Roles and .wars in WebLogic
I have a .war file whose web.xml file defines a security role of LoggingRole. No
matter what I do, I cannot successfully login and access the web-app. I am running
on WebLogic 7.0 on Windows 2000.
I tried going into the admin console and defining a role named LoggingRole then
adding the Administrators group to it. Then I make sure there are some users in
the Administrators group. Everytime I try to use those users to login, it fails.
If I delete the secuirty constraints from the web-app it works fine. if I install
the web-app on other servlet engines wit hthe security, it works. Any ideas?
Here is the relevant snippet of the web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>System Viewer</web-resource-name>
<url-pattern>/menu2</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>LoggingRole</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>LoggingRole</role-name>
</security-role>
Thanks,
brian
In WL6, normally you should have something like <security-role-assignment>
<role-name>developer</role-name>
<principal-name>developer</principal-name>
<principal-name>customer</principal-name>
</security-role-assignment>
in your weblogic.xml. I never try this in WL7 and hope it will work.
The alternative is, open your weblogic admin console, following the following
steps: (Left pane) Deployment->Web Applications->YourWebApplication, then (right
pane)Edit web application descriptors. On the next screen, (Left pane)Web AppExt->Security
role assignment->.... If you don't have Web AppExt, you should be able to create
one when you see this screen. After you assign tghe roles, click persistent and
a new web.xml and a new weblogic.xml will be generated and you can use them for
future use.
"Brian Pipa" <[email protected]> wrote:
>
>I have a .war file whose web.xml file defines a security role of LoggingRole.
>No
>matter what I do, I cannot successfully login and access the web-app.
>I am running
>on WebLogic 7.0 on Windows 2000.
>
>I tried going into the admin console and defining a role named LoggingRole
>then
>adding the Administrators group to it. Then I make sure there are some
>users in
>the Administrators group. Everytime I try to use those users to login,
>it fails.
>If I delete the secuirty constraints from the web-app it works fine.
>if I install
>the web-app on other servlet engines wit hthe security, it works. Any
>ideas?
>
>Here is the relevant snippet of the web.xml:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>System Viewer</web-resource-name>
> <url-pattern>/menu2</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>LoggingRole</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-role>
> <role-name>LoggingRole</role-name>
> </security-role>
>
>Thanks,
>brian
Similar Messages
-
OAM manage roles and Authorization in WebLogic integration
Hi
Had anyone done weblogic integration where OAM manages roles and Authorization?
I could read in Oracle WebLogic integration document that,
"The Security Provider only supports authentication for portals."
I wanted to figure out if anyone has done this before or Is it possible to delegate role management and Authorization responsibility to OAM?
Thanks
Kiran ThakkarThanks for the quick response.
Thanks
Kiran Thakkar -
This might be a simple problem, but I'm new to this and want to verify this
concept. We are looking at using IPlanet Directory Server 5.0 (which has
Roles) as our LDAP server and Weblogic 6.0 as our Web/Application Server.
Our project consists of manuals (Web Applications consisting of JSPs and
HTMLs), some of which are restricted to a specific roles/groups. So if a
user tries to access a restricted manual, they are prompted for their
username/password, which will be authenticated and if that user is a member
of the proper role/group then they are granted access to the manual.
We are maintaining user accounts and roles/groups in LDAP. In the web.xml
file of the Web Application I can specify our LDAP Realm to authenticate the
user and I can restrict web-resources (manuals) to a specific roles.
Can I configure the web.xml/weblogic.xml files to validate that the user is
a member of the proper role/group? If so, how do I do it? It looks like I
can map a role name in the web.xml file to user names in the weblogic.xml
file, but there are alot of users in each group so I don't want to have to
do this for all the web applications.
This seems pretty common problem but I can't seem to find examples of this.
Thanks,
JonYou have to write your own Custom Security Realm. Take a look at the
example RDBMSrealm and tailor it to use your LDAP Server.
[att1.html] -
How can WLS use JSP pages in a Web Application (either a .war file or a war directory structure) without a java compiler?
I suspect either the JSP specification is flawed (i.e. it doesn't take account of servers using just a JRE), or BEA's implementation is broken.
Production servers do not have a JDK installed. They only have a JRE. Therfore a java compiler is not present on the machine that the Web Application is deployed onto.
On the development machine, when the server is requested to load the JSP it creates a tmpwar directory within the Web Application directory structure. This is then included in the resultant .war file thus:
D:\war>jar -tf gmi.war
META-INF/
META-INF/MANIFEST.MF
gmiService.jsp
WEB-INF/
WEB-INF/classes/
WEB-INF/classes/com/
WEB-INF/classes/com/bt/
WEB-INF/classes/com/bt/gmi/
WEB-INF/classes/com/bt/gmi/gmiService.class
WEB-INF/getList.xsl
WEB-INF/getListByConnection.xsl
WEB-INF/getListByDistrict.xsl
WEB-INF/getListByDistrictConnection.xsl
WEB-INF/lib/
WEB-INF/source/
WEB-INF/source/build.bat
WEB-INF/source/gmiService.java
WEB-INF/web.xml
WEB-INF/weblogic.xml
tmpwar/
tmpwar/jsp_servlet/
tmpwar/jsp_servlet/_gmiservice.class
tmpwar/jsp_servlet/_gmiservice.java
When deployed on the production server with the web.xml file set to use the following values (note XML stripped):
weblogic.jsp.pageCheckSeconds
-1
weblogic.jsp.precompile
false
weblogic.jsp.compileCommand
javac
weblogic.jsp.verbose
true
weblogic.jsp.packagePrefix
jsp_servlet
weblogic.jsp.keepgenerated
false
And in the weblogic.properties file:
weblogic.httpd.webApp.gmi=war/gmi
I've also tried with the .war file, but that insists on creating another tmpwar directory outside of the .war file.
Then, although I have set pageCheckSeconds to -1 (don't check and don't recompile) ter production server still attempts to recompile the JSP's:
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: init
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param verbose initialized to: true
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param packagePrefix initialized to: jsp_servlet
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param compileCommand initialized to: javac
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param srcCompiler initialized to weblogic.jspc
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param superclass initialized to null
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param workingDir initialized to: /opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param pageCheckSeconds initialized to: -1
Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: initialization complete
Mon Sep 25 11:40:12 BST 2000:<I> <WebAppServletContext-gmi> Generated java file: /opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war/jsp_servlet/gmiService.java
Mon Sep 25 11:40:14 BST 2000:<E> <WebAppServletContext-gmi> Compilation of /opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war/jsp_servlet/gmiService.java failed: Exception in thread "main" java.lang.NoClassDefFoundError: sun/tools/javac/Main
java.io.IOException: Compiler failed executable.exec([Ljava.lang.String;[javac, -classpath, /opt/Solaris_JRE_1.2.1_04/lib/rt.jar:/opt/Solaris_JRE_1.2.1_04/lib/i18n.jar:/opt/Solaris_JRE_1.2.1_04/classes:/var/wls/5.1/weblogic/lib/weblogic510sp4boot.jar:/var/wls/5.1/weblogic/classes/boot:/var/wls/5.1/weblogic/eval/cloudscape/lib/cloudscape.jar:/var/wls/5.1/weblogic/lib/wleorb.jar:/var/wls/5.1/weblogic/lib/wlepool.jar:/var/wls/5.1/weblogic/lib/weblogic510sp4.jar:/var/wls/5.1/weblogic/license:/var/wls/5.1/weblogic/classes:/var/wls/5.1/weblogic/lib/weblogicaux.jar:/opt/wls-servers/gmiServer/weblogic/gmiServer/serverclasses:/opt/wls-servers/gmiServer/weblogic/lotusxsl.jar:/opt/wls-servers/gmiServer/weblogic/xerces.jar:/opt/wls-servers/gmiServer/weblogic/logging.jar::/opt/wls-servers/gmiServer/weblogic/war/gmi/WEB-INF/classes:/opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war, -d, /opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war, /opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war/jsp_servlet/gmiService.java])
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at java.io.IOException.<init>(Compiled Code)
at weblogic.utils.compiler.CompilerInvoker.compileMaybeExit(Compiled Code)
at weblogic.utils.compiler.CompilerInvoker.compile(CompilerInvoker.java:200)
at weblogic.servlet.jsp.JspStub.compilePage(Compiled Code)
at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:173)
at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:187)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:118)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:142)
at weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:744)
at weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:692)
at weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContextManager.java:251)
at weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:363)
at weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:263)
at weblogic.kernel.ExecuteThread.run(Compiled Code)
The default Java compiler from sun lives in the tools.jar that comes with
the JDK. Just add that to your set of JARs which are deployed in production
and you should be fine. No need to install the full JDK - just make the
tools.jar available to WebLogic.
Regards
James
James Strachan
=============
email: [email protected]
web: http://www.metastuff.com
"Martin Webb" <[email protected]> wrote in message
news:[email protected]...
>
> How can WLS use JSP pages in a Web Application (either a .war file or a
war directory structure) without a java compiler?
>
> I suspect either the JSP specification is flawed (i.e. it doesn't take
account of servers using just a JRE), or BEA's implementation is broken.
>
> Production servers do not have a JDK installed. They only have a JRE.
Therfore a java compiler is not present on the machine that the Web
Application is deployed onto.
>
> On the development machine, when the server is requested to load the JSP
it creates a tmpwar directory within the Web Application directory
structure. This is then included in the resultant .war file thus:
>
> D:\war>jar -tf gmi.war
> META-INF/
> META-INF/MANIFEST.MF
> gmiService.jsp
> WEB-INF/
> WEB-INF/classes/
> WEB-INF/classes/com/
> WEB-INF/classes/com/bt/
> WEB-INF/classes/com/bt/gmi/
> WEB-INF/classes/com/bt/gmi/gmiService.class
> WEB-INF/getList.xsl
> WEB-INF/getListByConnection.xsl
> WEB-INF/getListByDistrict.xsl
> WEB-INF/getListByDistrictConnection.xsl
> WEB-INF/lib/
> WEB-INF/source/
> WEB-INF/source/build.bat
> WEB-INF/source/gmiService.java
> WEB-INF/web.xml
> WEB-INF/weblogic.xml
> tmpwar/
> tmpwar/jsp_servlet/
> tmpwar/jsp_servlet/_gmiservice.class
> tmpwar/jsp_servlet/_gmiservice.java
>
> When deployed on the production server with the web.xml file set to use
the following values (note XML stripped):
>
> weblogic.jsp.pageCheckSeconds
> -1
>
> weblogic.jsp.precompile
> false
>
> weblogic.jsp.compileCommand
> javac
>
> weblogic.jsp.verbose
> true
>
> weblogic.jsp.packagePrefix
> jsp_servlet
>
> weblogic.jsp.keepgenerated
> false
>
>
> And in the weblogic.properties file:
>
> weblogic.httpd.webApp.gmi=war/gmi
>
> I've also tried with the .war file, but that insists on creating another
tmpwar directory outside of the .war file.
>
>
> Then, although I have set pageCheckSeconds to -1 (don't check and don't
recompile) ter production server still attempts to recompile the JSP's:
>
>
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: init
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param
verbose initialized to: true
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param
packagePrefix initialized to: jsp_servlet
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param
compileCommand initialized to: javac
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param
srcCompiler initialized to weblogic.jspc
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param
superclass initialized to null
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param
workingDir initialized to:
/opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp: param
pageCheckSeconds initialized to: -1
> Mon Sep 25 11:40:11 BST 2000:<I> <WebAppServletContext-gmi> *.jsp:
initialization complete
> Mon Sep 25 11:40:12 BST 2000:<I> <WebAppServletContext-gmi> Generated java
file:
/opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war/jsp_servlet/gmiService.
java
> Mon Sep 25 11:40:14 BST 2000:<E> <WebAppServletContext-gmi> Compilation of
/opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war/jsp_servlet/gmiService.
java failed: Exception in thread "main" java.lang.NoClassDefFoundError:
sun/tools/javac/Main
>
> java.io.IOException: Compiler failed
executable.exec([Ljava.lang.String;[javac, -classpath,
/opt/Solaris_JRE_1.2.1_04/lib/rt.jar:/opt/Solaris_JRE_1.2.1_04/lib/i18n.jar:
/opt/Solaris_JRE_1.2.1_04/classes:/var/wls/5.1/weblogic/lib/weblogic510sp4bo
ot.jar:/var/wls/5.1/weblogic/classes/boot:/var/wls/5.1/weblogic/eval/cloudsc
ape/lib/cloudscape.jar:/var/wls/5.1/weblogic/lib/wleorb.jar:/var/wls/5.1/web
logic/lib/wlepool.jar:/var/wls/5.1/weblogic/lib/weblogic510sp4.jar:/var/wls/
5.1/weblogic/license:/var/wls/5.1/weblogic/classes:/var/wls/5.1/weblogic/lib
/weblogicaux.jar:/opt/wls-servers/gmiServer/weblogic/gmiServer/serverclasses
:/opt/wls-servers/gmiServer/weblogic/lotusxsl.jar:/opt/wls-servers/gmiServer
/weblogic/xerces.jar:/opt/wls-servers/gmiServer/weblogic/logging.jar::/opt/w
ls-servers/gmiServer/weblogic/war/gmi/WEB-INF/classes:/opt/wls-servers/gmiSe
rver/weblogic/war/gmi/_tmp_war, -d,
/opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war,
/opt/wls-servers/gmiServer/weblogic/war/gmi/_tmp_war/jsp_servlet/gmiService.
java])
> at java.lang.Throwable.fillInStackTrace(Native Method)
> at java.lang.Throwable.fillInStackTrace(Compiled Code)
> at java.lang.Throwable.<init>(Compiled Code)
> at java.lang.Exception.<init>(Compiled Code)
> at java.io.IOException.<init>(Compiled Code)
> at
weblogic.utils.compiler.CompilerInvoker.compileMaybeExit(Compiled Code)
> at
weblogic.utils.compiler.CompilerInvoker.compile(CompilerInvoker.java:200)
> at weblogic.servlet.jsp.JspStub.compilePage(Compiled Code)
> at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:173)
> at
weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:18
7)
> at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:118)
> at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:142)
> at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
l.java:744)
> at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
l.java:692)
> at
weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContext
Manager.java:251)
> at
weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:363)
> at
weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:263)
> at weblogic.kernel.ExecuteThread.run(Compiled Code)
>
>
>
-
Issue while deploying .war at weblogic 10.3.0.0
Hi All,
We have developed application and created rboimgr.war under weblogic 10.3.4 and trying to deploy at 10.3.0.0 but getting following error message:
An error occurred during activation of changes, please see the log for details.
http:101064(WebAppModule(RboimgrRboimgr.warfl Error parsing descriptor In Web appplication IBOC/weblogic10/user_projects/domains/bodorniseivers/bomanage/stage/Rboimgr/RboimgrAvar weblogic.application.tioduleException: Unmarshaller failed at weblogic.serviet intemal.WebAppModule.loadDescriptor(WebApplAodulajava:1201) at weblogic seMet intemalWebAppModule.prepare(WebAppl•lodulaJava:350) at weblogic.applicationintemallow.ScopedModuleDriver.prepare(ScopectlAoduleDriveriava:176) at weblogic.applicationintematflow.ModuleListenennvoker.prepare (ModuleListenerInvokerjava:93) at weblogic.application.intematflow.DeploymentCallbackFlowS1.next(DeploymentCallbacicFlowjava:387) at weblogicapplication.utils.StateMachineDriver.nextState(StateMachineDriver.java:37) at weblogic.application.intematflow.DeploymentCallbackFlow.prepare (DeploymentCallbackFlowjava:58) at weblogicapplicationintemalflow.DeploymentCallbackFlow.prepare(DeployrnentCallbaciflowjava:42) at weblogIcapplicationintemal.BaseDeploymentS1.next(BaseDeploymentjava:615) at weblogicapplication.utils.StatelAachineDrivernextState(StateMachineDriver.java:37) at weblogicapplication.intemaleaseDeploymentprepare(BaseDeploymentjava:191) at weblogicapplication.internal.SingleModuleDeploymentprepare (SingleModuleDeplornentjava:16) at weblogic.application.intemal.DeploymentStateChecketprepare(DeploymentStateChecker.Java:155) at weblogic.deployintemallargetserverAppContainerInvoker.prepare(AppContainerInvoker.Java:60) at weblogIc.deployintematargetservecoperationsActivateOperation.aeateAndPrepareContainer(AcbvateOperationjava:197) at weblogitdeployintemattargetserver.operationsActivaleOperation.doPrepare(ActrvateOperabon.java:89) at webloglc.deployintemattargetservecoperations.AbstractOperation.prepare(AbstradOperationava:217) at weblogic.deploy.intemattargetserver.DeploymentManagethandleDeploymentPrepare(DeploymentManager.Java.723) at weblogltdeployintemattarg etserverDeploymentklanagerprepareDeploymentList(DeploymentManagerjava 1190) at webloglcdeployintemattargetserverDeploymentManagethandlePrepare(OeploymentManagerjava:248) at weblogic.deployintemattargetserver.DeployrnentServiceDispatcher.prepare(DeploymentServiceDispatcher.lava:159) at weblogic.deploy.service.intemattargetserver.DeploymentReceiverCallbackDelivererdoPrepareCallback(DeploymentReceiverCallbacicDeliveretjava:157) at weblogicdeploy.seiviceintemattargetserver.DeploymentReceiverCallbackDelivereraccessS000(DeployrnentReceiverCallbacWelivererava:12) at weblogic,deploy.seivicainternatargetserverneploymentReceiverCallbacidDelivererStrun(DeploymentReceiverCallbackDelivererjava:45) at weblogicwork.SeruningWorkthianagerImpl5WorkAdapterimpl. run(SelffuningWorkManagerImpljava:516) at weblogicwortExecuteThread.execute(ExecuteTtireadjava:201) at weblogicwork.ExecuteThread.run(ExecuteThreadiava:173) Caused by com.bea.xml.XmlException: failed to load java type corresponding to e=weblogic-web-app@http://xmlns.orade.comtweblogic/weblogic-web-app at com.bea.staxb.runbme.intematUnmarshaiResultgetPojo8IndingType(UnmarshalResultjava:361) at com.beastaxb runtimaintematUnmarshalResultdetermineTypeForClobalElement(UnmarshalResultjava:316) at com.bea.starb.runtime.intematUnmarshalResulidetermineTypeForGlobalElement(UnmarshalResultJava:326) at com.bea.staxb.runtimaintematUnmarshalResultdetermineRootType(UnmarshalResultJava:307) at com.bea.staxb.runtimeintematUnmarshalResultunmarshalDocument (UnmarshalResultJava:158) at com.bea.staxb.runtimaintematUnmarshallerImptunmarshal(UnmarshallerImpljava:65) at weblogitdescriptorintemalliarshallerFadory51.createDescriptor(MarshallerFactornava:141) at weblogic.desaiptorSasiWescriptorManagetcreateDescriptor (BasicDescriptorklanagerjava:306) at weblogicapplicabon.descriptor.AbsVactDesalptortoader2.getDesalptorgeanFromReader(AbstractescrIptortoader2.Java:788) at weblogicapplication.descriptor.AbstractDescriptorLoader2.aeateDesaiptorBean(AbstractDescriptorLoaderZjava:409) at weblogic.applicabon.descriptor.AbsUactDesaiptorLoadealoadDescriptorEleanWithoutPlan(AbstractDescriptorLoader2java:759) at weblogic.application.desaiptorAbstractDesaiptorLoader2.1oadDescriptorSean(AbstractDescriptorloaderaJava:768) at weblogicseMetintemal.WebAppOesaiptorgetWeblogicWebApp8ean(WebAppDescriptor.java:170) at weblogicservletintemal.WebAppModule.loadOescriptor (WebAppModulajava:1194) ... 26 more weblogic.applicabon.ModuleException: Unmarshaller failed O
failed to load java type corresponding to e=weblogic-web-appightlp:/rxmlns.oracle.conVweblogiciweblogic-web-app
Please assist,
regardsHi
Hereby sending you required content of weblogic.xml for reference.
weblogic.xml
<?xml version="1.0" encoding="UTF-8" ?>
- <wls:weblogic-web-app xmlns:wls="http://www.bea.com/ns/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd http://www.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
<wls:weblogic-version>10.3.4</wls:weblogic-version>
<wls:context-root>RBOIMGR</wls:context-root>
</wls:weblogic-web-app>
Please assist
Regards -
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
How to deploy ear file with jar file and war file with different names
Hi,
As part of weblogic migration from WL 6.1 sp3 to WL 10, Iam facing some problem.
Problem:
I have one ear file(abc.ear) to deploy which contains one jar file(xyz.jar) and one war file(pqr.war).
In config.xml file of WL 6.1, it was mentioned as :
<Application Deployed="true" Name="abc" Path="./config/mydomain/applications/abc.ear">
<EJBComponent Name="xyz" Targets="myserver" URI="xyz.jar"/>
<WebAppComponent Name="pqr" Targets="myserver" URI="pqr.war"/>
</Application>.
The above is working fine.
But in config.xml file WL10,I cannot mention the same.
I need to have different application anmes for ear,jar and war.If I deploy as a ear file,the jar and war files are deployed with the same ear file name.
I tried the following options:
1) Deploying as a ear file by adding <sub-deployments>
2) Deploying both war and jar seperately which is not recommended in my application.
Please provide the content I should place in the config.xml so that everything works fine correctly.
Any help is appreciated.Hi,
As part of weblogic migration from WL 6.1 sp3 to WL 10, Iam facing some problem.
Problem:
I have one ear file(abc.ear) to deploy which contains one jar file(xyz.jar) and one war file(pqr.war).
In config.xml file of WL 6.1, it was mentioned as :
<Application Deployed="true" Name="abc" Path="./config/mydomain/applications/abc.ear">
<EJBComponent Name="xyz" Targets="myserver" URI="xyz.jar"/>
<WebAppComponent Name="pqr" Targets="myserver" URI="pqr.war"/>
</Application>.
The above is working fine.
But in config.xml file WL10,I cannot mention the same.
I need to have different application anmes for ear,jar and war.If I deploy as a ear file,the jar and war files are deployed with the same ear file name.
I tried the following options:
1) Deploying as a ear file by adding <sub-deployments>
2) Deploying both war and jar seperately which is not recommended in my application.
Please provide the content I should place in the config.xml so that everything works fine correctly.
Any help is appreciated. -
Issues with test-all role and browser security
WLS 10.3.5
I have a deployed application on Linux using a SQLAuthentication and Authorization - all is well here.
I have setup all the security (without the test-all role) and I cannot access any of the system.
If I put the test-all role in - I can access the system.
I have verified the user has all the roles (I used the example bean to display the user and roles on the menu page) and the test-all role is not in the list.
I have the menu setup to not display items unless the user has the role (this is working fine - SecurityContext.inRole(rolelist).
So the context is fine.
I used jazn-data to set the same roles in the taskflows - this is not working at all unless the test-all role is set - I get authorization errors - not authorized).
Have I missed something in this?
I have also noticed that if I close the browser (X) without logging out and come back into the system the authentication is totally bypassed and I go back in as the same user as before.
Is there some way to destroy the previous context every time the welcome screen is executed.Add the following parameters to the Run options for the ViewController project:
-Djps.auth.debug=true -Djps.auth.debug.verbose=true
Then restart WebLogic, run the app and watch the console - you'll see all the security evaluations take place which should help you to identify the problem. -
Maven scripts for deploying WAR into Weblogic
Hello Folks,
I would need some help in deploying EAR/WAR into weblogic server.
I already have maven scripts for building but not for deploying. your help is appreciated.
Thanks.Hi Ank2cool,
Please see my findings, I have tested the Same "build.xml" again...My AdminServer
UserName is weblogic
and
password is weblogic
<project name="webservices-hello_world" default="deploy">
<property name="wls.username" value="weblogic" />
<property name="wls.password" value="weblogic" />
<property name="wls.hostname" value="localhost" />
<property name="wls.port" value="7001" />
<property name="wls.server.name" value="AdminServer" />
<target name="deploy">
<wldeploy action="deploy" name="PlanDemoEAR" source="PlanDemoEAR" user="${wls.username}"
password="${wls.password}1" verbose="true" adminurl="t3://${wls.hostname}:${wls.port}" targets="${wls.server.name}" />
</target>
</project>
Now when i run the AANT task ant deploy
OUTPUT:
Buildfile: build.xml
deploy:
[wldeploy] weblogic.Deployer -verbose -noexit -name PlanDemoEAR -source C:\JavaTest\PlanDemo\PlanDemoEAR -targets Admin
Server -adminurl t3://localhost:7001 -user weblogic -password ******** -deploy
[wldeploy] weblogic.Deployer invoked with options: -verbose -noexit -name PlanDemoEAR -source C:\JavaTest\PlanDemo\Pla
nDemoEAR -targets AdminServer -adminurl t3://localhost:7001 -user weblogic -deploy
[wldeploy] <Dec 21, 2009 2:08:33 PM IST> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating deploy operation for app
lication, PlanDemoEAR [archive: C:\JavaTest\PlanDemo\PlanDemoEAR], to AdminServer .>
[wldeploy] Task 1 initiated: [Deployer:149026]deploy application PlanDemoEAR on AdminServer.
[wldeploy] Task 1 completed: [Deployer:149026]deploy application PlanDemoEAR on AdminServer.
[wldeploy] Target state: deploy completed on Server AdminServer
[wldeploy]
[wldeploy] Target Assignments:
[wldeploy] + PlanDemoEAR AdminServer
BUILD SUCCESSFUL
========================TO REPRODUCE YOUR ISSUE I JUST CHANGED THE Password from weblogic to "*weblogic1*" or *"weblogic "* (i added a Single Space at the end of password) in the ANT script....But Server's Actual Password is still "weblogic"=======
OUTPUT:
[wldeploy] Caused by: java.lang.SecurityException: User: weblogic, failed to be authenticated.
[wldeploy] at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:116)
[wldeploy] at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke(Unknown Source)
[wldeploy] at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
[wldeploy] at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
[wldeploy] at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
[wldeploy] at weblogic.security.service.SecurityManager.runAs(Unknown Source)
[wldeploy] at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
[wldeploy] at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
[wldeploy] at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
[wldeploy] at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
BUILD FAILED
C:\JavaTest\PlanDemo\build.xml:12: weblogic.Deployer$DeployerException: weblogic.deploy.api.tools.deployer.DeployerExcep
tion: Unable to connect to 't3://localhost:7001': User: weblogic, failed to be authenticated.. Ensure the url represents
a running admin server and that the credentials are correct. If using http protocol, tunneling must be enabled on the admin server.
Total time: 0 seconds
Above is exactly the same error what u are getting...
So please recheck the password provideed in the "build.xml" is correct..or any space added before or after the Password.....
Thanks
Jay SenSharma
http://jaysensharma.wordpress.com (WebLogic Wonders Are Here) -
Associate roles and permissions to users that existe on a database
Hi,
i want realise a secure authentification i used ADF Configuration but i found out that i cant bring my users from my database. i can just create new users with roles in Jdeveloper.
do you how we can bring users to Jdeveloper and associate to them roles and permission ?i found this tutorial that is that what i did :
1. Start up weblogic server (Run .. Start Server Instance)
2. Log on to weblogic console ( http://localhost:7101/console/ )
3. Use default username/password weblogic/weblogic1
4. Create a datasource to connect to the schema where the authenticating database tables are (Services .. JDBC .. Data Sources)
5. Use unique name for datasource. Use JINDI name of jdbc/
6. Enter database name, schema name and password and test
7. Add new Authentication provider (Security Realms .. myrealm .. Providers .. New)
8. Enter datasource name, type SQLAuthenticator click Ok
9. Going back into provider, change control flag to Sufficient
10. Select Provider Specific tab and choose Plaintext passwords, password algorithm SHA-1
11. Shut down weblogic
12. Edit config.xml file in JDEV_DIR/system11.1.1.2.36.55.36/DefaultDomain/config and replace sql authenticator sql statements with those from web blog
13. Restart weblogic.
14. Go to users/groups tab in securty realm and view users and groups imported from database
15. Set control flag for other providers to "Sufficient"
source : http://brent.hmdclinical.com/2010/03/using-database-tables-as-weblogic.html
but the step 12 i dont know what i need to change and with what ? -
Confused about the role of ejbc in Weblogic 7
Howdy All
Here is my understanding of the role of ejbc in Weblogic 7:
* Let's assume I have a JAR containing an EJB (let's say a stateless session bean).
Let's call this the no-ejbc-JAR.
1. I run the no-ejbc-JAR through ejbc to create the container-ejbc-JAR which can
now be deployed in Weblogic.
2. I can run ejbc against the no-ejbc-JAR to create a client-ejbc-JAR for use
by clients wishing to access and use the EJB.
Questions...
MUST I run the no-ejbc-JAR through ejbc (to create the container-ejbc-JAR) before
it can be deployed in Weblogic 7?
If so, why?
I can sort of see why this may be necessary from the containers perspective, although
I would have thought the ejbc process could have been automatically applied by
Weblogic to no-ejbc-JARs being deployed.
But I am confused as to why ejbc would need to be used to create a client-ejbc-JAR.
From the client's perspective, isn't it simply enough to have the no-ejbc-JAR
(or a subset of the no-ejb-JAR) containing the EJB home and remote interfaces
(along with any non-ejbc generated support classes)? For use by the client, why
would it be necessary to run the no-ejbc-JAR through ejbc to create a client-ejbc-JAR?
Or do I have an incorrect understanding of the role of ejbc?
Thanks,
RobHello Rob,
I will try to clarify a couple of your concerns. First of all, if your EJB jar
contains CMP 2.0 entity beans, the underlying JDBC implementations must be generated
for your respective abstract classes of the entity beans. EJBC will generate this
for you automatically. Also, the EJBC utility generates all of the other necessary
server classes that WebLogic requires for deploying your EJBs (such as custom
code for handling transactions, security, and other EJB services). When your EJB
utilizes remote home/component interfaces, the utility will also generate all
of the necessary client-side proxy and server-side byte code by running the RMI
compiler on your EJBs. In addition to the above code generation that takes place,
EJBC also checks all of your EJBs and makes sure that they are written according
to the EJB specification. This way you will always be sure that your EJBs will
be deployable on BEA WebLogic if EJBC returns with no error messages. You also
asked if EJBC must be run manually before deploying the EJBs. If you run your
application in exploded directory format, WebLogic will automatically invoke the
EJBC utility prior to deploying your EJBs. Please refer to the links below for
more information about the EJBC utility as well as deploying your application
in exploded directory format:
http://edocs.bea.com/wls/docs70/ejb/EJB_utilities.html#1075296
http://edocs.bea.com/wls/docs70/programming/deploying.html#1125152
Also, feel free to examine the code that EJBC generates to gain a better feel
for what's happening behind the scenes. Also, please be aware that ejbc has been
deprecated in WebLogic 8.1, in favor of the appc utility:
http://edocs.bea.com/wls/docs81/ejb/EJB_tools.html#1096936
Best regards,
Ryan LeCompte
[email protected]
http://www.louisiana.edu/~rml7669
"Rob Young" <[email protected]> wrote:
>
Howdy All
Here is my understanding of the role of ejbc in Weblogic 7:
* Let's assume I have a JAR containing an EJB (let's say a stateless
session bean).
Let's call this the no-ejbc-JAR.
1. I run the no-ejbc-JAR through ejbc to create the container-ejbc-JAR
which can
now be deployed in Weblogic.
2. I can run ejbc against the no-ejbc-JAR to create a client-ejbc-JAR
for use
by clients wishing to access and use the EJB.
Questions...
MUST I run the no-ejbc-JAR through ejbc (to create the container-ejbc-JAR)
before
it can be deployed in Weblogic 7?
If so, why?
I can sort of see why this may be necessary from the containers perspective,
although
I would have thought the ejbc process could have been automatically applied
by
Weblogic to no-ejbc-JARs being deployed.
But I am confused as to why ejbc would need to be used to create a client-ejbc-JAR.
From the client's perspective, isn't it simply enough to have the no-ejbc-JAR
(or a subset of the no-ejb-JAR) containing the EJB home and remote interfaces
(along with any non-ejbc generated support classes)? For use by the client,
why
would it be necessary to run the no-ejbc-JAR through ejbc to create a
client-ejbc-JAR?
Or do I have an incorrect understanding of the role of ejbc?
Thanks,
Rob -
Confusion on Roles and Policies
Dear Friends,
Now i try to understand the what is weblogic and how its component are working .But i have confused with the roles and policies concept in security realm.My Scenario:I have created the one user and assign this user to the monitoring group.Then i want this user to start and stop servers also.So i create the role and policy in managed server security option.But it is not working .I know this is very simple question but i stuck this in many days even i referring the document..I am not able to put my post on security space .So please guide me for creating the roles and policies with example scenario or any documents
Thanks & Regards,
Ove.
Message was edited by: Ovethe oracle documentation explains this question:
https://docs.oracle.com/cd/E57014_01/wls/WLACH/taskhelp/security/UseRolesAndPoliciesToSecureResources.html
https://docs.oracle.com/middleware/1212/wls/ROLES/understdg.htm#ROLES120
Check this link too:
https://thecattlecrew.wordpress.com/2014/08/07/it-security-part-7-weblogic-server-roles-role-mapping-and-configuring-a-role-mapping-provider/ -
Weblogic 10 jaas and login.jsp and web.xml/weblogic.xml security constaints
Hello,
I struggled through and got the examples.security.jaas.SampleCallbackHandler.java and examples.common.utils.ExampleUtils.java/ExampleConstants.java into eclipse where they compile. A bean I made can call SambleCallbackHandler like such:
mybean.logmein(username,password,url). I can then do a mybean.getStatus() or even a mybean.returnCode(). It does seem to correctly identlify that it is authenticating me (I see in stdout logs that it shows success or failures. The problem I have is I do not know how to apply this weblogic and web.xml/weblogic.xml so that if authentication works it redirects me to the page requiring the authentication. In web.xml I have the following set up:
<security-role>
<role-name>Admins</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/badlogin.html</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>empower</web-resource-name>
<description>These pages are only accessible by authorized users.</description>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access</description>
<role-name>Administrators</role-name>
</auth-constraint>
<user-data-constraint>
<description>This is how the user data must be transmitted</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
My weblogic.xml has:
<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">
<wls:security-role-assignment>
<wls:role-name>Admins</wls:role-name>
<wls:principal-name>Administrators</wls:principal-name>
<wls:principal-name>dashap</wls:principal-name>
</wls:security-role-assignment>
</wls:weblogic-web-app>
With this set up, if I try to go to a page in /admin folder in my application, it correctly pops up the login page. The jaas in the bean is doing a loginContext.login(), which I thought does authentication too, but it never goes back to the /admin page I was going to that needed the authentication. With jaas, can I not use the web.xml FORM security option? Do I Need to use j_security in the login.jsp's form's action= option and j_username and j_password for the input type names? How do I use j_username/j_password things if I am using jaas? I could just ignore using the web.xml security stuff and put something in the pages that need authentication, but it would be easier if I could use jaas with the security featurs without doing all that. Note that my code above is using a realm called default just because that was what was in the example I got from the web. Does that need to be something else?Hi John,
I would like magic of course. However, in this case I want something special: my authentication provider uses special means and contents of headers, cookies and service from external identity management systems to determine the user's identity.
I do not want the application to present the login dialog! I want to derive the identity and the fact that the user is logged in from whatever the authentication provider returns in terms of Subject.
Ideally, the flow is something like:
- user accesses an unprotected resource - resource is shown, no interaction with authentication provider
- user presses a link or button that takes him/her to a protected resource
- the authentication provider is contacted to work with the identity asserter to establish the identity of the current user and create a subject object for this user
- the application can access the subject and principals
- ADF Security recognizes the identity and the roles (based on the principals) and coordinates access based on this.
the authentication method is client certificate. presumably this prompts WebLogic/OPS to use an identity asserter to work with custom headers and cookies ("... when you configure a web application to use CLIENT-CERT authentication. In this case, WebLogic can perform identity assertion based on values from request headers and cookies. If the header name or cookie name matches the active token type for the provider, the value is passed to the provider."). No login form should be presented to the user, as all information required to perform the authentication is already available.
I am trying to understand what I must do to have the ADF application adopt the subject set by the authentication provider - if anything?!
If you more ideas to share - I would love to hear them.
best regards,
Lucas -
Doing method names, roles and principal bindings dynamically
Hi,
We are using Weblogic 6.0 and have a question about Weblogic security and EJBs.
In Weblogic EJB security methods are mapped to roles in the EJB deployment descriptor
and roles are mapped to principals in the Weblogic deployment descriptors. All
this is statically defined.
The bindings frrom roles to principals in Weblogic deployment descriptors are
a tad to static for us. Is it possible to implement this dynamically through ACLs
or anything. I've tried to implement the 'Realm.getAcl(...)', but it doesn't seem
to want to use my ACLs and I really don't know what permissions that I should
implement in them. Does anyone know of any documents describing this?
Likewise we also wonder if we can dynamically map the method names to roles which
today are described in EJB deployment descriptors and how is that done?
have a nice day
ThorÅge
Telenor Mobil, Tlf: 22 78 47 59, Mob: 95 94 75 64, [email protected]
"All suspects are guilty! Otherwise they wouldn't be suspects; would they?"OK, a partial answer for the accessor name issue is this (inline JAXB used for brevity; external declarations probably better in practice):
1) change your schema root element to
<xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:jxb="http://java.sun.com/xml/ns/jaxb"
jxb:version="1.0"2) do NOT modify the products element definition
3) instead, modify the product element definition to
<xs:element name="product">
<xs:annotation>
<xs:appinfo>
<jxb:property name="productList"/>
</xs:appinfo>
</xs:annotation>
<xs:complexType>
</xs:complexType>
</xs:element>Then the JAXB autogenerated .java file for the products element (Products.java) will have an accessor method named getProductList as desired.
But all is not totally well: suppose that that product element is used not only inside the products element, but is also used inside the foo element where it has
minOccurs="1" maxOccurs="1"Then it will not be represented in Foo.java as a List<Product> field, but instead will be a simple reference to a Product. However, its name will misleadingly be given as productList.
So JAXB bindingd are not really a cure: it looks like JAXB needs to add smarts to its code generator.
Another thing that the JAXB code generator needs to do is not only dump lazy initialization, but it should use minOccurs values of > 16 to initialize, say, ArrayList fields to larger sizes to minimize resizings since you know that more than the default number of items will be in the ArrayList. -
Display portal role and content
We have portal support people that support many other users. To support these users with live problems, they need to be able to see the portal navigation and content that their supported users see. They don't need to actually run transactions, they just need to see the content etc. In most cases, these support people do not perform these other roles, so these other tabs (50+) are not on the support people's top-level navigation.
Any thoughts on how to do this? It would be great if some sort of application could dynamically display a role and all it's portal content.
Thank you for your thoughts.
KevinKevin, There is no out of the box solution for your scenario, check this blog by Prakash Singh : <a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2080">Click Here</a>
Regards,
Tegala
Maybe you are looking for
-
Time machine is not working on imac intel i7
I just got a new imac intel core i7 which is an upgrade from my power mac G4 MDD which I got in 2003. I transferred all the information from the power G4 using time machine and it worked fine. I then upgraded the OS to 10.6.4 given imac is intel core
-
Oracle SQL Query from EXCEL 2007 with prompt
Hello, I have many excel reports where I am pulling information from our Oracle 9 db through Excel using the following method: http://blog.mclaughlinsoftware.com/microsoft-excel/how-to-query-oracle-from-excel-2007/ http://blog.mclaughlinsoftware.com/
-
Error in XML Gateway Processing - java.lang.OutOfMemoryError
Hi All, We have B2B Customizations for Processing Orders in our Applications . While an Inbound Document(ORDERSTATUS Document) got processed in our Application, we could find the Document being errored out in XML gateway with the following errors: (N
-
I made a mistake in my macbook air now in my macbook air showing windows how can i put it back again to macbook air
-
Why zo my z3 suddenly shut down and then restarts? I have experienced it several times at about 4-5 o'clock in the night. very disturbing! Solved! Go to Solution.