Portal entitlement SecurityException

Similar Messages

• Portal Entitlements for user defined objects

  Hi,
  The UUP aggregates the user profile information from different backed data sources.
  One of the properties in the propertyset is a multivalued property. I populate
  this by the following code:
  PropertyMapKey propertyMapKeyM = new PropertyMapKeyImpl(null,"DA_Privilege");
  String str="LAB1_CAPLinks_ViewReports" + "," + "LAB1_CAPLinks_EditReports"; //hardcoded
  for testing
  propertyCache.put(propertyMapKeyM,str);
  (This code resides in the MyEntityPropertyManager)
  When I go to the portal administration screen, I do not see the values, it instead
  only gives me the object id of the java String array.
  Could someone please help me with the following questions:
  1. How do I populate the multivalued property ? I see in documentation that there
  is 2 different PropertyCache implementation......confused which one to use and
  how.
  2. Is there a way to define user defined objects in UUP and have portlets entitled
  to the state of the object ? (a custom entitlement code)
  3. Any sample code would be helpfull
  Thanks,
  Uday

  Thank You Greg. Now it works.
  -Uday
  Gregory Smith <[email protected]> wrote:
  I'm not totally sure, but I would imagine you want to put a List of
  Strings into the propertyCache if the property is supposed to be
  multivalued text, e.g.:
  PropertyMapKey propertyMapKeyM = new PropertyMapKeyImpl(null,
       "DA_Privilege");
  List strs = new ArrayList(2);
  strs.add("LAB1_CAPLinks_ViewReports");
  strs.add("LAB1_CAPLinks_EditReports");
  propertyCache.put(propertyMapKeyM, strs);
  I know that all of the code that calls the UUP and property sets code
  expects a Collection back from a multivalued property (but I'm not sure
  about a UUP implementation).
  Greg
  Udayraj Nair wrote:
  Hi,
  The UUP aggregates the user profile information from different backeddata sources.
  One of the properties in the propertyset is a multivalued property.I populate
  this by the following code:
  PropertyMapKey propertyMapKeyM = new PropertyMapKeyImpl(null,"DA_Privilege");
  String str="LAB1_CAPLinks_ViewReports" + "," + "LAB1_CAPLinks_EditReports";//hardcoded
  for testing
  propertyCache.put(propertyMapKeyM,str);
  (This code resides in the MyEntityPropertyManager)
  When I go to the portal administration screen, I do not see the values,it instead
  only gives me the object id of the java String array.
  Could someone please help me with the following questions:
  1. How do I populate the multivalued property ? I see in documentationthat there
  is 2 different PropertyCache implementation......confused which oneto use and
  how.
  2. Is there a way to define user defined objects in UUP and have portletsentitled
  to the state of the object ? (a custom entitlement code)
  3. Any sample code would be helpfull
  Thanks,
  Uday

• Odd Portal Entitlement Bug

  If you create an entitlement segment with a name that contains numbers, e.g.
  "Age30ES", then when you use the admin tool to associate the segment with a
  portlet, then the entitlement segments table shows two separate
  entitlements, one called "ES", and the other "Age3". Any attempts at
  enforcing the entitlement, e.g. by granting 'can see' to both entitlements
  in the list, fails - the portal just ignores the entitlement. This only
  affects portlets, the entitlement segment can be correctly applied to pages.
  SB

  Hi Stanley,
  I verified this problem on Portal 4.0 and created an engineering change
  request to get it fixed (CR088805). Is your problem with 4.0 or 7.0? If
  you need a patch for this right away then please contact support and give
  them this CR number and they will get engineering to work on it now and
  support will send a patch to you.
  Thanks for pointing this out.
  Ture Hoefner
  BEA Systems, Inc.
  www.bea.com
  "Stanley Beamish" <[email protected]> wrote in message
  news:[email protected]..
  If you create an entitlement segment with a name that contains numbers,e.g.
  "Age30ES", then when you use the admin tool to associate the segment witha
  portlet, then the entitlement segments table shows two separate
  entitlements, one called "ES", and the other "Age3". Any attempts at
  enforcing the entitlement, e.g. by granting 'can see' to both entitlements
  in the list, fails - the portal just ignores the entitlement. This only
  affects portlets, the entitlement segment can be correctly applied topages.
  >
  SB

• Entitlement Setting in 4.0 Portal Tools Keeps Blowing Up

  When we try to create an empty WLCS database (empty except for the required data),
  run an EBCC sync (to get all of the configuration files into the database, and
  then try to set page entitlements we get an exception.
  Any help would be appreciated as this has been happening for 2 days and is getting
  quite frustrating.
  The message is as follows:
  java.sql.SQLException: ORA-02291: integrity constraint (WLCS_TEST.FK1_SKIN_POOL)
  violated - parent key not found
  at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:168)
  at oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)
  at oracle.jdbc.ttc7.Oall7.receive(Oall7.java:543)
  at oracle.jdbc.ttc7.TTC7Protocol.doOall7(TTC7Protocol.java:1405)
  at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteFetch(TTC7Protocol.java:822)
  at oracle.jdbc.driver.OracleStatement.executeNonQuery(OracleStatement.java:1446)
  at oracle.jdbc.driver.OracleStatement.doExecuteOther(OracleStatement.java:1371)
  at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1900)
  at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:363)
  at weblogic.jdbc.jts.Statement.executeUpdate(Statement.java:503)
  at weblogic.jdbc.rmi.internal.PreparedStatementImpl.executeUpdate(PreparedStatementImpl.java:66)
  at weblogic.jdbc.rmi.SerialPreparedStatement.executeUpdate(SerialPreparedStatement.java:57)
  at com.bea.portal.manager.internal.persistence.jdbc.JdbcPersonalizationManager.createPortalP13nSkinPoolEntry(JdbcPersonalizationManager.java:383)
  at com.bea.portal.manager.internal.persistence.jdbc.CachingPersonalizationManager.createPortalP13nSkinPoolEntry(CachingPersonalizationManager.java:222)
  at com.bea.portal.manager.internal.persistence.jdbc.KeyCachingPersistenceManager.createPortalPersonalization(KeyCachingPersistenceManager.java:184)
  at com.bea.portal.manager.internal.persistence.AbstractPersistenceManager.addPortalPersonalization(AbstractPersistenceManager.java:157)
  at com.bea.portal.manager.internal.persistence.jdbc.UserCachingPersistenceManager.addPortalPersonalization(UserCachingPersistenceManager.java:340)
  at com.bea.portal.manager.internal.PortalManagerDelegateImpl.setMutablePortalPersonalization(PortalManagerDelegateImpl.java:384)
  at com.bea.portal.manager.ejb.internal.PortalManagerBean.setMutablePortalPersonalization(PortalManagerBean.java:99)
  at com.bea.portal.manager.ejb.internal.PortalManagerBean_w6xny9_EOImpl.setMutablePortalPersonalization(PortalManagerBean_w6xny9_EOImpl.java:37)
  at com.bea.portal.entitlement.util.EntitlementHelper.updatePageEntitledAttribute(EntitlementHelper.java:437)
  at com.bea.portal.entitlement.util.EntitlementHelper.setEntitlement(EntitlementHelper.java:368)
  at com.bea.portal.entitlement.servlets.jsp.taglib.SetDefaultEntitlementTag.doStartTag(SetDefaultEntitlementTag.java:144)
  at jsp_servlet._tools._portal.__set_page_ent_segments._jspService(__set_page_ent_segments.java:684)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
  at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:241)
  at com.bea.p13n.appflow.webflow.servlets.internal.WebflowServlet.doGet(WebflowServlet.java:167)
  at com.bea.p13n.appflow.webflow.servlets.internal.WebflowServlet.doPost(WebflowServlet.java:212)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)

  You would need to have 64-bit DSN to install BO. during the installation the DSNs are created automatically. This is what you showed us in the images.
  Many client tools use both 32-bit / 64-bit drivers. This helps them to talk to CMS Db in right way. You were using a CMS Db connection to create Universes , crystal reports and webi reports. Please note these client tools retrieve data from Db's other than the CMS Db usually. It is not recommended and suggested to have data made out of CMS Db. You should use the audit Database to know about the activities happening within the server.
  good luck!!

• How to get entitlement role list

  How can I get the portal entitlement role list by API?
  If I use
  RolePolicyManager.listRolesForResource(String anEntAppName,
  String aWebAppName,
  String aResourceId)
  How can I specified the aResourceId such that the roles of entire portal will
  be retreived?
  Or it is just a wrong approach? Thx a lot!!
  Ken

  I can get it by calling
  String str[] = RolePolicyManager.listRolesForResource(
  ApplicationHelper.getApplicationName(),
  ApplicationHelper.getWebAppName(getRequest()),
  EntitlementConstants.P13N_ROLE_POLICY_POOL
  "Ken" <[email protected]> wrote:
  >
  How can I get the portal entitlement role list by API?
  If I use
  RolePolicyManager.listRolesForResource(String anEntAppName,
  String aWebAppName,
  String aResourceId)
  How can I specified the aResourceId such that the roles of entire portal
  will
  be retreived?
  Or it is just a wrong approach? Thx a lot!!
  Ken

• Are Visitor Entitlement Roles == Scoped Roles

  I'm working on the security implementation for a WebLogic 8.1 Portal application.
  I've been doing some prototyping and am trying to determine where Visitor Entitlement
  roles are stored. Are these implemented as scoped roles from a WL platform viewpoint.
  I created two test roles for my portal and do not see any scoped roles under
  the application or the portal node in the WebLogic console.
  I'm trying to determine if these portal entitlement roles are/can be treated as
  weblogic platform roles and can be used in security annotations for an EJB or
  Java Control, and if they can be used for IsCallerInRole. I can create a security
  policy to protect the portal resource, but I'm looking for a way to apply the
  corresponding security in the business layer.
  Thanks in advance for any advice.
  Jim

  Jim,
  The WLP roles are stored in the default role mapper provider. They are
  scoped roles, but only attachable to WLP resources (pages, portlets, etc.)
  and cannot be used to protect J2EE resources. The basic reason for this
  is because WLP roles can include custom predicates (date/time/profile
  attributes) that rely on layered product classes that the base application
  server is unaware of and cannot edit using the WLS console.
  In Service Pack 3, the WLP admin tools will allow the converse - that is,
  you'll be able to reference/use WLS global roles in WLP policies.
  Service Pack2 adds a new tag to the auth taglib which allows you to
  do a isUserInRole check against the WLP (and WLS) roles.
  -Phil
  "Jim Maycott" <[email protected]> wrote in message
  news:[email protected]..
  >
  I'm working on the security implementation for a WebLogic 8.1 Portalapplication.
  I've been doing some prototyping and am trying to determine where VisitorEntitlement
  roles are stored. Are these implemented as scoped roles from a WLplatform viewpoint.
  I created two test roles for my portal and do not see any scoped rolesunder
  the application or the portal node in the WebLogic console.
  I'm trying to determine if these portal entitlement roles are/can betreated as
  weblogic platform roles and can be used in security annotations for an EJBor
  Java Control, and if they can be used for IsCallerInRole. I can create asecurity
  policy to protect the portal resource, but I'm looking for a way to applythe
  corresponding security in the business layer.
  Thanks in advance for any advice.
  Jim

• Apache and weblogic proxying not happening properly

  Hi,
  I am trying to proxy my request from my apache installation to weblogic installation.
  I am able to proxy request to the default page of my application in weblogic.
  But when trying to browse through that page I am getting error.
  Basically, It tries to listen at 7501 port of my machine(apache machine) only
  and is not trying to listen at 80 port of my machineso that it can be proxied
  to the 7501 port of weblogic machine.
  I am unable to figure out the issue. Maybe u can help me from ur experience.
  I get an exception saying:
  ###<Apr 28, 2003 9:53:47 PM IST> <Warning> <Entitlements> <blrkec09630a> <portalServer>
  <ExecuteThread: '10' for queue: 'default'> <kernel identity> <16:b7687ce40e05e9a9>
  <402716> <Missing entitlments configuration asset.>
  Exception[com.bea.p13n.rules.manager.RuleSetNotFoundException: The rule set with
  URI /entitlements/GlobalEntitlements.rls could not be located by the class named
  com.bea.p13n.rules.manager.internal.RuleSetPersistenceManager.]
  at com.bea.p13n.rules.manager.internal.RuleSetPersistenceManager.getRuleSet(RuleSetPersistenceManager.java:385)
  at com.bea.p13n.rules.manager.internal.ContextPool.<init>(ContextPool.java:156)
  at com.bea.p13n.rules.manager.internal.ContextPoolFactory.createContextPool(ContextPoolFactory.java:164)
  at com.bea.p13n.rules.manager.internal.ContextPoolFactory.getContextPool(ContextPoolFactory.java:223)
  at com.bea.p13n.rules.manager.internal.RulesManagerImpl.getContext(RulesManagerImpl.java:469)
  at com.bea.p13n.rules.manager.internal.RulesManagerImpl.evaluate(RulesManagerImpl.java:350)
  at com.bea.p13n.rules.manager.internal.RulesManagerImpl.evaluateRuleSet(RulesManagerImpl.java:148)
  at com.bea.p13n.rules.manager.internal.RulesManagerImpl_mcr6qe_EOImpl.evaluateRuleSet(RulesManagerImpl_mcr6qe_EOImpl.java:448)
  at com.bea.p13n.entitlements.rolemapper.RoleMapper.mapRoles(RoleMapper.java:179)
  at com.bea.p13n.entitlements.accesscontroller.AccessController.isAccessAllowed(AccessController.java:143)
  at com.bea.portal.entitlement.util.EntitlementHelper.isAccessAllowed(EntitlementHelper.java:285)
  at com.bea.portal.entitlement.util.EntitlementHelper.checkEntitlementInternal(EntitlementHelper.java:231)
  at com.bea.portal.entitlement.util.EntitlementHelper.checkEntitlement(EntitlementHelper.java:144)
  at com.bea.portal.manager.internal.UserPortalStatePolicy.checkPortletEntitlement(UserPortalStatePolicy.java:636)
  at com.bea.portal.manager.internal.UserPortalStatePolicy.generateUserPageState(UserPortalStatePolicy.java:567)
  at com.bea.portal.manager.internal.UserPortalStatePolicy.generateUserPortalState(UserPortalStatePolicy.java:293)
  at com.bea.portal.manager.internal.PortalManagerDelegateImpl.getUserPortalState(PortalManagerDelegateImpl.java:179)
  at com.bea.portal.manager.ejb.internal.PortalManagerBean.getUserPortalState(PortalManagerBean.java:70)
  at com.bea.portal.manager.ejb.internal.PortalManagerBean_w6xny9_EOImpl.getUserPortalState(PortalManagerBean_w6xny9_EOImpl.java:370)
  at com.bea.portal.appflow.internal.PortalRequestImpl.getPortalState(PortalRequestImpl.java:148)
  at com.bea.portal.render.servlets.jsp.PortalRenderHelper.getSelectedSkin(PortalRenderHelper.java:167)
  at jsp_servlet._framework._security.__login._jspService(login.inc:11)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1058)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:445)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:20)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
  at weblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDispatcherImpl.java:345)
  at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
  at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:252)
  at com.bea.p13n.appflow.webflow.servlets.internal.WebflowServlet.doGet(WebflowServlet.java:178)
  at com.bea.portal.appflow.servlets.internal.PortalWebflowServlet.doGet(PortalWebflowServlet.java:235)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1058)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:20)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
  at com.bea.p13n.tracking.clickthrough.ClickThroughEventFilter.doFilter(ClickThroughEventFilter.java:156)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:5451)
  at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3105)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2588)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
  Regards,
  Vinod Thapliyal

  The WebLogic Server (WLS) is a Java container similar to OC4J in Application Server 10g release 2. If you want to use WLS, you will have to upgrade your Application Server 10g installation to Fusion Middleware 11g. The upgrade path typically depends on the products which you are using in 10g, e.g. the upgrade path for SOA is different than the upgrade path for Forms/Reports or Oracle Portal. The [url http://docs.oracle.com/cd/E23943_01/upgrade.1111/e10125/before_you_begin.htm]Upgrade Planning Guide is a good start.
  Thanks,
  EJ

• How to restrict access to portal based on entitlements.

  Hi,
  I am working on weblogic 8.1 portal project. i want to restrict the user to access
  the portal based on the entitlements. However when user try to login he is seeing
  Weblogic Error 403 forbidden page. How to display custom error page, instead of
  weblogic default error page.
  How to programatically check whether user has access to portal or not based on
  entitlements.
  Please give me code.
  regards,
  -chada-

  Chada,
  The 403 is by design. If you want to place a page in front of one or more
  portal desktops and only show links to desktops the current user is entitled
  to, review the attachment.
  -Phil
  "Chada" <[email protected]> wrote in message
  news:3fcd6969$[email protected]..
  >
  Hi,
  I am working on weblogic 8.1 portal project. i want to restrict the userto access
  the portal based on the entitlements. However when user try to login he isseeing
  Weblogic Error 403 forbidden page. How to display custom error page,instead of
  weblogic default error page.
  How to programatically check whether user has access to portal or notbased on
  entitlements.
  Please give me code.
  regards,
  -chada-[login.zip]

• Ampersand in portal tools entitlements causing exception

  There appears to be a bug in the portal tools that ship with 4.0. If you have
  a portal page with an ampersand in the name, EBCC creates the XML that is loaded
  to the database correctly (with the &). But when you try to create an entitlement
  for this page, it will put an entry in the ENTITLEMENTS_RULESET portal page record
  that has the ampersand standing by itself. Thereafter, anytime you try to go
  to the entitlements page, you get an XML parse exception.
  Add to that the fact that this data is stored in a CLOB (making it difficult to
  edit), it is a tough situation to deal with.
  Please let me know if there is a patch/fix for this.
  Thanks.

  Paul,
  I searched the bugs database and there is a known issue (CR082251) if you
  used an ampersand character in the Portal Description. I could not find anything
  related to entitlements but I believe this is a bug.
  Unfortunately, I don't have a good suggestion for this problem. The best thing
  to do I believe (if you don't mind) is to open a case with BEA support.
  It is the preferred channel for managing this kind of issue.
  Thanks for your feedback,
  Michel.
  "Paul Merrigan" <[email protected]> wrote in message news:3d66b315$[email protected]..
  >
  There appears to be a bug in the portal tools that ship with 4.0. If you have
  a portal page with an ampersand in the name, EBCC creates the XML that is loaded
  to the database correctly (with the &). But when you try to create an entitlement
  for this page, it will put an entry in the ENTITLEMENTS_RULESET portal page record
  that has the ampersand standing by itself. Thereafter, anytime you try to go
  to the entitlements page, you get an XML parse exception.
  Add to that the fact that this data is stored in a CLOB (making it difficult to
  edit), it is a tough situation to deal with.
  Please let me know if there is a patch/fix for this.
  Thanks.

• Setting Portal Page Entitlements Painfully Slow

  Does anyone have any tips on speeding up the Portal Admin Tool entitlement setup processing? We're trying to setup a new portal with about 180 different entitlements and assigning entitlements to the portal objects (pages and portlets) is taking forever. The response time for clicking the Entitlement tab for a single portal page is about 20 seconds. Add to that the fact that it seems to re-retrieve the entitlement information after each action (select a page, add the entitlement, set the accesses for the entitlement) and you're talking about a significant amount of time to setup each entitlement. Now multiply that over 180 entitlements that need to be assigned.
  The bottom line question is, are there tunings we can perform?
  Some additional information:
  - We are on WebLogic 8.1 SP4
  - Our database is Oracle 9i
  Any help would be greatly appreciated.

  Trying do it in dev - bear the pain and then use the propogation tool to move them to other environments. At least you just have to do it once. Pre-Sp4 -- the prop tool hardly worked.. so u would feel the pain in each environment.
  BEA is making progress :)
  BTW - 20 secs seems a long time. It takes me just 4-5 seconds. Are u sure that you bea server is tuned properly?
  Kunal Mittal

• Visitor entitlements have disappeared in Web Logic Portal console

  Hi all,
  Please help! We have an issue whereby our users no longer have permission to access parts of our web application. Upon further investigation, when looking in the Portal console under visitor entitlements, we see the following message:
  There are no visitor entitlement roles to display.
  We have checked the portal database, and can see the roles are still in there, but aren't being retrieved by the application. We can also add new roles through the console, which are persisted in the database, but these too do not show in the console.
  This had previously been working, and we are not sure what has changed.
  Please advise what further information I can provide to help resolve this!
  Kind regards,
  Mike

  Hi,
  I was able to find a white paper which discusses this topic.
  http://edocs.bea.com/wlp/docs81/whitepapers/vcr/index.html
  If this isn't helpful, please post this question to the portal newsgroup at http://newsgroups.bea.com/bea/forum.jspa?forumID=2044
  cheers
  Raj

• SecurityException running loadads.bat from sample portal

  I installed WebLogic Server 6.1 SP2 and then Portal SP1, these work
  fine. I then installed the sample portal application and it starts up
  fine. When I try to run the loadads.bat I get this SecurityException.
  Does this have anything to do with the fact that when I run the
  startSamplePortal.bat it asks for a password (which by default is
  WebLogic) yet my system password (from when I installed) is something
  else?
  here's the exception:
  <D>: Opening JDBC connection to jdbc:weblogic:rmi
  <E>: java.sql.SQLException: javax.naming.AuthenticationException [Root
  exception
  is java.lang.SecurityException: Authentication for user system denied
  in realm
  weblogic
  Start server side stack trace:
  java.lang.SecurityException: Authentication for user system denied in
  realm webl
  ogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:12
  5)
  at weblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:1
  19)
  at weblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:2
  10)
  at weblogic.kernel.BootServicesImpl.invoke(BootServicesImpl.java:145)
  at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:638)
  at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:589)
  at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerSer
  ver.java:164)
  at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:637)
  at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:454)
  at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:643)
  at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:
  24)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  End server side stack trace

  I completely uninstalled everything and then reinstalled, this time using
  WebLogic Server 6.1 SP1. I also installed to the default directory
  (C:\bea). this fixed the problem, so I'm not sure if it was the directly or
  the SP2 that was the problem.
  "Michael" <[email protected]> wrote in message
  news:[email protected]...
  I installed WebLogic Server 6.1 SP2 and then Portal SP1, these work
  fine. I then installed the sample portal application and it starts up
  fine. When I try to run the loadads.bat I get this SecurityException.
  Does this have anything to do with the fact that when I run the
  startSamplePortal.bat it asks for a password (which by default is
  WebLogic) yet my system password (from when I installed) is something
  else?
  here's the exception:
  <D>: Opening JDBC connection to jdbc:weblogic:rmi
  <E>: java.sql.SQLException: javax.naming.AuthenticationException [Root
  exception
  is java.lang.SecurityException: Authentication for user system denied
  in realm
  weblogic
  Start server side stack trace:
  java.lang.SecurityException: Authentication for user system denied in
  realm webl
  ogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  atweblogic.security.acl.internal.Security.authenticate(Security.java:12
  5)
  atweblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:1
  19)
  atweblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:2
  10)
  atweblogic.kernel.BootServicesImpl.invoke(BootServicesImpl.java:145)
  at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:638)
  at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:589)
  atweblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerSer
  ver.java:164)
  atweblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:637)
  atweblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:454)
  atweblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:643)
  atweblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:
  24)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  End server side stack trace

• Entitlements and portal menu

  Hi,
  we created an Entitlement based in a role that compares a Session
  Property Set's property value to "someValue".
  We applied that Entitlement to a book within the portal desktop and
  checked the View capability.
  A Pageflow portlet in the header of the shell sets "someValue" or
  "someOtherValue" in the Http Session according to the drop-down
  selection submitted by the user.
  We expected that when "someOtherValue" is submitted and set in the
  Http Session the book should not appear in the portal menu.
  But the book gets hidden only after the next interaction with the
  portal (a click in some menu item, a refresh in the browser etc).
  - What is the moment when the Portal engine applies Entitlements to
  resources?
  - How to refresh the entitled resources collection (books and pages)
  after setting some value in the Http Session?
  Thanks,
  Eduardo.
  Edited by: Eduardo Gouvea on Oct 2, 2008 10:16 AM

  Hello Eduardo,
  I am no expert in the portal lifecycle but I can see that the entitlements were evaluated and then the pageflow executed so it seems like a solution would be to send a redirect from your pageflow after you set the property that effects visitor entitlements: http://beehive.apache.org/docs/1.0.2/netui/apidocs/javadoc/org/apache/beehive/netui/pageflow/annotations/Jpf.Forward.html#redirect()
  This use case is similar to logging in a user. After you authenticate a user you should always redirect back to the portal because who knows what is left over from evaluating entitlements before you authenticate them... the user could have been logged in as someone else prior to another login.

• Entitlements Work in .portal mode

  What is the expected behavior - I setup several entitlements in streaming mode
  - but then if I access my portal from the .portal file - the entitlements all
  seem to work.
  Kunal

  Hello Kunal,
  The expected behavior for entitlements is that a desktop will inherit
  entitlements that have been set on the portal resources in the library.
  Setting entitlements on the portal resources in the library will also cause
  these entitlements to affect any file mode .portal that uses these
  resources.
  For example, in the WebLogic Administration Portal, the Portal Management
  tool has a "Portal Resources" node. The "Library" node under that is where
  you can set entitlements on library resources. You could set a "view"
  capability on a particular portlet for a particular visitor role, for
  example. This entitlement would be seen when you hit a file mode .portal
  that uses this portlet. It will also be seen when you hit, in streaming
  mode, a desktop that uses a portlet. For example, it would be seen in a
  desktop that was created using your .portal as a template file.
  In a streaming mode desktop you can override the entitlements set for the
  portal resources in the library by using the Portal Management tool (under
  the "Portals" node where the desktops are, instead of under the "Library"
  node). If you drill down to your portlet for the desktop under the
  "Portals" node and go to the Entitlements tab you will notice a diagonal
  arrow that indicates you have inherited an entitlement. If you set your own
  entitlement on this desktop's portlet then the inherited entitlement will go
  away.
  Therefore, it seems that you have entitlements set on "Library" resources.
  That is the only way to set entitlements on resources that belong to a file
  mode .portal. These entitlements are being inherited by the streaming mode
  desktop that uses these resources.
  Anyone reading this who doesn't understand the difference between a file
  mode .portal and a streaming mode desktop can check out:
  http://edocs.bea.com/workshop/docs81/doc/en/portal/buildportals/fwPortal4.html
  Unfortunately, this document implies that the only way to use entitlements
  is to use streaming mode desktops (not file mode .portals). I will ask the
  doc team to fix this.
  Ture Hoefner
  BEA Systems, Inc.
  www.bea.com
  "Kunal Mittal" <[email protected]> wrote in message
  news:[email protected]...
  >
  What is the expected behavior - I setup several entitlements in streamingmode
  - but then if I access my portal from the .portal file - the entitlementsall
  seem to work.
  Kunal

• Displaying error page when not entitled to use the portal

  Hi,
  We are using BEA Portal 8.1 and would like to display an error page to a user
  who is authenticated but not entitled to view any of the portal resources. Does
  anyone know how to do this?
  Here are more details:
  Users are authenticated by Netegrity Siteminder when they logon to the LAN. An
  authenticated user may or may not be entitled to use the portal site depending
  on attributes passed in the header by netegrity. These attributes values are stored
  as user profile properties. Visitor entitlements have been created based on these
  properties and pages/portlets are then entitled through these visitor entitlement
  roles.
  If a user is not a member of any roles, then they should be redirected to a page
  indicating that they do not have permission to access the portal. Howe can this
  be implemented?
  Thanks.

  Hi Lilybiri,
  Thanks for your quick response. I followed your suggestion and verified my Adobe ID on acrobat.com.
  Now I can enter the collaborate function. However, everytime when I tried to send it to myself (for test purpose) I got another error message "You need to enter a valid emaill address". I saw someone else on this forum has met the same problem. Do you have any suggestion on what is the possible reason for this to happen?
  Again, thanks for the fast response. You have been helping me and other ppl so much.