Using an alternate security realm

Similar Messages

• Errors encountered while using a Custom Security Realm on a Platform Domain

  Hi,
  We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
  7.0) and some Web Service apps are running on this domain.
  We have created a Custom Security Realm b'cos of our application requirements
  and now when I startup the Platform Domain, I see lot of errors.
  Some of the errors typically are
  "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
  for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
  could not be resolved to a valid user in the system. Please check if the user
  exists.
  javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
  denied in Realm Adapter realm weblogic"
  or
  Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
  weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
  wlisystem denied in Realm Adapter realm weblogic
  Do we have to create any predefined user accounts in the Security Store to get
  rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
  for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
  Thanks
  Vikram

  Hello Vikram,
  Are you using the new WLS 7.0 security framework? It is not supported for
  Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
  style) security.
  Ture Hoefner
  BEA Systems, Inc.
  www.bea.com
  "Vikram Datla" <[email protected]> wrote in message
  news:3e273015$[email protected]..
  >
  Hi,
  We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
  7.0) and some Web Service apps are running on this domain.
  We have created a Custom Security Realm b'cos of our applicationrequirements
  and now when I startup the Platform Domain, I see lot of errors.
  Some of the errors typically are
  "<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
  for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
  could not be resolved to a valid user in the system. Please check if theuser
  exists.
  javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
  denied in Realm Adapter realm weblogic"
  or
  Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
  weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
  wlisystem denied in Realm Adapter realm weblogic
  Do we have to create any predefined user accounts in the Security Store toget
  rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
  for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
  >
  Thanks
  Vikram

• Using LDAP as security realm

  Hi,
  Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
  for Weblogic Personalization and Commerce 3.5.
  Using the WLCS console, I've modified the config.xml file and following
  elements are added:
  <LDAPRealm AuthProtocol='simple' Credential='admin'
  GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
  GroupUsernameAttribute='uniquemember'
  LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
  Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
  UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
  UserNameAttribute='uid'/>
  <CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
  Name='wlcsCachingRealm'/>
  But when we try to restart the WLCS, it throws java exceptions that context
  is not initialized and I get the following error
  <Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
  ser
  ver: 'Fatal initialization exception
  Throwable: weblogic.security.ldaprealm.LDAPException: could not get
  context - wi
  th nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
  Credential
  s]]]
  weblogic.security.ldaprealm.LDAPException: could not get context - with
  nested e
  xception:
  I tried using Windows NT as a security realm but that gave me errors too.
  Does anyone has any experience using anything other than the default Realm?
  Any help would be appreciated. Thanks!
  Asim Raja
  [email protected]

  I'm not sure, but I suspect you can't
  since this would create a circular dependency -
  your realm would rely on the upper level security
  checking calls but those calls would rely on your
  realm.
  My suggestion is to give it a try and see what
  happens.
  -Tom
  Ozcan ADIYAMAN <[email protected]> wrote:
  Hi ,
  I am implementing a simple custom security realm using LDAP as the
  security store and I can see the users, groups and acls from the admin
  console.
  My question is (a custom realm newbie question) ;
  Is it possible to use weblogic.security.acl.Security with my custom
  realm to check permissions, get the current user,etc.,
  OR
  is this class ONLY used with default realms (when ACL is stored in a
  file) ?
  Thanks
  Ozcan

• Unable to use a custom security realm with Netscape Directory Server in WebLogic 7

  I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
  using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
  Admin Console again and clicked the Users node under my custom realm, I saw this
  message in the right-hand pane: "There are no Authentication providers available
  that support the creation of Users". Also, I don't see my custom realm in the
  dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
  What did I do wrong? Also, where does WebLogic store the custom security realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

  Thanks for the info.
  I wonder when they will fix it.
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  >
  According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
  displying users and groups defined in Netscape Directory Server.
  Eric Ma
  "Jakub Wroniszewski" <[email protected]> wrote:
  I have the same problem.
  Any new ideas?
  Rgds,
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  Now I doubt my custom security realm is actually using the NetscapeDirectory Server
  as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
  the Users node displays all users in the LDAP server, in WebLogic 7I keep
  getting
  the message "There are no Authentication providers available that
  support
  the
  creation of Users." Any suggestions?
  "Eric Ma" <[email protected]> wrote:
  Never mind. I tried again by following the steps outlined at
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
  l
  oper.interest.security&item=8463&utag=
  and it seemed to have worked for me.
  "Eric Ma" <[email protected]> wrote:
  I have all users and groups stored in a Netscape LDAP server (version
  4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic7
  (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I
  tried
  this by
  using the Admin Console and followed exactly the steps in Chapter3
  of
  the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged
  into the
  Admin Console again and clicked the Users node under my custom realm,
  I saw this
  message in the right-hand pane: "There are no Authentication
  providers
  available
  that support the creation of Users". Also, I don't see my customrealm
  in the
  dropdown list under mydomain -> Security tab -> General tab ->
  Default
  Realm.
  What did I do wrong? Also, where does WebLogic store the customsecurity
  realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

• Is this possible to use no default security realm?

  Hi,
  I created new security ReadOnlySQLAuthentication provider in the default realm and it works. Now I have all the users from all applications in one realm. If they use the same enterprise roles, user can log to one application with login and password from another application. To prevent it I created another security realm. I've added ReadOnlySQLAuthentication provider, set in my application new realm name - in jazn-data.xml and web.xml. But it doesn't work. My questions are:
  It is possible to use few realms? So one application will use default realm, another no default realm.
  If so, how to bind an application to no default realm?
  Bart

  Hi,
  A WLS instance only supports a single realm. So the answer unfortunately is no (was different with OC4J)
  Frank

• How can one use one specific security realm per application ? The realm-name attribute of the login-config tag of web.xml does not make any difference

  Hi,
  I have different sets of users coming from different databases and using different
  roles mapping for each of my web applications. I would like to configure a specific
  security realm per application in my weblogic server 7.0 . Is it possible ?
  I try to specify the realm-name of the login-config tag from the web-xml deployement
  descriptor but it doesn't make any difference. The default realm is always used.
  I also would like to tell the Weblogic server to use the default realm in case
  the realm isn't specified or isn't found. For example, the default would contains
  my admin users.
  Thanks a lot for your answer.
  Iz

  I thik this is a common mistake the ralm-name tag in the deployment descriptor is used
  just by the browser for display purposes (when it opens the basic auth dialog box) so as
  of now there is only 1 active realm which can have multiple providers as Kevin pointed
  out
  Kevin Lewis wrote:
  WebLogic 7 now ignores the realm-name tag (I found that out yesterday).
  My understanding is that there is only one realm active at a time for a domain
  (I would be interested in being contradicted in this).
  However, you can have multiple providers in each category of a realm: authentication,
  authorization, etc. Therefore, what you can do is key authentication, et al,
  off of some other information. We have our users enter their company, for example,
  and use the TextInputCallback to get it. You could also encode something in the
  initial page, based on the URL they hit, or whatever, and get that back in your
  callback.
  You can store that information in your own Principal implementation, and key off
  of that in your authorization provider, going to a different database as appropriate,
  or abstaining when a specific provider doesn’t have anything to say about a subject.
  Anyway, there should be a way to do it, even if it's more complex than you would
  have hoped.
  --Kevin

• RDBMS Security realm 6.1-8.1 migration

  I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
  Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
  I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
  Security' node appearing in the left-hand console pane. The contents of the Users
  and Groups nodes visible under this node look correct (ie as defined in the underlying
  database).
  However, to get to this point I had to initially hardwire the values for the database
  driver, url, user and password as these were null when obtained from the associated
  RDBMSRealmMBean object, causing the server to fail to start. This enabled me
  to bootstrap the process so that I could use the console to enter these values
  on the Database tab for the Realm I had defined for Compatibility Security. I
  see no mention of this step in the instructions referred to above and therefore
  missed out this vital step.
  When WLS8.1 starts it displays:
  <date&time> <Notice> <Security> <BEA-090082> <Security initializing using security
  realm myrealm.>
  myrealm is a Realm listed under Security but I would have expected the realm to
  be the specially-defined realm associated with Compatibility Security. So, question
  number 1 - does this output from WLS indicate that it is using the Compatibility
  Security realm or the default realm?
  Although the console displays the expected set of users and groups , my application
  is failing to associate a user with a 'role' - the Groups node shows that user
  U is in group G but when the application invokes the SessionContext method isCallerInRole(String
  role) where the caller is U and the role is G the result of the invocation is
  false. Question number 2 - why does this not return true in this case?
  Note, this code (that I have inherited) worked fine in WLS6.1 and the only significant
  change I needed to make for WLS8.1 is in the wrapper classes, in particular the
  code to get the required RDBMSRealmMBean. Having now successfully got hold of
  this object I would have expected the rest of the code to work fine (ok, 'expected'
  is a bit optimisitic - but I'm not aware that there are any functional differences
  beyond obtaining the RDBMSRealmMBean object).
  Many thanks in advance for any assistance with this.
  David

  Mehrshad
  I wasn't involved in the original WL6.1 code development but this is based on
  the example code that BEA provide with the WLS6.1 installation - it should therefore
  be visible at ~bea/wlserver6.1/samples/examples/security/rdbmsrealm
  HTH
  David
  "Mehrshad Setayesh" <[email protected]> wrote:
  >
  David:
  I am trying to do the same thing and can not find which RealmClassName
  to use
  in 8.1. In our previous version, 6.1, I was using com.bea.wlpi.rdbmsrealm.RDBMSRealm.
  What is the mapping
  Java class in 8.1? Thanks.
  Regards
  Mehrshad
  "David Franklin" <[email protected]> wrote:
  I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
  Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
  I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
  Security' node appearing in the left-hand console pane. The contents
  of the Users
  and Groups nodes visible under this node look correct (ie as defined
  in the underlying
  database).
  However, to get to this point I had to initially hardwire the values
  for the database
  driver, url, user and password as these were null when obtained from
  the associated
  RDBMSRealmMBean object, causing the server to fail to start. This enabled
  me
  to bootstrap the process so that I could use the console to enter these
  values
  on the Database tab for the Realm I had defined for Compatibility Security.
  I
  see no mention of this step in the instructions referred to above and
  therefore
  missed out this vital step.
  When WLS8.1 starts it displays:
  <date&time> <Notice> <Security> <BEA-090082> <Security initializingusing
  security
  realm myrealm.>
  myrealm is a Realm listed under Security but I would have expected the
  realm to
  be the specially-defined realm associated with Compatibility Security.
  So, question
  number 1 - does this output from WLS indicate that it is using the Compatibility
  Security realm or the default realm?
  Although the console displays the expected set of users and groups ,
  my application
  is failing to associate a user with a 'role' - the Groups node shows
  that user
  U is in group G but when the application invokes the SessionContextmethod
  isCallerInRole(String
  role) where the caller is U and the role is G the result of the invocation
  is
  false. Question number 2 - why does this not return true in this case?
  Note, this code (that I have inherited) worked fine in WLS6.1 and the
  only significant
  change I needed to make for WLS8.1 is in the wrapper classes, in particular
  the
  code to get the required RDBMSRealmMBean. Having now successfully got
  hold of
  this object I would have expected the rest of the code to work fine(ok,
  'expected'
  is a bit optimisitic - but I'm not aware that there are any functional
  differences
  beyond obtaining the RDBMSRealmMBean object).
  Many thanks in advance for any assistance with this.
  David

• Weblogic security realm mapping to DB

  I have one question about Weblogic 7.01 security.
  I have created USER, GROUP and ROLES table in my RDBMS.
  Can I use the RDBMS realm if my users are in a database
  table already? Can I tune Weblogic security realm to my database tables?
  Any advice or links will be very appreciate.
  Thanks a lot for any help, Volodymyr Shram.

  Thanks, criokeeper for your fast answer.
  Woould you so kind to explain me one moment.
  At http://e-docs.bea.com/wls/docs70/ConsoleHelp/domain_rdbmsrealm_config_general.html I found that "To use the RDBMS security realm, you need to use Compatibility security. The use of the RDBMS security realm is deprecated in WebLogic Server 7.0."
  What does that means? Have I use the Compatibility security or it's jaust for ver. 6.x to ver.7.0 migration?
  Thanks a lot for your answer.
  Regards, Volodymyr.

• Conf. a Win2K Security Realm on WebLogic

       Hi! I'm having some problems configuring a security realm in WebLogic
  server 6.0sp1.
       I'd like that WebLogic use the Windows2000 security realm as the
  default security (it can be used as the secondary security realm
  if it's the only way).     
  We've been trying to make it work for the last two (business) days
  with no hope of being successfull at all.
       We are using the BEA documentation 'Managing Security' as reference,
  and we have some doubts about what's in there.
  First doubt:     The documentation says that we need to create new
  security realm of the type Windows NT. OK, we did it. But we are
  not sure about how to fill the filed Primary Domain. The documentation
  says to put the host and port of the computer where User and Groups
  are defined for the NT domain. I'm using the same computer for
  both (NT domain and Web Logic), so I put the host name (babalu).
  Wich port should I put?
  Second doubt:     The documentation says to create a systerm user on
  the NT domain using NT administrative tools, names it 'system'
  and set some stuff for it. But windows 2000 already has a user
  with that name (SYSTE, but capitalized) and the property that I
  should set on it doesn't exist! By the way, on the system user
  user that windows2000 has I wasn't able to set any property.
  Last doubt (maybe should be the first one) : Does WebLogic 6.0sp1
  support Security Realms from Windows 2000? Or I need to download
  another plugin or somethign like that?
       Thanks for Reading and (hope) Answering my qusetions!
  Roberto Giordano Barra

  Hi! Thanks for the answer. I'll try to run WebLogic as a service.
  In fact, I tried it before but I wasn't able to. I started the
  service by hand, but I wasn't able to access the server. So, I
  click on the 'remove web logic as service'(something like that)
  in the WebLogic program group. Ok, it was removed. But when I tried
  to put it back I didn't find no funny button to help me! Could
  you help me with that?
  Another thing. If I use NT Realm as a Caching Realm I'll be
  able to see the NT user and users groups with the Web Logic management
  GUI ?
  Thanks once again,
  Roberto Giordano Barra
  "arthur" <[email protected]> wrote:
  >
  Hi,
  By saying win2k I am assuming you mean creating an NT
  realm.
  Do not bother specifying a port, just put the server name.
  You have to ensure that you are running the weblogic server
  as
  a NT service if you want to use the NTrealm.
  Make sure under Caching Realm you specify the NTrealm.
  That should be it.
  Hope this helps.
  Regards,
  -Arthur
  "Roberto Giordano Barra" <[email protected]> wrote:
       Hi! I'm having some problems configuring a security
  realm in WebLogic
  server 6.0sp1.
       I'd like that WebLogic use the Windows2000 securityrealm
  as the
  default security (it can be used as the secondary security
  realm
  if it's the only way).     
  We've been trying to make it work for the last two (business)
  days
  with no hope of being successfull at all.
       We are using the BEA documentation 'Managing Security'
  as reference,
  and we have some doubts about what's in there.
  First doubt:     The documentation says that we need to create
  new
  security realm of the type Windows NT. OK, we did it.
  But we are
  not sure about how to fill the filed Primary Domain.The
  documentation
  says to put the host and port of the computer where User
  and Groups
  are defined for the NT domain. I'm using the same computer
  for
  both (NT domain and Web Logic), so I put the host name
  (babalu).
  Wich port should I put?
  Second doubt:     The documentation says to create a systerm
  user on
  the NT domain using NT administrative tools, names it
  'system'
  and set some stuff for it. But windows 2000 already has
  a user
  with that name (SYSTE, but capitalized) and the property
  that I
  should set on it doesn't exist! By the way, on the system
  user
  user that windows2000 has I wasn't able to set any property.
  Last doubt (maybe should be the first one) : Does WebLogic
  6.0sp1
  support Security Realms from Windows 2000? Or I needto
  download
  another plugin or somethign like that?
       Thanks for Reading and (hope) Answering my qusetions!
  Roberto Giordano Barra

• One custom security realm for many wl servers?

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

• Unix Security Realm

  I am trying to configure Weblogic 5.1.0, SP8, to use the Unix security Realm. I have
  followed the installation and configuration directions, but when I try to test by
  bringing up the AdminRealm servlet, it asks me for a userid & password 3 times (which
  isn't mentioned in the directions), then gives me this error: "Supplied credentials
  don't grant adequate privileges". I've tried signing on with several different accounts,
  all the way up to 'root', all with the same results. What is it after and why isn't
  even 'root' good enough? I've looked at the debug tracings from setting weblogic.security.realm.debug=true,
  but everything seems to hit 'POS' except that it doesn't find the weblogic.url file
  (whatever that is).
  TIA for any assistance.
  Don

  More information...
  If I give access to 'everyone' for the admin servlets, all of them works perfectly except AdminRealm that will
  throw an exception:
  "weblogic.security.unixrealm.SubprocessException: request failed:
  at weblogic.security.unixrealm.UnixDelegate$Chat.require(UnixDelegate.java:167)
  at weblogic.security.unixrealm.UnixRealm.getUsers(UnixRealm.java:229)......."
  And if I do as Don (follow the installation guide) I have the same problem.
  But still, I can set permissions on the helloWorld example and it works fine!
  BR,
  Sven
  Sven-Åke Larsson wrote:
  I have the same problem.
  There's no problem running for example the helloworld servlet, but if I set a specific user to have permissions
  on the admin servlets WLS says during startup that "Principal 'blablabla' does not exist in properties file".
  Of course not, I'm using the Unix realm...
  --Sven
  Don Adams wrote:
  I am trying to configure Weblogic 5.1.0, SP8, to use the Unix security Realm. I have
  followed the installation and configuration directions, but when I try to test by
  bringing up the AdminRealm servlet, it asks me for a userid & password 3 times (which
  isn't mentioned in the directions), then gives me this error: "Supplied credentials
  don't grant adequate privileges". I've tried signing on with several different accounts,
  all the way up to 'root', all with the same results. What is it after and why isn't
  even 'root' good enough? I've looked at the debug tracings from setting weblogic.security.realm.debug=true,
  but everything seems to hit 'POS' except that it doesn't find the weblogic.url file
  (whatever that is).
  TIA for any assistance.
  Don

• Using RDBMS Security Realm in production?

  Hi,
  In the BEA documentation it is stated that 'The RDBMS Security Realm is an
  example and is not ment to be used in a production environment.'
  However, of the Realms that are available this one seems to be best suited
  for our needs, so I'm wondering if there is any specific reason why this
  Realm should not be used in production. Has anyone had any experience using
  it in a live environment?
  I would be thankful for any information on this.
  /Mattias Arthursson

  Hi.
  Try posting this on the security newsgroup.
  Regards,
  Michael
  Mattias Arthursson wrote:
  Hi,
  In the BEA documentation it is stated that 'The RDBMS Security Realm is an
  example and is not ment to be used in a production environment.'
  However, of the Realms that are available this one seems to be best suited
  for our needs, so I'm wondering if there is any specific reason why this
  Realm should not be used in production. Has anyone had any experience using
  it in a live environment?
  I would be thankful for any information on this.
  /Mattias Arthursson--
  Michael Young
  Developer Relations Engineer
  BEA Support

• Everyone group in an alternate RDBMS Security Realm

  We have implemented an alternate Oracle RDBMS security realm. The problem we have is that users added to the RDBMS realm do not show up in the console display of the Everyone group. Only users in the file realm show. Has anybody else experienced this behaviour? We have been able to confirm that users added to the RDBMS realm are indeed members of the Everyone group, they just don't show up as such in the console display.

  Rick Hendricks wrote:
  We have implemented an alternate Oracle RDBMS security realm. The problem we have is that users added to the RDBMS realm do not show up in the console display of the Everyone group. Only users in the file realm show. Has anybody else experienced this behaviour? We have been able to confirm that users added to the RDBMS realm are indeed members of the Everyone group, they just don't show up as such in the console display.Without looking at the code my guess would be that this is an artifact of an implementation where group "everyone" is backed by a class that always answers true to isMember() message and does not keep track of group members.
  Cheers,
  Alex

• Use another security realm

  I don't remember how have I done it. Somehow I made me a 'file' based realm (name file) and then set in weblogic-application.xml
    <security>
    <realm-name>file</realm-name>
    </security>and I remember that that was it...
  but now... it gives me weblogic.security.service.InvalidParameterException: [Security:090396]Security Realm file does not exist ...
  If i do the same thing with the defaul myrealm it works... I don't remember setting the file realm as default...
  Do you know how can I change the realm for my application?
  Thanks

  Thanks Vishnu,
  I made a stupid thing I added SQLAuthenticator to the default and the db instance is down ... now I have to manually remove it from config.xml

• Debug-Mode for Security Realm

  Hi,
  then i try start the server with the debug mode i get the following
  exception:
  Starting WebLogic Server ....
  <Tue Oct 24 17:45:33 GMT+02:00 2000> <Info> <Management> <Loading
  configuration file .\config\virtHoDomain\config.xml...>
  Unable to dump log: Fatal initialization exception
  Throwable: java.lang.StackOverflowError
  java.lang.StackOverflowError
  at java.util.Collections$SynchronizedMap.get(Collections.java:1433)
  at
  weblogic.kernel.ResettableThreadLocal.currentStorage(ResettableThreadLocal.j
  ava:100)
  at
  weblogic.kernel.ResettableThreadLocal.get(ResettableThreadLocal.java:35)
  at
  weblogic.transaction.internal.TransactionManagerImpl.getOrCreateThreadProp(T
  ransactionManagerImpl.java:844)
  at
  weblogic.transaction.internal.TransactionManagerImpl.getTransaction(Transact
  ionManagerImpl.java:359)
  at weblogic.transaction.TxHelper.getTransaction(TxHelper.java:34)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:156)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  at weblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
  at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
  at weblogic.security.acl.Security.getCurrentUser(Security.java:238)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  at weblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
  at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
  at weblogic.security.acl.Security.getCurrentUser(Security.java:238)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  I even get that exeception if try to initialize the
  weblogic.logging.LogManager in a commun class.
  I think this is a bug.

  Hi Lars Klippert
  Sorry for the late reply. First of all, thank you for uncovering an untested part of ServerDebug MBean. The Debug Mode for Security Realms currently works for fileRealm but doesnot work for alternate realms(e.g., LDAP realm). We're in the process of fixing this in the future releases(may not be Beta Refresh but will definitely be fixed in GA). I'm attaching a working config.xml(with fileRealm) and the only change you've to make to your config.xml is
  <Server
  <ServerDebug
  DebugSecurityRealm="true"
  Name="myserver"
  />
  </Server>
  If you're debugging a fileRealm then I belive, this serves your purpose. But if you're debugging a Security Realm other than fileRealm and this is blocking you, plz let us know so that this will be fixed with a higer priority. Thanks again for uncovering this. We will let you know as soon as this is fixed.
  regards
  "Lars Klippert" <[email protected]> wrote:
  Hi,
  Part from config.xml:
  <Server ...>
  <ServerDebug Name="virtHoServer" DebugSecurityRealm="false"/>
  </Server>
  Part from my start-script:
  %JAVA_HOME%\bin\java.exe -ms16m -mx64m -classpath
  %CLASSPATH% -Dweblogic.Domain=virtHoDomain -Dweblogic.Name=virtHoServer -Dja
  va.security.policy==.\lib\weblogic.policy weblogic.Server
  As you can see i enable the debug-mode in the config.xml.
  I also get the exception then i disable the debug-modus and
  initialize the weblogic.logging.LogOutputStream by hand.
  For our EntityBeans we have developed a custom error logger
  that uses the weblogic.logging.LogOutputStream and it works
  fine. Maybe the error only acccours if two or more
  weblogic.logging.LogOutputStreams are active...
  With the 5.1.0 version of the server everything works fine.
  Thanks
  "Paul Ferwerda" <[email protected]> schrieb im Newsbeitrag
  news:[email protected]...
  How exactly are you starting "the server with debug mode"?
  Thanks,
  Paul
  Lars Klippert wrote:
  Hi,
  then i try start the server with the debug mode i get the following
  exception:
  Starting WebLogic Server ....
  <Tue Oct 24 17:45:33 GMT+02:00 2000> <Info> <Management> <Loading
  configuration file .\config\virtHoDomain\config.xml...>
  Unable to dump log: Fatal initialization exception
  Throwable: java.lang.StackOverflowError
  java.lang.StackOverflowError
  at
  java.util.Collections$SynchronizedMap.get(Collections.java:1433)
  at
  weblogic.kernel.ResettableThreadLocal.currentStorage(ResettableThreadLocal.j
  ava:100)
  at
  weblogic.kernel.ResettableThreadLocal.get(ResettableThreadLocal.java:35)
  at
  weblogic.transaction.internal.TransactionManagerImpl.getOrCreateThreadProp(T
  ransactionManagerImpl.java:844)
  at
  weblogic.transaction.internal.TransactionManagerImpl.getTransaction(Transact
  ionManagerImpl.java:359)
  atweblogic.transaction.TxHelper.getTransaction(TxHelper.java:34)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:156)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  atweblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
  atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
  atweblogic.security.acl.Security.getCurrentUser(Security.java:238)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  atweblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
  atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
  atweblogic.security.acl.Security.getCurrentUser(Security.java:238)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
  at
  weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
  at weblogic.logging.LogManager.log(LogManager.java:93)
  I even get that exeception if try to initialize the
  weblogic.logging.LogManager in a commun class.
  I think this is a bug.