Unable to provide custom security impelmentation (BPELProcessValidator)
Hey Gurus,
I got a question regarding custom implementation of BPELProcessValidator class.
My project requires me to secure each Business Process hosted in Ora BPEL PM.
I have implemented my custom class MyValidator that extends BPELProcessValidator.
I would like to use this class as my security implementation. As per the documentation
I invoke the oc4j instance that hosts Oracle BPEL with a directive -Doracle.bpel.customvalidator=D:\OraBPELPM\security.properties
security.properties file contains the name of the Java class that provides the security implementation.
This does not work though. BPEL PM doesnt even try to load this class. Do let me know if I am missing
something.
Please refer to the presentation at http://www.oracle.com/technology/products/ias/bpel/pdf/bpelsecextenstionphase2.pdf
My BPEL build : 10.1.2.0.2 [build #2196 ] - type: release
I would appreciate any pointers/code/doc that would help me implement custom security provider for BPEL.
Abhijeet
Hi Clemens,
Thanks for quick reply. I got something going today. However I still have some issues. Now the BPEL engine is not able to find the class that I have implemented.
at java.lang.Thread.run(Thread.java:534)
<2006-02-28 12:31:53,296> <ERROR> <default.collaxa.cube.engine> <MessageHandle
anager::createHandler>
java.lang.ClassNotFoundException: BusinessProcess.MyValidator
at com.evermind.naming.ContextClassLoader.findClass(ContextClassLoader
ava:500)
I tried to set the class path to point to the directory that contains BusinessProcess.MyValidator class. Set up the system CLASSPATH / Put this class in OC4J Lib and alike but never got it in with the classloader.
Strange part is that through the same OC4J instace when i tried to invoke a method in this class through a JSP I got a response. This means the OC4J did have access to my class.
Will you please let me know where I should put my classes so that collaxa implementation can find it.
Also, may I know when the security tab in the BPEL domain manager will be available to external world.
Regards
Abhijeet
Similar Messages
-
The token provider was unable to provide a security token
I am configuring workflow for SharePoint 2013. For that I am creating a workflow farm and selected custom settings and selecting certificates from personal store. When I am select the option where it will auto generate the certificate configuration
successful.
while selecting the certs from personal store, configuration failed to add host to workflow farm and throwing below error
Configuring Workflow Manager runtime settings.
The token provider was unable to provide a security token while accessing 'https://hostname:9355/WorkflowDefaultNamespace/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the
SSL/TLS secure channel.'.
Thanks,
Neetu
neetuHi,
When I am trying to receive the same messages from a Azure service bus subscription using .net (C#) client,
BusSubscriberbusSubscriber =
newBusSubscriber("TestTopic2",
"Endpoint=sb://overcasb.servicebus.windows.net/;SharedSecretIssuer=owner;SharedSecretValue=wqYlT4yHZimeUZacH+1V1hj/ZrKu7zK9ELaaLYDxqjc=",
"AssetMovement",
"AssetMovement");
I am getting the same error here also.
"The token provider was unable to provide a security token while accessing 'https://overcasb-sb.accesscontrol.windows.net/WRAPv0.9/'.
Error Code: 407 Proxy Authentication Required. The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209)
By setting <defaultProxy useDefaultCredentials="true" /> in appconfig, I got rid of the above error. And now its working fine with .net(C#) client.
<configuration>
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
</configuration>
The same setting I tried in BTSNTSvc.exe config file and ofcourse restarted the host instance but still getting the same error. Any help?
gautam -
Unable to save changes in console for a custom security provider
I built a custom security provider and dropped it in the mbeantypes folder. This gets picked up by weblogic. I then try to modify the control flags and make it SUFFICIENT. I reboot the server but when i log back in the control flag is reset to OPTIONAL. It not saving the data to the xml file. We are running it on a UNIX box.
Hi,
I solved the problem by myself.
The log area was at 100%, that's why the configtool wasn't able to save my changes.
Now I changed the backup properties for the log files to AutoLog (in the Backup Wizard) and it works fine.
Best regards,
Christian -
OEPE can't launch server that uses custom Security provider
I recently migrated a Weblogic 8.1 server that we had a custom security provider for, to 10.3.2. It works fine when started with the startWeblogic.cmd file but when I try to start it using OEPE in eclipse it starts fine and runs fine but OEPE reports that
"Unable to validate WebLogic domain.Please make sure the running WebLogic instance is an Administration Server"
When I look at the Error Log it appears that it thinks one of my custom security classes is not found. But the server is running fine, so it is fine, it's on the classpath via the use of the EXT_PREPEND_CLASSPATH environment variable.
I am running Weblogic 10.3.2 on Windows XP using eclipse Ganymede 3.5.2 and OEPE version 1.5.0.201003170852
Here's the Error Log:
eclipse.buildId=
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
Created Time: 2010-05-12 14:04:01.549
Error
Thu May 13 14:25:11 EDT 2010
Server Weblogic 10.3 failed to start.
eclipse.buildId=
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
Created Time: 2010-05-12 14:04:01.549
Error
Thu May 13 14:25:10 EDT 2010
Another server (or another process) is running on the same TCP/IP port '7001'.
eclipse.buildId=
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
Created Time: 2010-05-12 14:04:01.549
Warning
Thu May 13 14:25:10 EDT 2010
Unable to validate WebLogic domain.
Please make sure the running WebLogic instance is an Administration Server
eclipse.buildId=
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
Created Time: 2010-05-12 14:04:01.549
Error
Thu May 13 14:25:10 EDT 2010
java.io.IOException
at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:187)
at weblogic.management.remote.common.ClientProviderBase.newJMXConnector(ClientProviderBase.java:81)
at javax.management.remote.JMXConnectorFactory.newJMXConnector(Unknown Source)
at javax.management.remote.JMXConnectorFactory.connect(Unknown Source)
at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.createConnector(WlsJMXHelper.java:269)
at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.connectToJMX(WlsJMXHelper.java:76)
at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.getDomainAttribute(WlsJMXHelper.java:139)
at oracle.eclipse.tools.weblogic.server.internal.WlsJ2EEDeploymentHelper.validateRemote(WlsJ2EEDeploymentHelper.java:1687)
at oracle.eclipse.tools.weblogic.server.internal.WeblogicServerBehaviour.validateRemote(WeblogicServerBehaviour.java:2646)
at oracle.eclipse.tools.weblogic.server.internal.ServerWatcher.runOnce(ServerWatcher.java:574)
at oracle.eclipse.tools.weblogic.server.internal.ServerWatcher.run(ServerWatcher.java:482)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.CommunicationException [Root exception is weblogic.rjvm.PeerGoneException: ; nested exception is:
weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:74)
at weblogic.jndi.internal.WLContextImpl.translateException(WLContextImpl.java:452)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:408)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:393)
at javax.naming.InitialContext.lookup(Unknown Source)
at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:170)
... 11 more
Caused by: weblogic.rjvm.PeerGoneException: ; nested exception is:
weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at weblogic.jndi.internal.ServerNamingNode_1032_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:405)
... 14 more
Caused by: weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream
at weblogic.rjvm.RJVMImpl.gotExceptionReceiving(RJVMImpl.java:957)
at weblogic.rjvm.ConnectionManager.gotExceptionReceiving(ConnectionManager.java:1030)
at weblogic.rjvm.MsgAbbrevJVMConnection.gotExceptionReceiving(MsgAbbrevJVMConnection.java:459)
at weblogic.rjvm.t3.MuxableSocketT3.hasException(MuxableSocketT3.java:327)
at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:784)
at weblogic.socket.SocketMuxer.deliverHasException(SocketMuxer.java:724)
at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:359)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
at weblogic.work.ExecuteRequestAdapter.execute(ExecuteRequestAdapter.java:21)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
Caused by: java.lang.AssertionError: Exception creating response stream
at weblogic.rjvm.MsgAbbrevJVMConnection.readMsgAbbrevs(MsgAbbrevJVMConnection.java:238)
at weblogic.rjvm.MsgAbbrevInputStream.init(MsgAbbrevInputStream.java:173)
at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:439)
at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:322)
at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:915)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:844)
at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:335)
... 4 more
Caused by: java.lang.ClassNotFoundException: com.companyname.security.principal.CompanyNameWebLogicPrincipal
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at java.io.ObjectInputStream.resolveClass(Unknown Source)
at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
at java.io.ObjectInputStream.readClassDesc(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at java.util.LinkedList.readObject(Unknown Source)
at sun.reflect.GeneratedMethodAccessor46.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
at java.io.ObjectInputStream.defaultReadObject(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.readObject(AuthenticatedSubject.java:406)
at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at weblogic.rjvm.InboundMsgAbbrev.readObject(InboundMsgAbbrev.java:65)
at weblogic.rjvm.InboundMsgAbbrev.read(InboundMsgAbbrev.java:37)
at weblogic.rjvm.MsgAbbrevJVMConnection.readMsgAbbrevs(MsgAbbrevJVMConnection.java:227)
... 11 moreI am also facing the same issue.
i am running my web service program on tomcat. the server is weblogic 9.1. I am trying to invoke the EJBs running on the server from the tomcat.
i am getting similar exception. anyone got a solution for this ?
Caused by: weblogic.rjvm.PeerGoneException: ; nested exception is:weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
thanks
Kiranlal. -
Custom security provider exception
Good day, colleagues. I want to raise an old topic.
I use custom security provider exceptions:
-AccountExpiredException
-AccountLockedException
However, the login() method only captures FailedLoginException
try
CallbackHandler pwcall = new weblogic.security.URLCallbackHandler(user, pass.getBytes("UTF-8"));
subject = weblogic.security.services.Authentication.login(pwcall);
weblogic.servlet.security.ServletAuthentication.runAs(subject, request);
catch (javax.security.auth.login.LoginException e) {
e.printStackTrace();
javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User ...
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:240)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
I found similar questions IdentityAssertion custom exception, FailedLoginException asked many years ago for WLS 9.2
Their solution (wlp.propogate.login.exception.cause=true) does not work for WLS 10.3.
How to propagate original LoginException?
Or exception message only.I did it! look closely to source code:
javax.security.auth.login.LoginContext:875
if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) {
// if REQUISITE, then immediately throw an exception
if (methodName.equals(ABORT_METHOD) || methodName.equals(LOGOUT_METHOD)) {
if (firstRequiredError == null)
firstRequiredError = le;
} else {
throwException(firstRequiredError, le);
} else if (moduleStack[i].entry.getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) {
// mark down that a REQUIRED module failed
if (firstRequiredError == null)
firstRequiredError = le;
} else {
// mark down that an OPTIONAL module failed
if (firstError == null)
firstError = le;
javax.security.auth.login.LoginContext:922
// we went thru all the LoginModules.
if (firstRequiredError != null) {
// a REQUIRED module failed -- return the error
throwException(firstRequiredError, null);
} else if (success == false && firstError != null) {
// no module succeeded -- return the first error
throwException(firstError, null);
} else...
I set Control flag: OPTION to DefaultAuth (was REQUIRED)
and order it after my LoginModule. (restart required!)
Now I catch my exceptions %) -
How to get domain name in java code/custom security provider
Hi all,
I've developed a custom security provider and deployed it in WL_HOME/server/lib/mbeantypes folder. I also have multiple domain created and running in the same machine. now if a user logs in from a specific domain, say, t3://localhost:7005, how do I retrieve the domain name in my custom security provider?
I found the following code could do it, but this code needs to know the port number in advance
Hashtable env = new Hashtable();
env.put(Context.PROVIDER_URL,"t3://localhost:7101");
env.put(Context.INITIAL_CONTEXT_FACTORY,
"weblogic.jndi.WLInitialContextFactory");
env.put(Context.SECURITY_PRINCIPAL,"weblogic");
env.put(Context.SECURITY_CREDENTIALS,"weblogic1");
Context ctx = new InitialContext(env);
MBeanHome home = (MBeanHome)ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
String domainName = home.getDomainName();
System.out.println(domainName);
Any help is greatly appreciated...
Thanks,
Philip
Edited by: VivaCuba on Nov 14, 2010 9:43 AMCheck out methods in the following classes: LegacyDirectoryLocator and DirectoryLocator.
Jonathan
http://jonathanhult.com -
Custom Security Provider impossible to remove the MBean Jar File
Hi,
I am currently developping a custom security provider for Weblogic. I
have deploy my Mbean File Jar on a remote server weblogic running on
solaris. NO authentication provider for this security provider has
been defined in the console, it means there is no link with this
security provider. Nevertheless, when I remove the MJF the server
crashes when starting:
<...>
<May 21, 2003 3:37:08 PM CEST> <Critical> <WebLogicServer> <000364>
<Server failed during initialization.
Exception:weblogic.management.configuration.ConfigurationException: -
with nested exception:
[javax.management.MBeanException: Commo type:
be.fgov.minfin.ccff.security.provider.CCFFSimpleSampleAuthenticator is
not loaded. Checks MJFs.]
javax.management.MBeanException: Commo type:
be.fgov.minfin.ccff.security.provider.CCFFSimpleSampleAuthenticator is
not loaded. Checks MJFs.
at weblogic.management.commo.CommoModelMBean.load(CommoModelMBean.java:588)
at weblogic.management.commo.Commo.initInstances(Commo.java:241)
at weblogic.management.commo.Commo.init(Commo.java:125)
at weblogic.management.AdminServerAdmin.initializeCommo(AdminServerAdmin.java:477)
at weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:108)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:659)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
<...>
I have been looking through all the config file where the MJF
(removed) could be linked but I did not find anything.
I am really confused because with my local weblogic running on
win2000, there is no problem to remove this MJF.
Thx in advance,
tiggyTiggy,
Remove the userConfig directory under your domain directory. That should
fix the problem.
Thanks,
~satya
Tiggy wrote:
Hi,
I am currently developping a custom security provider for Weblogic. I
have deploy my Mbean File Jar on a remote server weblogic running on
solaris. NO authentication provider for this security provider has
been defined in the console, it means there is no link with this
security provider. Nevertheless, when I remove the MJF the server
crashes when starting:
<...>
<May 21, 2003 3:37:08 PM CEST> <Critical> <WebLogicServer> <000364>
<Server failed during initialization.
Exception:weblogic.management.configuration.ConfigurationException: -
with nested exception:
[javax.management.MBeanException: Commo type:
be.fgov.minfin.ccff.security.provider.CCFFSimpleSampleAuthenticator is
not loaded. Checks MJFs.]
javax.management.MBeanException: Commo type:
be.fgov.minfin.ccff.security.provider.CCFFSimpleSampleAuthenticator is
not loaded. Checks MJFs.
at weblogic.management.commo.CommoModelMBean.load(CommoModelMBean.java:588)
at weblogic.management.commo.Commo.initInstances(Commo.java:241)
at weblogic.management.commo.Commo.init(Commo.java:125)
at weblogic.management.AdminServerAdmin.initializeCommo(AdminServerAdmin.java:477)
at weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:108)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:659)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
<...>
I have been looking through all the config file where the MJF
(removed) could be linked but I did not find anything.
I am really confused because with my local weblogic running on
win2000, there is no problem to remove this MJF.
Thx in advance,
tiggy -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
Custom secure views report is not restricting the data
Hi,
I have created few custom secure views reports and in which I have used the per_people_f , per_assignments_f secure views but when I am running this report from different responsibilities like (US Resp, UK Resp) it is producing the same number of records. From US resp it should produce the US employees and from UK it should produce the UK employees but this is not happening currently.it is a simple sql script which I registered as sql*plus executable.
Can any one suggest if I am missing some thing? Urgent help would be appreciated.
Thanks,
AshishPl post details of OS, database and EBS versions. How have you implemented security ? What kind of concurrent program are you using ? Pl provide details. Also see these MOS Docs
How To Enable Hr Security on Custom Reports? (Doc ID 369345.1)
Understanding and Using HRMS Security in Oracle HRMS (Doc ID 394083.1)
Need Custom Security Profile To Restrict Based On Employees Organization (Doc ID 445142.1)
HTH
Srini -
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
I'm unable to change my security question answers. It keeps asking me for the answers and I don't know the answers. I've reset my password 2x and it still won't let me change the answers. Help!!
See Kappy's great User Tips.
See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities https://discussions.apple.com/docs/DOC-4551
Send Apple an email request for help at: Apple - Support - iTunes Store - Contact Us http://www.apple.com/emea/support/itunes/contact.html
Call Apple Support in your country: Customer Service: Contacting Apple for support and service http://support.apple.com/kb/HE57
Cheers, Tom -
SQL Query in Custom Security when creating Security Profile
Hello all,
I've created a security profile with Custom security and provided a simple query in Custom Security tab-
PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
Custom security option is "Restrict the people visible to each user using this profile"
I am not able to see the record as expected.
If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to each user using this profile", I am able to see the record.
If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to this profile", I am able to see the record after running PERSLM and same is in PER_PERSON_LISTS.
Am I correct in checking with FND_GLOBAL.EMPLOYEE_ID?
(This was mentioned in system administrator guide :
"+Oracle HRMS assesses the custom security when the user signs on. In addition, the custom security code can include references to user specific variables, for example, fnd_profile.value() and fnd_global.employee_id.+"
docs.oracle.com/cd/E18727_01/doc.121/e13509/T2096T2098.htm).
I have tried with FND_GLOBAL.USER_ID / FND_PROFILE.VALUE('USER_ID') / :ASG_ID (seeded query has a join with this bind variable) - not happening.
I've given options as below :
Employees = None
Contingent Worker = Restricted
Applicant = None
Contacts = All
Candidates = All
All other options - Defaulted
Thanks,
SumanthResolved this - One cannot see self's employee record in the form for which this is setup.
Hence the below query though correct in syntax did not show any data.
PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
My original requirement was that all employees belonging to one's Organization should be displayed, and this is working fine with an updated query for the same.
Thanks,
Sumanth -
Accessing Custom Security Realm and NotOwnerException.
I have installed the RDBMS example security realm, which appears to work fine. However when I attempt to access this realm from a Servlet via Realm.getRealm("name") I get an NotOwnerException being thrown.
Ideas ?
regards,
Jeff.We did something similar in a past project, and it turned out to be more of a mess than
it was worth it (not only the "chicken-egg" dilemma with system, guest, administrator
users, etc., but also with various lookup and threading issues.) We ended up ripping
out the code and writing a new one which does not use an EJB.
EJB are supposed to be written in terms of container services (which security being one
of the services the container provides) but in this scenario you'd be writing one of the
container services in terms of EJBs, so it "breaks" the proper layering.
In our case, we wanted to "encapsulate" our security code from Weblogic's propreitary
realm mechanism, at the end we still achieved without having to create a session bean
(sometimes regular Java classes work just fine) :-)
regards,
-Ade
"watscheck" <[email protected]> wrote in message news:[email protected]..
>
Hi,
i want to use a sessonEJB as my security store for the custom security realm in
weblogic server 6.1.
Has anyone experience with that?
First i have to pass all filerealm users through my custom realm (csr) because
it is not possible to authenticate the system and guest users before the sessionEJB
itself is loaded.
OK, but my problem is the authentication of the csr at the sessionEJB, which is
itself secured by method-permission in it's assemblydesciptor. So i have to get
an initialcontext with an authorized user for the sessionEJB an invoke all protected
methods with this principal.
But Bea WLS has a problem with propagating this user back to the actual application.
Is there a way that the application (web-app and ejbs) is not affected by the
authentification of the csr at the sessionEJB (security store)?
And is it right that the new initialcontext in the csr always overrides the bea
context and with that the servlet request of the web-app?
thanks in advance
watscheck -
Custom Security Manager or Security Event Interception from WebLogic Console
Hello,
I have built my own Security Manager and implemented custom preference/property mechanism for every Principal, so when I use my Swing client to create new User and new Group, as well as addMember to a Group, I know what to do with those properies/preferences.
Now, I want to use WebLogic Console to manage users and groups. I want to intercept events in my Security Manager about new User or Group creation or changing their memberships as Principals in order to handle their Preference/properties stuff myself...
I wonder what should I "listen" in order to understand that someone has changed membership of Users or Groups or about creation of new User or Group?
I use Weblogic Server 6.0 sp2
sergeHi Daniel,
> a custom security manager for the standard CM Repository
And this dictates you indeed to use the old API, as the CMRepositoryManager itself is using the old API.
The standard AclSecurityManager is implemented by com.sapportals.wcm.repository.manager.generic.security.AclSecurityManager. If you check out Configuration - Content Management - Repository Managers - Security Manager, you will see "ACL Security Manager" (the one from above) and "ACL Security Manager (for new Manager-API)". This is implementing / using the new API, but needs also a RM using the new API.
> java.lang.NoSuchMethodException: MySecurityManager.<init>
This exception only complains about a missing constructor!? Have you implemented a default constructor?!
> If this is the case, where can I find the API for IUMPrincipal? It is not included in any provided API because of deprecation.
The methods of the old EP5 user management are more or less similar to the new UME, so using the old deprecated API should be more or less straight forward.
There are also transformer methods for example to transform a "new" user object to an old EP5 one, see https://forums.sdn.sap.com/thread.jspa?threadID=235656&tstart=0
Hope it helps
Detlev -
We have a web role where we have hosted a WCF service.
We are facing the below exception intermittently on consuming the service.
Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This
can occur if the service is configured for security and the client is not using security.
This is intermittent. Few calls fail , and the subsequent calls succeed without making any changes.
Please help in overcoming this abnormal behavior.
Thanks in advance !!
Best Regards ,
EswarHi Eswar,
As the error message mentioned, it may be a mismatch between the configuration on the client and the server.Try putting all your configuration in a binding configuration and then use the same binding configuration on the server and client. Since this issue
is more related with WCF, I suggest you move to WCF forum, it is appropriate and more experts will assist you.
Best Regards,
Jambor
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.
Maybe you are looking for
-
How to make the product-info-textfields tidy?
Hi there, I am solving one problem, but it results to several questions (set in bold): I am about to create a product catalog, based on design createdy by someone else. There are product cells on the page. Each cell contains image & info, as usual. T
-
Connection issue with iPod Shuffle 4th Gen.
Hello, I have problem with my iPod Shuffle 4th gen. One day i tried as always to turn it on and listen music but i heard only short "info" sound and saw short green diode impulse and nothing else. My computer (windows 7) also can't find it, after plu
-
Can one export a schema from a 64 bit Oracle DB into a 32 bit Oracle DB?
Hello: I need to copy a schema from one DB to another. The source DB runs 64 bit version of Oracle DB but the target DB runs 32 bit version of Oracle DB. Can the schema in 64 bit DB instance be exported and imported into a 32 bit DB instance with exp
-
I'm trying to understand why Oracle 8.1.6 sometimes uses bitmap indexes sometimes not. Of course I have all the statistics, my bitmap indexes are valid and so on. The problem is this: - I have a customer table very very large - I have many columns wi
-
Getting rid of unwanted applications
How do i get rid of some of the applications that came on the phone? I went to setting, applications, manage/uninstall apps and i clicked on the ones that i don't want and it doesn't have uninstall on any of them. I don't use half of the applications