com.bea.security.pdws.ARMEGroup - arme group '//bind/wls' error report, policyno = 52:
2010-03-05 15:27:17,687 [Thread-31] ERROR com.bea.security.pdws.ARMEGroup - arme 'asi.null.ARME.wls_ssm.asi.SGBLM010':
2010-03-05 15:27:33,015 [Thread-32] WARN com.bea.security.ssl.axis.AxisClientSocketFactory - Error during SSL handshake; host: SGBLM010, port: 8,000.
2010-03-05 15:27:33,015 [Thread-32] ERROR com.bea.security.pdws.Distributor - unable to bind unbound arme
Communication Error:; nested exception is:
javax.net.ssl.SSLHandshakeException: Error during SSL handshake; host: SGBLM010, port: 8,000.
WLESWebLogic.wrapper.log:
INFO | jvm 1 | 2010/03/05 15:27:17 | Processing AxisFault, cause: javax.net.ssl.SSLHandshakeException: Error during SSL handshake; host: SGBLM010, port: 8,000.
INFO | jvm 1 | 2010/03/05 15:27:17 | Re-throwing the fault...
INFO | jvm 1 | 2010/03/05 15:27:18 | error.jsp: Client has closed the connection, error not reported to client.
INFO | jvm 1 | 2010/03/05 15:27:18 | error.jsp: The exception is: com.bea.wles.management.console.utils.NestedJspException: Connection reset by peer: socket write error
INFO | jvm 1 | 2010/03/05 15:27:33 | Processing AxisFault, cause: javax.net.ssl.SSLHandshakeException: Error during SSL handshake; host: SGBLM010, port: 8,000.
INFO | jvm 1 | 2010/03/05 15:27:33 | Re-throwing the fault...
although, it seems that the OES admin server is up since i am able to access the OES admin console.
i have tried playing around the policies to grant the "weblogic" the priviliges for an Admin but is still get the same issue. Although, when i try to distribute the changes in the policy, "ASI ( Policy for entire Oracle Entitlements Server system ) " still appears in the list of changes.
any thoughts on what the problem is? is there a way to force the distribution of the policy? maybe through the command prompt or other console?
Edited by: user9056644 on Mar 5, 2010 12:02 AMHave you applied CP2 or CP3 to OES? There were enhancements that allows these policies to be scoped within an organization. I only ask to help guide you on distributing policies for the runtime WLS domain. The ASI domain is only for the admin. There should have been a set of resources and policies created as a result of running ConfigTool for your new instance (looks like you named it 'wls'). If no CP, it will be in DefaultApp next to ASI.
You have to distribute policies for 'wls' immediately following running ConfigTool before starting WebLogic or you will put it into a state where it can't be started. The corrective action is to remove the state.ck file under C:\BEA_HOME_10/ales32-ssm/wls-ssm/instance/wls_ssm/work/runtime, distribute policies, restart WebLogic.
If you need to re-run ConfigTool (after installing CP for instance), revert the following files:
<domain>/config/config.xml
<domain>/bin/startWebLogic.sh | .cmd
Revert from the no-ales backups created. Remove the instance folder under C:\BEA_HOME_10\ales32-ssm/wls-ssm/instance. You can then re-run ConfigTool if you have to. -
Facing Issue With Oracle SOA Suite 11.1.1.3.0
Hi All,
I am facing some issues with ORACLE SOA SUITE 11.1.1.3.0.
Hope you people can help us out.
Please find the issue details below along with all the relevant information’s
I have following SOA suite installation at my server:
Oracle 10g Express Edition Universal 10.2.0.1
RCU 11.1.1.3.3
Web Logic Server 10.3.3.0
SOA suite 11.1.1.3.0
JDeveloper 11.1.1.3.0
The first thing what I have done is created a web service and deployed it to server without any issue.
After that I created proxy client for that service and accessed it successfully from the client end.
Till here no issue occurs.
After that I applied few policies on top of web service and deployed it to server.
The policy I had chosen was “oracle/wss_username_token_service_policy” [coming under OWSM policies list]
While deploying there was no issue, all went well.
2nd step I had created client using “oracle/wss_username_token_client_policy” policy which is counter part of above policy and tried to access the web service but failed.
I have followed this blog:
[http://biemond.blogspot.com/2010/08/things-you-need-to-do-for-owsm-11g.html ]
Please have a look on service and client code:
Service Code:
package Demo_ScoreCard;
import javax.jws.WebService;
import weblogic.wsee.jws.jaxws.owsm.SecurityPolicy;
@WebService
@SecurityPolicy(uri = "oracle/wss_username_token_service_policy")
public class ScoreCardWithPolicy {
public double getPercentageWithPolicy(double markEng,double markMath,double markHindi,double markScience,double markSsc)
double result;
result= ((markEng+markHindi+markMath+markScience+markSsc)/500)*100;
return result;
Client Code:
package com.tec.proxy.client;
import java.util.Map;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceRef;
import weblogic.wsee.jws.jaxws.owsm.SecurityPolicyFeature;
public class ScoreCardWithPolicyPortClient {
@WebServiceRef
private static ScoreCardWithPolicyService scoreCardWithPolicyService;
public static void main(String[] args) {
scoreCardWithPolicyService = new ScoreCardWithPolicyService();
SecurityPolicyFeature[] securityFeatures =new SecurityPolicyFeature[] { new SecurityPolicyFeature("oracle/wss_http_token_client_policy") };
ScoreCardWithPolicy scoreCardWithPolicy =scoreCardWithPolicyService.getScoreCardWithPolicyPort(securityFeatures);
Map<String, Object> reqContext =((BindingProvider)scoreCardWithPolicy).getRequestContext();
reqContext.put(BindingProvider.USERNAME_PROPERTY, "testclient");
reqContext.put(BindingProvider.PASSWORD_PROPERTY, "test12345"); // I have added this to the myrealm from console under security realms
double arg1 = 77.2;
double arg2 = 79.2;
double arg3 = 77.2;
double arg4 = 76.2;
double arg5 = 67.2;
double clientResult =scoreCardWithPolicy.getPercentageWithPolicy(arg1, arg2, arg3, arg4,arg5);
System.out.println("clientResult with policy =====> " + clientResult);
Error Log:
SEVERE: WSM-07617 Policy: oracle/wss_http_token_client_policy contains unsupported assertions.
SEVERE: WSMAgentHook: An Exception is thrown: WSM-07617 Policy Policy: oracle/wss_http_token_client_policy contains unsupported assertions.
Exception in thread "main" javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-07617 Policy Policy: oracle/wss_http_token_client_policy contains unsupported assertions.
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
at oracle.wsm.agent.handler.wls.WSMAgentHook.init(WSMAgentHook.java:206)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory.newHandler(TubeFactory.java:105)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory.createClient(TubeFactory.java:68)
at weblogic.wsee.jaxws.WLSTubelineAssemblerFactory$TubelineAssemblerImpl.createClient(WLSTubelineAssemblerFactory.java:148)
at com.sun.xml.ws.client.WSServiceDelegate.createPipeline(WSServiceDelegate.java:467)
at com.sun.xml.ws.client.WSServiceDelegate.getStubHandler(WSServiceDelegate.java:689)
at com.sun.xml.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(WSServiceDelegate.java:667)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:362)
at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate.internalGetPort(WLSProvider.java:855)
at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate$PortClientInstanceFactory.createClientInstance(WLSProvider.java:967)
at weblogic.wsee.jaxws.spi.ClientInstancePool.takeSimpleClientInstance(ClientInstancePool.java:621)
at weblogic.wsee.jaxws.spi.ClientInstancePool.take(ClientInstancePool.java:486)
at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate.getPort(WLSProvider.java:782)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:344)
at javax.xml.ws.Service.getPort(Service.java:133)
at com.tec.proxy.client.ScoreCardWithPolicyService.getScoreCardWithPolicyPort(ScoreCardWithPolicyService.java:86)
at com.tec.proxy.client.ScoreCardWithPolicyPortClient.main(ScoreCardWithPolicyPortClient.java:23)
Process exited with exit code 1.
Not getting any help from any blog. Just wondering why this error is coming. I would be glad if you can help us in this regard.
Apart from above issue I have few queries like:
1.What is difference between OWSM policies and WLS policies?
2.Are these the only policies we can apply on top of services?
3.If some one wants to configure his own custom policies than what need to be done
4.Could anyone please provide some useful links to implement ENCYPTION and SIGNATURE on top of web services?
5.And If I am not wrong, I guess Oracle Service BUS OSB 11.1.1.3 has been removed from the main download link and version 11.1.1.4 has been provided. Is it
compatible with SOA suite 11.1.1.3.0? If not where can I get OSB 11.1.1.3?
Looking forward to hear from you people.
Thanks
Arvind
Edited by: user8490871 on Apr 15, 2011 12:53 AM
Edited by: user8490871 on Apr 15, 2011 12:53 AMHi,
I don't know why u get an error. Here are answers for additional questions:
1. OWSM policies are for web services. WLS policies are based on Java EE security. They are used to protect resources e.g. URL, EJB
2. I don't know about other policies
3. See http://download.oracle.com/docs/cd/E14571_01/web.1111/e13713/owsm_appendix.htm#CHDCHFBH
4. See http://download.oracle.com/docs/cd/E14571_01/security.1111/e10037/toc.htm
5. I can see OSB 11.1.1.3 download link here
http://www.oracle.com/technetwork/middleware/downloads/fmw-11-download-092893.html
Regards,
Milan -
I am trying to import a Dot Net web service into my Oracle ESB and am having an issue with the service that uses wsHTTP bindings. The ones that use basicHTTP work fine and I can import those without a problem. Actually the issue occurs when I try to create a business service from the imported WSDL. I get the following error but when I try to add the OWSM security policy the list is blank and there is nothing to apply? Has anyone done this or can tell me why the list is blank? I have tried uninstalling and reinstalling already.
[OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.
Oracle Service Bus 11gR1WsHttpBinding supports WS-* specification. WS-* specifications are nothing but standards to extend web service capabilities.
OWSM Policies,
From OWSM Policy Store
If a WSDL used to create a business service contains embedded standard WS-Security policies, Oracle Service Bus throws an error and displays a conflict. To resolve this conflict, replace the embedded WSDL policies with compatible Oracle Web Services Manager policies by selecting From OWSM Policy Store and clicking Add Compatible. Oracle Service Bus makes a best-effort attempt at finding the closest matching policy from the Oracle Web Services Manager policy store based on the standard policy embedded in the WSDL. The algorithm may return zero, one, or multiple matching policies.
WLS 9 Policies,
From WSDL - Select this option if the service policy is associated with the WSDL upon which the service is based. These policies support WS-Security 1.0, SAML 1.1, and other industry standards.
With this option you can view (read-only) request and response policies from the WSDL.
If you receive an error in the business service configuration about WS-Security Policies not supported by Oracle Service Bus, use the From OWSM Policy Store option to replace the embedded WSDL policies with compatible OWSM policies.
Regards,
Abhinav Gupta
Edited by: Abhinav on Mar 15, 2013 10:30 AM -
WLS Policies and WCF interoperability issue
Hi all,
I have created a web service in jdeveloper 11g which I have deployed to an Stand Alone Weblogic Server 10.3.
The service uses the policy Wssp1.2-2007-Https.xml. I have generated a consumer in Jdeveloper 11g for the service, and it works perfectly.
However I have the requirement of a consumer in C#, I've used svcutil to generate the client but I'm getting the following warning:
A security policy was imported for the endpoint. The security policy contains requirements that cannot be represented in a Windows Communication Foundation configuration. Look for a comment about the SecurityBindingElement parameters that are required in the configuration file that was generated. Create the correct binding element with code. The binding configuration that is in the configuration file is not secure.
In the WSDL I have:
<wsp:UsingPolicy wssutil:Required="true"/>
<wsp:Policy wssutil:Id="Wssp1.2-2007-Https.xml">
<ns0:TransportBinding>
<wsp:Policy>
<ns0:TransportToken>
<wsp:Policy>
<ns0:HttpsToken/>
</wsp:Policy>
</ns0:TransportToken>
<ns0:AlgorithmSuite>
<wsp:Policy>
<ns0:Basic256/>
</wsp:Policy>
</ns0:AlgorithmSuite>
<ns0:Layout>
<wsp:Policy>
<ns0:Lax/>
</wsp:Policy>
</ns0:Layout>
<ns0:IncludeTimestamp/>
</wsp:Policy>
</ns0:TransportBinding>
</wsp:Policy>
Do I have to select a different policy?
Am I missing something?
Thanks,
Miguel.Hi all,
I have created a web service in jdeveloper 11g which I have deployed to an Stand Alone Weblogic Server 10.3.
The service uses the policy Wssp1.2-2007-Https.xml. I have generated a consumer in Jdeveloper 11g for the service, and it works perfectly.
However I have the requirement of a consumer in C#, I've used svcutil to generate the client but I'm getting the following warning:
A security policy was imported for the endpoint. The security policy contains requirements that cannot be represented in a Windows Communication Foundation configuration. Look for a comment about the SecurityBindingElement parameters that are required in the configuration file that was generated. Create the correct binding element with code. The binding configuration that is in the configuration file is not secure.
In the WSDL I have:
<wsp:UsingPolicy wssutil:Required="true"/>
<wsp:Policy wssutil:Id="Wssp1.2-2007-Https.xml">
<ns0:TransportBinding>
<wsp:Policy>
<ns0:TransportToken>
<wsp:Policy>
<ns0:HttpsToken/>
</wsp:Policy>
</ns0:TransportToken>
<ns0:AlgorithmSuite>
<wsp:Policy>
<ns0:Basic256/>
</wsp:Policy>
</ns0:AlgorithmSuite>
<ns0:Layout>
<wsp:Policy>
<ns0:Lax/>
</wsp:Policy>
</ns0:Layout>
<ns0:IncludeTimestamp/>
</wsp:Policy>
</ns0:TransportBinding>
</wsp:Policy>
Do I have to select a different policy?
Am I missing something?
Thanks,
Miguel. -
Unable to expand Roles n policies after enabling Active directory security
I am running weblogic 10.3 on Linux and integrated console security with Microsoft AD.
Below error occurs when I tried to expand roles and policies.
Please help.
Message: weblogic.management.utils.NotFoundException: [Security:090311]Failed to set resource expression
Stack Trace: com.bea.console.exceptions.ManagementException: weblogic.management.utils.NotFoundException: [Security:090311]Failed to set resource expression at com.bea.console.actions.security.roles.RoleTableAction.createRoleNode(RoleTableAction.java:678) at com.bea.console.actions.security.roles.RoleTableAction.expandGlobalRolesNode(RoleTableAction.java:208) at com.bea.console.actions.security.roles.RoleTableAction.expandNode(RoleTableAction.java:193) at com.bea.console.actions.security.roles.RoleTableAction.execute(RoleTableAction.java:102) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116) at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:255) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158) at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199) at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686) at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266) at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107) at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292) at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146) at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395) at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361) at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208) at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162) at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388) at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258) at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211) at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196) at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:54) at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(Unknown Source) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: weblogic.management.utils.NotFoundException: [Security:090311]Failed to set resource expression at com.bea.security.providers.xacml.entitlement.RoleManager.getRole(RoleManager.java:134) at weblogic.security.providers.xacml.authorization.XACMLRoleMapperImpl.getRoleExpression(XACMLRoleMapperImpl.java:499) at weblogic.security.providers.xacml.authorization.XACMLRoleMapperMBeanImpl.getRoleExpression(XACMLRoleMapperMBeanImpl.java:389) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:447) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:445) at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443) at weblogic.management.mbeanservers.internal.AuthenticatedSubjectInterceptor$10$1.run(AuthenticatedSubjectInterceptor.java:582) at weblogic.management.mbeanservers.internal.AuthenticatedSubjectInterceptor$10.run(AuthenticatedSubjectInterceptor.java:580) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.management.mbeanservers.internal.AuthenticatedSubjectInterceptor.invoke(AuthenticatedSubjectInterceptor.java:573) at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:307) at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426) at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72) at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264) at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366) at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788) at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source) at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174) at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222) at javax.management.remote.rmi.RMIConnectionImpl_1030_WLStub.invoke(Unknown Source) at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978) at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544) at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380) at $Proxy70.getRoleExpression(Unknown Source) at com.bea.console.actions.security.roles.RoleTableAction.createRoleNode(RoleTableAction.java:671) ... 81 more<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd">
<name>ABC</name>
<domain-version>10.0.1.0</domain-version>
<security-configuration>
<name>ABC</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
<sec:name>MYSECURITY</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:host>ad.win.XYZ.com</wls:host>
<wls:port>3210</wls:port>
<wls:user-name-attribute>SamAccountName</wls:user-name-attribute>
<wls:principal>CN=ABC (APPLICATION),OU=Service Accounts,OU=Infrastructure Solutions,OU=USPC,DC=americas,DC=win,DC=xyz,DC=com</wls:principal>
<wls:user-base-dn>DC=americas,DC=win,DC=xyz,DC=com</wls:user-base-dn>
<wls:credential-encrypted>{3DES}3gr1b24C1+ZescfrcJGfTA==</wls:credential-encrypted>
<wls:user-from-name-filter>(&(SamAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
<wls:cache-size>3200</wls:cache-size>
<wls:group-base-dn>DC=americas,DC=win,DC=xyz,DC=com</wls:group-base-dn>
<wls:bind-anonymously-on-referrals>true</wls:bind-anonymously-on-referrals>
<wls:all-groups-filter>(objectclass=group)</wls:all-groups-filter>
<wls:group-membership-searching>limited</wls:group-membership-searching>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{3DES}Da9bWdtd5q7ah0l1OlmgTprs5EsrhL0siPsTNKzMDOasnQwrpgSVnAKFIdM3O/CjsXOzrq2fBACcbtup4aQCbNpjynWFUDB1</credential-encrypted>
<node-manager-username>system</node-manager-username>
<node-manager-password-encrypted>{3DES}IwjibsnAdGEU/pYi+0n1bg==</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<rotation-type>byTime</rotation-type>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25000</listen-port>
<server-debug>
<debug-scope>
<name>default</name>
<enabled>true</enabled>
</debug-scope>
<debug-scope>
<name>weblogic</name>
<enabled>true</enabled>
</debug-scope>
</server-debug>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server1</name>
<ssl>
<enabled>false</enabled>
</ssl>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25010</listen-port>
<listen-port-enabled>true</listen-port-enabled>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
<java-compiler>javac</java-compiler>
<client-cert-proxy-enabled>false</client-cert-proxy-enabled>
</server>
<server>
<name>ABC_server2</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25020</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server4</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25040</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server5</name>
<ssl>
<enabled>false</enabled>
</ssl>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<machine xsi:nil="true"></machine>
<listen-port>25050</listen-port>
<cluster xsi:nil="true"></cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
</server>
<server>
<name>ABC_server6</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25060</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server7</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25070</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server8</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25080</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server10</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25100</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server9</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25090</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server3</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25030</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<server-debug>
<debug-scope>
<name>default</name>
<enabled>true</enabled>
</debug-scope>
<debug-scope>
<name>weblogic</name>
<enabled>true</enabled>
</debug-scope>
</server-debug>
<listen-address></listen-address>
</server>
<embedded-ldap>
<name>ABC</name>
<credential-encrypted>{3DES}RhnPr+8XsDxhU8rgpPiikqpyeP74wxX/T2mnALX9oFI=</credential-encrypted>
</embedded-ldap>
<configuration-version>10.0.1.0</configuration-version>
<configuration-audit-type>logaudit</configuration-audit-type>
<app-deployment>
<name>ABC25090</name>
<target>ABC_server9</target>
<module-type>ear</module-type>
<source-path>/home/arajpoot/working/default-app/dist/ABC.9.5.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC25080</name>
<target>ABC_server8</target>
<module-type>ear</module-type>
<source-path>/home/aherleka/working/default-app/dist/ABC.10.1.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC25030</name>
<target>ABC_server3</target>
<module-type>ear</module-type>
<source-path>/home/rprajapa/working/default-app/dist/ABC.10.1.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC25060</name>
<target></target>
<module-type>ear</module-type>
<source-path>/home/xyin/working/default-app/dist/ABC.10.1.0.ear</source-path>
<sub-deployment>
<name>/</name>
<target></target>
</sub-deployment>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</app-deployment>
<app-deployment>
<name>ABC25010</name>
<target>ABC_server1</target>
<module-type>ear</module-type>
<source-path>/home/payadav/working/default-app/dist/ABC.10.1.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC25050</name>
<target>ABC_server5</target>
<module-type>ear</module-type>
<source-path>/home/nchanda1/working/default-app/dist/ABC.10.0.3.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC8070</name>
<target>ABC_server7</target>
<module-type>ear</module-type>
<source-path>/home/irakshit/working/default-app/dist/ABC.10.1.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC8020</name>
<target>ABC_server2</target>
<module-type>ear</module-type>
<source-path>/home/wchou/working/default-app/ABC.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC8100</name>
<target>ABC_server10</target>
<module-type>ear</module-type>
<source-path>/home/amulik/working/default-app/dist/ABC.9.5.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC8040</name>
<target>ABC_server4</target>
<module-type>ear</module-type>
<source-path>/home/nchanda1/working/default-app/dist/ABC.10.0.3.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
<jdbc-system-resource>
<name>ABCCDWDataSource</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCCDWDataSource-2021-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCCDWDataSource_coper</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCCDWDataSource_coper-9655-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCOracleDS</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCOracleDS-5997-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCReportDataSource</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCReportDataSource-6033-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABC_NEON_DATASOURCE</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABC_NEON_DATASOURCE-9653-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCRDRDS</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCRDRDS-5401-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCtest</name>
<target>ABC_server6</target>
<descriptor-file-name>jdbc/ABCtest-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCreport</name>
<target>ABC_server6</target>
<descriptor-file-name>jdbc/ABCreport-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain> -
WLS 8.1 MDBs, Websphere MQ QMs and Security Exits....
Hi:
I am testing an MDB that is listening on a Websphere MQ 5.3 Queue. For security,
I have secured the Server Connection Channel of the Queue Manager (to which the
Queue belongs to) with a Security Exit.
Using the Foreign JMS Servers section in the Admin console, I defined a 'Foreign
JMS Connection Factory' that has the userid & password that is supposed to be
passed to Websphere MQ.
When the MDB comes up, it throws a SecurityException. In the background, the Security
Exit log indicates that the MDB tried to make multiple connections to the Server
Channel. The Deployment descriptor has the 'MAX BEANS IN FREE POOL' set to 1.
My issues are:
1. When the MDB comes up the Server Connection Channel shows multiple connections.
I know there is only one MDB, so I am curious why there would be multiple connections
to the same Channel.
2. The Security Exit log shows that the userid and passord was passed on to MQ
certain times and other times it was not. The net result is the Security Exit
rejected the MDB Connections (when the userid and pwd was blanks) and the Bean
did not come up properly.
I am concerned with Issue 2. Because, all I am able to control is giving the userid
and pwd in the Foreign JMS Server section. WLS 8.1 is supposed to pass on the
credentials properly to MQ when needed. Is WLS 8.1 NOT doing what is expected
or am I missing something?
What is the procedure to deploy a WLS 81 MDB that is listening on a queue whose
QM is secured by an MQ Security Exit.
Please help!
When you deploy any EJB or servlet that uses the "resource-reference", the
container (after a short delay) tries to make a connection to get the
XAResource for that JMS provider. It then registers that with JTA. That way,
JTA can perform transaction recovery on the JMS provider sooner rather than
later. (If we waited to register the MQSeries resource with JTA until you
used it, then if MQ had prepared transactions, they wouldn't be resolved
until you actually tried to send a message.)
As for the "multiple connections", I believe that the MQSeries JMS library
uses a single MQ "connection handle" for every JMS session. (That's because
MQ connection handles aren't thread-safe.) In our pool of the JMS Session
objects, we open more than one session initially, so that might be why
you're seeing multiple connections.
You can monitor the pooling of the JMS sessions using the console. Click on
your server in the "servers" tab in the left-hand tree view, then on
"Monitoring", then on "JMS", and then on "Monitor Pooled JMS Connections".
greg
"Sridhar Krishnaswamy" <[email protected]> wrote in message
news:[email protected]...
>
> I tried the steps you have mentioned. But the userid still does not come
across
> to MQSeries. So, I will follow up with Support. The MDB is passing on the
credentials
> fine when using the same QCF to put the messages to.
>
> On the issue of multiple connections, you are right. The connections are
because
> of the resource-ref entries. Though I am not sure why the MDB is actually
trying
> to establish multiple connections for every resource-ref entry (because
the pooling
> mechanism kicks in?). Also, in my design, some of the resource-ref are
actually
> 'stand-bys' to be used only if the MDB fails to put the message using the
primary
> resource-ref entry. I would have thought that the physical connections
will actually
> be made when the call for looking up the QCF is made by the bean or
createQueueConnection
> called. Just for my knowledge, I would like to know why the Container is
establishing
> the connections upfront.
>
> As always, I really appreciate your help, Greg.
>
> Thanks,
> Sridhar
>
> "Greg Brail" <[email protected]> wrote:
> >At the moment, the username and password used to receive messages come
> >from
> >a differenct place, and not from the "Foreign JMS Connection Factory"
> >screen. (Yes, I realize that this is confusing.) To do what you want,
> >you
> >need to define a "credential mapping":
> >
> >-- Create a WebLogic Server user using the "security" section of the
> >console, and assign the password that you will need to connect to MQ.
> >
> >-- Right-click on your MDB in the left-hand tree view, and select "Define
> >Roles and Policies for Individual Beans"
> >
> >-- You should see a list of MDBs on the screen. Click on "define
credential
> >mapping". (I forget the exact wording, but it's something like that.)
> >
> >-- On this screen, you enter the MQSeries username that you'll need to
> >set,
> >and the WebLogic user that you created in the first step. It then uses
> >the
> >password from this WebLogic username.
> >
> >If you have trouble with this, please call support. I know that some
> >people
> >have had trouble with this particular feature.
> >
> >I'm not sure about the multiple connections. Is it possible that you
> >have a
> >"resource-reference" declared for MQ somewhere?
> >
> > greg
> >
> >"Sridhar Krishnaswamy" <[email protected]> wrote in message
> >news:[email protected]...
> >>
> >> Hi:
> >> I am testing an MDB that is listening on a Websphere MQ 5.3 Queue.
> >For
> >security,
> >> I have secured the Server Connection Channel of the Queue Manager (to
> >which the
> >> Queue belongs to) with a Security Exit.
> >>
> >> Using the Foreign JMS Servers section in the Admin console, I defined
> >a
> >'Foreign
> >> JMS Connection Factory' that has the userid & password that is supposed
> >to
> >be
> >> passed to Websphere MQ.
> >>
> >> When the MDB comes up, it throws a SecurityException. In the
background,
> >the Security
> >> Exit log indicates that the MDB tried to make multiple connections
> >to the
> >Server
> >> Channel. The Deployment descriptor has the 'MAX BEANS IN FREE POOL'
> >set to
> >1.
> >> My issues are:
> >>
> >> 1. When the MDB comes up the Server Connection Channel shows multiple
> >connections.
> >> I know there is only one MDB, so I am curious why there would be
multiple
> >connections
> >> to the same Channel.
> >> 2. The Security Exit log shows that the userid and passord was passed
> >on
> >to MQ
> >> certain times and other times it was not. The net result is the
Security
> >Exit
> >> rejected the MDB Connections (when the userid and pwd was blanks) and
> >the
> >Bean
> >> did not come up properly.
> >>
> >> I am concerned with Issue 2. Because, all I am able to control is
giving
> >the userid
> >> and pwd in the Foreign JMS Server section. WLS 8.1 is supposed to pass
> >on
> >the
> >> credentials properly to MQ when needed. Is WLS 8.1 NOT doing what is
> >expected
> >> or am I missing something?
> >>
> >> What is the procedure to deploy a WLS 81 MDB that is listening on a
> >queue
> >whose
> >> QM is secured by an MQ Security Exit.
> >>
> >> Please help!
> >
> >
>
-
WLS 11 Policy migration during EAR deployment
We are installing an ADF 11g EAR into our development instance of WLS 10.3.1 and are seeing some strange behavior with the ADF policy migration. During the EAR install from either the WLS console, or using WLST scripts, the ear deployment appears to create entries in our domains system-jazn-data.xml file in the .../config/fmwconfig directory. The policies work fine when testing the application. Users in the various application roles see expected security behavior. If we then start and stop a completely different managed server from the console, the entries that were in the system-jazn-data.xml file disappear, but the our application security continues to work as expected. If we then bounce the server our ear is deployed to, the entries show up again in system-jazn-data.xml.
Can anyone explain this behavior and verify if this is expected?
Additional Information: We have followed the enterprise deployment guide when setting up our middleware home directory. We have the following directory structure:
/opt/oracle/admin/snidomain/aserver
/opt/oracle/admin/snidomain/mserver
The aserver directory contains the admin server and the mserver directory contains our managed servers. Each directory contains a config/fmwconfig subdirectory each containing a system-jazn-data.xml file. Each also contains a jps-config.xml file that specifies an XML policy provider pointing at "./system-jazn-data.xml". When we install an EAR that utilizes ADF security, the system-jazn-data.xml file in the mserver directory is updated during deployment, but the one in the aserver directory is not. Each recycle of a managed server appears to replace the contents of the system-jazn-data.xml file in the mserver directory.
Also, when I bring up Fusion Middleware Control and view the roles/policies of the ear, none are displayed in the UI. If I add a role/policy using Fusion Middleware Control, the new role/policy is placed in the system-jazn-data.xml file in the aserver directory, and the contents of the one in the mserver directory is completely replaced with the same contents as the one in the asever directory, overwriting the ones added during the deployment.We are installing an ADF 11g EAR into our development instance of WLS 10.3.1 and are seeing some strange behavior with the ADF policy migration. During the EAR install from either the WLS console, or using WLST scripts, the ear deployment appears to create entries in our domains system-jazn-data.xml file in the .../config/fmwconfig directory. The policies work fine when testing the application. Users in the various application roles see expected security behavior. If we then start and stop a completely different managed server from the console, the entries that were in the system-jazn-data.xml file disappear, but the our application security continues to work as expected. If we then bounce the server our ear is deployed to, the entries show up again in system-jazn-data.xml.
Can anyone explain this behavior and verify if this is expected?
Additional Information: We have followed the enterprise deployment guide when setting up our middleware home directory. We have the following directory structure:
/opt/oracle/admin/snidomain/aserver
/opt/oracle/admin/snidomain/mserver
The aserver directory contains the admin server and the mserver directory contains our managed servers. Each directory contains a config/fmwconfig subdirectory each containing a system-jazn-data.xml file. Each also contains a jps-config.xml file that specifies an XML policy provider pointing at "./system-jazn-data.xml". When we install an EAR that utilizes ADF security, the system-jazn-data.xml file in the mserver directory is updated during deployment, but the one in the aserver directory is not. Each recycle of a managed server appears to replace the contents of the system-jazn-data.xml file in the mserver directory.
Also, when I bring up Fusion Middleware Control and view the roles/policies of the ear, none are displayed in the UI. If I add a role/policy using Fusion Middleware Control, the new role/policy is placed in the system-jazn-data.xml file in the aserver directory, and the contents of the one in the mserver directory is completely replaced with the same contents as the one in the asever directory, overwriting the ones added during the deployment. -
Getting SecurityException with standalone WLS
Hay OTN,
Just getting started with the standalone WebLogic. Used to work only with JDev integrated one.
Can't manage to start the domain right now. But the server should be in a working state.
Fusion Middleware was installed by another person, and that's a big trouble - 'couse I don't where to look for the answer.
That is why ANY tips would be appreciated.
After I go to domain home, launch ./startWebLogic.sh and typing default user (it is weblogic:weblogic , right?) I'm getting following exceptions... (lower).
Oracle Enterprise Linux.
Thanks.
[oracle@ts1 bin]$ ./startWebLogic.sh
JAVA Memory arguments: -Xms512m -Xmx512m
WLS Start Mode=Production
CLASSPATH=/u01/app/oracle/product/fmw-11.1.1/patch_wls1033/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/app/oracle/product/fmw-11.1.1/patch_ocp353/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/app/oracle/product/fmw-11.1.1/jrrt-4.0.0-1.6.0/lib/tools.jar:/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/weblogic.jar:/u01/app/oracle/product/fmw-11.1.1/modules/features/weblogic.server.modules_10.3.3.0.jar:/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/webservices.jar:/u01/app/oracle/product/fmw-11.1.1/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/u01/app/oracle/product/fmw-11.1.1/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/common/derby/lib/derbyclient.jar:/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/xqrl.jar
PATH=/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/bin:/u01/app/oracle/product/fmw-11.1.1/modules/org.apache.ant_1.7.1/bin:/u01/app/oracle/product/fmw-11.1.1/jrrt-4.0.0-1.6.0/jre/bin:/u01/app/oracle/product/fmw-11.1.1/jrrt-4.0.0-1.6.0/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/oracle/bin
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://hostname:port/console *
starting weblogic with Java version:
java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04)
Oracle JRockit(R) (build R28.0.0-679-130297-1.6.0_17-20100312-2121-linux-x86_64, compiled mode)
Starting WLS with line:
/u01/app/oracle/product/fmw-11.1.1/jrrt-4.0.0-1.6.0/bin/java -jrockit -Xms512m -Xmx512m -Dweblogic.Name=AdminServer -Djava.security.policy=/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3 -Dwls.home=/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server -Dweblogic.home=/u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/u01/app/oracle/product/fmw-11.1.1/patch_wls1033/profiles/default/sysext_manifest_classpath:/u01/app/oracle/product/fmw-11.1.1/patch_ocp353/profiles/default/sysext_manifest_classpath weblogic.Server
<10.06.2010 12:07:44 MSD> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Oracle JRockit(R) Version R28.0.0-679-130297-1.6.0_17-20100312-2121-linux-x86_64 from Oracle Corporation>
<10.06.2010 12:07:45 MSD> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.3.0 Fri Apr 9 00:05:28 PDT 2010 1321401 >
<10.06.2010 12:07:47 MSD> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<10.06.2010 12:07:54 MSD> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<10.06.2010 12:07:54 MSD> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<10.06.2010 12:07:55 MSD> <Notice> <Log Management> <BEA-170019> <The server log file /u01/app/oracle/product/fmw-11.1.1/user_projects/domains/miit/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>
<10.06.2010 12:08:00 MSD> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:465)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:869)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:156)
Truncated. see log file for complete stacktrace
Caused By: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u01/app/oracle/product/fmw-11.1.1/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadFullLDIFTemplate(BootStrapServiceImpl.java:910)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFTemplate(BootStrapServiceImpl.java:688)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:178)
at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:162)
at com.bea.common.security.internal.service.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:109)
Truncated. see log file for complete stacktrace
Caused By: <openjpa-1.1.1-SNAPSHOT-r422266:891341 fatal store error> kodo.jdo.FatalDataStoreException: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred.
at org.apache.openjpa.kernel.BrokerImpl.newFlushException(BrokerImpl.java:2170)
at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2017)
at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:1915)
at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:1833)
at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
Truncated. see log file for complete stacktrace
Caused By: <openjpa-1.1.1-SNAPSHOT-r422266:891341 nonfatal store error> kodo.jdo.DataStoreException: ORA-00942: table or view doesn't exist
{prepstmnt 480494624 INSERT INTO BEAXACMLAP (DOMN, REALMN, TYPEN, CN, XVER, CTS, WCN, WCI, WXF, XD, XS, MTS) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) [params=(String) miit, (String) myrealm, (String) Policies, (String) urn:bea:xacml:2.0:entitlement:resource:type@E@Fmbean@G, (String) 1.0, (null) null, (null) null, (null) null, (Blob) oracle.sql.BLOB@1ca3cb16, (InputStream) java.io.ByteArrayInputStream@1ca3cb87, (String) 3, (Timestamp) 2010-06-10 12:08:00.585] [reused=0]} [code=942, state=42000]
FailedObject: [email protected]e6f
at org.apache.openjpa.jdbc.sql.DBDictionary.narrow(DBDictionary.java:4207)
at org.apache.openjpa.jdbc.sql.DBDictionary.newStoreException(DBDictionary.java:4171)
at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:102)
at org.apache.openjpa.jdbc.sql.SQLExceptions.getStore(SQLExceptions.java:72)
at kodo.jdbc.kernel.BatchingPreparedStatementManager.flushInternal(BatchingPreparedStatementManager.java:214)
Truncated. see log file for complete stacktrace
Caused By: org.apache.openjpa.lib.jdbc.ReportingSQLException: ORA-00942: table or view doesn't exist
{prepstmnt 480494624 INSERT INTO BEAXACMLAP (DOMN, REALMN, TYPEN, CN, XVER, CTS, WCN, WCI, WXF, XD, XS, MTS) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) [params=(String) miit, (String) myrealm, (String) Policies, (String) urn:bea:xacml:2.0:entitlement:resource:type@E@Fmbean@G, (String) 1.0, (null) null, (null) null, (null) null, (Blob) oracle.sql.BLOB@1ca3cb16, (InputStream) java.io.ByteArrayInputStream@1ca3cb87, (String) 3, (Timestamp) 2010-06-10 12:08:00.585] [reused=0]} [code=942, state=42000]
at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.wrap(LoggingConnectionDecorator.java:192)
at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator.access$700(LoggingConnectionDecorator.java:57)
at org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator$LoggingConnection$LoggingPreparedStatement.executeUpdate(LoggingConnectionDecorator.java:866)
at org.apache.openjpa.lib.jdbc.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:269)
at org.apache.openjpa.jdbc.kernel.JDBCStoreManager$CancelPreparedStatement.executeUpdate(JDBCStoreManager.java:1421)
Truncated. see log file for complete stacktrace
>
<10.06.2010 12:08:00 MSD> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<10.06.2010 12:08:00 MSD> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:916)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<10.06.2010 12:08:00 MSD> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<10.06.2010 12:08:00 MSD> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<10.06.2010 12:08:00 MSD> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN> Edited by: ILya Cyclone on Jun 10, 2010 5:34 PMIt doesnt necessarily has to be weblogic/weblogic. For 11g the password needs to have a number or alphanumeric character.
In case u have forgotton i have follow teh steps here to retrieve the password.
http://weblogic-wonders.com/weblogic/2009/12/15/resetting-admin-username-password/
Can u paste your config.xml here? I want to check whether u are authenticating against embedded ldap of databse.
Thanks,
Faisal -
Migrating ADF Security to WLS using OID
I have seen a number of posts on this forum regarding deploying an application which has ADF Security enabled to a stand-alone WebLogic server, but none of them seem to address the following.
I have an application in JDeveloper which uses an XML-based identity store and policy store. I have a stand-alone WLS which is connected to OID. I am trying to migrate the credential store and policy store to the OID configured for my stand-alone WLS. The various blogs and OTN articles mentioned frequently in this forum regarding ADF Security address configuring OID in WLS, as well as how to migrate security to XML-based providers on WLS. However, I have not seen any information on how to migrate security to OID in WLS. I have a few questions in particular:
1) JDeveloper online help has limited information for modifying the jps-config.xml to have a destination context, service instance, and service provider for LDAP (OID). It has configuration parameters for “JpsFarmName” and “JpsRootNodeName”. What are these used for, and what should the values be?
2) Does the jps-config.xml file need to be modified in WLS (i.e. <Domain>/config/oracle/jps-config.xml)? Is this file even used at runtime by WLS?
3) How does WLS know to use OID for obtaining credential, identity, and policy information instead of system-jazn-data?
Any information on this topic would be very appreciated!
Thanks,
ErickHi,
I am using migrateSecurityStore for policy migration from xml to OID.
migrateSecurityStore(type="policyStore",configFile="t2p-policies.xml",src="XMLsourceContext",dst="LDAPdestinationContext")
when I run above command I am getting following error.
Jul 9, 2009 11:00:08 AM oracle.security.jps.internal.config.util.BootstrapConfig
urationUtil getCredentialFromBootstrapWallet
SEVERE: Cannot get credential. Reason java.security.PrivilegedActionException: o
racle.security.jps.service.credstore.CredStoreException.
COMMAND FAILED due to an unknown reason, Check the stack trace for details
Traceback (innermost last):
File "<console>", line 1, in ?
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 780, in migrateSec
urityStore
File "D:\JDEVST~2\JDEVEL~1\common\wlst\jpsWlstCmd.py", line 752, in migrateSec
urityStoreImpl
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(
LdapPolicyStore.java:230)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:108)
at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider
.getInstance(LdapPolicyStoreProvider.java:55)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServ
iceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.DelegatingContextFactoryImp
l.findServiceInstance(DelegatingContextFactoryImpl.java:61)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getConte
xt(ContextFactoryImpl.java:206)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getCo
ntextFromConfig(JpsContextFactoryImpl.java:171)
at oracle.security.jps.internal.tools.utility.util.JpsHelper.getContextF
romConfigObj(JpsHelper.java:115)
at oracle.security.jps.internal.tools.utility.mgrs.JpsPolicyAPIManager.g
etPolicyStoreForDestination(JpsPolicyAPIManager.java:157)
at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDs
tPolicy.<init>(JpsDstPolicy.java:186)
at oracle.security.jps.internal.tools.utility.destination.JpsInitializer
Dst.getDestinations(JpsInitializerDst.java:82)
at oracle.security.jps.internal.tools.utility.JpsUtility.<init>(JpsUtili
ty.java:63)
at oracle.security.jps.internal.tools.utility.JpsUtilMigrationPolicyImpl
.migrateAllPolicyData(JpsUtilMigrationPolicyImpl.java:234)
at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand
(JpsUtilMigrationTool.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsRuntimeException
: Cannot read the default policy store.
thanks and regards
KishoreM -
Hello
I m trying to view/delete jms messages in a queue in WLS 10.3. As Administrator user I m able to view/delete the messages but when logged as an user of Monitors group I m not even able to view the messages.
Is there any other user group apart from Administrator which can view messages in WLS 10.3. Please help
Thanks
KranthiTom,
You are correct, I m able to view messages as Monitors group ID even from Hermes.
To check from console I had to update the weblogic.management.runtime.JMSDestinationRuntimeMBean security.
Here the steps I got from support to enable operations on JMSDestinationruntime mbean:
1. In the left pane, select Security Realm.
2. Select “myrealm”.
3. In “Configuration” tab, check “Use Authorization Providers to Protect JMX Access”, click save and then activate changes.
4. Restart the server.
5. In the left pane, select Security Realm.
6. Select “myrealm”.
7. Go to “Users and Groups”.
8. In users, create a new user say “queueuser”, add it to group “Monitors”
9. Adding it to group “Monitors”:
a. Select “myrealm”.
b. Select “Users and Groups”.
c. Click on user name, in right pane select “Groups”.
d. From Parent Groups, select monitors, click arrow pointing right side.
10. Go to “Roles and Policies” - > Realm Policies
11. In Policy table, select “JMX Policy Editor”.
12. Select “Global Scope”, click next.
13. From MBean Types, select “weblogic.management.runtime”
14. Select “JMSDestinationRuntimeMBean”, click next.
15. In Attributes and Operations, select “Operations: Permission to Invoke”.
16. Click on “Create Policy” button and save
17. Click on “Add Condition”, Select “Group” in “Predicate List”, click next, type Monitors, say add. Click “Finish”. -
Problem starting WLS 5.1 in RH Linux
I have RH Linux 6.2 and just downloaded Sun JDK1.3 and BEA WLS 5.1. There
were a couple of problems with the install:
1) The case statemement in startWebLogic.sh did not pick up Linux using
uname -s, but I fixed that by commenting out all the other Unixes and the
case and esac. And LD_LIBRARY_PATH was defined as
/home/wlogic/weblogic/lib/linux
2) The second problem I have not been able to resolve. This is the
stackdump:
LD_LIBRARY_PATH=/home/wlogic/weblogic/lib/linux
Exception in thread "main" java.security.AccessControlException: access
denied (
java.lang.RuntimePermission createSecurityManager)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.<init>(SecurityManager.java:301)
at
weblogic.boot.ServerSecurityManager.<init>(ServerSecurityManager.java:11)
at weblogic.Server.main(Server.java:59)
at weblogic.Server.main(Server.java:55)
Comments pls someone. Many thanks.
KennyTry modifying your weblogic.polic file so that the paths in that file
match your environment.
John
Kenny Kon wrote:
>
I have RH Linux 6.2 and just downloaded Sun JDK1.3 and BEA WLS 5.1. There
were a couple of problems with the install:
1) The case statemement in startWebLogic.sh did not pick up Linux using
uname -s, but I fixed that by commenting out all the other Unixes and the
case and esac. And LD_LIBRARY_PATH was defined as
/home/wlogic/weblogic/lib/linux
2) The second problem I have not been able to resolve. This is the
stackdump:
LD_LIBRARY_PATH=/home/wlogic/weblogic/lib/linux
Exception in thread "main" java.security.AccessControlException: access
denied (
java.lang.RuntimePermission createSecurityManager)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.<init>(SecurityManager.java:301)
at
weblogic.boot.ServerSecurityManager.<init>(ServerSecurityManager.java:11)
at weblogic.Server.main(Server.java:59)
at weblogic.Server.main(Server.java:55)
Comments pls someone. Many thanks.
Kenny--
Jesus M. Salvo, Jr.
Senior Consultant
PowerServe Pty Ltd
Level 2, 116 Miller Street
North Sydney 2060
New South Wales, Australia
Ph: (61-2) 9492 4800
Direct (61-2) 9492 4853
Fax: (61-2) 9492 4899
http://www.powerserve.com.au
Email: [email protected]
This email is from PowerServe Pty Limited (ACN 069 037 056)
The information contained in this email (including any attached files)
may be privileged and confidential intended for the use of the
person/persons named above. If you are not the intended recipient, you
are advised that any use, distribution or copying of the information is
strictly prohibited. If you have received this transmission in error,
please notify PowerServe Pty Limited immediately on (61 3) 9618 1222 or
reply by email to the sender.
PowerServe Pty Limited does not represent or warrant that this email or
any attached files are free from computer viruses or other defects. Any
attached files are provided, and may only be used, on the basis that the
user assumes all responsibility for
Maybe you are looking for
-
Can't install itunes on windows vista 64 bit
I'm trying to install itunes on a windows vista 64 bit machine but keep getting the error message "could not access network location %appdata%\." Does anybody know what is the matter?
-
FW HTML not importing correctly into DW
Hello, I have made a navbar in FW and exported it following some tutorials I've watched. I have imported it into some of the pages on my site in DW and the import works fine. However, on a number of other pages, I insert my cursor in the "topnav" d
-
I have a new imac and want to transfer my itunes from a pc
hi, I just bought my first mini mac. I been using a HP with windows 7. I want to transfer my itunes on my mini mac. How can I do this without the need of my iphone to transfer. Thank you, Debbie
-
How can I change a .band file created in GarageBand to an .mp3 file?
How can I change a .band file created in GarageBand to an .mp3 file?
-
Apple Finder webdav client launch many GET requests when I explore a folder
Hi, I write a WebDAV server in Python. I found one issue with Apple Finder WebDAV client and I've noticed same issue with apache mod_dav server. Issue : when Finder explore a folder, Finder download the totaly of all files ! I don't know who do all t