PortletPreferences.store() : java.lang.SecurityException

I'm getting the following error while trying to call store() for preferences. I came to know that user should be logged in for this but I couldn't find anywhere as to how to implement this login feature. As how the portlet will decide by itself whether the user has logged in is also a mistery for me.
Any answers would be helpful for this longtime problem.
java.lang.SecurityException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=FileUploadAppln, module=prefs.jar, ejb=PreferencePersistenceManager, method=storePreferences, methodInterface=Remote, signature={com.bea.netuix.application.manager.CustomizationContext,com.bea.portlet.prefs.PortletPreferencesId,java.util.Map,boolean,boolean,boolean}.

The error message you get here is due to your subject not being validated.
BEAs suggestet actions to resolve the error is
"Ensure that subject was created by this domain or in a domain trusted by this domain."
Please note that BEA does recomment using JAAS in stead of JNDI to associate a user with context. I would believe what you are facing here is a bug / design flaw.
To confirm this, please try to use different usernames to the different servers. "user1", "user2" .. This would maybe confirm the assumption above.
If this does not help, I will set up a test scenario and investigate further into this.
- Anders M.

Similar Messages

Java.lang.SecurityException: Jurisdiction policy files are not signed by t

Hi
*I am installing ECC6 onAIX 6.1 with oarcle 10g.*
*I am getting error in create secure store*
*Policy and security files are ok,*
aused by: java.lang.ExceptionInInitializerError
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
        at javax.crypto.Cipher.a(Unknown Source)
        at javax.crypto.Cipher.getInstance(Unknown Source)
        at iaik.security.provider.IAIK.a(Unknown Source)
        at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
        at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
        at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
        at java.lang.J9VMInternals.initializeImpl(Native Method)
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
        at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
        at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
        at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
        ... 6 more
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
        at javax.crypto.b.<clinit>(Unknown Source)
        at java.lang.J9VMInternals.initializeImpl(Native Method)
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
        ... 17 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
        at javax.crypto.b.a(Unknown Source)
        at javax.crypto.b.a(Unknown Source)
        at javax.crypto.b.access$600(Unknown Source)
        at javax.crypto.b$0.run(Unknown Source)
        at java.security.AccessController.doPrivileged(AccessController.java:246)
        ... 20 more
ERROR      2009-07-07 14:10:47.063
           CJSlibModule::writeError_impl()
CJS-30050 Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
        at java.lang.reflect.Method.invoke(Method.java:391)
        at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
Caused by: java.lang.ExceptionInInitializerError
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
        at javax.crypto.Cipher.a(Unknown Source)
        at javax.crypto.Cipher.getInstance(Unknown Source)
        at iaik.security.provider.IAIK.a(Unknown Source)
        at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
        at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
        at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
        at java.lang.J9VMInternals.initializeImpl(Native Method)
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
        at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
        at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
        at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
        ... 6 more
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
        at javax.crypto.b.<clinit>(Unknown Source)
        at java.lang.J9VMInternals.initializeImpl(Native Method)
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
        ... 17 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
        at javax.crypto.b.a(Unknown Source)
        at javax.crypto.b.a(Unknown Source)
        at javax.crypto.b.access$600(Unknown Source)
        at javax.crypto.b$0.run(Unknown Source)
        at java.security.AccessController.doPrivileged(AccessController.java:246)
        ... 20 more.
ERROR      2009-07-07 14:10:47.547 [sixxcstepexecute.cpp:960]
FCO-00011 The step createSecureStore with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR ( Last error reported by the step :Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
        at java.lang.reflect.Method.invoke(Method.java:391)
        at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
Caused by: java.lang.ExceptionInInitializerError
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
        at javax.crypto.Cipher.a(Unknown Source)
        at javax.crypto.Cipher.getInstance(Unknown Source)
        at iaik.security.provider.IAIK.a(Unknown Source)
        at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
        at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
        at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
        at java.lang.J9VMInternals.initializeImpl(Native Method)
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
        at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
        at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
        at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
        ... 6 more
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
        at javax.crypto.b.<clinit>(Unknown Source)
        at java.lang.J9VMInternals.initializeImpl(Native Method)
        at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
        ... 17 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
        at javax.crypto.b.a(Unknown Source)
        at javax.crypto.b.a(Unknown Source)
        at javax.crypto.b.access$600(Unknown Source)
        at javax.crypto.b$0.run(Unknown Source)
        at java.security.AccessController.doPrivileged(AccessController.java:246)
        ... 20 more.).
what could be the problem ?
Please give me the soluation
regards
Vijay

Dear Juan
You are correct.
I downloaded correct file from IBM site , and Create Secure store step completed but innext step IMPORT JAVA DUMP
it gave error
n error occurred while processing service SAP ERP 6.0 Support Release 3 > SAP Systems > Oracle > Central System > Central System( Last error reported by the step : Execution of JLoad tool '/usr/java14_64/bin/java -classpath /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/launcher.jar -showversion -Xmx512m -Xj9 com.sap.engine.offline.OfflineToolStart com.sap.inst.jload.Jload /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/lib/iaik_jce.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jload.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/antlr.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/exception.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jddi.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/logging.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/offlineconfiguration.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/opensqlsta.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar:/oracle/client/10x_64/instantclient/ojdbc14.jar -sec AGQ,jdbc/pool/AGQ,/usr/sap/AGQ/SYS/global/security/data/SecStore.properties,/usr/sap/AGQ/SYS/global/security/data/SecStore.key -dataDir /swdump/NW7.0_SR3_JAVA_COMP_51033513/DATA_UNITS/JAVA_EXPORT_JDMP -job /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/IMPORT.XML -log jload.log' aborts with return code 1. SOLUTION: Check 'jload.log' and '/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/jload.java.log' for more information.
regards
vijjay

Java.lang.SecurityException: [Security:090398]Invalid Subject: admin

I have a class that is used to check the status of all managed server in a domain. I use this class to check on the status of multiple domains.
I have a for loop over all the domains and then invoke the method below, one for each domain (I instantiate the class anew for each domain)
The 1st domain connects and returns the status properly. However on subsequent iterations thru the look I get the following SecuriyException below. I have tried a number of things such as setting MBeanHome to null etc but this error repeats anytime I connect to N+1 domains.
Is there a fix for this.
Note: I am using WLS 8.1 SP3 thru 5. And I know the username & pwd is correct cause I can connect using to the admin console using the same username & password and am part of the Administrators group.
Exception on the client on N+1 connect attemp:
java.lang.SecurityException: [Security:090398]Invalid Subject: admin
at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.j
ava:108)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:137)
at weblogic.management.internal.AdminMBeanHomeImpl_815_WLStub.getDomainN
ame(Unknown Source)
Exception on the server:
####<Mar 28, 2006 2:59:51 PM CST> <Warning> <RMI> <htx6056> <AdminServer> <Execu
teThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <BEA-080003>
<RuntimeException thrown by rmi server: weblogic.rmi.internal.BasicServerRef@10
2 - hostID: '-4547912678907759832S:htx6056.cce.hp.com:[10250,10250,10251,10251,1
0250,10251,-1,0,0]:arc_prd1:AdminServer', oid: '258', implementation: 'weblogic.
management.internal.AdminMBeanHomeImpl@1e22632'
java.lang.SecurityException: [Security:090398]Invalid Subject: admin.
java.lang.SecurityException: [Security:090398]Invalid Subject: admin
The code:
public void checkWebLogicServerState( String user, String pass, String url ) throws Exception {
          MBeanHome home = Helper.getAdminMBeanHome( user, pass, url );
          Set beans = home.getMBeansByType( "Server", home.getDomainName( ));
          for( Iterator iter = beans.iterator( ); iter.hasNext( );){
               WebLogicMBean bean = (WebLogicMBean)iter.next( );
               WebLogicObjectName objName = bean.getObjectName( );
               String serverName = objName.getName( );
               String location = objName.getLocation( );
               ServerRuntimeMBean serverRuntimeMBean = null;
               try {
                    serverRuntimeMBean = (ServerRuntimeMBean)home.getMBean( serverName, "ServerRuntime", home.getDomainName( ), serverName);
                    String state = serverRuntimeMBean.getState( );
                    System.out.println( "\t[" + serverName + "] IS " + state + "." );
               } catch( Exception ex ) {
                    System.out.println( "\t[" + serverName + "] IS NOT RUNNING." );
     }

I worked around the problem by removing the usage of the weblogic.management.Helper and using standard JNDI lookups instead.
Clearly there is a bug in the Helper class that stores securtiy information in a static variable since it cannot be re used within the same JVM/Classloader without sharing the security information.
Used instead:
               Environment env = new Environment();
               env.setProviderUrl( url );
               env.setSecurityPrincipal( user );
               env.setSecurityCredentials( pass );
               Context ctx = env.getInitialContext( );
               home = (MBeanHome)ctx.lookup( MBeanHome.ADMIN_JNDI_NAME );

Java.lang.SecurityException: Authentication denied: Boot identity not valid

Hi,
When I try to start up the WebLogic server by running a startup script
in the WebLogic server root directory, I am getting the following
error:
<Apr 23, 2003 1:15:11 PM EDT> <Critical> <WebLogicServer> <000364>
<Server failed during initialization.
Exception:java.lang.SecurityException: Authentication denied: Boot
identity not valid
java.lang.SecurityException: Authentication denied: Boot identity not
valid
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1074)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1216)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
>
<Apr 23, 2003 1:15:11 PM EDT> <Emergency> <WebLogicServer> <000342>
<Unable to initialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication denied: Boot
identity not valid
java.lang.SecurityException: Authentication denied: Boot identity not
valid
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1074)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1216)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication denied: Boot identity not
valid
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1074)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1216)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication denied: Boot
identity not valid
java.lang.SecurityException: Authentication denied: Boot identity not
valid
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1074)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1216)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
I am also pasting below the source code of the startup script that I
am using to start WebLogic server:
#!/bin/sh
# This script is used to start WebLogic Server.
# To create your own start script for your domain, simply set the
SERVER_NAME
# variable to your server name then call this script from your domain
# directory.
# This script sets the following variables before starting WebLogic
Server:
# WL_HOME - The root directory of your WebLogic installation
# JAVA_HOME - Location of the version of Java used to start
WebLogic
# Server. This variable must point to the root
directory of a
# JDK installation and will be set for you by the
installer.
# See the WebLogic platform support page
# (http://e-docs.bea.com/wls/platforms/index.html)
for an up-to-date list of
# supported JVMs on your platform.
# PATH - Adds the JDK and WebLogic directories to the system
path.
# CLASSPATH - Adds the JDK and WebLogic jars to the classpath.
# JAVA_OPTIONS - Java command-line options for running the server.
# Other variables that startWLS takes are:
# ADMIN_URL - If this variable is set, the server started will be
a
# managed server, and will look to the url specified
(i.e.
# http://localhost:7001) as the admin server.
# WLS_USER - Admin username for server startup
# WLS_PW - Cleartext password for server startup
# STARTMODE - Set to true for production mode servers, false for
# development mode
# JAVA_OPTIONS - Java command-line options for running the server.
(These
# will be tagged on to the end of the JAVA_VM and
MEM_ARGS)
# JAVA_VM - The java arg specifying the VM to run. (i.e.
-server,
# -hotspot, etc.)
# MEM_ARGS - The variable to override the standard memory
arguments
# passed to java
# PRE_CLASSPATH - Path style variable to be added to the beginning of
the
# CLASSPATH
# POST_CLASSPATH - Path style variable to be added to the end of the
# CLASSPATH
# PRE_PATH - Path style variable to be added to the beginning of
the
# PATH
# POST_PATH - Path style variable to be added to the end of the
PATH
# Alternately, this script will take the first two positional
parameters and
# set them to SERVER_NAME and ADMIN_URL. For instance, you could call
this
# script: "sh startWLS.sh myserver http://localhost:7001" to start a
# managed server named myserver, or just "sh startWLS.sh myserver"
# to start a server named myserver.
# jDriver for Oracle users: This script assumes that native libraries
required
# for jDriver for Oracle have been installed in the proper location
and that
# your os specific library path variable (i.e.
LD_LIBRARY_PATH/solaris,
# SHLIB_PATH/hpux, etc...) has been set appropriately. Also note that
this
# script defaults to the oci817_8 version of the shared libraries. If
this is
# not the version you need, please adjust the library path variable
# accordingly.
# For additional information, refer to the WebLogic Server
Administration Guide
# (http://e-docs.bea.com/wls/docs70/adminguide/startstop.html).
WL_HOME="/usr/local/bea/weblogic700"
JAVA_HOME="/usr/local/bea/jdk131_06"
. ${WL_HOME}/common/bin/commEnv.sh
# Check that the WebLogic classes are where we expect them to be
if [ ! -f "${WL_HOME}/server/lib/weblogic.jar" ]; then
echo
echo "The WebLogic Server wasn't found in directory
${WL_HOME}/server."
echo "Please edit your script so that the WL_HOME variable points"
echo "to the WebLogic installation directory."
# Check that java is where we expect it to be
elif [ ! -d "${JAVA_HOME}/bin" ]; then
echo
echo "The JDK wasn't found in directory ${JAVA_HOME}."
echo "Please edit your script so that the JAVA_HOME variable"
echo "points to the location of your JDK."
else
# Grab some file descriptors.
if [ ! -n "`uname -s |grep -i cygwin || uname -s |grep -i windows_nt`"
]; then
maxfiles=`ulimit -H -n`
if [ !$? -a "${maxfiles}" != 1024 ]; then
if [ "${maxfiles}" = "unlimited" ]; then
maxfiles=1025
fi
if [ "${maxfiles}" -lt 1024 ]; then
ulimit -n ${maxfiles}
else
ulimit -n 1024
fi
fi
fi
# Set first two positional parameters to SERVER_NAME and ADMIN_URL
if [ -n "${1}" -a "${SERVER_NAME}" = "" ]; then
SERVER_NAME="${1}"
fi
if [ -n "${2}" -a "${ADMIN_URL}" = "" ]; then
ADMIN_URL="${2}"
fi
# Figure out how to use our shared libraries
case `uname -s` in
AIX)
if [ -n "${LIBPATH}" ]; then
LIBPATH="${LIBPATH}:${WL_HOME}/server/lib/aix:${WL_HOME}/server/lib/aix/oci817_8"
else
LIBPATH="${WL_HOME}/server/lib/aix:${WL_HOME}/server/lib/aix/oci817_8"
fi
PATH="${WL_HOME}/server/lib/aix:${PATH}"
export LIBPATH PATH
export AIXTHREAD_SCOPE=S
export AIXTHREAD_MUTEX_DEBUG=OFF
export AIXTHREAD_RWLOCK_DEBUG=OFF
export AIXTHREAD_COND_DEBUG=OFF
echo "LIBPATH=${LIBPATH}"
HP-UX)
if [ -n "${SHLIB_PATH}" ]; then
SHLIB_PATH="${SHLIB_PATH}:${WL_HOME}/server/lib/hpux11:${WL_HOME}/server/lib/hpux11/oci817_8"
else
SHLIB_PATH="${WL_HOME}/server/lib/hpux11:${WL_HOME}/server/lib/hpux11/oci817_8"
fi
PATH="${WL_HOME}/server/lib/hpux11:${PATH}"
export SHLIB_PATH PATH
echo "SHLIB_PATH=${SHLIB_PATH}"
IRIX)
if [ -n "${LD_LIBRARY_PATH}" ]; then
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${WL_HOME}/server/lib/irix"
else
LD_LIBRARY_PATH="${WL_HOME}/server/lib/irix"
fi
PATH="${WL_HOME}/server/lib/irix:${PATH}"
export LD_LIBRARY_PATH PATH
echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}"
LINUX|Linux)
arch=`uname -m`
if [ -n "${LD_LIBRARY_PATH}" ]; then
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${WL_HOME}/server/lib/linux/${arch}:${WL_HOME}/server/lib/linux/${arch}/oci817_8"
else
LD_LIBRARY_PATH="${WL_HOME}/server/lib/linux/${arch}:${WL_HOME}/server/lib/linux/${arch}/oci817_8"
fi
PATH="${WL_HOME}/server/lib/linux:${PATH}"
export LD_LIBRARY_PATH PATH
echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}"
OSF1)
if [ -n "${LD_LIBRARY_PATH}" ]; then
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${WL_HOME}/server/lib/tru64unix"
else
LD_LIBRARY_PATH="${WL_HOME}/server/lib/tru64unix"
fi
PATH="${WL_HOME}/server/lib/tru64unix:${PATH}"
export LD_LIBRARY_PATH PATH
echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}"
SunOS)
if [ -n "${LD_LIBRARY_PATH}" ]; then
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${WL_HOME}/server/lib/solaris:${WL_HOME}/server/lib/solaris/oci817_8"
else
LD_LIBRARY_PATH="${WL_HOME}/server/lib/solaris:${WL_HOME}/server/lib/solaris/oci817_8"
fi
PATH="${WL_HOME}/server/lib/solaris:${PATH}"
export LD_LIBRARY_PATH PATH
echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}"
if [ "${JAVA_VM}" = "" ]
then
# JAVA_VM=-server
JAVA_VM=${COMM_SERVER_VM}
fi
Windows_NT*)
if [ "${JAVA_VM}" = "" ]
then
# JAVA_VM=-hotspot
JAVA_VM=${COMM_VM}
fi
PATHSEP=\;
CLASSPATHSEP=\;
CYGWIN*)
if [ "${JAVA_VM}" = "" ]
then
# JAVA_VM=-hotspot
JAVA_VM=${COMM_VM}
fi
CLASSPATHSEP=\;
echo "$0: Don't know how to set the shared library path for `uname
-s`. "
esac
if [ "${MEM_ARGS}" = "" ]
then
MEM_ARGS="-Xms32m -Xmx200m"
fi
if [ "${PATHSEP}" = "" ]; then
PATHSEP=:
fi
if [ "${CLASSPATHSEP}" = "" ]; then
CLASSPATHSEP=:
fi
CLASSPATH="${JAVA_HOME}/lib/tools.jar${CLASSPATHSEP}${WL_HOME}/server${CLASSPATHSEP}${WL_HOME}/server/lib/weblogic_sp.jar${CLASSPATHSEP}${WL_H
OME}/server/lib/weblogic.jar${CLASSPATHSEP}${CLASSPATH}"
# If we are on an old version of Cygnus we need to turn <letter>:/ in
the path
# to //<letter>/
if [ `uname -s` = "CYGWIN32/NT" ]; then
WL_HOME=`echo $WL_HOME | sed "s#$[a-zA-Z]$:#//\1#g"`
JAVA_HOME=`echo $JAVA_HOME | sed "s#$[a-zA-Z]$:#//\1#g"`
fi
# If we are on an new version of Cygnus we need to turn <letter>:/ in
the path
# to /cygdrive/<letter>/
if [ -n "`uname -s |grep -i cygwin_`" ]; then
WL_HOME=`echo $WL_HOME | sed "s#$[a-zA-Z]$:#/cygdrive/\1#g"`
JAVA_HOME=`echo $JAVA_HOME | sed "s#$[a-zA-Z]$:#/cygdrive/\1#g"`
fi
PATH=".${PATHSEP}${WL_HOME}/server/bin${PATHSEP}${JAVA_HOME}/jre/bin${PATHSEP}${JAVA_HOME}/bin${PATHSEP}${PATH}"
# Import extended environment
if [ -f extEnv.sh ]; then
. extEnv.sh
fi
if [ ! -z "${EXT_PRE_CLASSPATH}" ]; then
CLASSPATH="${EXT_PRE_CLASSPATH}${CLASSPATHSEP}${CLASSPATH}"
fi
if [ ! -z "${EXT_POST_CLASSPATH}" ]; then
CLASSPATH="${CLASSPATH}${CLASSPATHSEP}${EXT_POST_CLASSPATH}"
fi
if [ ! -z "${EXT_PRE_PATH}" ]; then
PATH="${EXT_PRE_PATH}${PATHSEP}${PATH}"
fi
if [ ! -z "${EXT_POST_PATH}" ]; then
PATH="${PATH}${PATHSEP}${EXT_POST_PATH}"
fi
# Get PRE and POST environment
if [ ! -z "${PRE_CLASSPATH}" ]; then
CLASSPATH="${PRE_CLASSPATH}${CLASSPATHSEP}${CLASSPATH}"
fi
if [ ! -z "${POST_CLASSPATH}" ]; then
CLASSPATH="${CLASSPATH}${CLASSPATHSEP}${POST_CLASSPATH}"
fi
if [ ! -z "${PRE_PATH}" ]; then
PATH="${PRE_PATH}${PATHSEP}${PATH}"
fi
if [ ! -z "${POST_PATH}" ]; then
PATH="${PATH}${PATHSEP}${POST_PATH}"
fi
echo CLASSPATH=${CLASSPATH}
echo
echo PATH=${PATH}
echo
echo "***************************************************"
echo "* To start WebLogic Server, use a username and *"
echo "* password assigned to an admin-level user. For *"
echo "* server administration, use the WebLogic Server *"
echo "* console at http://<hostname>:<port>/console *"
echo "***************************************************"
if [ "$ADMIN_URL" != "" ]
then
set -x
"${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS}
-classpath "${CLASSPATH}" -Dweblogic.Name=${SERVER_NAME}
-Dbea.home="/usr/local
/bea" -Dweblogic.management.username=${WLS_USER}
-Dweblogic.management.password=${WLS_PW}
-Dweblogic.management.server=${ADMIN_URL} -Dweblogic
.ProductionModeEnabled=${STARTMODE}
-Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy"
weblogic.Server
else
set -x
"${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS}
-classpath "${CLASSPATH}" -Dweblogic.Name=${SERVER_NAME}
-Dbea.home="/usr/local
/bea" -Dweblogic.management.username=${WLS_USER}
-Dweblogic.management.password=${WLS_PW}
-Dweblogic.ProductionModeEnabled=${STARTMODE} -Djava
.security.policy="${WL_HOME}/server/lib/weblogic.policy"
weblogic.Server
fi
set +x
fi
--------------END OF SCRIPT----------
So can you please look at the exception and the above-pasted source
code of the startup script file and let me know what needs to be done
to fix the error?
Thanks,
Kalpana

Senthil,
What may have happened is that the boot identity (e.g., the "weblogic" user) is no longer in the realm. Or, you added a second authenticator which has a Control Flag of Required but the weblogic user cannot be found there.
If it's the first scenario, add the weblogic user (and his inclusion in the Administrators group) to the data store for your authenticator.
If it's the second scenario, you need to change the Control Flag to something less drastic such as Sufficient. In this case, you can't make the change in WebLogic Console since you can't boot your server. Have a look in config.xml and see if your newly created authenticator is listed there. If it is, change the Control Flag and try to reboot the server.
Otherwise, copy config.xml.booted to config.xml and start your server. You'll have to re-do your security realm changes, though.
HTH,
Mike

Java.lang.SecurityException: while starting weblogic server

Hi,
I added a admin server on m/c 1 and a remote managed server on m/c 2. When i tried to start the admin server and the managed server and ping it using jmx, it get the following security error:
Any help regd. this would be appreciated.
Thanks,
beauser2005
<Oct 29, 2004 2:14:38 PM PDT> <Warning> <RMI> <BEA-080003> <RuntimeException thrown by rmi server: weblogic.rmi.internal.BasicServerRef@10c - hostID: '-833462563406253632S:172.20.30.37:[7001,7001,-1,-1,7001,-1,-1,0,0]:mydomain10:myserver10', oid: '268', implementation: 'weblogic.management.internal.RemoteMBeanServerImpl@191f022'
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators].
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
     at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:680)
     at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:187)
     at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:827)
     at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:300)
     at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:996)
     at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:917)
     at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:225)
     at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
     at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:742)
     at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
     at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)

was able to solve this
there was corruption of reports config file

Java.lang.SecurityException using a simple jar file

I created my small application using JDev 11.
Running from JDev it works well.
I created a simple jar file including all my classes and all libraries I used.
Whe I try to run that jar file I get :
java.lang.SecurityException: no manifiest section for signature file entry javax/mail/internet/AsciiOutputStream.classI didn't find any solution.
I worked hardly with JDev 10g but I never had such problem.
Tks
Tullio
Edited by: tullio0106 on Nov 25, 2008 2:22 PM

I simply created a project containing some classes whish use java mail.
Then I modified the project creating, in the deployment wizard, a "Dependency Analysis" filegroup adding all my classes as well as libraries.
I uncheck the "Include Manifest" chek otherwise I would run into different problems (well documented in the forum).
The jar file is created but when I run the application I get the Security error.
If I remove java mail libraries (activation and java mail)from the list of used libraries and I add it to classpath it works fine.
I suspect the problem could be in Manifes merging.
Tks
Tullio

Java.lang.SecurityException when granting java permission

DB version 11.1.07
We used this command to grant the following permission in development and stage environment with no problems.
exec dbms_java.grant_permission( 'SCHEMA', 'SYS:java.lang.RuntimePermission', 'getClassLoader', '' );
When the same command is run in production, it results in this.
ERROR at line 1:
ORA-29532: Java call terminated by uncaught Java exception:
java.lang.SecurityException: policy table update
SYS:java.lang.RuntimePermission, getClassLoader
ORA-06512: at "SYS.DBMS_JAVA", line 787
ORA-06512: at line 1
These commands were executed as SYS user in all environments. Any ideas what could be causing this?
Thanks.
Usman

Either you are only using a security manager in production or there is a difference in the permissions granted by the security domains (for example, .policy files).

Java.lang.SecurityException: [Security:090398]Invalid Subject: WEBLOGIC 9.1

Hi
I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
I have enaled the trust between my two domains. Set the required class path settings.
My client call is from a JSP , say client.jsp.
Here I get remote object of the EJB and calls the required method
Now
1) My EJB calls are succesful when I DO NOT secure it
2) but when I make it is secured , ie when I
include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
, it gives me the follwing error
The stack trace is given below
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.ebreviate.security.wl9realm.EBRUser@a09a08, ess, everyone]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
Truncated. see log file for complete stacktrace
Any idea why it is ?
Please let me know
Thanks
Binu
Edited by binurajkr at 01/25/2008 4:36 AM

Hi. Contact official BEA Support. This is likely
to be a known issue with a patch available to fix it.
Joe
binu raj wrote:
Hi
I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
I have enaled the trust between my two domains. Set the required class path settings.
My client call is from a JSP , say client.jsp.
Here I get remote object of the EJB and calls the required method
Now
1) My EJB calls are succesful when I DO NOT secure it
2) but when I make it is secured , ie when I
include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
, it gives me the follwing error
The stack trace is given below
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.ebreviate.security.wl9realm.EBRUser@a09a08, ess, everyone]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
Truncated. see log file for complete stacktrace
Any idea why it is ?
Please let me know
Thanks
Binu
Edited by binurajkr at 01/25/2008 4:36 AM

Java.lang.SecurityException: [Security:090398]Invalid Subject

Hi
          I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
          I have enaled the trust between my two domains. Set the required class path settings.
          My client call is from a JSP , say client.jsp.
          Here I get remote object of the EJB and calls the required method
          Now
          1) My EJB calls are succesful when I DO NOT secure it
          2) but when I make it is secured , ie when I
          include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
          , it gives me the follwing error
          The stack trace is given below
          java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.ebreviate.security.wl9realm.EBRUser@a09a08, ess, everyone]
          at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
          at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
          at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
          at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
          at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
          Truncated. see log file for complete stacktrace
          Any idea why it is ?
          Please let me know
          Thanks
          Binu

I got this issue resolved by setting
          Context.SECURITY_PRINCIPAL, "" , before the RMI ejb call
          Binu

Java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[

HI,
I am trying to monitor multiple weblogic servers, I am getting the exception when the program is trying to read multiple domains of the same weblogic server version 8.1.
Can any one help me in getting this fix programatically using weblogic.management.*;
I have searched all the sites where I got only a perticular solution which states to maintain the same domain level credentials.
please reply me back if there is a programatical approach to fix this exception.
The exception is given below:
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
     at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
     at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:138)
     at weblogic.management.internal.AdminMBeanHomeImpl_811_WLStub.getDomainName(Unknown Source)
     at MonitorServers.getDataWeblogic(MonitorServers.java:138)
     at MonitorServers.getServers(MonitorServers.java:89)
     at MonitorServers.main(MonitorServers.java:352)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
     at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
     at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:181)
     at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:814)
     at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:299)
     at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:920)
     at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:841)
     at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:222)
     at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
     at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:570)
     at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
     at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
Thanks in advance

Hi,
I think that if you don't specify the credentials, the current one will be used to connect to the server.
Try to specify the guest identity by explicitely adding the following properties to override the current identity
               properties.put(Context.SECURITY_PRINCIPAL, "");
properties.put(Context.SECURITY_CREDENTIALS, "");
Otherwise you will need to setup a trust between the servers.
I Hope this helps.
Giorgio Anastopoulos

Java.lang.SecurityException: Security: Invalid Subject: principals

I am getting the following exception intermittently:
java.lang.SecurityException: Security: Invalid Subject: principals=[XXX, Administrators]
What i am doing is, i have two weblogic servers both running Weblogic 10.0 and running on different domains, a war is deployed on one server (server A) which sends a message to queue on another server (Server B), now everything works but if i restart B then A throws the above Security Exception while looking up the queue on Server B?? Any ideas why, i haven't configured any security credentials.
If i restart A after restarting B then everything works again but restarting all the servers each time one gets restarted is cumbersome,so does someone knows answer to the question above?
Edited by: user4828945 on Feb 11, 2009 5:41 PM

If you dont require authentication, then enable the global trust between the domains.
When this feature is enabled, identity is passed between WebLogic Server domains over an RMI connection without requiring authentication in the second domain. When inter-domain trust is enabled, transactions can commit across domains. A trust relationship is established when the Domain Credential for one domain matches the Domain Credential for another domain.
By default, the Domain Credential is randomly generated and therefore, no two domains will have the same Domain Credential. If you want two WebLogic Server domains to interoperate, you need to replace the generated credential with a credential you select, and set the same credential in each of the domains.
Link :[http://e-docs.bea.com/wls/docs100/ConsoleHelp/taskhelp/security/EnableGlobalTrustBetweenDomains.html]

Java.lang.SecurityException: [Security:090398]

Hi All,
I am using Jdeveloper 11.1.1.3.
I am running my application and it runs fine. But after a couple of clicks, I get the following exception. Tried googling and oracle-ing the exception but can't really understand what it is. If someone can provide a solution that would be AWESOME but even if someone can explain what the error is, that would be really really helpful.
Oh and the WebLogic Server Version: 10.3.3.0 on server and client side.
Here's the error...
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[jdoe11, EFormDefault]
javax.el.ELException: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[jdoe11, EFormDefault]
     at com.sun.el.parser.AstValue.invoke(AstValue.java:161)
     at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
     at oracle.adf.controller.internal.util.ELInterfaceImpl.invokeMethod(ELInterfaceImpl.java:168)
     at oracle.adfinternal.controller.activity.MethodCallActivityLogic.execute(MethodCallActivityLogic.java:161)
     at oracle.adfinternal.controller.engine.ControlFlowEngine.executeActivity(ControlFlowEngine.java:989)
     at oracle.adfinternal.controller.engine.ControlFlowEngine.doRouting(ControlFlowEngine.java:878)
     at oracle.adfinternal.controller.engine.ControlFlowEngine.doRouting(ControlFlowEngine.java:777)
     at oracle.adfinternal.controller.engine.ControlFlowEngine.routeFromActivity(ControlFlowEngine.java:551)
     at oracle.adfinternal.controller.engine.ControlFlowEngine.performControlFlow(ControlFlowEngine.java:147)
     at oracle.adfinternal.controller.application.NavigationHandlerImpl.handleAdfcNavigation(NavigationHandlerImpl.java:109)
     at oracle.adfinternal.controller.application.NavigationHandlerImpl.handleNavigation(NavigationHandlerImpl.java:78)
     at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:130)
     at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
     at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:90)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:309)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:94)
     at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:97)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:90)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:309)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:94)
     at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:91)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:812)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:292)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:97)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
     at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
     at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:94)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
     at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:414)
     at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:138)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[jdoe11, EFormDefault]
     at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:835)
     at weblogic.security.service.IdentityUtility.authenticatedSubjectToIdentity(IdentityUtility.java:30)
     at weblogic.security.service.RoleManager.getRoles(RoleManager.java:183)
     at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:375)
     at weblogic.rmi.provider.WorkContextAccessController.checkAccess(WorkContextAccessController.java:62)
     at weblogic.workarea.spi.WorkContextAccessController.isAccessAllowed(WorkContextAccessController.java:38)
     at weblogic.workarea.WorkContextLocalMap$WorkContextKeys.next(WorkContextLocalMap.java:356)
     at weblogic.wsee.jaxws.workcontext.WorkContextTube.hasContext(WorkContextTube.java:67)
     at weblogic.wsee.jaxws.workcontext.WorkContextClientTube.processRequest(WorkContextClientTube.java:38)
     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
     at com.sun.xml.ws.client.Stub.process(Stub.java:259)
     at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
     at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
     at $Proxy157.retrieveForm(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
     at $Proxy158.retrieveForm(Unknown Source)
     at gov.atf.eforms.FormBase.retrieveForm(FormBase.java:206)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.el.parser.AstValue.invoke(AstValue.java:157)
     ... 62 more
Edited by: HKG on Feb 25, 2011 8:01 AM

Hi,
difficult to say. From the error message it seems that there is something happening with the authenticated JAAS user. Does the problem reproduce in other applications (e.g. a test case ?)
Frank

Java.lang.SecurityException when trying to execute Workflow-Java-API from Servlet

I'm trying to call some of the Oracle Workflow-Java-API Classes/Methods from a servlet running on OC4J.
The following Code-Sample is exactly copied from the WFTest Example shipped with Oracle-Workflow:
wfDB = new WFDB(user, ident, "jdbc:oracle:thin:@", "host:1521:tnsstring");
String charset = System.getProperty("CHARSET");
if (charset == null) {
charset = "UTF8";
ctx = new WFContext(wfDB, charset);
if (ctx.getDB().getConnection() == null) {
throw new Exception ("Keine Verbindung zum Workflow");
On OC4J integrated in JDeveloper everything works fine when i run my test-servlet with this code.
On 9ias with OC4J running on a SuSE-Linux Server i get the following Error:
java.lang.SecurityException: class "oracle.apps.fnd.wf.WFContext"'s signer information does not match signer information of other classes in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:554)
at java.lang.ClassLoader.defineClass(ClassLoader.java:482)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:106)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:243)
at java.net.URLClassLoader.access$100(URLClassLoader.java:51)
at java.net.URLClassLoader$1.run(URLClassLoader.java:190)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:183)
at java.lang.ClassLoader.loadClass(ClassLoader.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:310)
at oracle.apps.fnd.wf.engine.JdbcEngineAPI._sqlQueryText(JdbcEngineAPI.java)
at oracle.apps.fnd.wf.engine.EngineAPI.getItemTypes(EngineAPI.java)
at WorkflowData.doGet(WorkflowData.java:61)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:195)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:309)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
at com.evermind[Oracle9iAS (1.0.2.2.1) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:508)
at com.evermind[Oracle9iAS (1.0.2.2.1) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:177)
at com.evermind[Oracle9iAS (1.0.2.2.1) Containers for J2EE].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:576)
at com.evermind[Oracle9iAS (1.0.2.2.1) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java:189)
at com.evermind[Oracle9iAS (1.0.2.2.1) Containers for J2EE].util.ThreadPoolThread.run(ThreadPoolThread.java:62)
As you can see, the first Workflow-API-Object (WFDB) gets correctly instantiated. But the second one crashes.
The java.policy and java.security files are exactly identical on both machines, my PC and the Linux-Server.
Where might be the problem ?
How can we fix this ?
thanks in advance for any help
Ralf

okay, okay,
my/our own fault.
To prevent anyone else of makeing the same mistake, a short decription:
We stored the wf????.jar files inside the $JAVA_HOME/jre/lib/ext directory.
The correct way is to let them inside $ORACLE_HOME/jlib dir of the oracle db and extend the classpath, respectively add the following lines to 'orion-application.xml' of the app.
<library path="$ORACLE_HOME/jlib/wfapi.jar" />
<library path="$ORACLE_HOME/jlib/wfjava.jar" />

Java.lang.SecurityException when loading javax.activation.MimeType

Hi all,
I'm having this problem when trying to call a WebService in my Server;
java.lang.SecurityException: class "javax.activation.MimeType"'s signer information does not match signer information of other classes in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java(Compiled Code))
at java.lang.ClassLoader.defineClass(ClassLoader.java(Compiled Code))
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java(Compiled Code))
at java.net.URLClassLoader.defineClass(URLClassLoader.java(Compiled Code))
at java.net.URLClassLoader.access$500(URLClassLoader.java(Inlined Compiled Code))
at java.net.URLClassLoader$ClassFinder.run(URLClassLoader.java(Compiled Code))
at java.security.AccessController.doPrivileged1(Native Method)
at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code))
at java.net.URLClassLoader.findClass(URLClassLoader.java(Compiled Code))
at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java(Compiled Code))
at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
at org.apache.soap.rpc.SOAPContext.addBodyPart(SOAPContext.java:344)
at org.apache.soap.rpc.SOAPContext.setRootPart(SOAPContext.java:403)
at org.apache.soap.rpc.SOAPContext.setRootPart(SOAPContext.java:442)
at org.apache.soap.rpc.SOAPContext.setRootPart(SOAPContext.java:417)
at org.apache.soap.transport.TransportMessage.save(TransportMessage.java:351)
at oracle.soap.transport.http.OracleSOAPHTTPConnection.send(OracleSOAPHTTPConnection.java:713)
at org.apache.soap.rpc.Call.invoke(Call.java:261)
It seems to work in my local machine (running on JDeveloper10G embedded server), but i cannot make it work in production server (version 10.1.2.0.2) ...
Any idea of what is going wrong? I know what the error means, but i don't know why it is raising.

I've tried the webservice standalone (without a servlet frontend) and it seems to work, so i'll post this in the servlets forum.
Thanks.

Java.lang.SecurityException: Cannot set up certs for trusted CAs

Hi,
The application iam working on encrypts & decrypts files. The application is deployed on a standalone OC4j container on solaris 5.8. I have downloaded the following jar files
jce1_2_2.jar
sunjce_provider.jar
local_policy.jar
US_export_policy.jar
and have declared them in the application.xml
when i run the application i get the following exception.
java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.lang.SecurityException: Signer restraint check failed! at javax.crypto.SunJCE_b.<clinit>(DashoA6275) at javax.crypto.Cipher.a(DashoA6275) at javax.crypto.Cipher.getInstance(DashoA6275) at pdfDownload.jspService(_pdfDownload.java:215) [SRC:/pdfDownload.jsp:167] at com.orionserver[Oracle9iAS (9.0.3.0.0) Containers for J2EE].http.OrionHttpJspPage.service(OrionHttpJspPage.java:56) at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:317) at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:465) at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:379) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:721) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java:259) at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java:106) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:803) at java.lang.Thread.run(Thread.java:484)
Pls advise, is there any other setting that needs to be done ?
Thanks & Regards
Arun

Hi,
I got the solution for this. JCE 1.2.2 is supported on JDK 1.4.1 and JDK 1.4.2, but both of them have different unrestricted policy jars. I was able to solve the problem once I downloaded the unrestricted policy jars for JDK 1.4.2 (which is used by BEA 8.1 SP5) from the following URL : http://java.sun.com/j2se/1.4.2/download.html
Regards,
Prashant Kale.

PortletPreferences.store() : java.lang.SecurityException

Similar Messages

Maybe you are looking for