WebLogic 10.3.4 Security

Similar Messages

• Weblogic 10.3.0 -  Security Violation when Group Membership Lookup enabled

  Dear Admins,
  We're running a Weblogic 10.3.0 cluster with our own software deployed.
  We're using SQL authentication (JDBC to Oracle DB) to authenticate users.
  Recently we've been tuning our WL cluster to improve performance, and have enabled Group Membership Lookup Hierarchy Caching.
  Sometimes users log into our application and get inssuficient rights (or some other error). This appears to happen at random. Most of the times they can log in without problems.
  We determined it's not something to do with the cluster, although it can happen on one node and the other node will work as normal.
  In the Managed server we see this error (with test user):
  Managed7Server.out00011:java.rmi.AccessException: [EJB:010160]Security Violation: User: 'test' has insufficient permission to access EJB: type=<ejb>, application=leanapps, module=process_general.jar, ejb=LaLifeProcessController,
  method=create, methodInterface=Home, signature={}.
  When we disable Group Membership Lookup Hierarchy Caching, this error never occurs.
  Our settings (Security Realms -> myrealm -> Providers -> SQL Authenticator -> Performance):
  Max Group Hierarchies In Cache: 5000 (we have approx. 2000 groups)
  Group Hierarchy Cache TTL: 3600
  provider specific settings :
  Group Membership Searching: unlimited
  Max Group Membership Search Level: 0
  Also in Myrealm -> Performance we have set :
  Enable WebLogic Principal Validator Cache
  Max WebLogic Principals In Cache: 5000
  If we put the TTL really low (default 60 seconds), the error hardly ever occurs. But we want to have cache that lasts longer then one minute.
  This might be a bug, as we have other clusters running on WL 10.3.5, 12c where we use the same cache settings. This issue does not occur there.
  I'm more then willing to provide more info or config files
  Edited by: user5974192 on 21-nov-2012 5:17

  This is fixed now. Someone had defined a Servlet for the web service in web.xml that was preventing the EJB container to kick in.
  Edited by: user572625 on Aug 25, 2011 11:54 PM

• Weblogic and Tuxedo server : Security Audit Logs

  In our application we are using the weblogic server 7.0 and Tuxedo server 7.1 (to improve performance). When the user logged in to the application, the security logs are captured from tuxedo.
  Can anyone tell us, how the auditing can be enabled in security logs of tuxedo server?

  > Has anyone done this before and can show me some snippets of code?
  The example code and FM's you are looking for are in report RSAU_READ_AUDITLOG_EXTERNAL.
  Cheers,
  Julius

• Weblogic server 9.2 security and administartion

  hi all,
  i have few questions in my mind can anybody answer for these.
  1> in weblogic server 9.2 can existing infrastrcture allow to generate auto alert on going down the server instance or due to any erroe during running and that should be available to the adminstrator anywhere?if yes then how?
  2>Can we administrator decide the previlieges/access to be given to the client by setting proxy with username and passoword?If yes how?
  3>For security purpose as user logs out can we make provision to shut down the browser instead of just signing out?
  4>If i need to deploye j2ee applciation on weblogic server that is created using by some another IDE,what is the steps/points to be considered as premigration study?
  i will be thankful if anybody try to answer these questions.
  with regards
  santoh.r

  Hello User,
  You can find the application under below path
  Domain_name - Expand "Environment" and Select " Deployments " - here your application will show which are deployed in this domain.
  Please refer -http://docs.oracle.com/cd/E13222_01/wls/docs100/intro/console.html
  Regards
  Laksh

• Weblogic implementation of java.security.acl.Group

  hi guys
  Do you know of any specific reason why there isnt a implementation of the
  java.security.acl.Group interface in the weblogic jar.
  I am trying to create a simple user manager service which uses the mbeans
  exposed by weblogic. However the interface I am coding to expects me to return
  java.security.acl.Group when I create a Group. This has resulted in a deadlock
  as I havent been able to locate a non deprecated implementation.
  Thanks
  anand

  Yes, you can do this.
  Alexandre Vauthey wrote:
  Hi,
  If I write my own securrity realm, am I able to use my own implementaion of
  'java.security.acl.Acl' and 'java.security.acl.AclEntry' or do I have to use
  the implementation provided by weblogic ? When Security.checkPermission() is
  called, does it solely rely on APIs defined in 'java.security.acl' or does
  it really expect to talk to an instance of weblogic 'AclImpl' ?
  Thanks, Alexandre.
  Alexandre Vauthey
  Software Engineer
  Application Networks
  444 Ramona street
  Palo Alto, CA 94301

• Oracle WebLogic 10.3 Template Security Configuration

  The Oracle VM Template for WebLogic 10.3 has the WebLogic installed as root and configured to run as root. This is in conflict with the Oracle recommendations for hardening a WebLogic deployment. Is there a simple way to apply the Oracle security recommendations to the VM Template, Or should we undertake to develop a new template based on the recommendations of the Oracle guide?
  Reference: http://download.oracle.com/docs/cd/E12840_01/wls/docs103/pdf/lockdown.pdf

  Hi David,
  I talked to some security folks and they indicated that the principle reason for not running WLS as root is to protect the OS root account (versus protecting the WLS install). The idea is that if the WLS were compromised then at least the OS would not be compromised as well. In virtual use cases where VMs are often more like appliances than general OS containers for unrelated apps the security paradigms may need modification. That said, I am told that you should be able to go ahead and create a non-root account and then run WLS as that new user. Just remember to change ownership (or permissions) for directories and files as necessary. Your observation re: root is a good one and I will make sure the appropriate PMs are notified.

• WebLogic 4.5.1 Security

  I have a question about the InitialContext and
  ServletAutentication.class.
  When I run the ServletAuthentication weak() method it creates a context
  and stores it in the session if the authentication is good. We have
  placed an acl on the Database Pools and even though we are running the
  weak() method before we try and access a pool object we are still
  getting a SecurityException where we are told the pool manager thinks we
  are user guest.
  Is this because the ServletAuthentication class really doesn't bind us
  with the true backend acl list? or am I doing something wrong?
  public void doGet(HttpServletRequest req, HttpServletResponse res)
  InitialContext initialcontext = (InitialContext)
  session.getValue("javax.naming.InitialContext");
  if(initialcontext != null)
  Debug.println("Context exists in Session allready!");
  else
  Debug.println("Context does not exist in Session!");
  ServletAuthentication sa = new ServletAuthentication("txt_username",
  "txt_password");
  int authenticated = sa.weak(request, null); // I noticed that
  response isn't used anywhere in the class...
  Debug.println("Authentication is: " + authenticated);
  Connection conn =
  DriverManager.getConnection("jdbc:weblogic:jts:AribaUserPool");
  <====> This is where we get the security exception telling us we are
  user guest still
  Do I need to fetch the username,password out of the Session myself and
  pass it in the getConnection() call or does the weblogic driver manager
  do that for me?
  Thanks

  Hi there,
  I'm also having this problem, and not sure what the solution is. I've tried
  both JProbe and OptimizeIt to no avail. Has anyone got any ideas why the
  policies files are not being read when run through an auditor (profiler)?
  vs. running as the main process?
  -joe
  Rob Sward <[email protected]> wrote in message
  news:831iir$cku$[email protected]..
  Does anyone know the tricks in getting JProbe 2.5 to work with WebLogic
  4.5.1. on Win NT 4.0
  I get JProbe (profiler, launchpad and jplauncher etc.) to load weblogic
  4.5.1. However, when I access the jsp I keep getting the followingmessage
  >
  java.security.AccessControlException: access denied
  However, when I run weblogic from the startWebLogic.cmd the jsp worksfine.
  >
  It appears that JProbe is not accepting the VM arguments
  -Djava.security.manager -Djava.security.policy==weblogic.policy
  Suggestions ?

• Weblogic 6.1 example/security/sslclient jsseWLS.bat does not work

  I try to run the weblogic 6.1 example under the examples\security\sslclient.
  I follow the instruction and setup the server.
  wlsWLS.bat is working fine.
  but jsseWLS.bat is not working
  It gives back following error.
  ===== in jsseURLConnect =====
  JDK Protocol Handlers and Security Providers:
  java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
  provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
  MD
  5 digests; SecureRandom; X.509 certificates; JKS keystore)
  provider[1] - SunRsaSign - SUN's provider for RSA signatures
  provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
  SunX509 key/trust factories, SSLv3, TLSv1)
  provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
  PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  Trying a new HTTP connection using JDK client classes -
  http://localhost:80/examplesWebApp/SnoopServlet.jsp
  ====Permission =(java.net.SocketPermission localhost:80 connect,resolve)
  ===== inside tryConnection
  Connection refused: connectjava.net.ConnectException: Connection refused: connec
  t
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120)
  at java.net.Socket.<init>(Socket.java:273)
  at java.net.Socket.<init>(Socket.java:100)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:50)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:331)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:517)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:277)
  at sun.net.www.http.HttpClient.New(HttpClient.java:289)
  at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection
  .java:408)
  at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:15
  1)
  at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:2
  05)
  at examples.security.sslclient.SSLClient.main(SSLClient.java:99)
  JDK Protocol Handlers and Security Providers:
  java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
  provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
  MD
  5 digests; SecureRandom; X.509 certificates; JKS keystore)
  provider[1] - SunRsaSign - SUN's provider for RSA signatures
  provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
  SunX509 key/trust factories, SSLv3, TLSv1)
  provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
  PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  Trying a new HTTPS connection using JDK client classes -
  https://localhost:443/examplesWebApp/SnoopServlet.jsp
  sconnection instanceof com.sun.net.ssl.HttpsURLConnection
  using a com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection
  ===== inside tryConnection
  java.net.ConnectException: Connection refused: connect
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120)
  at java.net.Socket.<init>(Socket.java:273)
  at java.net.Socket.<init>(Socket.java:100)
  at javax.net.ssl.SSLSocket.<init>([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>([DashoPro-V1.2-1201
  98])
  at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket([Dasho
  Pro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([Da
  shoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(
  [DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1
  .2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoP
  ro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([Dasho
  Pro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
  1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
  1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connec
  t([DashoPro-V1.2-120198])
  at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:15
  1)
  at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:2
  30)
  at examples.security.sslclient.SSLClient.main(SSLClient.java:99)
  Connection refused: connect----
  Does anyone know what happens..
  i would appreciate if i get some code snippets or url pointers.
  Thanks.
  --Michael W.

  I try to run the weblogic 6.1 example under the examples\security\sslclient.
  I follow the instruction and setup the server.
  wlsWLS.bat is working fine.
  but jsseWLS.bat is not working
  It gives back following error.
  ===== in jsseURLConnect =====
  JDK Protocol Handlers and Security Providers:
  java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
  provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
  MD
  5 digests; SecureRandom; X.509 certificates; JKS keystore)
  provider[1] - SunRsaSign - SUN's provider for RSA signatures
  provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
  SunX509 key/trust factories, SSLv3, TLSv1)
  provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
  PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  Trying a new HTTP connection using JDK client classes -
  http://localhost:80/examplesWebApp/SnoopServlet.jsp
  ====Permission =(java.net.SocketPermission localhost:80 connect,resolve)
  ===== inside tryConnection
  Connection refused: connectjava.net.ConnectException: Connection refused: connec
  t
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120)
  at java.net.Socket.<init>(Socket.java:273)
  at java.net.Socket.<init>(Socket.java:100)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:50)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:331)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:517)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:277)
  at sun.net.www.http.HttpClient.New(HttpClient.java:289)
  at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection
  .java:408)
  at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:15
  1)
  at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:2
  05)
  at examples.security.sslclient.SSLClient.main(SSLClient.java:99)
  JDK Protocol Handlers and Security Providers:
  java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
  provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
  MD
  5 digests; SecureRandom; X.509 certificates; JKS keystore)
  provider[1] - SunRsaSign - SUN's provider for RSA signatures
  provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
  SunX509 key/trust factories, SSLv3, TLSv1)
  provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
  PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  Trying a new HTTPS connection using JDK client classes -
  https://localhost:443/examplesWebApp/SnoopServlet.jsp
  sconnection instanceof com.sun.net.ssl.HttpsURLConnection
  using a com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection
  ===== inside tryConnection
  java.net.ConnectException: Connection refused: connect
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120)
  at java.net.Socket.<init>(Socket.java:273)
  at java.net.Socket.<init>(Socket.java:100)
  at javax.net.ssl.SSLSocket.<init>([DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>([DashoPro-V1.2-1201
  98])
  at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket([Dasho
  Pro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([Da
  shoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(
  [DashoPro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1
  .2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoP
  ro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([Dasho
  Pro-V1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
  1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
  1.2-120198])
  at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connec
  t([DashoPro-V1.2-120198])
  at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:15
  1)
  at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:2
  30)
  at examples.security.sslclient.SSLClient.main(SSLClient.java:99)
  Connection refused: connect----
  Does anyone know what happens..
  i would appreciate if i get some code snippets or url pointers.
  Thanks.
  --Michael W.

• Weblogic server 7.0 security

  When I start the server (it is a admin managed server in a domain), I got this message:
  [java] <Oct 16, 2002 11:47:44 AM CDT> <Error> <Security> <090158> <The Server was unable to find the private key with alias demokey at location wlDefaultKeyStore.jks on server TracFoneSrv, realm myrealm. Make sure the KeyStore exists and contains the key entry under the specified alias.>
  [java] java.lang.Exception: Cannot find the private key with alias demokey in the KeyStore at location wlDefaultKeyStore.jks
  [java] <Oct 16, 2002 11:47:44 AM CDT> <Alert> <WebLogicServer> <000297> <Inconsistent security configuration, java.lang.Exception: Cannot find the private key
  with alias demokey in the KeyStore at location wlDefaultKeyStore.jks>
  How do I know whether the keystore contains a certain key or not? I see the demokey.pem and wlDefaultKeyStore.jks both exist in the same directory for that domain.
  Thank you for your help,
  Bin

  Hi Bin,
  You can use keytool to display the contents of the keystore.
  The keytool utility comes with the JDK so set your path to
  include $JAVA_HOME/bin directory. Use the following command
  to list all the entries in the keystore.
  keytool -list -keystore <key-store-name>
  You will be prompted for the keystore password.
  I hope that helps.
  Regards,
  Tom Hegadorn
  Developer Relations Engineer
  BEA Support
  Bin <[email protected]> wrote:
  When I start the server (it is a admin managed server in a domain), I
  got this message:
  [java] <Oct 16, 2002 11:47:44 AM CDT> <Error> <Security> <090158>
  <The Server was unable to find the private key with alias demokey at
  location wlDefaultKeyStore.jks on server TracFoneSrv, realm myrealm.
  Make sure the KeyStore exists and contains the key entry under the specified
  alias.>
  [java] java.lang.Exception: Cannot find the private key with
  alias demokey in the KeyStore at location wlDefaultKeyStore.jks
  [java] <Oct 16, 2002 11:47:44 AM CDT> <Alert> <WebLogicServer> <000297>
  <Inconsistent security configuration, java.lang.Exception: Cannot find
  the private key
  with alias demokey in the KeyStore at location wlDefaultKeyStore.jks>
  How do I know whether the keystore contains a certain key or not? I
  see the demokey.pem and wlDefaultKeyStore.jks both exist in the same
  directory for that domain.
  Thank you for your help,
  Bin

• Create , delete "security roles" in weblogic console - sample Security providers

  Hi Everyone:
  Weblogic gave out sample Security Providers for version 7.0 and 8.1. In
  those sample Security Provider , the author of codes used property files as
  Security Providers Database, however he/she didn't show how to create a
  Manageable Sample Role Mapping Provider or Manageable Sample Authentication
  Provider, so Administrator of weblogic console can create and delete
  "security roles" in weblogic console.
  Have anyone known how to do that?
  Ming Qin

  "ming qin" <[email protected]> wrote in message news:[email protected]..
  Hi Everyone:
  Weblogic gave out sample Security Providers for version 7.0 and 8.1.In
  those sample Security Provider , the author of codes used property filesas
  Security Providers Database, however he/she didn't show how to create a
  Manageable Sample Role Mapping Provider or Manageable SampleAuthentication
  Provider, so Administrator of weblogic console can create and delete
  "security roles" in weblogic console.
  Have anyone known how to do that?
  I would ask in the weblogic.developer.interest.management.console newsgroup.
  >
  Ming Qin

• Unable to use a custom security realm with Netscape Directory Server in WebLogic 7

  I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
  using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
  Admin Console again and clicked the Users node under my custom realm, I saw this
  message in the right-hand pane: "There are no Authentication providers available
  that support the creation of Users". Also, I don't see my custom realm in the
  dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
  What did I do wrong? Also, where does WebLogic store the custom security realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

  Thanks for the info.
  I wonder when they will fix it.
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  >
  According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
  displying users and groups defined in Netscape Directory Server.
  Eric Ma
  "Jakub Wroniszewski" <[email protected]> wrote:
  I have the same problem.
  Any new ideas?
  Rgds,
  Jakub
  U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
  news:[email protected]..
  Now I doubt my custom security realm is actually using the NetscapeDirectory Server
  as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
  the Users node displays all users in the LDAP server, in WebLogic 7I keep
  getting
  the message "There are no Authentication providers available that
  support
  the
  creation of Users." Any suggestions?
  "Eric Ma" <[email protected]> wrote:
  Never mind. I tried again by following the steps outlined at
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
  l
  oper.interest.security&item=8463&utag=
  and it seemed to have worked for me.
  "Eric Ma" <[email protected]> wrote:
  I have all users and groups stored in a Netscape LDAP server (version
  4.1.6 on
  Solaris 8), so I want to create a custom security realm in WebLogic7
  (also run
  on Solaris 8) which uses my LDAP server as the Authenticator. I
  tried
  this by
  using the Admin Console and followed exactly the steps in Chapter3
  of
  the "Managing
  WebLogic Security" doc. However, when I rebooted WebLogic and logged
  into the
  Admin Console again and clicked the Users node under my custom realm,
  I saw this
  message in the right-hand pane: "There are no Authentication
  providers
  available
  that support the creation of Users". Also, I don't see my customrealm
  in the
  dropdown list under mydomain -> Security tab -> General tab ->
  Default
  Realm.
  What did I do wrong? Also, where does WebLogic store the customsecurity
  realm
  info? It is definitely not in config.xml.
  Thanks,
  Eric Ma

• Using weblogic security roles in authentication: weblogic 9

  Hi All,
  I am trying to create a simple application which uses declarative authorization configured in web.xml. I use the simple form based authentication. While trying to deploy my application, I get the error:
  weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: LTVORole.
  But I have defined the role LTVORole in weblogic using the administrator console.
  below are the details of what I have done:
  Web.xml:
  ========
  <?xml version='1.0' encoding='UTF-8'?>
  <j2ee:web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee">
    <j2ee:welcome-file-list>
      <j2ee:welcome-file>login.jsp</j2ee:welcome-file>
      <j2ee:welcome-file>index.html</j2ee:welcome-file>
      <j2ee:welcome-file>index.htm</j2ee:welcome-file>
    </j2ee:welcome-file-list>
    <j2ee:login-config>
      <j2ee:auth-method>FORM</j2ee:auth-method>
      <j2ee:form-login-config>
        <j2ee:form-login-page>/login.jsp</j2ee:form-login-page>
        <j2ee:form-error-page>/error.jsp</j2ee:form-error-page>
      </j2ee:form-login-config>
    </j2ee:login-config>
  <security-constraint>
    <display-name>checkAccountConstraint</display-name>
  <web-resource-collection>
    <web-resource-name>checkAccountCollection</web-resource-name>
          <url-pattern>test.jsp</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
          <role-name>LTVORole</role-name>
    </auth-constraint>
    </security-constraint>
  </j2ee:web-app>Weblogic.xml
  ===========
  <?xml version="1.0" encoding="UTF-8"?>
  <ns:weblogic-web-app xmlns:ns="http://www.bea.com/ns/weblogic/90">
    <security-role-assignment>
      <role-name>LTVORole</role-name>
     <externally-defined/>
    </security-role-assignment>
  </ns:weblogic-web-app>I have created the role in weblogic in the menu
  security realms > myrealm > roles and policies > Global Roles > roles > LTVORole
  Is it the right way to define a role?
  Please help me find where I am going wrong.
  Thanking you all in advance,
  Gireesh

  Hi All,
  I am trying to create a simple application which uses declarative authorization configured in web.xml. I use the simple form based authentication. While trying to deploy my application, I get the error:
  weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: LTVORole.
  But I have defined the role LTVORole in weblogic using the administrator console.
  below are the details of what I have done:
  Web.xml:
  ========
  <?xml version='1.0' encoding='UTF-8'?>
  <j2ee:web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee">
    <j2ee:welcome-file-list>
      <j2ee:welcome-file>login.jsp</j2ee:welcome-file>
      <j2ee:welcome-file>index.html</j2ee:welcome-file>
      <j2ee:welcome-file>index.htm</j2ee:welcome-file>
    </j2ee:welcome-file-list>
    <j2ee:login-config>
      <j2ee:auth-method>FORM</j2ee:auth-method>
      <j2ee:form-login-config>
        <j2ee:form-login-page>/login.jsp</j2ee:form-login-page>
        <j2ee:form-error-page>/error.jsp</j2ee:form-error-page>
      </j2ee:form-login-config>
    </j2ee:login-config>
  <security-constraint>
    <display-name>checkAccountConstraint</display-name>
  <web-resource-collection>
    <web-resource-name>checkAccountCollection</web-resource-name>
          <url-pattern>test.jsp</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
          <role-name>LTVORole</role-name>
    </auth-constraint>
    </security-constraint>
  </j2ee:web-app>Weblogic.xml
  ===========
  <?xml version="1.0" encoding="UTF-8"?>
  <ns:weblogic-web-app xmlns:ns="http://www.bea.com/ns/weblogic/90">
    <security-role-assignment>
      <role-name>LTVORole</role-name>
     <externally-defined/>
    </security-role-assignment>
  </ns:weblogic-web-app>I have created the role in weblogic in the menu
  security realms > myrealm > roles and policies > Global Roles > roles > LTVORole
  Is it the right way to define a role?
  Please help me find where I am going wrong.
  Thanking you all in advance,
  Gireesh

• Weblogic.security.acl in Weblogic 6

  I came across the following in the migration documention
  (http://edocs.bea.com/wls/docs60/notes/migrate.html#1026915):
  I'm assuming that this is just a typo or wording issue but it currently
  reads "weblogic.security.acl" is deprecated? Can't be the whole package.
  Anyone else notice this?
  Deprecated APIs and Features
  The following APIs and features are deprecated in anticipation of future
  removal from the product:
  a.. weblogic.security.acl
  b.. WebLogic Events
  WebLogic Events are deprecated and should be replaced by JMS messages with
  NO_ACKNOWLEDGE or MULTICAST_NO_ACKNOWLEDGE delivery modes. See Programming
  WebLogic JMS for more information.
  c.. WebLogic HTMLKona
  d.. T3 Driver

  request.getRemoteUser() still works fine for me after I implented a custom
  Autthenication / LoginModule.
  "patrik" <[email protected]> wrote in message
  news:[email protected]..
  >
  Yes, I have. see:
  http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.develo
  per.interest.security&item=8553&utag=
  >
  But if you've managed to get out the information from it I'd be gratefulto know
  how.
  /Patrik
  "Utpal" <[email protected]> wrote:
  Have you tried weblogic.security.Security.getCurrentSubject() ??
  -utpal

• JMS MODULE SECURITY IN WEBLOGIC

  Hi,
  I have one JMS Module that having two queues. I have to create the one user who will read and write the data.
  That user do not have the access to the console so that this user will not create and delete resources in the server as well start and stop the server.
  Could you please help me how to put the security for that user?
  I have already tried below mentioned  steps, but this is only for securing queues with indidual user.
  http://weblogic-wonders.com/weblogic/2011/02/01/securing-weblogic-jms-resources/
  Advance Thanks,
  Anil.

  Hi Arun,
  A NullPointerException is almost always an indication of a bug (99% of the time), and rarely an indicator of user error.
  If the NPE is thrown by WebLogic code (and not app code), I recommend filing a customer support case (or if you happen to be on old version or service-pack, updating to the latest).
  As for your configuration change, it will very likely take effect upon a cluster restart regardless of the NPE - (the NPE, based on your description, is likely a localized problem with the console). You can check your JMS module XML to see if the console change was reflected in the configuration file...
  Tom

• Weblogic.security.SecurityInitializationException: The loading of OPSS [...] Error message: null

  Hello,
  I am trying to install Fusion Client on a CentOS 5.10 machine. I have installed:
  * java version 1.6.0_45 (have also tried with latest 1.7 version, but IIRC 1.6 is recommended)
  * Oracle WebLogic Server 11gR1 (10.3.5) + Coherence - Package Installer
  * Application Development Runtime realease 11.1.1.6.0
  * ADF patches p13952743 and p13956635
  In case more information is needed, I followed this guide: Weblogic Installation 1. Download Oracle WebLogic Server 11gR1 (10.3.5) + Co - Pastebin.com
  I create a new domain on WebLogic (with Oracle JRF), and everything seems to be running fine up to that point. However, when I try to run ./startWebLogic.sh , I get this error:
  . . JAVA Memory arguments: -Xms256m -Xmx512m -XX:MaxPermSize=512m . WLS Sta - Pastebin.com
  I have tried reinstalling Java, creating the domain again, and also completely removing WebLogic and reinstalling it from scratch - nothing seems to make that error go away. Any suggestions?
  Thank you in advance!
  Message was edited by: 1c089563-55cd-4545-a4db-48707a92b950 (Corrected pastebin link)

  Hi,
  This might be a different issue if it worked before. Please paste the contents of your /etc/hosts file just in case.
  Also, try starting WebLogic with the -Djava.security.debug=jpspolicy flag and paste the output.
  You might want to refer to this page: http://www.weblogic-tips.com/2011/07/07/error-related-to-opss-security-failing-while-starting-weblogic-servers/