Unable to refresh security realm programmatically

Similar Messages

• Unable to refresh security

  Hi All,
  i am having a problem in refreshing security.
  I am getting following error message :
  "Failed to create security filters for Username1, UserName2"
  UserName1 and UserName2 are no longer in our company.
  I removed both users in SQL repositories from following tables
  HSP_USER_PREFS
  HSP_MRU_MEMBERS
  HSP_USERSINGROUP
  hsp_users
  hsp_object
  did anyone face this type of error.
  thanks in advance.

  Hi Jake,
  thanks for the reply.
  I tried sync Native directory.
  as it didn't work I also tried running Updatenativedir.bat utility in planning.
  I am now getting following error message:
  D:\Hyperion\common\utilities\SyncOpenLdapUtility\UpdateNativeDir\updateNativedir
  updateNativeDir -cssLocation http://ftlqbihss01:58080/interop/framework/getCSSC
  onfigfile -nodelete
  java.io.IOException: Property data cannot be loaded from cache.
  at com.hyperion.css.common.configuration.CSSConfigurationImplXML.process
  Streams(Unknown Source)
  at com.hyperion.css.common.configuration.CSSConfigurationImplXML.<init>(
  Unknown Source)
  at com.hyperion.css.common.configuration.CSSConfigurationManager.getConf
  iguration(Unknown Source)
  at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
  at com.hyperion.css.utils.sync.CSSMigrationUtility.sync(Unknown Source)
  at com.hyperion.css.utils.sync.CSSMigrationUtility.main(Unknown Source)
  Update Native Directory operation aborted : com.hyperion.css.common.configuratio
  n.CSSConfigurationException: Cannot configure the system. Please check the confi
  guration. Error Code: 9
  NestedException:
  java.io.IOException: Property data cannot be loaded from cache.
  can you please help me in resolving the issue.

• Unable to use a custom security realm with Netscape Directory Server in WebLogic 7

  I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
  using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
  Admin Console again and clicked the Users node under my custom realm, I saw this
  message in the right-hand pane: "There are no Authentication providers available
  that support the creation of Users". Also, I don't see my custom realm in the
  dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
  What did I do wrong? Also, where does WebLogic store the custom security realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

  Thanks for the info.
  I wonder when they will fix it.
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  >
  According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
  displying users and groups defined in Netscape Directory Server.
  Eric Ma
  "Jakub Wroniszewski" <[email protected]> wrote:
  I have the same problem.
  Any new ideas?
  Rgds,
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  Now I doubt my custom security realm is actually using the NetscapeDirectory Server
  as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
  the Users node displays all users in the LDAP server, in WebLogic 7I keep
  getting
  the message "There are no Authentication providers available that
  support
  the
  creation of Users." Any suggestions?
  "Eric Ma" <[email protected]> wrote:
  Never mind. I tried again by following the steps outlined at
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
  l
  oper.interest.security&item=8463&utag=
  and it seemed to have worked for me.
  "Eric Ma" <[email protected]> wrote:
  I have all users and groups stored in a Netscape LDAP server (version
  4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic7
  (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I
  tried
  this by
  using the Admin Console and followed exactly the steps in Chapter3
  of
  the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged
  into the
  Admin Console again and clicked the Users node under my custom realm,
  I saw this
  message in the right-hand pane: "There are no Authentication
  providers
  available
  that support the creation of Users". Also, I don't see my customrealm
  in the
  dropdown list under mydomain -> Security tab -> General tab ->
  Default
  Realm.
  What did I do wrong? Also, where does WebLogic store the customsecurity
  realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

• Debug-Mode for Security Realm

  Hi,
  then i try start the server with the debug mode i get the following
  exception:
  Starting WebLogic Server ....
  <Tue Oct 24 17:45:33 GMT+02:00 2000> <Info> <Management> <Loading
  configuration file .\config\virtHoDomain\config.xml...>
  Unable to dump log: Fatal initialization exception
  Throwable: java.lang.StackOverflowError
  java.lang.StackOverflowError
  at java.util.Collections$SynchronizedMap.get(Collections.java:1433)
  at
  weblogic.kernel.ResettableThreadLocal.currentStorage(ResettableThreadLocal.j
  ava:100)
  at
  weblogic.kernel.ResettableThreadLocal.get(ResettableThreadLocal.java:35)
  at
  weblogic.transaction.internal.TransactionManagerImpl.getOrCreateThreadProp(T
  ransactionManagerImpl.java:844)
  at
  weblogic.transaction.internal.TransactionManagerImpl.getTransaction(Transact
  ionManagerImpl.java:359)
  at weblogic.transaction.TxHelper.getTransaction(TxHelper.java:34)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:156)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  at weblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
  at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
  at weblogic.security.acl.Security.getCurrentUser(Security.java:238)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  at weblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
  at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
  at weblogic.security.acl.Security.getCurrentUser(Security.java:238)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  I even get that exeception if try to initialize the
  weblogic.logging.LogManager in a commun class.
  I think this is a bug.

  Hi Lars Klippert
  Sorry for the late reply. First of all, thank you for uncovering an untested part of ServerDebug MBean. The Debug Mode for Security Realms currently works for fileRealm but doesnot work for alternate realms(e.g., LDAP realm). We're in the process of fixing this in the future releases(may not be Beta Refresh but will definitely be fixed in GA). I'm attaching a working config.xml(with fileRealm) and the only change you've to make to your config.xml is
  <Server
  <ServerDebug
  DebugSecurityRealm="true"
  Name="myserver"
  />
  </Server>
  If you're debugging a fileRealm then I belive, this serves your purpose. But if you're debugging a Security Realm other than fileRealm and this is blocking you, plz let us know so that this will be fixed with a higer priority. Thanks again for uncovering this. We will let you know as soon as this is fixed.
  regards
  "Lars Klippert" <[email protected]> wrote:
  Hi,
  Part from config.xml:
  <Server ...>
  <ServerDebug Name="virtHoServer" DebugSecurityRealm="false"/>
  </Server>
  Part from my start-script:
  %JAVA_HOME%\bin\java.exe -ms16m -mx64m -classpath
  %CLASSPATH% -Dweblogic.Domain=virtHoDomain -Dweblogic.Name=virtHoServer -Dja
  va.security.policy==.\lib\weblogic.policy weblogic.Server
  As you can see i enable the debug-mode in the config.xml.
  I also get the exception then i disable the debug-modus and
  initialize the weblogic.logging.LogOutputStream by hand.
  For our EntityBeans we have developed a custom error logger
  that uses the weblogic.logging.LogOutputStream and it works
  fine. Maybe the error only acccours if two or more
  weblogic.logging.LogOutputStreams are active...
  With the 5.1.0 version of the server everything works fine.
  Thanks
  "Paul Ferwerda" <[email protected]> schrieb im Newsbeitrag
  news:[email protected]...
  How exactly are you starting "the server with debug mode"?
  Thanks,
  Paul
  Lars Klippert wrote:
  Hi,
  then i try start the server with the debug mode i get the following
  exception:
  Starting WebLogic Server ....
  <Tue Oct 24 17:45:33 GMT+02:00 2000> <Info> <Management> <Loading
  configuration file .\config\virtHoDomain\config.xml...>
  Unable to dump log: Fatal initialization exception
  Throwable: java.lang.StackOverflowError
  java.lang.StackOverflowError
  at
  java.util.Collections$SynchronizedMap.get(Collections.java:1433)
  at
  weblogic.kernel.ResettableThreadLocal.currentStorage(ResettableThreadLocal.j
  ava:100)
  at
  weblogic.kernel.ResettableThreadLocal.get(ResettableThreadLocal.java:35)
  at
  weblogic.transaction.internal.TransactionManagerImpl.getOrCreateThreadProp(T
  ransactionManagerImpl.java:844)
  at
  weblogic.transaction.internal.TransactionManagerImpl.getTransaction(Transact
  ionManagerImpl.java:359)
  atweblogic.transaction.TxHelper.getTransaction(TxHelper.java:34)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:156)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  atweblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
  atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
  atweblogic.security.acl.Security.getCurrentUser(Security.java:238)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  atweblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
  atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
  atweblogic.security.acl.Security.getCurrentUser(Security.java:238)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  I even get that exeception if try to initialize the
  weblogic.logging.LogManager in a commun class.
  I think this is a bug.

• USER UNABLE TO REFRESH DISCOVERER REPORT IN DISCOVERER DESKTOP 10g

  Dear All,
  HELP!!!
  A new user is unable to refresh discoverer Reports in Desktop. All priviledges have been granted to username in Disco Admin and Usre is able to log into oracle Apps.
  On the PC the user logged into someone else can log into Discoverer Desktop and run/refresh discoverer reports without any issues. Hence Ithink neither the PC nor the Discoverer installation is the problem.
  Can anyone help? What setup/profile needs to be completed in order for the user to be able to run Disco reports.
  Pls note that the following has been completed:
  1. Business Areas Assigned to user and his responsibilities.
  2. Desktop/Plus Privileges assigned.
  3. Allow administration - DISABLED - NOT TICKED
  Many thx
  DI

  Does this person just need to run reports? Or does this person also need to create reports? If the person just needs to run reports, try using Viewer for that person, rather than Desktop. This may be something that you need to log a service request with Oracle to get resolved. Pretty strange that can bring items into a new worksheet, but it won't run. Maybe there is an Oracle applications security issue (since logging in as another person does work)? You may be beating your brains out trying to find a Discoverer problem when it might be an application security problem. Though this is a wild guess on my part.
  John Dickey

• Adding a user to the File Security Realm

  Hello,
  When I attempt to add a new user to the file realm with Application Server->Security-Realms->file-> Manage Users, I get the error:
  A "com.sun.enterprise.tools.guiframework.exception.FrameworkError" was caught. The message from the exception: "Unable to get View for ViewDescriptor 'fileUsers'"
  The root cause is "java.lang.ArrayIndexOutOfBoundsException: 0"
  See the HTML source for more detailed (stack trace) information.
  When I look at the file C:\Sun\AppServer\domains\samples/config/keyfile I see the new user added, but the Admin Console is not happy...
  Please advise.
  -- POC

  There are some issues in admin gui for managing security service in beta.
  I have verified that this has been fixed in FCS branch.
  Since the user and password has been written to keyfile in your scenario, it may be OK.
  You can try to use the user. If this is not working, then restarting the server should work.
  Another way is to create user by using asadmin command. This is working fine in beta.

• Errors encountered while using a Custom Security Realm on a Platform Domain

  Hi,
  We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
  7.0) and some Web Service apps are running on this domain.
  We have created a Custom Security Realm b'cos of our application requirements
  and now when I startup the Platform Domain, I see lot of errors.
  Some of the errors typically are
  "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
  for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
  could not be resolved to a valid user in the system. Please check if the user
  exists.
  javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
  denied in Realm Adapter realm weblogic"
  or
  Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
  weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
  wlisystem denied in Realm Adapter realm weblogic
  Do we have to create any predefined user accounts in the Security Store to get
  rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
  for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
  Thanks
  Vikram

  Hello Vikram,
  Are you using the new WLS 7.0 security framework? It is not supported for
  Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
  style) security.
  Ture Hoefner
  BEA Systems, Inc.
  www.bea.com
  "Vikram Datla" <[email protected]> wrote in message
  news:3e273015$[email protected]..
  >
  Hi,
  We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
  7.0) and some Web Service apps are running on this domain.
  We have created a Custom Security Realm b'cos of our applicationrequirements
  and now when I startup the Platform Domain, I see lot of errors.
  Some of the errors typically are
  "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
  for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
  could not be resolved to a valid user in the system. Please check if theuser
  exists.
  javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
  denied in Realm Adapter realm weblogic"
  or
  Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
  weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
  wlisystem denied in Realm Adapter realm weblogic
  Do we have to create any predefined user accounts in the Security Store toget
  rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
  for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
  >
  Thanks
  Vikram

• Authentication via weblogic security realm

            My servlet needs to access a session bean. The action in the session bean requires
            that a user has been authorized, i.e. at some point the session been calls
            String name = d_ctx.getCallerPrincipal().getName()
            This name may not be null at this time.
            What I would like to have is that the user executing the URL gets authenticated
            by my server realm 'myrealm' and that the associated prinicpal gets passed to
            the session bean. Is this possible. If so, how can the user pass along the username
            and password as this query is executed programmatically?
            markus
            

  http://www.weblogic.com/docs51/classdocs/API_acl.html
  Michael Girdley
  BEA Systems Inc
  "gennot" <[email protected]> wrote in message
  news:[email protected]..
  Could you send me the complete URL of these example, please?
  Thanks
  Enrico
  Michael Girdley <[email protected]> wrote in message
  39b87078$[email protected]..
  The passing of the client's certificate should be automatic to WebLogic.We
  have an example of getting the client side certificate from inside of
  WebLogic in our documentation.
  This does not require for SSL to be used from the Web server to
  WebLogic.
  >>
  Thanks,
  Michael
  Michael Girdley
  BEA Systems Inc
  "Bob Simonoff" <[email protected]> wrote in message
  news:[email protected]..
  I have read through the docs and haven't found anything that would
  address
  the following confusion:
  Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
  the back end application server (obviously). I have the need to use 2way
  SSL authentication. As I understand it the following applies:
  Client (browser) has a certificate as does the web server. Theyauthenticate
  each other.
  Now, the web server and weblogic need to communicate. WebLogic, in our
  environment does authentication via the security realm.
  What do I have to do to get the the web server (Apache or IPlanet) to
  communicate the client's certificate to WebLogic so the WebLogic canperform
  the authentication?
  Does the communication between the web server and WebLogic also need
  to
  be
  SSL?
  Thanks
  Bob Simonoff

• Using LDAP as security realm

  Hi,
  Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
  for Weblogic Personalization and Commerce 3.5.
  Using the WLCS console, I've modified the config.xml file and following
  elements are added:
  <LDAPRealm AuthProtocol='simple' Credential='admin'
  GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
  GroupUsernameAttribute='uniquemember'
  LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
  Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
  UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
  UserNameAttribute='uid'/>
  <CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
  Name='wlcsCachingRealm'/>
  But when we try to restart the WLCS, it throws java exceptions that context
  is not initialized and I get the following error
  <Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
  ser
  ver: 'Fatal initialization exception
  Throwable: weblogic.security.ldaprealm.LDAPException: could not get
  context - wi
  th nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
  Credential
  s]]]
  weblogic.security.ldaprealm.LDAPException: could not get context - with
  nested e
  xception:
  I tried using Windows NT as a security realm but that gave me errors too.
  Does anyone has any experience using anything other than the default Realm?
  Any help would be appreciated. Thanks!
  Asim Raja
  [email protected]

  I'm not sure, but I suspect you can't
  since this would create a circular dependency -
  your realm would rely on the upper level security
  checking calls but those calls would rely on your
  realm.
  My suggestion is to give it a try and see what
  happens.
  -Tom
  Ozcan ADIYAMAN <[email protected]> wrote:
  Hi ,
  I am implementing a simple custom security realm using LDAP as the
  security store and I can see the users, groups and acls from the admin
  console.
  My question is (a custom realm newbie question) ;
  Is it possible to use weblogic.security.acl.Security with my custom
  realm to check permissions, get the current user,etc.,
  OR
  is this class ONLY used with default realms (when ACL is stored in a
  file) ?
  Thanks
  Ozcan

• Using an alternate security realm

  Hi,
  I'm trying to configure the Weblogic Personalization & Personalization
  Server v3.5 to use NT or LDAP as a security realm.
  With LDAP, the server reboots properly but when I try to goto
  http://localhost:7501/tools, it prompts me for password/userid and none of
  the user accounts(including for weblogic and those in the LDAP) work.
  When I try to configure for NT security realm and then I try to reboot the
  server, I get the error message below.
  Any help would be greatly appreciate. Thanks!
  Asim
  [email protected]
  NT error message:
  U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
  U n a b l e t o a d j u s t t o k e n p r i v i l e
  g e
  s
  java.lang.SecurityException: Unable to assert all required
  priviledges
  at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
  at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
  at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
  at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
  at java.lang.Class.newInstance0(Native Method)
  at java.lang.Class.newInstance(Class.java:237)
  at weblogic.security.acl.Realm.getRealm(Realm.java:84)
  at weblogic.security.acl.Realm.getRealm(Realm.java:62)
  at
  weblogic.security.SecurityService.initializeRealm(SecurityService.jav
  a:265)
  at
  weblogic.security.SecurityService.initialize(SecurityService.java:123
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
  ser
  ver: 'Fatal initialization exception
  Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
  to
  assert all required priviledges -- bad domain name
  java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
  all
  required priviledges -- bad domain name

  Hi,
  I'm trying to configure the Weblogic Personalization & Personalization
  Server v3.5 to use NT or LDAP as a security realm.
  With LDAP, the server reboots properly but when I try to goto
  http://localhost:7501/tools, it prompts me for password/userid and none of
  the user accounts(including for weblogic and those in the LDAP) work.
  When I try to configure for NT security realm and then I try to reboot the
  server, I get the error message below.
  Any help would be greatly appreciate. Thanks!
  Asim
  [email protected]
  NT error message:
  U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
  U n a b l e t o a d j u s t t o k e n p r i v i l e
  g e
  s
  java.lang.SecurityException: Unable to assert all required
  priviledges
  at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
  at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
  at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
  at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
  at java.lang.Class.newInstance0(Native Method)
  at java.lang.Class.newInstance(Class.java:237)
  at weblogic.security.acl.Realm.getRealm(Realm.java:84)
  at weblogic.security.acl.Realm.getRealm(Realm.java:62)
  at
  weblogic.security.SecurityService.initializeRealm(SecurityService.jav
  a:265)
  at
  weblogic.security.SecurityService.initialize(SecurityService.java:123
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  <Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
  ser
  ver: 'Fatal initialization exception
  Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
  to
  assert all required priviledges -- bad domain name
  java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
  all
  required priviledges -- bad domain name

• SOA EM down after password change - OracleSystemUser is not a valid user principal in the current security realm

  Hello,
  I've got a SOA Suite development environment set up and whilst trying to change the weblogic password using this tutorial a problem arose with my soa managed server.
  Firstly I was unable to start the Managed SOA server due to mismatching passwords, and after I modified the boot.properties file, now I cant start the usermessagingserver and soa_infra applications due to the following error:
  Error 1
  Getting weblogic deployment manager.
  Got weblogic deployment manager.
  Invoking Start Up operation.
  Start Up operation for application usermessagingserver on target soa_server1 RUNNING.
  Start Up operation for application usermessagingserver on target soa_server1 FAILED.
  weblogic.application.ModuleException: Exception preparing module: EJBModule(sdpmessagingclient-ejb-parlayx.jar)
  Unable to deploy EJB: MessagingClientParlayX from sdpmessagingclient-ejb-parlayx.jar:
  The run-as security principal, 'OracleSystemUser', chosen for the EJB 'MessagingClientParlayX(Application: usermessagingserver, EJBComponent: sdpmessagingclient-ejb-parlayx.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.
  Getting weblogic deployment manager.
  Got weblogic deployment manager.
  Invoking Start Up operation.
  Start Up operation for application soa-infra on target soa_server1 RUNNING.
  Start Up operation for application soa-infra on target soa_server1 FAILED.
  weblogic.application.ModuleException: Exception preparing module: EJBModule(hw_services_wls_ejb.jar)
  Unable to deploy EJB: ASNSInteraction from hw_services_wls_ejb.jar:
  The run-as security principal, 'OracleSystemUser', chosen for the EJB 'ASNSInteraction(Application: soa-infra, EJBComponent: hw_services_wls_ejb.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.
  I've checked both weblogic and OracleSystemUser users and their groups are (respectfully) Administrators and OracleSystemGroup.
  I've searched for an answer to this problem and found this other support article but couldn't resolve the issue.
  The weblogic server version is 10.3.2.0 and it's running on RedHat Linux.

  @Sri_Sonti
  In the Admin Console, I can see both users in the security realm with the following configs:
  weblogic:
  all atributes with the "value" column blank
  groups: Administrators
  OracleSystemUser
  all atributes with the "value" column blank
  groups: OracleSystemGroup
  Also I have not found the system-jazn-data.xml file you mentioned. In that folder there's only a readme.txt file.
  Best Regards,
  luismcs
  Enter Cookie as format:
  (ex: name=val;) separate with ';'
  OKCancel

• BEA public API (WLS6.1)for programatically updating default security realm?

  Hi,
  Does anyone know how to use BEA's public API to programmatically add/update WLS
  6.1 user credentials in the default security realm? The API would of course
  automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
  Is there a way to do such updates by programmatically engaging the WLS security
  realm related Mbeans? I basically need to do (from a deployed application component)
  what is easily done from the WLS Console's [security->User->Add User/Change
  Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
  command line utility (or wlshell also) uses to make updates. But I doubt that
  the classes used by these tools are in BEA's public API for WLS 6.1. Especially
  important to me would be the BEA API mechanism that takes a clear-text password
  and hashes it to the encrypted format written in fileRealm.properties (and synchronized
  w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate a large
  Oracle table of (*user, clear-text -password, group) records into the default
  WLS security realm. Thanks for any insights.
  Ben

  Thanks to another's post, I have found the answer to my problem in the Girdley/Woollen/Emerson
  book "J2EE Applications and BEA WebLogic Server" pp. 496-498:
  Note: this code segment is for WLS 6.1 and this API is said to be deprecated
  in WLS 7+
  //Roughly outlined, assuming session w/ userName, groupName, password Strings
  in HTTP Post request
  weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
  weblogic.security.acl.Security.getRealm();
  weblogic.security.acl.User u;
  weblogic.security.acl.Group g;
  u = realm.newUser(userName, password, null);
  g = realm.getGroup(groupName); // use g = realm.newGroup(groupName) if groupName
  does not exist in realm
  g.addMember(u);
  //log in the new user
  int rc = weblogic..servlet.security.ServletAuthentication.weak(userName, password,
  httpSession);
  // use realm.deleteUser(u), realm.deleteGroup(g) as appropriate, etc.
  "Ben Cotton" <[email protected]> wrote:
  >
  >
  Hi,
  Does anyone know how to use BEA's public API to programmatically add/update
  WLS
  6.1 user credentials in the default security realm? The API would of
  course
  automatically persist the updates to $WLS/config/mydomain/fileRealm.properties.
  Is there a way to do such updates by programmatically engaging the
  WLS security
  realm related Mbeans? I basically need to do (from a deployed application
  component)
  what is easily done from the WLS Console's [security->User->Add User/Change
  Password] screen. Ideally, I could use the same API that the weblogic.security.acl.internal.FileRealm
  command line utility (or wlshell also) uses to make updates. But I
  doubt that
  the classes used by these tools are in BEA's public API for WLS 6.1.
  Especially
  important to me would be the BEA API mechanism that takes a clear-text
  password
  and hashes it to the encrypted format written in fileRealm.properties
  (and synchronized
  w/ SerializedSystemIni.dat). Ultimately, I am trying to replicate
  a large
  Oracle table of (*user, clear-text -password, group) records into the
  default
  WLS security realm. Thanks for any insights.
  Ben

• Unable to find security data

  Hello,
  I am trying a scenario file--> xi ---> RFC , does anybody know what this message means. The problem appear when I send a flat file to XI.  My question is, do I need to make some extra settings ?
  This is the error am getting.
  <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Technical Routing
    -->
  - <SAP:ErrorHeader xmlns:SAP="http://sap.com/exchange/MessageFormat">
    <SAP:Context />
    <SAP:Code p1="Intromoto_bus,zempiface/http://empinfo.com" p2="sap_bus,ZHRONBOARD_ACCEPT/urn:sap-com:document:sap:rfc:functions" p3="" p4="">PHYROU.UNDEFINED_SECURITY</SAP:Code>
    <SAP:Text language="EN">Technical routing: Unable to find security data for sender Intromoto_bus,zempiface/http://empinfo.com for receiver sap_bus,ZHRONBOARD_ACCEPT/urn:sap-com:document:sap:rfc:functions</SAP:Text>
    </SAP:ErrorHeader>
  Rgds,
  Ram Sri

  Hi,
  but then, the error message is very concise. The security object in the integration directory with the key:
  Send:
  Intromoto_bus
  zempiface
  http://empinfo.com
  Rec:
  sap_bus
  ZHRONBOARD_ACCEPT
  urn:sap-com:document:sap:rfc:functions
  is missing. You need to create it in the directory.
  Regards,
  Hermann

• Unable to find security data for sender

  Hello, does anybody know what this message means. The problem appear when I send an Idoc to XI. Other interfaces (Master data) are working properly. My question is, do I need to make some extra settings for the transactional data interfaces (SHPMNT)?
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Technical Routing
    -->
  - <SAP:ErrorHeader xmlns:SAP="http://sap.com/exchange/MessageFormat">
    <SAP:Context />
    <SAP:Code p1="sapdev222,SHPMNT.SHPMNT05/urn:sap-com:document:sap:idoc:messages" p2="VENDORMASTER_WOLTERKLUWER_ERP_BE,IDZ0001_DeliveryReplicate_IB/http://wolterskluwer.com/xi/midas_deliveries" p3="" p4="">PHYROU.UNDEFINED_SECURITY</SAP:Code>
    <SAP:Text language="EN">Technical routing: Unable to find security data for sender sapdev222,SHPMNT.SHPMNT05/urn:sap-com:document:sap:idoc:messages for receiver VENDORMASTER_WOLTERKLUWER_ERP_BE,IDZ0001_DeliveryReplicate_IB/http://wolterskluwer.com/xi/midas_deliveries</SAP:Text>
    </SAP:ErrorHeader>
  regards
  Ernesto Duran

  HI,
  i am also getting the same error in my scenario. Could u plz inform me what is the solution?
  Rgds,
  Ram Sri

• Unable to refresh a report in P21 Activant

  We recently upgraded our Activant P21 (Prophet 21) software which includes Crystal Reports.  Standard P21 canned reports in their software can be viewed, exported and printed.  The P21 software includes a feature to create and link custom reports.  We create the custom reports with Crystal Reports 2008 and set up the external report links.  We can open, view, print and export the custom reports but when we refresh the report with or without an input parameters, we are prompted for a "Database Login" password.  When we enter our password, an error message titled "Crystal Report Windows Forms Viewer"  states "Logon Failed. Please try again".  We have contacted Activant about this issue and they do not find any errors in the set up.  They have told us there is probably an issue with Crystal Reports and asked us to contact your company.  We have also contacted a friendly competitor who uses the same Activant P21 software and create custom reports with Crystal Reports 2008 which include user input parameters.  Their custom reports work without a glitch.  What would prevent us from refreshing a custom Crystal report?

  Hi Don,
  Activant P21 is insisting our issue is a Crystal problem.  We are unable to refresh the reports inside their software.  We have tried every user id and password we know and it still will not refresh our CR report. 
  When we use CR2008 to refresh a report, a window opens titled "OLE DB (ADO)" and asks to choose a data source "ODBC Data Source....Choose a data source from the list"  We select our ODBC DSN: P21 Live and click next.  Another window opens titled "OLD DB (ADO) asking for a password "Connection Information...Provide necessary information to log on to the chosen data source." At this point it does not matter what "User ID" or "Password" we use, the report will refresh.  We have used the Adminstrator with a password, we used my user name and password and we used the administrator without a password and in all three instances, the report refreshed with the correct data.
  I don't see how this is a Crystal problem unless there is something I am missing.  Any help you can provide will be deeply appreciated.
  Bob