Using RDBMS Security Realm in production?

Hi,
In the BEA documentation it is stated that 'The RDBMS Security Realm is an
example and is not ment to be used in a production environment.'
However, of the Realms that are available this one seems to be best suited
for our needs, so I'm wondering if there is any specific reason why this
Realm should not be used in production. Has anyone had any experience using
it in a live environment?
I would be thankful for any information on this.
/Mattias Arthursson

Hi.
Try posting this on the security newsgroup.
Regards,
Michael
Mattias Arthursson wrote:
Hi,
In the BEA documentation it is stated that 'The RDBMS Security Realm is an
example and is not ment to be used in a production environment.'
However, of the Realms that are available this one seems to be best suited
for our needs, so I'm wondering if there is any specific reason why this
Realm should not be used in production. Has anyone had any experience using
it in a live environment?
I would be thankful for any information on this.
/Mattias Arthursson--
Michael Young
Developer Relations Engineer
BEA Support

Similar Messages

RDBMS Security realm 6.1-8.1 migration

I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
Security' node appearing in the left-hand console pane. The contents of the Users
and Groups nodes visible under this node look correct (ie as defined in the underlying
database).
However, to get to this point I had to initially hardwire the values for the database
driver, url, user and password as these were null when obtained from the associated
RDBMSRealmMBean object, causing the server to fail to start. This enabled me
to bootstrap the process so that I could use the console to enter these values
on the Database tab for the Realm I had defined for Compatibility Security. I
see no mention of this step in the instructions referred to above and therefore
missed out this vital step.
When WLS8.1 starts it displays:
<date&time> <Notice> <Security> <BEA-090082> <Security initializing using security
realm myrealm.>
myrealm is a Realm listed under Security but I would have expected the realm to
be the specially-defined realm associated with Compatibility Security. So, question
number 1 - does this output from WLS indicate that it is using the Compatibility
Security realm or the default realm?
Although the console displays the expected set of users and groups , my application
is failing to associate a user with a 'role' - the Groups node shows that user
U is in group G but when the application invokes the SessionContext method isCallerInRole(String
role) where the caller is U and the role is G the result of the invocation is
false. Question number 2 - why does this not return true in this case?
Note, this code (that I have inherited) worked fine in WLS6.1 and the only significant
change I needed to make for WLS8.1 is in the wrapper classes, in particular the
code to get the required RDBMSRealmMBean. Having now successfully got hold of
this object I would have expected the rest of the code to work fine (ok, 'expected'
is a bit optimisitic - but I'm not aware that there are any functional differences
beyond obtaining the RDBMSRealmMBean object).
Many thanks in advance for any assistance with this.
David

Mehrshad
I wasn't involved in the original WL6.1 code development but this is based on
the example code that BEA provide with the WLS6.1 installation - it should therefore
be visible at ~bea/wlserver6.1/samples/examples/security/rdbmsrealm
HTH
David
"Mehrshad Setayesh" <[email protected]> wrote:
>
David:
I am trying to do the same thing and can not find which RealmClassName
to use
in 8.1. In our previous version, 6.1, I was using com.bea.wlpi.rdbmsrealm.RDBMSRealm.
What is the mapping
Java class in 8.1? Thanks.
Regards
Mehrshad
"David Franklin" <[email protected]> wrote:
I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
Security' node appearing in the left-hand console pane. The contents
of the Users
and Groups nodes visible under this node look correct (ie as defined
in the underlying
database).
However, to get to this point I had to initially hardwire the values
for the database
driver, url, user and password as these were null when obtained from
the associated
RDBMSRealmMBean object, causing the server to fail to start. This enabled
me
to bootstrap the process so that I could use the console to enter these
values
on the Database tab for the Realm I had defined for Compatibility Security.
I
see no mention of this step in the instructions referred to above and
therefore
missed out this vital step.
When WLS8.1 starts it displays:
<date&time> <Notice> <Security> <BEA-090082> <Security initializingusing
security
realm myrealm.>
myrealm is a Realm listed under Security but I would have expected the
realm to
be the specially-defined realm associated with Compatibility Security.
So, question
number 1 - does this output from WLS indicate that it is using the Compatibility
Security realm or the default realm?
Although the console displays the expected set of users and groups ,
my application
is failing to associate a user with a 'role' - the Groups node shows
that user
U is in group G but when the application invokes the SessionContextmethod
isCallerInRole(String
role) where the caller is U and the role is G the result of the invocation
is
false. Question number 2 - why does this not return true in this case?
Note, this code (that I have inherited) worked fine in WLS6.1 and the
only significant
change I needed to make for WLS8.1 is in the wrapper classes, in particular
the
code to get the required RDBMSRealmMBean. Having now successfully got
hold of
this object I would have expected the rest of the code to work fine(ok,
'expected'
is a bit optimisitic - but I'm not aware that there are any functional
differences
beyond obtaining the RDBMSRealmMBean object).
Many thanks in advance for any assistance with this.
David

Everyone group in an alternate RDBMS Security Realm

We have implemented an alternate Oracle RDBMS security realm. The problem we have is that users added to the RDBMS realm do not show up in the console display of the Everyone group. Only users in the file realm show. Has anybody else experienced this behaviour? We have been able to confirm that users added to the RDBMS realm are indeed members of the Everyone group, they just don't show up as such in the console display.

Rick Hendricks wrote:
We have implemented an alternate Oracle RDBMS security realm. The problem we have is that users added to the RDBMS realm do not show up in the console display of the Everyone group. Only users in the file realm show. Has anybody else experienced this behaviour? We have been able to confirm that users added to the RDBMS realm are indeed members of the Everyone group, they just don't show up as such in the console display.Without looking at the code my guess would be that this is an artifact of an implementation where group "everyone" is backed by a class that always answers true to isMember() message and does not keep track of group members.
Cheers,
Alex

RDBMSRealm - Cloudscape rdbms security realm

Have a bit of a problem with the cloudscape rdbms security realm shipped with weblogic
6.1
I am trying the sample rdbmsrealm secuirty example in WLS6.1 SP2.
I changed the class RDBMSRealm.java to add a public method say
display();
From my jsp page I have
RDBMSRealm realm = new RDBMSRealm();
realm.display();
realm.getUser("jason").getName();
When I run this I am able to access the display method, but
the call to getUser fails with
<Feb 27, 2002 12:58:11 PM PST> <Error> <HTTP> <[WebAppServletContext(5278096,for
mauth,/formauth)] Servlet failed with Exception
ERROR 40XL1: A lock could not be obtained within the time requested
at c8e.c_.b.newException(Unknown Source)
at c8e._g.g.lockObject(Unknown Source)
at c8e._g.f.zeroDurationlockObject(Unknown Source)
at c8e.as.r.lockRecordForRead(Unknown Source)
at c8e.s.h.lockPositionForRead(Unknown Source)
at c8e.s.d.fetchRows(Unknown Source)
at c8e.w.g.fetchNextGroup(Unknown Source)
at c8e.h.h.e(Unknown Source)
at c8e.h.h.getNextRowCore(Unknown Source)
at c8e.h.z_.getNextRow(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.next(Unknown Source)
at examples.security.rdbmsrealm.RDBMSDelegate.getUser(RDBMSDelegate.java
:270)
In my JSP page when I
weblogic.security.acl.CachingRealm realm =
(weblogic.security.acl.CachingRealm) weblogic.security.acl.Security.getRealm();
realm.getUser() works, But I am not able to access/find display()
realm.display();
Any suggestions would help. Thanks
Seshadri
<CachingRealm BasicRealm="defaultRDBMSRealmForCloudscape" Name="defaultCachingRealm"/>
<Realm CachingRealm="defaultCachingRealm" FileRealm="wl_default_file_realm" Name="wl_default_file_realm"/>

"Seshadri" <[email protected]> wrote:
>
Have a bit of a problem with the cloudscape rdbms security realm shipped
with weblogic
6.1
I am trying the sample rdbmsrealm secuirty example in WLS6.1 SP2.
I changed the class RDBMSRealm.java to add a public method say
display();
From my jsp page I have
RDBMSRealm realm = new RDBMSRealm();
realm.display();
realm.getUser("jason").getName();
When I run this I am able to access the display method, but
the call to getUser fails with
<Feb 27, 2002 12:58:11 PM PST> <Error> <HTTP> <[WebAppServletContext(5278096,for
mauth,/formauth)] Servlet failed with Exception
ERROR 40XL1: A lock could not be obtained within the time requested
at c8e.c_.b.newException(Unknown Source)
at c8e._g.g.lockObject(Unknown Source)
at c8e._g.f.zeroDurationlockObject(Unknown Source)
at c8e.as.r.lockRecordForRead(Unknown Source)
at c8e.s.h.lockPositionForRead(Unknown Source)
at c8e.s.d.fetchRows(Unknown Source)
at c8e.w.g.fetchNextGroup(Unknown Source)
at c8e.h.h.e(Unknown Source)
at c8e.h.h.getNextRowCore(Unknown Source)
at c8e.h.z_.getNextRow(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.movePosition(Unknown Source)
at c8e.k.n.next(Unknown Source)
at examples.security.rdbmsrealm.RDBMSDelegate.getUser(RDBMSDelegate.java
:270)
In my JSP page when I
weblogic.security.acl.CachingRealm realm =
(weblogic.security.acl.CachingRealm) weblogic.security.acl.Security.getRealm();
realm.getUser() works, But I am not able to access/find display()
realm.display();
Any suggestions would help. Thanks
Seshadri
<CachingRealm BasicRealm="defaultRDBMSRealmForCloudscape" Name="defaultCachingRealm"/>
<Realm CachingRealm="defaultCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_file_realm"/>

Use another security realm

I don't remember how have I done it. Somehow I made me a 'file' based realm (name file) and then set in weblogic-application.xml
<security>
<realm-name>file</realm-name>
</security>and I remember that that was it...
but now... it gives me weblogic.security.service.InvalidParameterException: [Security:090396]Security Realm file does not exist ...
If i do the same thing with the defaul myrealm it works... I don't remember setting the file realm as default...
Do you know how can I change the realm for my application?
Thanks

Thanks Vishnu,
I made a stupid thing I added SQLAuthenticator to the default and the db instance is down ... now I have to manually remove it from config.xml

Weblogic security realm mapping to DB

I have one question about Weblogic 7.01 security.
I have created USER, GROUP and ROLES table in my RDBMS.
Can I use the RDBMS realm if my users are in a database
table already? Can I tune Weblogic security realm to my database tables?
Any advice or links will be very appreciate.
Thanks a lot for any help, Volodymyr Shram.

Thanks, criokeeper for your fast answer.
Woould you so kind to explain me one moment.
At http://e-docs.bea.com/wls/docs70/ConsoleHelp/domain_rdbmsrealm_config_general.html I found that "To use the RDBMS security realm, you need to use Compatibility security. The use of the RDBMS security realm is deprecated in WebLogic Server 7.0."
What does that means? Have I use the Compatibility security or it's jaust for ver. 6.x to ver.7.0 migration?
Thanks a lot for your answer.
Regards, Volodymyr.

Fusion Middlewar Enterprise Manager & RDBMS Security Store

Hello,
when using a weblogic soa domain configured with the realm to use RDBMS Security Store or adding a new SQLAuthProvider into the realm, the Fusion Middleware Enterprise manager does not show status of servers and deployed components anymore. Everything is red and the status column shows a clock.
It seems that Enterprise Manager Application does not work (cannot retrieve status of servers and deployed components) when using a SQL Auth provider or RDBMS Security store.
Does anyone have the same problem??
Database used: oracle 11g. SOA Suite 11.1.1.6
Thanks.
Alexander
Edited by: user13290225 on Nov 1, 2012 7:55 AM
Edited by: user13290225 on Nov 1, 2012 7:55 AM

I have cleared the tmp Folder under the Admin Server Directory and restarted the server..but still facing the same error..How to resolve the error *"oracle.adf.share.security.authentication.AuthenticationServlet"*

Disscuss of using RDBMS Realm

Hi,
Now maybe eveyone knows that the RDBMS Realm provided by weblogic 6.0 isn't production
ready, and miss some functions, for examples, change password, or add group no.
It is suprised for me that weblogic didn't support these basic functions of RDBMSRealm
and didn't provide suitable documentation for implementing this RDBMS Realm.
So I ask for help that if everyone know how to implement one function: changeCredential.
I know the weblogic.management.configuration.Uer object has this method (User.changeCredential(oldPass,
newPass)). I know I have to provide one additional database schema for updating
user password. I know I should add a method in the RDBMSDelegate and RDBMSRealm
classes. But I don't the suitable method signature, and couldn't find internal
method call when the user click the "change" button changing password in the Console.
Thank you very much for any idea or help. Also I'd like to deeply discuss other
security issues.
Is any project use the RDBMS realm?
By the way, if anyone try to directly update the database tables as a means to
implement this issues. I have tried this approach, and it seems work fine except
for some catching delay. Can anyone tell me if this is an effective method?
Thx

This RDBMS Realm issue is really bother me too. I was wondering if anyone use the
RDBMS Realm for production. it is difficult to find what the architecture the
RealmMBean object and RealmManager is. Any idea let me know. Good luck.
"andy Zhong" <[email protected]> wrote:
>
Hi,
Now maybe eveyone knows that the RDBMS Realm provided by weblogic 6.0
isn't production
ready, and miss some functions, for examples, change password, or add
group no.
It is suprised for me that weblogic didn't support these basic functions
of RDBMSRealm
and didn't provide suitable documentation for implementing this RDBMS
Realm.
So I ask for help that if everyone know how to implement one function:
changeCredential.
I know the weblogic.management.configuration.Uer object has this method
(User.changeCredential(oldPass,
newPass)). I know I have to provide one additional database schema for
updating
user password. I know I should add a method in the RDBMSDelegate and
RDBMSRealm
classes. But I don't the suitable method signature, and couldn't find
internal
method call when the user click the "change" button changing password
in the Console.
Thank you very much for any idea or help. Also I'd like to deeply discuss
other
security issues.
Is any project use the RDBMS realm?
By the way, if anyone try to directly update the database tables as a
means to
implement this issues. I have tried this approach, and it seems work
fine except
for some catching delay. Can anyone tell me if this is an effective method?
Thx

Errors encountered while using a Custom Security Realm on a Platform Domain

Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
Vikram

Hello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram

Using LDAP as security realm

Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]

I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan

Unable to use a custom security realm with Netscape Directory Server in WebLogic 7

I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma

Thanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma

Using RDBMS Realm with JSP, again

I submitted this post using the web interface after I "asked Bea" and now it
seems like I'm a total newbie :) So I repost to make it more readable..
Hi,
I am fairly new to J2EE and I am trying to figure out how I can apply the
RDMSRealm to restrict access to jsp files
Do I use ACL's in the database to restrict access to jsp's or,
Do I use the web.xml deployment descriptor in the a similar fashion as the
Gold_customer in the petstore,
What is the difference?
Does anyone know about a nice example?
Sincerely,
ilya

We have used the <security-constraint> tags in web.xml. This tag specifies which
'security roles' has access to specific resource collection (e.g. one or more
servlets or JSPs). The 'security roles' are then mapped in weblogic.xml to one
ore more groups and/or users as defined in the group and user tables in the RDBMS.
regards,
Simen R.
"ilya" <[email protected]> wrote:
I submitted this post using the web interface after I "asked Bea" and
now it
seems like I'm a total newbie :) So I repost to make it more readable..
Hi,
I am fairly new to J2EE and I am trying to figure out how I can apply
the
RDMSRealm to restrict access to jsp files
Do I use ACL's in the database to restrict access to jsp's or,
Do I use the web.xml deployment descriptor in the a similar fashion as
the
Gold_customer in the petstore,
What is the difference?
Does anyone know about a nice example?
Sincerely,
ilya

How to use RDBMS Realm in Weblogic Commerce Server?

Hi All,
Same as the subject.
Thx
Ray

You should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.

Using an alternate security realm

Hi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain name

Hi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain name

Is this possible to use no default security realm?

Hi,
I created new security ReadOnlySQLAuthentication provider in the default realm and it works. Now I have all the users from all applications in one realm. If they use the same enterprise roles, user can log to one application with login and password from another application. To prevent it I created another security realm. I've added ReadOnlySQLAuthentication provider, set in my application new realm name - in jazn-data.xml and web.xml. But it doesn't work. My questions are:
It is possible to use few realms? So one application will use default realm, another no default realm.
If so, how to bind an application to no default realm?
Bart

Hi,
A WLS instance only supports a single realm. So the answer unfortunately is no (was different with OC4J)
Frank

Using RDBMS Security Realm in production?

Similar Messages

Maybe you are looking for