Portal entitlement SecurityException
Hi all,
I get an error while evaluating the portal entitlement. We modified de Subject by adding a new principal whith de next code:
UserImpl principal = new UserImpl(userName);
Security.getCurrentSubject().getPrincipals().add(principal);
And this is de error.
java.lang.SecurityException: [Security:090398]Invalid Subject: 46035
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:697)
at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
at com.bea.p13n.entitlements.Authorization.getRoles(Authorization.java:209)
at com.bea.p13n.entitlements.Authorization.isAccessAllowed(Authorization.java:786)
at com.bea.p13n.entitlements.Authorization.isAccessAllowed(Authorization.java:270)
at com.bea.netuix.servlets.controls.EntitledUIControl.isCapable(EntitledUIControl.java:166)
at com.bea.netuix.servlets.controls.window.WindowList.getEntitledWindows(WindowList.java:315)
at com.bea.netuix.servlets.controls.page.Page.notifyChildPortletsOfActivation(Page.java:510)
at com.bea.netuix.servlets.controls.page.Book.notifyChildPortletsOfActivation(Book.java:742)
at com.bea.netuix.servlets.controls.page.Book.fireActivationDeactivationEvents(Book.java:681)
at com.bea.netuix.servlets.controls.page.Page.handleEvent(Page.java:373)
at com.bea.netuix.servlets.controls.page.events.PageChangeEvent$Manager.fireEvent(PageChangeEvent.java:244)
at com.bea.netuix.servlets.controls.page.Page.raiseChangeEvents(Page.java:344)
at com.bea.netuix.nf.ControlLifecycle$4.postVisitRoot(ControlLifecycle.java:298)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:372)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:126)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:105)
at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:173)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:137)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:333)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:196)
at com.bea.netuix.servlets.manager.PortalServlet.doPost(PortalServlet.java:772)
at com.bea.netuix.servlets.manager.PortalServlet.doGet(PortalServlet.java:671)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:147)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1072)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:28)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:293)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6987)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
Please, anyone can help us?
Thanks for replying.
*We get the subject into a EJB:
"Subject subject = Security.getCurrentSubject();"
*We try to modify the Subject from the same EJB, and the Principal is created in the same EJB.
"Security.getCurrentSubject().getPrincipals().add(principal);"
*Yes, we use roles, defined using Portal's administration, to define entitlements.
*The role, which is modifying the Subjest,is executing the EJB. We don't do anything to modify this role.
Thanks for your help.
Similar Messages
-
Portal Entitlements for user defined objects
Hi,
The UUP aggregates the user profile information from different backed data sources.
One of the properties in the propertyset is a multivalued property. I populate
this by the following code:
PropertyMapKey propertyMapKeyM = new PropertyMapKeyImpl(null,"DA_Privilege");
String str="LAB1_CAPLinks_ViewReports" + "," + "LAB1_CAPLinks_EditReports"; //hardcoded
for testing
propertyCache.put(propertyMapKeyM,str);
(This code resides in the MyEntityPropertyManager)
When I go to the portal administration screen, I do not see the values, it instead
only gives me the object id of the java String array.
Could someone please help me with the following questions:
1. How do I populate the multivalued property ? I see in documentation that there
is 2 different PropertyCache implementation......confused which one to use and
how.
2. Is there a way to define user defined objects in UUP and have portlets entitled
to the state of the object ? (a custom entitlement code)
3. Any sample code would be helpfull
Thanks,
UdayThank You Greg. Now it works.
-Uday
Gregory Smith <[email protected]> wrote:
I'm not totally sure, but I would imagine you want to put a List of
Strings into the propertyCache if the property is supposed to be
multivalued text, e.g.:
PropertyMapKey propertyMapKeyM = new PropertyMapKeyImpl(null,
"DA_Privilege");
List strs = new ArrayList(2);
strs.add("LAB1_CAPLinks_ViewReports");
strs.add("LAB1_CAPLinks_EditReports");
propertyCache.put(propertyMapKeyM, strs);
I know that all of the code that calls the UUP and property sets code
expects a Collection back from a multivalued property (but I'm not sure
about a UUP implementation).
Greg
Udayraj Nair wrote:
Hi,
The UUP aggregates the user profile information from different backeddata sources.
One of the properties in the propertyset is a multivalued property.I populate
this by the following code:
PropertyMapKey propertyMapKeyM = new PropertyMapKeyImpl(null,"DA_Privilege");
String str="LAB1_CAPLinks_ViewReports" + "," + "LAB1_CAPLinks_EditReports";//hardcoded
for testing
propertyCache.put(propertyMapKeyM,str);
(This code resides in the MyEntityPropertyManager)
When I go to the portal administration screen, I do not see the values,it instead
only gives me the object id of the java String array.
Could someone please help me with the following questions:
1. How do I populate the multivalued property ? I see in documentationthat there
is 2 different PropertyCache implementation......confused which oneto use and
how.
2. Is there a way to define user defined objects in UUP and have portletsentitled
to the state of the object ? (a custom entitlement code)
3. Any sample code would be helpfull
Thanks,
Uday -
If you create an entitlement segment with a name that contains numbers, e.g.
"Age30ES", then when you use the admin tool to associate the segment with a
portlet, then the entitlement segments table shows two separate
entitlements, one called "ES", and the other "Age3". Any attempts at
enforcing the entitlement, e.g. by granting 'can see' to both entitlements
in the list, fails - the portal just ignores the entitlement. This only
affects portlets, the entitlement segment can be correctly applied to pages.
SBHi Stanley,
I verified this problem on Portal 4.0 and created an engineering change
request to get it fixed (CR088805). Is your problem with 4.0 or 7.0? If
you need a patch for this right away then please contact support and give
them this CR number and they will get engineering to work on it now and
support will send a patch to you.
Thanks for pointing this out.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Stanley Beamish" <[email protected]> wrote in message
news:[email protected]..
If you create an entitlement segment with a name that contains numbers,e.g.
"Age30ES", then when you use the admin tool to associate the segment witha
portlet, then the entitlement segments table shows two separate
entitlements, one called "ES", and the other "Age3". Any attempts at
enforcing the entitlement, e.g. by granting 'can see' to both entitlements
in the list, fails - the portal just ignores the entitlement. This only
affects portlets, the entitlement segment can be correctly applied topages.
>
SB -
Entitlement Setting in 4.0 Portal Tools Keeps Blowing Up
When we try to create an empty WLCS database (empty except for the required data),
run an EBCC sync (to get all of the configuration files into the database, and
then try to set page entitlements we get an exception.
Any help would be appreciated as this has been happening for 2 days and is getting
quite frustrating.
The message is as follows:
java.sql.SQLException: ORA-02291: integrity constraint (WLCS_TEST.FK1_SKIN_POOL)
violated - parent key not found
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:168)
at oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)
at oracle.jdbc.ttc7.Oall7.receive(Oall7.java:543)
at oracle.jdbc.ttc7.TTC7Protocol.doOall7(TTC7Protocol.java:1405)
at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteFetch(TTC7Protocol.java:822)
at oracle.jdbc.driver.OracleStatement.executeNonQuery(OracleStatement.java:1446)
at oracle.jdbc.driver.OracleStatement.doExecuteOther(OracleStatement.java:1371)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1900)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:363)
at weblogic.jdbc.jts.Statement.executeUpdate(Statement.java:503)
at weblogic.jdbc.rmi.internal.PreparedStatementImpl.executeUpdate(PreparedStatementImpl.java:66)
at weblogic.jdbc.rmi.SerialPreparedStatement.executeUpdate(SerialPreparedStatement.java:57)
at com.bea.portal.manager.internal.persistence.jdbc.JdbcPersonalizationManager.createPortalP13nSkinPoolEntry(JdbcPersonalizationManager.java:383)
at com.bea.portal.manager.internal.persistence.jdbc.CachingPersonalizationManager.createPortalP13nSkinPoolEntry(CachingPersonalizationManager.java:222)
at com.bea.portal.manager.internal.persistence.jdbc.KeyCachingPersistenceManager.createPortalPersonalization(KeyCachingPersistenceManager.java:184)
at com.bea.portal.manager.internal.persistence.AbstractPersistenceManager.addPortalPersonalization(AbstractPersistenceManager.java:157)
at com.bea.portal.manager.internal.persistence.jdbc.UserCachingPersistenceManager.addPortalPersonalization(UserCachingPersistenceManager.java:340)
at com.bea.portal.manager.internal.PortalManagerDelegateImpl.setMutablePortalPersonalization(PortalManagerDelegateImpl.java:384)
at com.bea.portal.manager.ejb.internal.PortalManagerBean.setMutablePortalPersonalization(PortalManagerBean.java:99)
at com.bea.portal.manager.ejb.internal.PortalManagerBean_w6xny9_EOImpl.setMutablePortalPersonalization(PortalManagerBean_w6xny9_EOImpl.java:37)
at com.bea.portal.entitlement.util.EntitlementHelper.updatePageEntitledAttribute(EntitlementHelper.java:437)
at com.bea.portal.entitlement.util.EntitlementHelper.setEntitlement(EntitlementHelper.java:368)
at com.bea.portal.entitlement.servlets.jsp.taglib.SetDefaultEntitlementTag.doStartTag(SetDefaultEntitlementTag.java:144)
at jsp_servlet._tools._portal.__set_page_ent_segments._jspService(__set_page_ent_segments.java:684)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:241)
at com.bea.p13n.appflow.webflow.servlets.internal.WebflowServlet.doGet(WebflowServlet.java:167)
at com.bea.p13n.appflow.webflow.servlets.internal.WebflowServlet.doPost(WebflowServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)You would need to have 64-bit DSN to install BO. during the installation the DSNs are created automatically. This is what you showed us in the images.
Many client tools use both 32-bit / 64-bit drivers. This helps them to talk to CMS Db in right way. You were using a CMS Db connection to create Universes , crystal reports and webi reports. Please note these client tools retrieve data from Db's other than the CMS Db usually. It is not recommended and suggested to have data made out of CMS Db. You should use the audit Database to know about the activities happening within the server.
good luck!! -
How to get entitlement role list
How can I get the portal entitlement role list by API?
If I use
RolePolicyManager.listRolesForResource(String anEntAppName,
String aWebAppName,
String aResourceId)
How can I specified the aResourceId such that the roles of entire portal will
be retreived?
Or it is just a wrong approach? Thx a lot!!
KenI can get it by calling
String str[] = RolePolicyManager.listRolesForResource(
ApplicationHelper.getApplicationName(),
ApplicationHelper.getWebAppName(getRequest()),
EntitlementConstants.P13N_ROLE_POLICY_POOL
"Ken" <[email protected]> wrote:
>
How can I get the portal entitlement role list by API?
If I use
RolePolicyManager.listRolesForResource(String anEntAppName,
String aWebAppName,
String aResourceId)
How can I specified the aResourceId such that the roles of entire portal
will
be retreived?
Or it is just a wrong approach? Thx a lot!!
Ken -
Are Visitor Entitlement Roles == Scoped Roles
I'm working on the security implementation for a WebLogic 8.1 Portal application.
I've been doing some prototyping and am trying to determine where Visitor Entitlement
roles are stored. Are these implemented as scoped roles from a WL platform viewpoint.
I created two test roles for my portal and do not see any scoped roles under
the application or the portal node in the WebLogic console.
I'm trying to determine if these portal entitlement roles are/can be treated as
weblogic platform roles and can be used in security annotations for an EJB or
Java Control, and if they can be used for IsCallerInRole. I can create a security
policy to protect the portal resource, but I'm looking for a way to apply the
corresponding security in the business layer.
Thanks in advance for any advice.
JimJim,
The WLP roles are stored in the default role mapper provider. They are
scoped roles, but only attachable to WLP resources (pages, portlets, etc.)
and cannot be used to protect J2EE resources. The basic reason for this
is because WLP roles can include custom predicates (date/time/profile
attributes) that rely on layered product classes that the base application
server is unaware of and cannot edit using the WLS console.
In Service Pack 3, the WLP admin tools will allow the converse - that is,
you'll be able to reference/use WLS global roles in WLP policies.
Service Pack2 adds a new tag to the auth taglib which allows you to
do a isUserInRole check against the WLP (and WLS) roles.
-Phil
"Jim Maycott" <[email protected]> wrote in message
news:[email protected]..
>
I'm working on the security implementation for a WebLogic 8.1 Portalapplication.
I've been doing some prototyping and am trying to determine where VisitorEntitlement
roles are stored. Are these implemented as scoped roles from a WLplatform viewpoint.
I created two test roles for my portal and do not see any scoped rolesunder
the application or the portal node in the WebLogic console.
I'm trying to determine if these portal entitlement roles are/can betreated as
weblogic platform roles and can be used in security annotations for an EJBor
Java Control, and if they can be used for IsCallerInRole. I can create asecurity
policy to protect the portal resource, but I'm looking for a way to applythe
corresponding security in the business layer.
Thanks in advance for any advice.
Jim -
Apache and weblogic proxying not happening properly
Hi,
I am trying to proxy my request from my apache installation to weblogic installation.
I am able to proxy request to the default page of my application in weblogic.
But when trying to browse through that page I am getting error.
Basically, It tries to listen at 7501 port of my machine(apache machine) only
and is not trying to listen at 80 port of my machineso that it can be proxied
to the 7501 port of weblogic machine.
I am unable to figure out the issue. Maybe u can help me from ur experience.
I get an exception saying:
###<Apr 28, 2003 9:53:47 PM IST> <Warning> <Entitlements> <blrkec09630a> <portalServer>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <16:b7687ce40e05e9a9>
<402716> <Missing entitlments configuration asset.>
Exception[com.bea.p13n.rules.manager.RuleSetNotFoundException: The rule set with
URI /entitlements/GlobalEntitlements.rls could not be located by the class named
com.bea.p13n.rules.manager.internal.RuleSetPersistenceManager.]
at com.bea.p13n.rules.manager.internal.RuleSetPersistenceManager.getRuleSet(RuleSetPersistenceManager.java:385)
at com.bea.p13n.rules.manager.internal.ContextPool.<init>(ContextPool.java:156)
at com.bea.p13n.rules.manager.internal.ContextPoolFactory.createContextPool(ContextPoolFactory.java:164)
at com.bea.p13n.rules.manager.internal.ContextPoolFactory.getContextPool(ContextPoolFactory.java:223)
at com.bea.p13n.rules.manager.internal.RulesManagerImpl.getContext(RulesManagerImpl.java:469)
at com.bea.p13n.rules.manager.internal.RulesManagerImpl.evaluate(RulesManagerImpl.java:350)
at com.bea.p13n.rules.manager.internal.RulesManagerImpl.evaluateRuleSet(RulesManagerImpl.java:148)
at com.bea.p13n.rules.manager.internal.RulesManagerImpl_mcr6qe_EOImpl.evaluateRuleSet(RulesManagerImpl_mcr6qe_EOImpl.java:448)
at com.bea.p13n.entitlements.rolemapper.RoleMapper.mapRoles(RoleMapper.java:179)
at com.bea.p13n.entitlements.accesscontroller.AccessController.isAccessAllowed(AccessController.java:143)
at com.bea.portal.entitlement.util.EntitlementHelper.isAccessAllowed(EntitlementHelper.java:285)
at com.bea.portal.entitlement.util.EntitlementHelper.checkEntitlementInternal(EntitlementHelper.java:231)
at com.bea.portal.entitlement.util.EntitlementHelper.checkEntitlement(EntitlementHelper.java:144)
at com.bea.portal.manager.internal.UserPortalStatePolicy.checkPortletEntitlement(UserPortalStatePolicy.java:636)
at com.bea.portal.manager.internal.UserPortalStatePolicy.generateUserPageState(UserPortalStatePolicy.java:567)
at com.bea.portal.manager.internal.UserPortalStatePolicy.generateUserPortalState(UserPortalStatePolicy.java:293)
at com.bea.portal.manager.internal.PortalManagerDelegateImpl.getUserPortalState(PortalManagerDelegateImpl.java:179)
at com.bea.portal.manager.ejb.internal.PortalManagerBean.getUserPortalState(PortalManagerBean.java:70)
at com.bea.portal.manager.ejb.internal.PortalManagerBean_w6xny9_EOImpl.getUserPortalState(PortalManagerBean_w6xny9_EOImpl.java:370)
at com.bea.portal.appflow.internal.PortalRequestImpl.getPortalState(PortalRequestImpl.java:148)
at com.bea.portal.render.servlets.jsp.PortalRenderHelper.getSelectedSkin(PortalRenderHelper.java:167)
at jsp_servlet._framework._security.__login._jspService(login.inc:11)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1058)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:445)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:20)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDispatcherImpl.java:345)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:252)
at com.bea.p13n.appflow.webflow.servlets.internal.WebflowServlet.doGet(WebflowServlet.java:178)
at com.bea.portal.appflow.servlets.internal.PortalWebflowServlet.doGet(PortalWebflowServlet.java:235)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1058)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:20)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at com.bea.p13n.tracking.clickthrough.ClickThroughEventFilter.doFilter(ClickThroughEventFilter.java:156)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:5451)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3105)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2588)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
Regards,
Vinod ThapliyalThe WebLogic Server (WLS) is a Java container similar to OC4J in Application Server 10g release 2. If you want to use WLS, you will have to upgrade your Application Server 10g installation to Fusion Middleware 11g. The upgrade path typically depends on the products which you are using in 10g, e.g. the upgrade path for SOA is different than the upgrade path for Forms/Reports or Oracle Portal. The [url http://docs.oracle.com/cd/E23943_01/upgrade.1111/e10125/before_you_begin.htm]Upgrade Planning Guide is a good start.
Thanks,
EJ -
How to restrict access to portal based on entitlements.
Hi,
I am working on weblogic 8.1 portal project. i want to restrict the user to access
the portal based on the entitlements. However when user try to login he is seeing
Weblogic Error 403 forbidden page. How to display custom error page, instead of
weblogic default error page.
How to programatically check whether user has access to portal or not based on
entitlements.
Please give me code.
regards,
-chada-Chada,
The 403 is by design. If you want to place a page in front of one or more
portal desktops and only show links to desktops the current user is entitled
to, review the attachment.
-Phil
"Chada" <[email protected]> wrote in message
news:3fcd6969$[email protected]..
>
Hi,
I am working on weblogic 8.1 portal project. i want to restrict the userto access
the portal based on the entitlements. However when user try to login he isseeing
Weblogic Error 403 forbidden page. How to display custom error page,instead of
weblogic default error page.
How to programatically check whether user has access to portal or notbased on
entitlements.
Please give me code.
regards,
-chada-[login.zip] -
Ampersand in portal tools entitlements causing exception
There appears to be a bug in the portal tools that ship with 4.0. If you have
a portal page with an ampersand in the name, EBCC creates the XML that is loaded
to the database correctly (with the &). But when you try to create an entitlement
for this page, it will put an entry in the ENTITLEMENTS_RULESET portal page record
that has the ampersand standing by itself. Thereafter, anytime you try to go
to the entitlements page, you get an XML parse exception.
Add to that the fact that this data is stored in a CLOB (making it difficult to
edit), it is a tough situation to deal with.
Please let me know if there is a patch/fix for this.
Thanks.Paul,
I searched the bugs database and there is a known issue (CR082251) if you
used an ampersand character in the Portal Description. I could not find anything
related to entitlements but I believe this is a bug.
Unfortunately, I don't have a good suggestion for this problem. The best thing
to do I believe (if you don't mind) is to open a case with BEA support.
It is the preferred channel for managing this kind of issue.
Thanks for your feedback,
Michel.
"Paul Merrigan" <[email protected]> wrote in message news:3d66b315$[email protected]..
>
There appears to be a bug in the portal tools that ship with 4.0. If you have
a portal page with an ampersand in the name, EBCC creates the XML that is loaded
to the database correctly (with the &). But when you try to create an entitlement
for this page, it will put an entry in the ENTITLEMENTS_RULESET portal page record
that has the ampersand standing by itself. Thereafter, anytime you try to go
to the entitlements page, you get an XML parse exception.
Add to that the fact that this data is stored in a CLOB (making it difficult to
edit), it is a tough situation to deal with.
Please let me know if there is a patch/fix for this.
Thanks. -
Setting Portal Page Entitlements Painfully Slow
Does anyone have any tips on speeding up the Portal Admin Tool entitlement setup processing? We're trying to setup a new portal with about 180 different entitlements and assigning entitlements to the portal objects (pages and portlets) is taking forever. The response time for clicking the Entitlement tab for a single portal page is about 20 seconds. Add to that the fact that it seems to re-retrieve the entitlement information after each action (select a page, add the entitlement, set the accesses for the entitlement) and you're talking about a significant amount of time to setup each entitlement. Now multiply that over 180 entitlements that need to be assigned.
The bottom line question is, are there tunings we can perform?
Some additional information:
- We are on WebLogic 8.1 SP4
- Our database is Oracle 9i
Any help would be greatly appreciated.Trying do it in dev - bear the pain and then use the propogation tool to move them to other environments. At least you just have to do it once. Pre-Sp4 -- the prop tool hardly worked.. so u would feel the pain in each environment.
BEA is making progress :)
BTW - 20 secs seems a long time. It takes me just 4-5 seconds. Are u sure that you bea server is tuned properly?
Kunal Mittal -
Visitor entitlements have disappeared in Web Logic Portal console
Hi all,
Please help! We have an issue whereby our users no longer have permission to access parts of our web application. Upon further investigation, when looking in the Portal console under visitor entitlements, we see the following message:
There are no visitor entitlement roles to display.
We have checked the portal database, and can see the roles are still in there, but aren't being retrieved by the application. We can also add new roles through the console, which are persisted in the database, but these too do not show in the console.
This had previously been working, and we are not sure what has changed.
Please advise what further information I can provide to help resolve this!
Kind regards,
MikeHi,
I was able to find a white paper which discusses this topic.
http://edocs.bea.com/wlp/docs81/whitepapers/vcr/index.html
If this isn't helpful, please post this question to the portal newsgroup at http://newsgroups.bea.com/bea/forum.jspa?forumID=2044
cheers
Raj -
SecurityException running loadads.bat from sample portal
I installed WebLogic Server 6.1 SP2 and then Portal SP1, these work
fine. I then installed the sample portal application and it starts up
fine. When I try to run the loadads.bat I get this SecurityException.
Does this have anything to do with the fact that when I run the
startSamplePortal.bat it asks for a password (which by default is
WebLogic) yet my system password (from when I installed) is something
else?
here's the exception:
<D>: Opening JDBC connection to jdbc:weblogic:rmi
<E>: java.sql.SQLException: javax.naming.AuthenticationException [Root
exception
is java.lang.SecurityException: Authentication for user system denied
in realm
weblogic
Start server side stack trace:
java.lang.SecurityException: Authentication for user system denied in
realm webl
ogic
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:12
5)
at weblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:1
19)
at weblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:2
10)
at weblogic.kernel.BootServicesImpl.invoke(BootServicesImpl.java:145)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:638)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:589)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerSer
ver.java:164)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:637)
at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:454)
at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:643)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:
24)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
End server side stack traceI completely uninstalled everything and then reinstalled, this time using
WebLogic Server 6.1 SP1. I also installed to the default directory
(C:\bea). this fixed the problem, so I'm not sure if it was the directly or
the SP2 that was the problem.
"Michael" <[email protected]> wrote in message
news:[email protected]...
I installed WebLogic Server 6.1 SP2 and then Portal SP1, these work
fine. I then installed the sample portal application and it starts up
fine. When I try to run the loadads.bat I get this SecurityException.
Does this have anything to do with the fact that when I run the
startSamplePortal.bat it asks for a password (which by default is
WebLogic) yet my system password (from when I installed) is something
else?
here's the exception:
<D>: Opening JDBC connection to jdbc:weblogic:rmi
<E>: java.sql.SQLException: javax.naming.AuthenticationException [Root
exception
is java.lang.SecurityException: Authentication for user system denied
in realm
weblogic
Start server side stack trace:
java.lang.SecurityException: Authentication for user system denied in
realm webl
ogic
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
atweblogic.security.acl.internal.Security.authenticate(Security.java:12
5)
atweblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:1
19)
atweblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:2
10)
atweblogic.kernel.BootServicesImpl.invoke(BootServicesImpl.java:145)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:638)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:589)
atweblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerSer
ver.java:164)
atweblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:637)
atweblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:454)
atweblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:643)
atweblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:
24)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
End server side stack trace -
Hi,
we created an Entitlement based in a role that compares a Session
Property Set's property value to "someValue".
We applied that Entitlement to a book within the portal desktop and
checked the View capability.
A Pageflow portlet in the header of the shell sets "someValue" or
"someOtherValue" in the Http Session according to the drop-down
selection submitted by the user.
We expected that when "someOtherValue" is submitted and set in the
Http Session the book should not appear in the portal menu.
But the book gets hidden only after the next interaction with the
portal (a click in some menu item, a refresh in the browser etc).
- What is the moment when the Portal engine applies Entitlements to
resources?
- How to refresh the entitled resources collection (books and pages)
after setting some value in the Http Session?
Thanks,
Eduardo.
Edited by: Eduardo Gouvea on Oct 2, 2008 10:16 AMHello Eduardo,
I am no expert in the portal lifecycle but I can see that the entitlements were evaluated and then the pageflow executed so it seems like a solution would be to send a redirect from your pageflow after you set the property that effects visitor entitlements: http://beehive.apache.org/docs/1.0.2/netui/apidocs/javadoc/org/apache/beehive/netui/pageflow/annotations/Jpf.Forward.html#redirect()
This use case is similar to logging in a user. After you authenticate a user you should always redirect back to the portal because who knows what is left over from evaluating entitlements before you authenticate them... the user could have been logged in as someone else prior to another login. -
Entitlements Work in .portal mode
What is the expected behavior - I setup several entitlements in streaming mode
- but then if I access my portal from the .portal file - the entitlements all
seem to work.
KunalHello Kunal,
The expected behavior for entitlements is that a desktop will inherit
entitlements that have been set on the portal resources in the library.
Setting entitlements on the portal resources in the library will also cause
these entitlements to affect any file mode .portal that uses these
resources.
For example, in the WebLogic Administration Portal, the Portal Management
tool has a "Portal Resources" node. The "Library" node under that is where
you can set entitlements on library resources. You could set a "view"
capability on a particular portlet for a particular visitor role, for
example. This entitlement would be seen when you hit a file mode .portal
that uses this portlet. It will also be seen when you hit, in streaming
mode, a desktop that uses a portlet. For example, it would be seen in a
desktop that was created using your .portal as a template file.
In a streaming mode desktop you can override the entitlements set for the
portal resources in the library by using the Portal Management tool (under
the "Portals" node where the desktops are, instead of under the "Library"
node). If you drill down to your portlet for the desktop under the
"Portals" node and go to the Entitlements tab you will notice a diagonal
arrow that indicates you have inherited an entitlement. If you set your own
entitlement on this desktop's portlet then the inherited entitlement will go
away.
Therefore, it seems that you have entitlements set on "Library" resources.
That is the only way to set entitlements on resources that belong to a file
mode .portal. These entitlements are being inherited by the streaming mode
desktop that uses these resources.
Anyone reading this who doesn't understand the difference between a file
mode .portal and a streaming mode desktop can check out:
http://edocs.bea.com/workshop/docs81/doc/en/portal/buildportals/fwPortal4.html
Unfortunately, this document implies that the only way to use entitlements
is to use streaming mode desktops (not file mode .portals). I will ask the
doc team to fix this.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Kunal Mittal" <[email protected]> wrote in message
news:[email protected]...
>
What is the expected behavior - I setup several entitlements in streamingmode
- but then if I access my portal from the .portal file - the entitlementsall
seem to work.
Kunal -
Displaying error page when not entitled to use the portal
Hi,
We are using BEA Portal 8.1 and would like to display an error page to a user
who is authenticated but not entitled to view any of the portal resources. Does
anyone know how to do this?
Here are more details:
Users are authenticated by Netegrity Siteminder when they logon to the LAN. An
authenticated user may or may not be entitled to use the portal site depending
on attributes passed in the header by netegrity. These attributes values are stored
as user profile properties. Visitor entitlements have been created based on these
properties and pages/portlets are then entitled through these visitor entitlement
roles.
If a user is not a member of any roles, then they should be redirected to a page
indicating that they do not have permission to access the portal. Howe can this
be implemented?
Thanks.Hi Lilybiri,
Thanks for your quick response. I followed your suggestion and verified my Adobe ID on acrobat.com.
Now I can enter the collaborate function. However, everytime when I tried to send it to myself (for test purpose) I got another error message "You need to enter a valid emaill address". I saw someone else on this forum has met the same problem. Do you have any suggestion on what is the possible reason for this to happen?
Again, thanks for the fast response. You have been helping me and other ppl so much.
Maybe you are looking for
-
SAP Tables for Open Customer Orders and Sales History
Dear Experts. I am looking to get SAP SD related tables for the following, 1) SAP tables for Open Customer Orders From SAP, I need to get all tables that Contain all open customer orders for products. 2) Sales History From SAP, I need to get all
-
I recently upgraded our Test machine from 12.1.1 to 12.1.3 (RHEL 4.8). After performing the install and applying appropriate patches and most recent CPU when I attempt to 'Find Service Request' I can search by number, choose the correct SR I want in
-
Multihomed network configuration
So, when I say multihomed what I really mean is that Macbook Air is configured to use two network interfaces -- Wi-Fi and USB ethernet -- in one Location. Each interface is configured to work on a different subnet. In fact, wi-fi is assigned a public
-
Using Numbers, I need to time-stamp each line in a table for when it was entered
I need to time-stamp each line in a table for when it was entered. I have a formula which is "=IF(F18="","",NOW())" it gives me the answer I want, but every time I edit any data in the formula is recalculates the date/time to reflect the most recent
-
I have a fillable PDF that I created with Formscentral, now I want my employees to be able to distribute it with their own emails. When they try to upload the form, it says it can't because it was "already distributed by forms central." Any ideas?