Start Tomcat 5.5 with Security Manager

Recently, i have installed Tomcat version 5.5.8 but i have problem to start tomcat with a Securiy manager.
For Tomcat version 4.xx we could start Tomcat with SecurityManager by using the "-security" option at "%CATALINA_HOME%\bin\startup.bat" after configured the catalina.policy file.
But i couldn't do so at Tomcat 5.5.8. Any idea? Many Thanks.

Start it yourself with
java -Dcatalina.home=$CATALINA_HOME -Djava.security.manager -Djava.security.policy=="your.policy" -cp your.classpath org.apache.catalina.startup.Bootstrap
Cheers,
Arnaud

Similar Messages

Rmi with security manager not working in netbeans

Hello i'm trying to use rmi but get the error java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve) when i run it in netbeans. here is my code
public static void main(String[] args) {
        if (System.getSecurityManager() == null) {
            System.setSecurityManager(new SecurityManager());
        try {
            String name = "Compute";
            Compute engine = new ComputeEngine();
            Compute stub =
                (Compute) UnicastRemoteObject.exportObject(engine, 0);
            Registry registry = LocateRegistry.getRegistry();
            registry.rebind(name, stub);
            System.out.println("ComputeEngine bound");
        } catch (Exception e) {
            System.err.println("ComputeEngine exception:");
            e.printStackTrace();
    }It works if i don't have a security manager and it works with a security manager if i don't use netbeans to run it and use the command line. i need to use a secuirty manager because the client code is running in eclipse and it moans that there is no security manager if i run it without one
this is the error i get when running with no security manager
java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
     java.lang.ClassNotFoundException: takenoteremote.Compute (no security manager: RMI class loader disabled)
Please help

I have sort of got it to work, i took out the security manager and used the code base parameter on the command line, and put my interface into a jar file. I can only get it to work though on the command line, if i run it in netbeans it doesn't find the class in the jar file it needs.
Any ideas?

Business Objects XI R2 SP2 with Tomcat and Security Manager enabled

XI R2 SP2 Unix server:
I need to start the tomcat that is embedded in Business Objects with Security Manager enabled. Is there a writeup on how to do that? This changes the port that tomcat runs on, so do I just change all references to the port that it is currently running? Is it that simple?
Thanks for any advice!

It sounds like an issue that would need to be troubleshot by an engineer. Can you open a message with support?
Cluster members for client tools are defined in the windows registry. Does infoview work?
Regards,
Tim

Problem with starting Tomcat in debug Mode, Win XP

Hi,
if i go to cmd and C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin
and write: catalina jpda start, it says
C:\Documents and Settings\bartek>cd C:\Program Files\Apache Software Founda
C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin>catalina jpda start
Using CATALINA_BASE: C:\Program Files\Apache Software Foundation\Tomcat 5
Using CATALINA_HOME: C:\Program Files\Apache Software Foundation\Tomcat 5
Using CATALINA_TMPDIR: C:\Program Files\Apache Software Foundation\Tomcat 5
Using JAVA_HOME: C:\j2sdk1.4.2_09
C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin>
And it finishes.... Server is off
If i write: catalina start , new Tomcat window opens and the server starts
This is my catalina.bat
@echo off
if "%OS%" == "Windows_NT" setlocal
rem ---------------------------------------------------------------------------
rem Start/Stop Script for the CATALINA Server
rem
rem Environment Variable Prequisites
rem
rem   CATALINA_HOME   May point at your Catalina "build" directory.
rem
rem   CATALINA_BASE   (Optional) Base directory for resolving dynamic portions
rem                   of a Catalina installation. If not present, resolves to
rem                   the same directory that CATALINA_HOME points to.
rem
rem   CATALINA_OPTS   (Optional) Java runtime options used when the "start",
rem                   "stop", or "run" command is executed.
rem
rem   CATALINA_TMPDIR (Optional) Directory path location of temporary directory
rem                   the JVM should use (java.io.tmpdir). Defaults to
rem                   %CATALINA_BASE%\temp.
rem
rem   JAVA_HOME       Must point at your Java Development Kit installation.
rem
rem   JAVA_OPTS       (Optional) Java runtime options used when the "start",
rem                   "stop", or "run" command is executed.
rem
rem   JSSE_HOME       (Optional) May point at your Java Secure Sockets Extension
rem                   (JSSE) installation, whose JAR files will be added to the
rem                   system class path used to start Tomcat.
rem
rem   JPDA_TRANSPORT (Optional) JPDA transport used when the "jpda start"
rem                   command is executed. The default is "dt_shmem".
rem
rem   JPDA_ADDRESS    (Optional) Java runtime options used when the "jpda start"
rem                   command is executed. The default is "jdbconn".
rem
rem $Id: catalina.bat,v 1.9.2.1 2004/08/21 15:49:47 yoavs Exp $
rem ---------------------------------------------------------------------------
rem Guess CATALINA_HOME if not defined
set CURRENT_DIR=%cd%
if not "%CATALINA_HOME%" == "" goto gotHome
set CATALINA_HOME=%CURRENT_DIR%
if exist "%CATALINA_HOME%\bin\catalina.bat" goto okHome
cd ..
set CATALINA_HOME=%cd%
cd %CURRENT_DIR%
:gotHome
if exist "%CATALINA_HOME%\bin\catalina.bat" goto okHome
echo The CATALINA_HOME environment variable is not defined correctly
echo This environment variable is needed to run this program
goto end
:okHome
rem Get standard environment variables
if exist "%CATALINA_HOME%\bin\setenv.bat" call "%CATALINA_HOME%\bin\setenv.bat"
rem Get standard Java environment variables
if exist "%CATALINA_HOME%\bin\setclasspath.bat" goto okSetclasspath
echo Cannot find %CATALINA_HOME%\bin\setclasspath.bat
echo This file is needed to run this program
goto end
:okSetclasspath
set BASEDIR=%CATALINA_HOME%
call "%CATALINA_HOME%\bin\setclasspath.bat"
rem Add on extra jar files to CLASSPATH
if "%JSSE_HOME%" == "" goto noJsse
set CLASSPATH=%CLASSPATH%;%JSSE_HOME%\lib\jcert.jar;%JSSE_HOME%\lib\jnet.jar;%JSSE_HOME%\lib\jsse.jar
:noJsse
set CLASSPATH=%CLASSPATH%;%CATALINA_HOME%\bin\bootstrap.jar
if not "%CATALINA_BASE%" == "" goto gotBase
set CATALINA_BASE=%CATALINA_HOME%
:gotBase
if not "%CATALINA_TMPDIR%" == "" goto gotTmpdir
set CATALINA_TMPDIR=%CATALINA_BASE%\temp
:gotTmpdir
rem ----- Execute The Requested Command ---------------------------------------
echo Using CATALINA_BASE:   %CATALINA_BASE%
echo Using CATALINA_HOME:   %CATALINA_HOME%
echo Using CATALINA_TMPDIR: %CATALINA_TMPDIR%
echo Using JAVA_HOME:       %JAVA_HOME%
set _EXECJAVA=%_RUNJAVA%
set MAINCLASS=org.apache.catalina.startup.Bootstrap
set ACTION=start
set SECURITY_POLICY_FILE=
set DEBUG_OPTS=
set JPDA=
if not ""%1"" == ""jpda"" goto noJpda
set JPDA=jpda
if not "%JPDA_TRANSPORT%" == "" goto gotJpdaTransport
set JPDA_TRANSPORT=dt_socked
:gotJpdaTransport
if not "%JPDA_ADDRESS%" == "" goto gotJpdaAddress
set JPDA_ADDRESS=8000
:gotJpdaAddress
shift
:noJpda
if ""%1"" == ""debug"" goto doDebug
if ""%1"" == ""run"" goto doRun
if ""%1"" == ""start"" goto doStart
if ""%1"" == ""stop"" goto doStop
if ""%1"" == ""version"" goto doVersion
echo Usage: catalina ( commands ... )
echo commands:
echo   debug             Start Catalina in a debugger
echo   debug -security   Debug Catalina with a security manager
echo   jpda start        Start Catalina under JPDA debugger
echo   run               Start Catalina in the current window
echo   run -security     Start in the current window with security manager
echo   start             Start Catalina in a separate window
echo   start -security   Start in a separate window with security manager
echo   stop              Stop Catalina
echo   version           What version of tomcat are you running?
goto end
:doDebug
shift
set _EXECJAVA=%_RUNJDB%
set DEBUG_OPTS=-sourcepath "%CATALINA_HOME%\..\..\jakarta-tomcat-catalina\catalina\src\share"
if not ""%1"" == ""-security"" goto execCmd
shift
echo Using Security Manager
set SECURITY_POLICY_FILE=%CATALINA_BASE%\conf\catalina.policy
goto execCmd
:doRun
shift
if not ""%1"" == ""-security"" goto execCmd
shift
echo Using Security Manager
set SECURITY_POLICY_FILE=%CATALINA_BASE%\conf\catalina.policy
goto execCmd
:doStart
shift
if not "%OS%" == "Windows_NT" goto noTitle
set _EXECJAVA=start "Tomcat" %_RUNJAVA%
goto gotTitle
:noTitle
set _EXECJAVA=start %_RUNJAVA%
:gotTitle
if not ""%1"" == ""-security"" goto execCmd
shift
echo Using Security Manager
set SECURITY_POLICY_FILE=%CATALINA_BASE%\conf\catalina.policy
goto execCmd
:doStop
shift
set ACTION=stop
goto execCmd
:doVersion
%_EXECJAVA% -classpath "%CATALINA_HOME%\server\lib\catalina.jar" org.apache.catalina.util.ServerInfo
goto end
:execCmd
rem Get remaining unshifted command line arguments and save them in the
set CMD_LINE_ARGS=
:setArgs
if ""%1""=="""" goto doneSetArgs
set CMD_LINE_ARGS=%CMD_LINE_ARGS% %1
shift
goto setArgs
:doneSetArgs
rem Execute Java with the applicable properties
if not "%JPDA%" == "" goto doJpda
if not "%SECURITY_POLICY_FILE%" == "" goto doSecurity
%_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:doSecurity
%_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:doJpda
if not "%SECURITY_POLICY_FILE%" == "" goto doSecurityJpda
%_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% -Xdebug -Xrunjdwp:transport=%JPDA_TRANSPORT%,address=%JPDA_ADDRESS%,server=y,suspend=n %DEBUG_OPTS% -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:doSecurityJpda
%_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% -Xrunjdwp:transport=%JPDA_TRANSPORT%,address=%JPDA_ADDRESS%,server=y,suspend=n %DEBUG_OPTS% -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:end

paths with spaces in them are a problem. surround them with quotes and see if that helps.
why does the Java /bin appear twice?
why don't you use the JAVA_HOME variable that you set? don't repeat yourself.
%

Starting tomcat with bootstrap.jar

I want to start Tomcat 4.1 with bootstrap.jar and calling the main function from my simple java program. How can I do it and what all parameters are required by the main function so that it can start the Tomcat?
Can I supply the catalina.policy file while starting it up?

Thanks for the reply. I downloaded the tar.qz and move it to /usr/local/
with apache-tomcat-6.0.18 at the root
I've always done things without netbeans IDE. I just like the netbeans because it came with tomcat.
I get the following error when I start tomcat
tma apache-tomcat-6.0.18 # /usr/local/apache-tomcat-6.0.18/bin/startup.sh
Using CATALINA_BASE: /usr/local/apache-tomcat-6.0.18
Using CATALINA_HOME: /usr/local/apache-tomcat-6.0.18
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-6.0.18/temp
Using JRE_HOME: /etc/java-config-2/current-system-vm
touch: cannot touch `/usr/local/apache-tomcat-6.0.18/logs/catalina.out': No such file or directory
/usr/local/apache-tomcat-6.0.18/bin/catalina.sh: line 292: /usr/local/apache-tomcat-6.0.18/logs/catalina.out: No such file or directory
#cwc 090129
export CATALINA_HOME=/usr/local/apache-tomcat-6.0.18
export PATH=$PATH:$CATALINA_HOME/bin
Edited by: cwcoleman on Jan 30, 2009 5:38 AM
Edited by: cwcoleman on Jan 31, 2009 8:02 AM

Cisco Security Manager, need global search, i.e. filters are not good at all

Does anybody know how to work effectively with security manager and filtering?
It is extremely time consuming and frustrating to work with Cisco Security Manager in regards to search for entries or filter. I have not been able to find some kind of global search, is there?
How do other people cope with this?

It appears to have been a temporary issue as the backup is running fine again now... closing the thread.

Disabling the Security Manager

When the J2EE 1.4 refernce server is running with the Security Manager disabled the web based admin console stops working (some sort of JACC error),although asadmin seems to work fine. Which leads to a few questions :
1. Is there a way to disable the Security Manager and use the web console ?
2. Are there other downstream effects to running the server without the Security Manager enabled ? What other features can/will fail?
Its nice to see Sun putting an emphasis on out of the box security, but using the Security Manager is a real pain during development and is overkill for alot of internal deployments.

Hi,
There is no mechanism to disable the SecurityManager in J2EE 1.4. JACC (JSR115) is a new spec that went into 1.4 that allowed for plugging authorization provider in the J2EE. This spec makes it mandatory for us to have the security manager on all the time.
If you turn off the security manager, the web console should not work properly as it is a web app and has security permissions defined that are interpreted by our JACC provider.
Downstream effects of running the server with security manager disabled, will mean that all checks that we have as part of the server policy will fail and ofcourse all applications that use authorization checks will fail too.
We have spent considerable time from this release to improve the performance of the system with the security manager enabled. You should look out for the next release coming out that will have these optimizations.

Installing Cisco Security Manager

I would like to uninstall and reinstall my Cisco Security Manager 3.0 since 3.1 has been taken off the market for the time being.
Is there a step by step process that I would have to take to install this with standard install, Service packs and patches?
In a nutshell, I would like to do a complete reinstall and be fully operational when completed.
Thanks

Cisco Security Manager (Security Manager) enables you to configure, deploy, and manage services and policies on Cisco security devices. With Security Manager, you can provision VPN and firewall services across multiple, different device types, including IOS routers, firewall devices (PIX and ASA), Catalyst 6500/7600 devices, and Catalyst security services modules (VPN, FWSM, and so on). On some device types, you can also provision platform-specific settings such as QoS, SNMP, and routing, even though these settings are not necessarily security settings.

Trouble with java security manager

I have set up a security manager for my webapp running on Tomcat. The application enables the user to write his own scripts using Javascript, that's why I need to set up a security manager.
Using Rhino as script interpreter, it is possible to use the standard java security mechanisms, e.g. using the security manager to handle the scripts' rights.
I've added the following lines to my policy file:
// give server all rights
grant codeBase "file:webapp/WEB-INF/-" {
     permission java.security.AllPermission;
//rights granted to scripts
grant codeBase "file:restrictedClient" {
     permission java.io.FilePermission "webapp/WEB-INF/lib/js.jar", "read";
I've assigned the scripts to the "restrictedClient" code base. However, the script execution fails as the script does not have the permission to access or define classes of any package (even standard java packages like java.lang or java.math).
In java.security, I have found the following comment:
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#package.definition=
I now wonder, why the checkPackageDefinition is checked though there's no entry for any package to be checked.
Extending the policy file like
grant codeBase "file:restrictedClient" {
     permission java.lang.RuntimePermission "accessClassInPackage.webapp/WEB-INF/classes/org/mozilla/javascript";
     permission java.io.FilePermission "webapp/WEB-INF/lib/js.jar", "read";
     permission java.lang.RuntimePermission "defineClassInPackage.java.io";
     permission java.lang.RuntimePermission "defineClassInPackage.java.util";
     permission java.lang.RuntimePermission "defineClassInPackage.java.net";
     permission java.lang.RuntimePermission "defineClassInPackage.java.sql";
     permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
     permission java.lang.RuntimePermission "defineClassInPackage.java.math";
     permission java.lang.RuntimePermission "de.methodpark.pkit.facade.impl";
works, but an unpleasant feeling remains :-).
Rhino creates an own classloader for script execution. Could that be the source of the strange behaviour?
Any help would be appreciated!
Regards,
Matthias

David,
I was glad to see your post regarding WLS 9.2 and the troubles with enabling Java Security Manager.
Were you able to learn any more on things like - why doesn't the admin console work when the security manager is enabled with the default policy file. Also, why is it so difficult to add permissions for your own applications and get them to actually work.
I'd be curious to see if you were able to get it to work or if you have any insights or resources that can help with this as we are really struggling to get a restrictive policy file that works.
Thanks,
D

Add security manager into Tomcat5.sh in Tomcat 5.5.7

Hi,
I am currently running tomcat as a daemon on linux, so when the computer starts up, tomcat also starts up using the file Tomcat5.sh. Does anyone know what code i need to add to Tomcat5.sh, so it also uses the security manager?
Thanks.

I am having the same problem with heap space in tomcat 5.5. I had been using tomcat 4 without problems for a long time, but now I have upgraded to 5.5.15 I get out of memory errors. It is critial that I get this fixed. Does anyone have a solution?
Thanks, Dan

Windows 2008 r2 Cluster not starting - "unable to create security manager worker queues"

Hello, following a power outage, we got a serious cluster error preventing the start of the cluster.
We are trying to interpret the only four lines the cluster.log generates :
00000330.000016cc::2014/09/26-10:44:06.348 ERR   [WTQ] bogus file creation failed, 2
00000330.000016cc::2014/09/26-10:44:06.348 ERR   [WTQ] bogus file creation failed, 2
00000330.000016cc::2014/09/26-10:44:06.348 ERR   [CS] Unable to create SecurityManager worker queues, 2
00000330.000016cc::2014/09/26-10:44:06.363 ERR   Error 6
AND if starting clussvc manually :
Got ERROR_FILE_NOT_FOUND(2)' because of 'Error while creating the Security Manag
er's Thread Pool' in
    000007fe:fd69940d( ERROR_MOD_NOT_FOUND(126) )
    00000000:001ff190( ERROR_MOD_NOT_FOUND(126) )
We suspect a DLL problem (because of mod not found), but we are unable to find the ones involved even with process monitor.
clusdb hive seems ok.
The situation is serious, can anybody help, please ?

Hi RodV,
This error usually caused by cluster service fails to open a
handle to the \NUL device, Device manager shows the device instance in error state.
Please check whether the following register value still exist, if not please backup your current registry then add the it.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NULL\0000\CONTROL
ActiveService REG_SZ Null
I am glad to be of help to you!
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

[wls8.1 sp.3] cannot remote start with node manager on another server

In this domain run on 2 physical servers in windows 2003. In machine that has admin server can start with node manager but another machine without admin server cannot remote start . when i remote start , the node manager has facing error messages as below:
# AT "node manager monitoring" in weblogic admin console
[[NodeManager:300033]Could not execute command ping on the node manager. Reason: weblogic.nodemanager.NodeManagerException: [CommandInvoker: Failed to send command: 'ping to server 'null' to NodeManager at host: 'xxx.xxx.xxx.24:5555' with exception Connection reset by peer.. Please ensure that the NodeManager is active on the target machine].]
# AT "nodemanger.log" has facing error messages as below:
<Aug 20, 2008 7:34:07 PM ICT> <Info> <[email protected]:5555> <NodeManage r started, log messages being written into file C:\bea\WEBLOG~1\common\NODEMA~1\ NodeManagerLogs\NodeManagerInternal\nm_server02_08_20_2008-19_34_03.log>
<Aug 20, 2008 7:59:58 PM ICT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer server01 - 10.208.50.23 during SSL handsha ke.> <Aug 20, 2008 8:00:11 PM ICT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer server01 - xxx.xxx.xxx.23 during SSL handsha key.>
I would REALLY appreciate any suggestions as to what might be the cause or what i could try.
Thanks ....

Hi,
It is up to you to decide whether you want to use nodemanager or not.
It does not make any difference if the server is started via script or nodemanager.
if i want everything (AS, MS, and NM) to come up at server boot i need to set each of them up as windows services (which is what i have at the moment) but this wont allow me to use the node manager ==> Yes this statement is correct.
You can either set AS and MS as windows service (or) AS and nodemanager as service.
Thanks,
Sharmela

Getting started with Learning Management

I am just starting with learning management implementation in R12.
Can anyone tell me what are the responsibilities for learning management ?
Does Learning Management require separte licence? We have Oracle HRMS and Self-Service already implemented in our system.
When I use the responsibilities
1. Oracle Learning management Administrator
2. Learning Administrator
I see only Reports and Other Requests menu and Submit Report and View report function inside it ? I am not able to see the Catalogue, Resources, Setup functions inside the above two responsibilities.
Any help will be highly appreciated.
Thanks,
-Deb

Hi Deb,
Further to the other responses -
You need to use the responsibility Learning Administrator.
When you go into User Management assign the role of Learning Administrator to your user (make sure you pick the one which has the code UMX|OTA_LRNG_ADMIN)
In Learning Management, the role control what a user can see and do.
You can link the Responsibility to the Role (this will mean that when the Resp is assigned to the user, the Role will automatically be assigned).
You do this in User Management. Find the responsibility 'Learning Administrator' (code =FND_RESP|OTA|OTA_LEARNING_ADMINISTRATOR|STANDARD) and click 'View in Hierarchy'. Then click 'Add Node'. Search for the role Learning Administrator (code UMX|OTA_LRNG_ADMIN) and click 'Quick Select'.
Hope this helps

Securing Web Services with Access Manager

Hello All
I have installed the java_app_platform_sdk-5_04-windows.exe that comes with Acces Manager 7.1.
I want to secure a webservice, so I have created a webapplication (with netbeans 6) with a webservice inside. I have also create a web client application that calls the webservice. The providers are configured in the server and I have enabled the soap security .
When I use anonymous authentication everything works fine, but if I used any other security method the following exception arises:
[#|2008-04-29T09:41:07.343+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|AMServerAuthModule.validateRequest: Failed in Securing the Request.|#]
[#|2008-04-29T09:41:07.375+0200|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|java.lang.reflect.InvocationTargetException
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
     at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
     at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
     at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
     at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
     at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
     at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
     at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
     at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
     at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
     at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
     at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
     at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
     at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
     at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
     at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
     ... 46 more
|#]
[#|2008-04-29T09:41:07.390+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|SEC2002: Container-auth: wss: Error validating request
com.sun.enterprise.security.jauth.AuthException: Validating Request failed
     at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:188)
     at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
     at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
     at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
     at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
     at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
     at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
     at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
     at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
     at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
     at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
     at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
     at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
     at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
     at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.lang.reflect.InvocationTargetException
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
     ... 41 more
Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
     at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
     ... 46 more
|#]
It�s says something about th security mechanism is not supported. But I don�t know why. �Any idea?
Thank you

Hello again,
I am not using ssl. I am using the usernametoken or de saml-voucer mechanish and It happens in both. But with the anonymous mechanism doesnt happen.
...

Testing weblogic server with jdk1.4b3 -- how to configure login security manager?

Hi got the error I include when trying to start weblogic server sp1 with new jdk1.4b3.
Since it seems just an error of authentication, I'm wondering if it is possible
to give a correct login configuration.
It's just a test to see if we can use jdk1.4 for our next project with Bea Weblogic.
Thanks,
pakkio
D:\bea\wlserver6.0\config\mydomain>notepad startWebLogic.cmd
D:\bea\wlserver6.0>set PATH=.\bin;d:\apps\Oracle\Ora81\bin;C:\Programmi\Oracle\j
re\1.1.7\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;d:\apps\Ora
cle\Ora81\orb\bin;d:\apps\SSH
D:\bea\wlserver6.0>set CLASSPATH=d:\bea\wlserver6.0.;D:\bea\wlser
ver6.0\config\mydomain\applications\DefaultWebApp_myserver\WEB-INF\classes\lib\mail.jar;D:\bea\wlserver6.0\config\mydomain\applications\DefaultWebApp_myserver\W
EB-INF\lib\jasper.jar;.\lib\weblogic_sp.jar;.\lib\weblogic.jar
La sintassi del nome del file, della directory o del volume è incorretta.
D:\bea\wlserver6.0>"D:\apps\jdk14b3\bin\java" -hotspot -ms64m -mx64m -classpath
d:\bea\wlserver6.0\ext\crack.jar;.;D:\bea\wlserver6.0\config\mydomain\applicatio
ns\DefaultWebApp_myserver\WEB-INF\classes\lib\mail.jar;D:\bea\wlserver6.0\config
\mydomain\applications\DefaultWebApp_myserver\WEB-INF\lib\jasper.jar;.\lib\weblo
gic_sp.jar;.\lib\weblogic.jar -Dweblogic.Domain=mydomain -Dweblogic.Name=myserve
r "-Dbea.home=D:\bea" weblogic.Server
java.lang.SecurityException: Impossibile trovare una configurazione di login
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:99)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct
orAccessorImpl.java:42)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
onstructorAccessorImpl.java:30)
at java.lang.reflect.Constructor.newInstance(Constructor.java:277)
at java.lang.Class.newInstance0(Class.java:301)
at java.lang.Class.newInstance(Class.java:254)
at javax.security.auth.login.Configuration$3.run(Configuration.java:223)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuratio
n.java:217)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:172)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:169)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:395)
at weblogic.security.internal.ServerAuthenticate.main(ServerAuthenticate
.java:80)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:167)
at weblogic.Server.main(Server.java:35)
Caused by: java.io.IOException: Impossibile trovare una configurazione di login
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:208)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
... 16 more

Did you find any solution? We have the same problem: If we define a realm in weblogic-application.xml
<security>

<realm-name>dmzrealm</realm-name>
</security>
then the following exception is logged even if there is a dmzrealm in our Weblogic configuration:
weblogic.security.service.InvalidParameterException: [Security:090396]Security Realm dmzrealm does not exist
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.getSecurityServiceInternal(CommonSecurityServiceManagerDelegateImpl.java:279)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.getSecurityService(CommonSecurityServiceManagerDelegateImpl.java:225)
at weblogic.security.service.SecurityServiceManager.getSecurityService(SecurityServiceManager.java:188)
at weblogic.application.internal.flow.SecurityRoleFlow.initSecurityService(SecurityRoleFlow.java:133)
at weblogic.application.internal.flow.SecurityRoleFlow.prepare(SecurityRoleFlow.java:79)
Truncated. see log file for complete stacktrace

Start Tomcat 5.5 with Security Manager

Similar Messages

Maybe you are looking for