Using weblogic security roles in authentication: weblogic 9

Hi All,
I am trying to create a simple application which uses declarative authorization configured in web.xml. I use the simple form based authentication. While trying to deploy my application, I get the error:
weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: LTVORole.
But I have defined the role LTVORole in weblogic using the administrator console.
below are the details of what I have done:
Web.xml:
========
<?xml version='1.0' encoding='UTF-8'?>
<j2ee:web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee">
<j2ee:welcome-file-list>
    <j2ee:welcome-file>login.jsp</j2ee:welcome-file>
    <j2ee:welcome-file>index.html</j2ee:welcome-file>
    <j2ee:welcome-file>index.htm</j2ee:welcome-file>
</j2ee:welcome-file-list>
<j2ee:login-config>
    <j2ee:auth-method>FORM</j2ee:auth-method>
    <j2ee:form-login-config>
      <j2ee:form-login-page>/login.jsp</j2ee:form-login-page>
      <j2ee:form-error-page>/error.jsp</j2ee:form-error-page>
    </j2ee:form-login-config>
</j2ee:login-config>
<security-constraint>
<display-name>checkAccountConstraint</display-name>
<web-resource-collection>
<web-resource-name>checkAccountCollection</web-resource-name>
        <url-pattern>test.jsp</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
        <role-name>LTVORole</role-name>
</auth-constraint>
</security-constraint>
</j2ee:web-app>Weblogic.xml
===========
<?xml version="1.0" encoding="UTF-8"?>
<ns:weblogic-web-app xmlns:ns="http://www.bea.com/ns/weblogic/90">
<security-role-assignment>
    <role-name>LTVORole</role-name>
   <externally-defined/>
</security-role-assignment>
</ns:weblogic-web-app>I have created the role in weblogic in the menu
security realms > myrealm > roles and policies > Global Roles > roles > LTVORole
Is it the right way to define a role?
Please help me find where I am going wrong.
Thanking you all in advance,
Gireesh

Similar Messages

Weblogic.security.acl.realm.authentication... Exception

Hello All
the reason I'm moving a post-question from JMS to this section is people there
suggested this. anyway,
when I tried to use an applet which implemented MessageListener to send message,
I got the following exception ( the port 7001 had been granted to connect, resolve
in java.policy)
javax.naming.AuthenticationException [root exception is java.lang.SecurityException:Authentication
for user admin denied in realm webogic start server side trace: java.lang.SecurityException:Authentication
for user admin denied in realm weblogic at weblogic.security.acl.Realm.authentication(Realm.java
212) at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java 233) at weblogic.security.acl.internal.Security.authenticate(Security.java
135) at weblogic.kernel.bootSevicesImp.authenticat(BootServicesImp.java 119) at
weblogic.kernel.ExecuteThread.run(ExcuteThread.java:120 ..
My Question is why servlet or swing or other application out of applet don't generate
such exceptions even most codes are similar ? How to deal with this?
Thanks
John

Hello All
the reason I'm moving a post-question from JMS to this section is people there
suggested this. anyway,
when I tried to use an applet which implemented MessageListener to send message,
I got the following exception ( the port 7001 had been granted to connect, resolve
in java.policy)
javax.naming.AuthenticationException [root exception is java.lang.SecurityException:Authentication
for user admin denied in realm webogic start server side trace: java.lang.SecurityException:Authentication
for user admin denied in realm weblogic at weblogic.security.acl.Realm.authentication(Realm.java
212) at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java 233) at weblogic.security.acl.internal.Security.authenticate(Security.java
135) at weblogic.kernel.bootSevicesImp.authenticat(BootServicesImp.java 119) at
weblogic.kernel.ExecuteThread.run(ExcuteThread.java:120 ..
My Question is why servlet or swing or other application out of applet don't generate
such exceptions even most codes are similar ? How to deal with this?
Thanks
John

Weblogic security role

Hi,
I have a need to restrict access for certain users in WL will be OBIEE admins so they don't need access to the WL console but do need access to EM specifically coreapplication to deploy a new .rpd
Ive tried an tire but just cant get a role to allow such specific access can any one shed some light. Any role i have created or configured allows access to em but then doesn't allow access to coreapplication from what I can see only the administrator role has the privillage.

Chandramohan V <[email protected]> writes:
Hai,
I am chandramohan. I very new to Weblogic. I want some sample code for EJB Security(Basic level).There are samples in the kit and on dev2dev.bea.com
andy

Creating/Mapping security roles without authentication

Hello all, I am new to WebLogic 9.1, and I appreciate your help in advance.
I have an HTTP header pre-populated with the roles a logged-in user has (these roles are defined outside websphere), and the user has already been authenticated.
I want to map each role from my header to a URI configured in weblogic, so it can authorize/deny access to that page within the container, based on the role in the header.
What would be a good approach to doing this? I have been looking through the security documentation, and I am a bit overwhelmed, I'm not sure where to begin.
Thanks

Hi,
1) as said, nothing prevents you from building a JAAS LoginModule that does what you need - e.g. authenticate a user against LDAP, then connect to the database and query for his/her user roles. You can't have container managed authorization without authentication though.
There will be a change in API in JDeveloper 11 (and most likely in JDeveloper 10.1.3.4 - upcoming) that allows you to set a Subject into the OC4J context, in which case you don't need container managed autehntication. However, I don't have it tested yet and can't tell to what extend this would be useful
3) Sure, you can build a JAAS LoginModule that doesn't care for authentication. However, this doesn't work with container managed security. As far as I am aware, the only option to not show a login dialog is to use certificates. And certificates are not yet to use with custom LoginModules. So the above mentioned API - that is available as a backported patch for 10.1.3.1 - might do the trick
Frank

Configuring J2EE Appl to obtain security roles from authentication Subject

http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm says
"Oracle JDeveloper can be used to add the orion-application.xml file to a web project, choosing orion-application.xml from the list of Deployment Descriptors in the JDeveloper New Gallery."
The wizard asks me to select the deployment description version I want to use, either 1.2 or 10.0. What's the difference and which is the preferred choice?
Regards,
Al Malin

Al Malin.
don't see a difference and usually use what is the default selected.
Frank

How to use security roles in Weblogic server?

Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.

You should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.

Weblogic security - acegi

Hi,
My application was using acegi security for basic authentication and now I am trying to deploy it under weblogic9.2. I am facing a problem that I need to define the users in weblogic security also to get it authenticated and so browser asks user/password twice, once for weblogic and once for acegi. Can anybody where I might be making mistake.
My web.xml has this,
     <filter>
          <filter-name>Acegi Filter</filter-name>
          <filter-class>
               org.acegisecurity.util.FilterToBeanProxy
          </filter-class>
          <init-param>
               <param-name>targetClass</param-name>
               <param-value>
                    org.acegisecurity.util.FilterChainProxy
               </param-value>
          </init-param>
     </filter>
     <filter-mapping>
          <filter-name>Acegi Filter</filter-name>
          <url-pattern>/*</url-pattern>
     </filter-mapping>
Please inform me about the problem,
Best regards,
mik

There are some information you might be able to find in a SpringOne presentation. It contains the latest information on Spring integration with WebLogic Server, Coherence, and TopLink, respectively. It cites http://www.interface21.com/pitchfork, which contains download links.
You might also would like to check the following link:
http://www.oracle.com/technology/tech/java/spring/index.html
http://www.infoq.com/news/Spring-WebLogic-EJB3
I am not pretty sure how much it is related to your doubt, however still posting so that those link can be found by anyone browsing for Spring query
/ed

Weblogic.security.X509 alternative in WLS 9.1

Hi All
We have setup IIS 5.0 with 2 way SSL for client connection. We have also configured IIS weblogic proxy for Weblogic 9.1 using iisproxy.dll. The connection between IIS and WebLogic 9.1 is HTTP based. We are trying to get the client certificate in Weblogic 9.1 using the following code
java.security.cert.X509Certificate certs [];
certs = (java.security.cert.X509Certificate [])
request.getAttribute("javax.servlet.request.X509Certificate");
However the returned certificates are NULL.
We have also enabled Client Cert Proxy and Weblogic Plug-in in Weblogic 9.1 configuration.
We are trying to migrate from weblogic 8 to 9.1 and our previous code was as follows
weblogic.security.X509 [] certs = (weblogic.security.X509[])req.getAttribute("javax.net.ssl.peer_certificates");
This code work fine with the same IIS setup. Since weblogic.security.X509 is removed in WLS 9.1 we are forced to change our code.
Please help!
Message was edited by:
rmkandan

hi
Currently I am using
req.getHeader("WL-Proxy-Client-Cert")
to get the client certificate and then i do the following to get the X509 cert format
     if (pemCert != null && pemCert.length() > 0 ){
          pemCertBuff.append("-----BEGIN CERTIFICATE-----");
          pemCertBuff.append(pemCert);
          pemCertBuff.append("-----END CERTIFICATE-----");
     System.out.println("CertificateUtil:getFingerPrint: pemCertBuff --"+pemCertBuff.toString());
     X509Certificate certs = null;
     try {
          CertificateFactory cf = CertificateFactory.getInstance("X.509");
          ByteArrayInputStream bis = new ByteArrayInputStream(pemCertBuff.toString().getBytes());
          weblogic.security.PEMInputStream pemIs = new weblogic.security.PEMInputStream(bis);
          BufferedInputStream bufis = new BufferedInputStream(pemIs);
          certs = (X509Certificate)cf.generateCertificate(bufis);
     } catch (CertificateException e) {
          // TODO Auto-generated catch block
          e.printStackTrace();
     } catch (IOException e) {
          // TODO Auto-generated catch block
          e.printStackTrace();
And I am able to get the certificate, but I need to know is there any other elegant way to get the certificate as we did using weblogic.security.X509 class?
Please help!!
Message was edited by:
rmkandan

Missing weblogic.security.spi. classes

Any idea what happened to these classes? Can't find the right jar file.
import weblogic.security.spi.AuthenticationProvider;
import weblogic.security.spi.IdentityAsserter;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPSearchResults;
import netscape.ldap.LDAPv2

Glad, your issue is resolved. Also in case if you are using WLS 10.3.x, here is the link on how to generate a client jar file that has almost all the APIs from weblogic.jar and wls-api.jar etc etc. Most of the times, when we want to run WebServices, EJB clients etc as standalone, we need all these classes. So here is the link on how to generate something called "wlfullclient.jar" and put that in classpath or java build path etc.
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/client/jarbuilder.html (To create wlfullclient.jar)
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/client/t3.html
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/client/basics.html#wp1069994
HTH
Ravi Jegga

Error in Admin and manager server startup - BEA-149205- due to error weblogic.security.internal.encryption.EncryptionServiceException

Hi -
I have installed OIM 11g r2 ps2, I an tring to start my Admin and SOA server :
1. Though my admin server is coming up fine, but I am getting the following error when I am trying to start Admin server.
####<Apr 22, 2015 12:22:27 AM PDT> <Error> <Deployer> <devoimx003> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS
Kernel>> <> <> <1429687347654> <BEA-149205> <Failed to initialize the application 'opss-DBDS' due to error weblogic.security.internal.encryption.EncryptionServiceException.
weblogic.security.internal.encryption.EncryptionServiceException
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
        at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
        at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
        at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
        at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
        at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
        at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
        at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
        at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
        at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
        at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
        at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
        at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
        at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
        at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
        at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
        at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
        at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
        at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
        at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
        at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
    at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
        at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
        at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
        at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
        at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
        at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
        at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
        at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
        at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: weblogic.security.internal.encryption.EncryptionServiceException
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
        at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
        at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
        at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
        at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
        at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
        at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
        at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
        at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
        at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
        at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
        at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
        at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
      at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
        at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
        at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
        at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
        at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
        at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
        at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
        at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
        at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
        at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
        at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
        at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
        at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
        at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
        at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
        at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
        at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
2. My SOA server is coming up but in admin mode and giving OPSS connections errors.
Any help is really appreciated!
Thanks,
SK

Hi Faisal -
is your domain in development mode or production mode?
     - While configuring my domian , I had selected Prod Mode, but pon start up when I see in admin server console, it is starting in developement mode already ?
Any idea how, why ?
if its production mode you can switch to development mode, change all the credentials in the config.xml and configurations under sub folders to cleartext and start the server..
- Let me still try these and get back to you.
Thanks,
SK

Weblogic security error

          Hi folks,
          I'm not especially proficient with Weblogic, I haven't really done any development
          with it but I am a little familiar with configuring some pieces. Bearing this
          in mind, what follows is pretty sparse on details.
          My department has two deployments of the same application but one works and one
          doesn't. The error is below:
          Start server side stack trace:
          java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
               at weblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:189)
               at weblogic.kernel.BootServicesImpl.invoke(BootServicesImpl.java:145)
               at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:620)
               at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:581)
               at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:164)
               at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:640)
               at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:454)
               at weblogic.socket.PosixSocketMuxer.deliverGoodNews(PosixSocketMuxer.java:456)
               at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:385)
               at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:24)
               at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
               at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
          End server side stack trace
          I'm not hoping that from this VERY limited information anybody can offer a solution,
          I'm not expecting that, I'm just hoping that someone can point me in a general
          direction i.e. the ACLS are corrupt, or something like that. Sorry for the lack
          of details. I'm testing the back end application and our front end app cannot
          see the back end, I've been tasked to find out why.
          Cheers, Max


          me again. :-) I just wanted to add that I posted this in the jms forum because
          the back/front ends communicate over JMS.
          - Max

ClassCastException: weblogic.security.acl.internal.FileRealm

Hi,
I am trying to create new user through the CachingRealm.newUser(?,?,?) method..What
I do is -
weblogic.security.acl.BasicRealm baseRealm =
(weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
baseRealm;
However it is not able to classcast to CachingRealm , it gives the exception -
java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
Do I need to do anything else ?
Thx

Hi Kumar,
I took a look at config.xml
Looks like you do not have an alternate realm hooked into WebLogic and that is the
source of the problem.
If you try to cast anything to CachingRealm and call methods on it, when you don't have
an alternate realm, then the cast will fail with ClassCastException.
For example, take a look at the very, very simple JSP code
<%@ page import="
import java.util.*,
import weblogic.common.*,
import javax.servlet.*,
import javax.servlet.http.*,
import java.io.*,
import weblogic.security.*,
import weblogic.security.acl.User,
import weblogic.security.acl.Security,
import weblogic.security.acl.Realm,
import weblogic.security.acl.CachingRealm,
import weblogic.security.acl.*,
import java.security.acl.*,
import java.security.acl.Permission,
import java.security.Principal,
import javax.servlet.http.*,
import weblogic.html.*,
import weblogic.common.internal.WLColor
"%>
<%
response.setContentType("text/html");
BasicRealm basicRealm = Security.getRealm();
try {
((CachingRealm) basicRealm).clearCaches();
} catch (ClassCastException ce) {
out.println("There is a class cast.. getRealm ain't no returned a
CachingRealm");
out.println("This probably means that you don't have a pluggable realm hooked
into WebLogic.");
out.println("No pluggable Realm = no Cachingrealm!");
%>
This JSP will give you a class cast if you do not have some alternate realm hooked up
(LDAP, NTREalm, UnixRealm, RDBMSRealm)
But will work just fine if you do have an alternate realm hooked up .
I think that this is what you are seeing.
Hope this helps
Joe Jerry
kumar wrote:
Hi Jerry,
Thanks for your response.
I have attached my config.xml . It is a very small config.xml with all the default
configurations. Please look at it ..
Thx
Jerry <[email protected]> wrote:
Hi Kumar,
Do you have an alternate realm hooked into WebLogic (LDAP, UNIXrealm,
NTRealm,
CustomRealm)?
Thanks,
Joe Jerry
kumar wrote:
Hi,
I am trying to create new user through the CachingRealm.newUser(?,?,?)method..What
I do is -
weblogic.security.acl.BasicRealm baseRealm =
(weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
baseRealm;
However it is not able to classcast to CachingRealm , it gives theexception -
java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
Do I need to do anything else ?
Thx
Name: config.xml
config.xml Type: XML Document (text/xml)
Encoding: base64

How to specify the security policy "Allow access to everyone" for security role in Deployment descriptor

Hi,
I am migrating a web application from Websphere to Weblogic. The web application has a security role defined in web.xml (Use LDAP for authentication).
security-role>
        <description>Authenticated</description>
        <role-name>Authenticated</role-name>
    </security-role>
This role is mapped to a special subject "All authenticated user in appliation realm" in WAS.
In weblogic, I have the following setting in weblogic.xml
<wls:security-role-assignment>
        <wls:role-name>Authenticated</wls:role-name>
        <wls:externally-defined />
    </wls:security-role-assignment>
And after deploy the application, have to manually add a security role and add the security policy "Allow access to everyone" to this role.
I am wondering if this setting can be specified in for example weblogic.xml so just deploy web applicaiton using deployment descriptor, and I don't need write script to do that .
Thanks

Hi,
You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
Hope this will solve your problem.
Regards
MuRam

Warning: EJB referenced an unknown security role?

Hello,
I get a weird error from WL 5.1 (SP6), using the default WLPropertyRealm.
In the EJB I have the following check:
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
At run time, I get the following warning in the WL window:
Fri Nov 10 12:56:58 EST 2000:<I>
<EJB JAR deployment D:/weblogic/myserver/myBean.jar>
Warning: EJB "unu" referenced an unknown security role
However:
- the role IS defined (see ejb-jar.xml)
- has an associated principal (see weblogic-ejb-jar.xml)
- there is a principal defined in weblogic.properties
- this principal (and this role) is actually used in practice to access the
bean. Which works.
So why the warning?
Any hint appreciated,
Thanks.
ejb-jar.xml:
<assembly-descriptor>
<security-role>
<description>description of the ConspiratorRole</description>
<role-name>ConspiratorRole</role-name>
</security-role>
</assembly-descriptor>
weblogic-ejb-jar.xml:
<weblogic-ejb-jar>
<security-role-assignment>
<role-name>ConspiratorRole</role-name>
<principal-name>Conspirator</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>

You should not reference the role link in you code.The role link is used to
connect the role name in you code to the
role name in your deployment descripment. Only if this link is set up as you
have done below, will the isCallerInRole return true.
- Sri
Alf wrote:
I reviewed older postings and found indications of what appears to be a bug
in WL: that isCallerInRole always return false for role names but returns
correct values if the role names are linked with a reference in
<security-role-ref>. So, according to the DTD at
http://edocs.bea.com/wle/dd/ddref.htm#1038338 I added the following in
ejb-jar.xml:
<ejb-jar>
<enterprise-beans>
<session>
<security-role-ref>
<role-name>ConspiratorRole</role-name>
<role-link>ConspiratorRoleLink</role-link>
</security-role-ref>
and added 2 lines in the bean to test the both the role and the reference
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
if (ctx.isCallerInRole("ConspiratorRoleLink"))
System.out.println ("the user is in the ConspiratorRoleLink
role");
The unexpected result was a NullPointerException at
weblogic.ejb.internal.BaseEJBContext.isCallerInRole(BaseEJBContext.java:665)
Can anyone shed some light? Thanks.
"Alf" <alf> wrote in message news:[email protected]...
Hello,
I get a weird error from WL 5.1 (SP6), using the default WLPropertyRealm.
In the EJB I have the following check:
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
At run time, I get the following warning in the WL window:
Fri Nov 10 12:56:58 EST 2000:<I>
<EJB JAR deployment D:/weblogic/myserver/myBean.jar>
Warning: EJB "unu" referenced an unknown security role
However:
- the role IS defined (see ejb-jar.xml)
- has an associated principal (see weblogic-ejb-jar.xml)
- there is a principal defined in weblogic.properties
- this principal (and this role) is actually used in practice to accessthe
bean. Which works.
So why the warning?
Any hint appreciated,
Thanks.
ejb-jar.xml:
<assembly-descriptor>
<security-role>
<description>description of the ConspiratorRole</description>
<role-name>ConspiratorRole</role-name>
</security-role>
</assembly-descriptor>
weblogic-ejb-jar.xml:
<weblogic-ejb-jar>
<security-role-assignment>
<role-name>ConspiratorRole</role-name>
<principal-name>Conspirator</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>

The security-role-assignment references an invalid security-role: Certifica

In Oracle Enterprise Pack for Eclipse, I failed to deploy an application in debug mode. The error I noticed in my domain log is:
weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: Certificate.
     at weblogic.servlet.security.internal.WebAppSecurity.setRoleMapping(WebAppSecurity.java:180)
     at weblogic.servlet.security.internal.WebAppSecurity.registerSecurityRoles(WebAppSecurity.java:155)
     at weblogic.servlet.internal.WebAppServletContext.prepareFromDescriptors(WebAppServletContext.java:1181)
     at weblogic.servlet.internal.WebAppServletContext.prepare(WebAppServletContext.java:1120)
     at weblogic.servlet.internal.HttpServer.doPostContextInit(HttpServer.java:449)
     at weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:424)
     at weblogic.servlet.internal.WebAppModule.registerWebApp(WebAppModule.java:910)
     at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:364)
     at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:176)
     at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:93)
     at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:387)
     at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
     at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:58)
     at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:42)
     at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:615)
     at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
     at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
     at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:16)
     at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:155)
     at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
     at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:197)
     at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:89)
     at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
     at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:723)
     at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1190)
     at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:248)
     at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:159)
     at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:157)
     at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:12)
     at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:45)
     at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
What I do not understand is that this error remains even though I modified weblogic.xml to remove the following lines:
<wls:security-role-assignment>
<wls:role-name>Certificate</wls:role-name>
<wls:externally-defined/>
</wls:security-role-assignment>
I also deleted <MYDOMAIN_HOME>/servers/AdminServer/cache and <MYDOMAIN_HOME>/servers/AdminServer/tmp but this error still showed up when I attempted to deploy the application in Eclipse.
If I exported the EAR file and deployed it using Admin Console, the application was deployed successfully. But when I deleted it in Admin Console and attempted to deploy it in Eclipse again, the same error occurred and the deployment failed. What could be the reason for this behavior? Is there anything cached somewhere when deploying it in Eclipse? Thanks in advance for your help.

Hi,
I know that is an old thread, but just in case... Maybe you could try setting up the DEBUG_OPTIONS in your startManagedWeblogic script and configure a remote debug in Eclipse:
DEBUG_OPTIONS="-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=8003,server=y,suspend=n"
Hope it helps,
Luis

Using weblogic security roles in authentication: weblogic 9

Similar Messages

Maybe you are looking for