Unable to refresh security realm programmatically
Hello everybody!
I'm trying to refresh security realm using MBeans technique.
Here is the simple cfragment of my code:
Set set = mBeanHome.getMBeansByType("Domain");
DomainMBean dmb = (DomainMBean) set.iterator().next();
SecurityMBean smb = dmb.getSecurity();
RealmMBean rmb = smb.getRealm();
System.out.println( "realm=" + rmb.getName() );
System.out.println("before refresh");
rmb.refresh();
At the last point I'm getting the next error:
<30.12.2003 16:47:02 MSK> <Error> <HTTP> <101017> <[ServletContext(id=27551407,
ame=SimpleWebClient,context-path=/SimpleWebClient)] Root cause of ServletExcept
on
weblogic.management.NoAccessRuntimeException: Access not allowed for subject:
p
incipals=[], on ResourceType: Realm Action: execute, Target: refresh
at weblogic.management.internal.Helper$IsAccessAllowedPrivilegeAction.r
n()Ljava.lang.Object;(Helper.java:2149)
at weblogic.security.service.SecurityServiceManager.runAs(Lweblogic.sec
rity.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.Authenti
atedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityService
anager.java:685)
at weblogic.management.internal.Helper.isAccessAllowed(Ljavax.managemen
.ObjectName;Lweblogic.security.service.MBeanResource$ActionType;Ljava.lang.Stri
g;Ljava.lang.String;)V(Optimized Method)
What can I do to avoid this error?
Hi Jake,
thanks for the reply.
I tried sync Native directory.
as it didn't work I also tried running Updatenativedir.bat utility in planning.
I am now getting following error message:
D:\Hyperion\common\utilities\SyncOpenLdapUtility\UpdateNativeDir\updateNativedir
updateNativeDir -cssLocation http://ftlqbihss01:58080/interop/framework/getCSSC
onfigfile -nodelete
java.io.IOException: Property data cannot be loaded from cache.
at com.hyperion.css.common.configuration.CSSConfigurationImplXML.process
Streams(Unknown Source)
at com.hyperion.css.common.configuration.CSSConfigurationImplXML.<init>(
Unknown Source)
at com.hyperion.css.common.configuration.CSSConfigurationManager.getConf
iguration(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at com.hyperion.css.utils.sync.CSSMigrationUtility.sync(Unknown Source)
at com.hyperion.css.utils.sync.CSSMigrationUtility.main(Unknown Source)
Update Native Directory operation aborted : com.hyperion.css.common.configuratio
n.CSSConfigurationException: Cannot configure the system. Please check the confi
guration. Error Code: 9
NestedException:
java.io.IOException: Property data cannot be loaded from cache.
can you please help me in resolving the issue.
Similar Messages
-
Hi All,
i am having a problem in refreshing security.
I am getting following error message :
"Failed to create security filters for Username1, UserName2"
UserName1 and UserName2 are no longer in our company.
I removed both users in SQL repositories from following tables
HSP_USER_PREFS
HSP_MRU_MEMBERS
HSP_USERSINGROUP
hsp_users
hsp_object
did anyone face this type of error.
thanks in advance.Hi Jake,
thanks for the reply.
I tried sync Native directory.
as it didn't work I also tried running Updatenativedir.bat utility in planning.
I am now getting following error message:
D:\Hyperion\common\utilities\SyncOpenLdapUtility\UpdateNativeDir\updateNativedir
updateNativeDir -cssLocation http://ftlqbihss01:58080/interop/framework/getCSSC
onfigfile -nodelete
java.io.IOException: Property data cannot be loaded from cache.
at com.hyperion.css.common.configuration.CSSConfigurationImplXML.process
Streams(Unknown Source)
at com.hyperion.css.common.configuration.CSSConfigurationImplXML.<init>(
Unknown Source)
at com.hyperion.css.common.configuration.CSSConfigurationManager.getConf
iguration(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at com.hyperion.css.utils.sync.CSSMigrationUtility.sync(Unknown Source)
at com.hyperion.css.utils.sync.CSSMigrationUtility.main(Unknown Source)
Update Native Directory operation aborted : com.hyperion.css.common.configuratio
n.CSSConfigurationException: Cannot configure the system. Please check the confi
guration. Error Code: 9
NestedException:
java.io.IOException: Property data cannot be loaded from cache.
can you please help me in resolving the issue. -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
Hi,
then i try start the server with the debug mode i get the following
exception:
Starting WebLogic Server ....
<Tue Oct 24 17:45:33 GMT+02:00 2000> <Info> <Management> <Loading
configuration file .\config\virtHoDomain\config.xml...>
Unable to dump log: Fatal initialization exception
Throwable: java.lang.StackOverflowError
java.lang.StackOverflowError
at java.util.Collections$SynchronizedMap.get(Collections.java:1433)
at
weblogic.kernel.ResettableThreadLocal.currentStorage(ResettableThreadLocal.j
ava:100)
at
weblogic.kernel.ResettableThreadLocal.get(ResettableThreadLocal.java:35)
at
weblogic.transaction.internal.TransactionManagerImpl.getOrCreateThreadProp(T
ransactionManagerImpl.java:844)
at
weblogic.transaction.internal.TransactionManagerImpl.getTransaction(Transact
ionManagerImpl.java:359)
at weblogic.transaction.TxHelper.getTransaction(TxHelper.java:34)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:156)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
at weblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
at weblogic.security.acl.Security.getCurrentUser(Security.java:238)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
at weblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
at weblogic.security.acl.Security.getCurrentUser(Security.java:238)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
I even get that exeception if try to initialize the
weblogic.logging.LogManager in a commun class.
I think this is a bug.Hi Lars Klippert
Sorry for the late reply. First of all, thank you for uncovering an untested part of ServerDebug MBean. The Debug Mode for Security Realms currently works for fileRealm but doesnot work for alternate realms(e.g., LDAP realm). We're in the process of fixing this in the future releases(may not be Beta Refresh but will definitely be fixed in GA). I'm attaching a working config.xml(with fileRealm) and the only change you've to make to your config.xml is
<Server
<ServerDebug
DebugSecurityRealm="true"
Name="myserver"
/>
</Server>
If you're debugging a fileRealm then I belive, this serves your purpose. But if you're debugging a Security Realm other than fileRealm and this is blocking you, plz let us know so that this will be fixed with a higer priority. Thanks again for uncovering this. We will let you know as soon as this is fixed.
regards
"Lars Klippert" <[email protected]> wrote:
Hi,
Part from config.xml:
<Server ...>
<ServerDebug Name="virtHoServer" DebugSecurityRealm="false"/>
</Server>
Part from my start-script:
%JAVA_HOME%\bin\java.exe -ms16m -mx64m -classpath
%CLASSPATH% -Dweblogic.Domain=virtHoDomain -Dweblogic.Name=virtHoServer -Dja
va.security.policy==.\lib\weblogic.policy weblogic.Server
As you can see i enable the debug-mode in the config.xml.
I also get the exception then i disable the debug-modus and
initialize the weblogic.logging.LogOutputStream by hand.
For our EntityBeans we have developed a custom error logger
that uses the weblogic.logging.LogOutputStream and it works
fine. Maybe the error only acccours if two or more
weblogic.logging.LogOutputStreams are active...
With the 5.1.0 version of the server everything works fine.
Thanks
"Paul Ferwerda" <[email protected]> schrieb im Newsbeitrag
news:[email protected]...
How exactly are you starting "the server with debug mode"?
Thanks,
Paul
Lars Klippert wrote:
Hi,
then i try start the server with the debug mode i get the following
exception:
Starting WebLogic Server ....
<Tue Oct 24 17:45:33 GMT+02:00 2000> <Info> <Management> <Loading
configuration file .\config\virtHoDomain\config.xml...>
Unable to dump log: Fatal initialization exception
Throwable: java.lang.StackOverflowError
java.lang.StackOverflowError
at
java.util.Collections$SynchronizedMap.get(Collections.java:1433)
at
weblogic.kernel.ResettableThreadLocal.currentStorage(ResettableThreadLocal.j
ava:100)
at
weblogic.kernel.ResettableThreadLocal.get(ResettableThreadLocal.java:35)
at
weblogic.transaction.internal.TransactionManagerImpl.getOrCreateThreadProp(T
ransactionManagerImpl.java:844)
at
weblogic.transaction.internal.TransactionManagerImpl.getTransaction(Transact
ionManagerImpl.java:359)
atweblogic.transaction.TxHelper.getTransaction(TxHelper.java:34)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:156)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
atweblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
atweblogic.security.acl.Security.getCurrentUser(Security.java:238)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
atweblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
atweblogic.security.acl.Security.getCurrentUser(Security.java:238)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
I even get that exeception if try to initialize the
weblogic.logging.LogManager in a commun class.
I think this is a bug. -
USER UNABLE TO REFRESH DISCOVERER REPORT IN DISCOVERER DESKTOP 10g
Dear All,
HELP!!!
A new user is unable to refresh discoverer Reports in Desktop. All priviledges have been granted to username in Disco Admin and Usre is able to log into oracle Apps.
On the PC the user logged into someone else can log into Discoverer Desktop and run/refresh discoverer reports without any issues. Hence Ithink neither the PC nor the Discoverer installation is the problem.
Can anyone help? What setup/profile needs to be completed in order for the user to be able to run Disco reports.
Pls note that the following has been completed:
1. Business Areas Assigned to user and his responsibilities.
2. Desktop/Plus Privileges assigned.
3. Allow administration - DISABLED - NOT TICKED
Many thx
DIDoes this person just need to run reports? Or does this person also need to create reports? If the person just needs to run reports, try using Viewer for that person, rather than Desktop. This may be something that you need to log a service request with Oracle to get resolved. Pretty strange that can bring items into a new worksheet, but it won't run. Maybe there is an Oracle applications security issue (since logging in as another person does work)? You may be beating your brains out trying to find a Discoverer problem when it might be an application security problem. Though this is a wild guess on my part.
John Dickey -
Adding a user to the File Security Realm
Hello,
When I attempt to add a new user to the file realm with Application Server->Security-Realms->file-> Manage Users, I get the error:
A "com.sun.enterprise.tools.guiframework.exception.FrameworkError" was caught. The message from the exception: "Unable to get View for ViewDescriptor 'fileUsers'"
The root cause is "java.lang.ArrayIndexOutOfBoundsException: 0"
See the HTML source for more detailed (stack trace) information.
When I look at the file C:\Sun\AppServer\domains\samples/config/keyfile I see the new user added, but the Admin Console is not happy...
Please advise.
-- POCThere are some issues in admin gui for managing security service in beta.
I have verified that this has been fixed in FCS branch.
Since the user and password has been written to keyfile in your scenario, it may be OK.
You can try to use the user. If this is not working, then restarting the server should work.
Another way is to create user by using asadmin command. This is working fine in beta. -
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
Authentication via weblogic security realm
My servlet needs to access a session bean. The action in the session bean requires
that a user has been authorized, i.e. at some point the session been calls
String name = d_ctx.getCallerPrincipal().getName()
This name may not be null at this time.
What I would like to have is that the user executing the URL gets authenticated
by my server realm 'myrealm' and that the associated prinicpal gets passed to
the session bean. Is this possible. If so, how can the user pass along the username
and password as this query is executed programmatically?
markus
http://www.weblogic.com/docs51/classdocs/API_acl.html
Michael Girdley
BEA Systems Inc
"gennot" <[email protected]> wrote in message
news:[email protected]..
Could you send me the complete URL of these example, please?
Thanks
Enrico
Michael Girdley <[email protected]> wrote in message
39b87078$[email protected]..
The passing of the client's certificate should be automatic to WebLogic.We
have an example of getting the client side certificate from inside of
WebLogic in our documentation.
This does not require for SSL to be used from the Web server to
WebLogic.
>>
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Bob Simonoff" <[email protected]> wrote in message
news:[email protected]..
I have read through the docs and haven't found anything that would
address
the following confusion:
Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
the back end application server (obviously). I have the need to use 2way
SSL authentication. As I understand it the following applies:
Client (browser) has a certificate as does the web server. Theyauthenticate
each other.
Now, the web server and weblogic need to communicate. WebLogic, in our
environment does authentication via the security realm.
What do I have to do to get the the web server (Apache or IPlanet) to
communicate the client's certificate to WebLogic so the WebLogic canperform
the authentication?
Does the communication between the web server and WebLogic also need
to
be
SSL?
Thanks
Bob Simonoff -
Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan -
Using an alternate security realm
Hi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain nameHi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain name -
Hello,
I've got a SOA Suite development environment set up and whilst trying to change the weblogic password using this tutorial a problem arose with my soa managed server.
Firstly I was unable to start the Managed SOA server due to mismatching passwords, and after I modified the boot.properties file, now I cant start the usermessagingserver and soa_infra applications due to the following error:
Error 1
Getting weblogic deployment manager.
Got weblogic deployment manager.
Invoking Start Up operation.
Start Up operation for application usermessagingserver on target soa_server1 RUNNING.
Start Up operation for application usermessagingserver on target soa_server1 FAILED.
weblogic.application.ModuleException: Exception preparing module: EJBModule(sdpmessagingclient-ejb-parlayx.jar)
Unable to deploy EJB: MessagingClientParlayX from sdpmessagingclient-ejb-parlayx.jar:
The run-as security principal, 'OracleSystemUser', chosen for the EJB 'MessagingClientParlayX(Application: usermessagingserver, EJBComponent: sdpmessagingclient-ejb-parlayx.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.
Getting weblogic deployment manager.
Got weblogic deployment manager.
Invoking Start Up operation.
Start Up operation for application soa-infra on target soa_server1 RUNNING.
Start Up operation for application soa-infra on target soa_server1 FAILED.
weblogic.application.ModuleException: Exception preparing module: EJBModule(hw_services_wls_ejb.jar)
Unable to deploy EJB: ASNSInteraction from hw_services_wls_ejb.jar:
The run-as security principal, 'OracleSystemUser', chosen for the EJB 'ASNSInteraction(Application: soa-infra, EJBComponent: hw_services_wls_ejb.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.
I've checked both weblogic and OracleSystemUser users and their groups are (respectfully) Administrators and OracleSystemGroup.
I've searched for an answer to this problem and found this other support article but couldn't resolve the issue.
The weblogic server version is 10.3.2.0 and it's running on RedHat Linux.@Sri_Sonti
In the Admin Console, I can see both users in the security realm with the following configs:
weblogic:
all atributes with the "value" column blank
groups: Administrators
OracleSystemUser
all atributes with the "value" column blank
groups: OracleSystemGroup
Also I have not found the system-jazn-data.xml file you mentioned. In that folder there's only a readme.txt file.
Best Regards,
luismcs
Enter Cookie as format:
(ex: name=val;) separate with ';'
OKCancel -
BEA public API (WLS6.1)for programatically updating default security realm?
Hi,
Does anyone know how to use BEA's public API to programmatically add/update WLS
6.1 user credentials in the default security realm? The API would of course
automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
Is there a way to do such updates by programmatically engaging the WLS security
realm related Mbeans? I basically need to do (from a deployed application component)
what is easily done from the WLS Console's [security->User->Add User/Change
Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
command line utility (or wlshell also) uses to make updates. But I doubt that
the classes used by these tools are in BEA's public API for WLS 6.1. Especially
important to me would be the BEA API mechanism that takes a clear-text password
and hashes it to the encrypted format written in fileRealm.properties (and synchronized
w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate a large
Oracle table of (*user, clear-text -password, group) records into the default
WLS security realm. Thanks for any insights.
BenThanks to another's post, I have found the answer to my problem in the Girdley/Woollen/Emerson
book "J2EE Applications and BEA WebLogic Server" pp. 496-498:
Note: this code segment is for WLS 6.1 and this API is said to be deprecated
in WLS 7+
//Roughly outlined, assuming session w/ userName, groupName, password Strings
in HTTP Post request
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
weblogic.security.acl.Security.getRealm();
weblogic.security.acl.User u;
weblogic.security.acl.Group g;
u = realm.newUser(userName, password, null);
g = realm.getGroup(groupName); // use g = realm.newGroup(groupName) if groupName
does not exist in realm
g.addMember(u);
//log in the new user
int rc = weblogic..servlet.security.ServletAuthentication.weak(userName, password,
httpSession);
// use realm.deleteUser(u), realm.deleteGroup(g) as appropriate, etc.
"Ben Cotton" <[email protected]> wrote:
>
>
Hi,
Does anyone know how to use BEA's public API to programmatically add/update
WLS
6.1 user credentials in the default security realm? The API would of
course
automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
Is there a way to do such updates by programmatically engaging the
WLS security
realm related Mbeans? I basically need to do (from a deployed application
component)
what is easily done from the WLS Console's [security->User->Add User/Change
Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
command line utility (or wlshell also) uses to make updates. But I
doubt that
the classes used by these tools are in BEA's public API for WLS 6.1.
Especially
important to me would be the BEA API mechanism that takes a clear-text
password
and hashes it to the encrypted format written in fileRealm.properties
(and synchronized
w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate
a large
Oracle table of (*user, clear-text -password, group) records into the
default
WLS security realm. Thanks for any insights.
Ben -
Hello,
I am trying a scenario file--> xi ---> RFC , does anybody know what this message means. The problem appear when I send a flat file to XI. My question is, do I need to make some extra settings ?
This is the error am getting.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <!-- Technical Routing
-->
- <SAP:ErrorHeader xmlns:SAP="http://sap.com/exchange/MessageFormat">
<SAP:Context />
<SAP:Code p1="Intromoto_bus,zempiface/http://empinfo.com" p2="sap_bus,ZHRONBOARD_ACCEPT/urn:sap-com:document:sap:rfc:functions" p3="" p4="">PHYROU.UNDEFINED_SECURITY</SAP:Code>
<SAP:Text language="EN">Technical routing: Unable to find security data for sender Intromoto_bus,zempiface/http://empinfo.com for receiver sap_bus,ZHRONBOARD_ACCEPT/urn:sap-com:document:sap:rfc:functions</SAP:Text>
</SAP:ErrorHeader>
Rgds,
Ram SriHi,
but then, the error message is very concise. The security object in the integration directory with the key:
Send:
Intromoto_bus
zempiface
http://empinfo.com
Rec:
sap_bus
ZHRONBOARD_ACCEPT
urn:sap-com:document:sap:rfc:functions
is missing. You need to create it in the directory.
Regards,
Hermann -
Unable to find security data for sender
Hello, does anybody know what this message means. The problem appear when I send an Idoc to XI. Other interfaces (Master data) are working properly. My question is, do I need to make some extra settings for the transactional data interfaces (SHPMNT)?
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <!-- Technical Routing
-->
- <SAP:ErrorHeader xmlns:SAP="http://sap.com/exchange/MessageFormat">
<SAP:Context />
<SAP:Code p1="sapdev222,SHPMNT.SHPMNT05/urn:sap-com:document:sap:idoc:messages" p2="VENDORMASTER_WOLTERKLUWER_ERP_BE,IDZ0001_DeliveryReplicate_IB/http://wolterskluwer.com/xi/midas_deliveries" p3="" p4="">PHYROU.UNDEFINED_SECURITY</SAP:Code>
<SAP:Text language="EN">Technical routing: Unable to find security data for sender sapdev222,SHPMNT.SHPMNT05/urn:sap-com:document:sap:idoc:messages for receiver VENDORMASTER_WOLTERKLUWER_ERP_BE,IDZ0001_DeliveryReplicate_IB/http://wolterskluwer.com/xi/midas_deliveries</SAP:Text>
</SAP:ErrorHeader>
regards
Ernesto DuranHI,
i am also getting the same error in my scenario. Could u plz inform me what is the solution?
Rgds,
Ram Sri -
Unable to refresh a report in P21 Activant
We recently upgraded our Activant P21 (Prophet 21) software which includes Crystal Reports. Standard P21 canned reports in their software can be viewed, exported and printed. The P21 software includes a feature to create and link custom reports. We create the custom reports with Crystal Reports 2008 and set up the external report links. We can open, view, print and export the custom reports but when we refresh the report with or without an input parameters, we are prompted for a "Database Login" password. When we enter our password, an error message titled "Crystal Report Windows Forms Viewer" states "Logon Failed. Please try again". We have contacted Activant about this issue and they do not find any errors in the set up. They have told us there is probably an issue with Crystal Reports and asked us to contact your company. We have also contacted a friendly competitor who uses the same Activant P21 software and create custom reports with Crystal Reports 2008 which include user input parameters. Their custom reports work without a glitch. What would prevent us from refreshing a custom Crystal report?
Hi Don,
Activant P21 is insisting our issue is a Crystal problem. We are unable to refresh the reports inside their software. We have tried every user id and password we know and it still will not refresh our CR report.
When we use CR2008 to refresh a report, a window opens titled "OLE DB (ADO)" and asks to choose a data source "ODBC Data Source....Choose a data source from the list" We select our ODBC DSN: P21 Live and click next. Another window opens titled "OLD DB (ADO) asking for a password "Connection Information...Provide necessary information to log on to the chosen data source." At this point it does not matter what "User ID" or "Password" we use, the report will refresh. We have used the Adminstrator with a password, we used my user name and password and we used the administrator without a password and in all three instances, the report refreshed with the correct data.
I don't see how this is a Crystal problem unless there is something I am missing. Any help you can provide will be deeply appreciated.
Bob
Maybe you are looking for
-
Purchase Req and Goods Receipt (ESS) question
Hi, My client has ECC 6 and EP 7 in the landscape. I am implementing Employee Self Service portal. It looks like standard Purchasing Requisition and Goods Receipts iviews (ESS package) are pointing to SRM. We are not implementing SRM here. Is there a
-
How to write validation in java sript item should not allow more than 20 ch
HI, I need to write validation in java script for a item it should not allow more than 20 characters. Thanks Nr
-
How to know what is the CR doing in the datebase
Hello Friends, We have a strange problem. Our change run is running for almost 12 hrs where as earlier it used to run for 1 hr. Once we killed the CR job and reran the CR again. It ran successful. but however our basis team informed that cancelle
-
How to set radio group default value
Hi, I have a radio group in a portal form. How do I set one of them as checked when the form comes up? Thanks; Kelly.
-
How can I control the mouse by command-line ?
Hi, Does anybody know if there is any command that I can use to control the mouse event, like: move cursor to some place, click, double-click, etc.? Thank you! ps. what I want to do is to bind keyboard to mouse, so that I can use keyboard to control