WebLogic 10.3.4 Security
I have 2 ADF web applications deployed on weblogic 10.3.4. Each has a different group users. I have 2 database (different oracle users) to store username and password.
I can create SQLAuthenticator for one application. SQLAuthenticator A is for database A. SQLAuthenticator B is for database B.
How to let these 2 applications use different SQL Authenticator?
So ADF has nuances that I'm unfamiliar with. I suggest you post in the ADF forum and explain clearly the use case with an example. It's a very active forum, so if you ask the question well, I'm sure you'll get a good response.
JDeveloper and ADF
Similar Messages
-
Weblogic 10.3.0 - Security Violation when Group Membership Lookup enabled
Dear Admins,
We're running a Weblogic 10.3.0 cluster with our own software deployed.
We're using SQL authentication (JDBC to Oracle DB) to authenticate users.
Recently we've been tuning our WL cluster to improve performance, and have enabled Group Membership Lookup Hierarchy Caching.
Sometimes users log into our application and get inssuficient rights (or some other error). This appears to happen at random. Most of the times they can log in without problems.
We determined it's not something to do with the cluster, although it can happen on one node and the other node will work as normal.
In the Managed server we see this error (with test user):
Managed7Server.out00011:java.rmi.AccessException: [EJB:010160]Security Violation: User: 'test' has insufficient permission to access EJB: type=<ejb>, application=leanapps, module=process_general.jar, ejb=LaLifeProcessController,
method=create, methodInterface=Home, signature={}.
When we disable Group Membership Lookup Hierarchy Caching, this error never occurs.
Our settings (Security Realms -> myrealm -> Providers -> SQL Authenticator -> Performance):
Max Group Hierarchies In Cache: 5000 (we have approx. 2000 groups)
Group Hierarchy Cache TTL: 3600
provider specific settings :
Group Membership Searching: unlimited
Max Group Membership Search Level: 0
Also in Myrealm -> Performance we have set :
Enable WebLogic Principal Validator Cache
Max WebLogic Principals In Cache: 5000
If we put the TTL really low (default 60 seconds), the error hardly ever occurs. But we want to have cache that lasts longer then one minute.
This might be a bug, as we have other clusters running on WL 10.3.5, 12c where we use the same cache settings. This issue does not occur there.
I'm more then willing to provide more info or config files
Edited by: user5974192 on 21-nov-2012 5:17This is fixed now. Someone had defined a Servlet for the web service in web.xml that was preventing the EJB container to kick in.
Edited by: user572625 on Aug 25, 2011 11:54 PM -
Weblogic and Tuxedo server : Security Audit Logs
In our application we are using the weblogic server 7.0 and Tuxedo server 7.1 (to improve performance). When the user logged in to the application, the security logs are captured from tuxedo.
Can anyone tell us, how the auditing can be enabled in security logs of tuxedo server?> Has anyone done this before and can show me some snippets of code?
The example code and FM's you are looking for are in report RSAU_READ_AUDITLOG_EXTERNAL.
Cheers,
Julius -
Weblogic server 9.2 security and administartion
hi all,
i have few questions in my mind can anybody answer for these.
1> in weblogic server 9.2 can existing infrastrcture allow to generate auto alert on going down the server instance or due to any erroe during running and that should be available to the adminstrator anywhere?if yes then how?
2>Can we administrator decide the previlieges/access to be given to the client by setting proxy with username and passoword?If yes how?
3>For security purpose as user logs out can we make provision to shut down the browser instead of just signing out?
4>If i need to deploye j2ee applciation on weblogic server that is created using by some another IDE,what is the steps/points to be considered as premigration study?
i will be thankful if anybody try to answer these questions.
with regards
santoh.rHello User,
You can find the application under below path
Domain_name - Expand "Environment" and Select " Deployments " - here your application will show which are deployed in this domain.
Please refer -http://docs.oracle.com/cd/E13222_01/wls/docs100/intro/console.html
Regards
Laksh -
Weblogic implementation of java.security.acl.Group
hi guys
Do you know of any specific reason why there isnt a implementation of the
java.security.acl.Group interface in the weblogic jar.
I am trying to create a simple user manager service which uses the mbeans
exposed by weblogic. However the interface I am coding to expects me to return
java.security.acl.Group when I create a Group. This has resulted in a deadlock
as I havent been able to locate a non deprecated implementation.
Thanks
anandYes, you can do this.
Alexandre Vauthey wrote:
Hi,
If I write my own securrity realm, am I able to use my own implementaion of
'java.security.acl.Acl' and 'java.security.acl.AclEntry' or do I have to use
the implementation provided by weblogic ? When Security.checkPermission() is
called, does it solely rely on APIs defined in 'java.security.acl' or does
it really expect to talk to an instance of weblogic 'AclImpl' ?
Thanks, Alexandre.
Alexandre Vauthey
Software Engineer
Application Networks
444 Ramona street
Palo Alto, CA 94301 -
Oracle WebLogic 10.3 Template Security Configuration
The Oracle VM Template for WebLogic 10.3 has the WebLogic installed as root and configured to run as root. This is in conflict with the Oracle recommendations for hardening a WebLogic deployment. Is there a simple way to apply the Oracle security recommendations to the VM Template, Or should we undertake to develop a new template based on the recommendations of the Oracle guide?
Reference: http://download.oracle.com/docs/cd/E12840_01/wls/docs103/pdf/lockdown.pdfHi David,
I talked to some security folks and they indicated that the principle reason for not running WLS as root is to protect the OS root account (versus protecting the WLS install). The idea is that if the WLS were compromised then at least the OS would not be compromised as well. In virtual use cases where VMs are often more like appliances than general OS containers for unrelated apps the security paradigms may need modification. That said, I am told that you should be able to go ahead and create a non-root account and then run WLS as that new user. Just remember to change ownership (or permissions) for directories and files as necessary. Your observation re: root is a good one and I will make sure the appropriate PMs are notified. -
WebLogic 4.5.1 Security
I have a question about the InitialContext and
ServletAutentication.class.
When I run the ServletAuthentication weak() method it creates a context
and stores it in the session if the authentication is good. We have
placed an acl on the Database Pools and even though we are running the
weak() method before we try and access a pool object we are still
getting a SecurityException where we are told the pool manager thinks we
are user guest.
Is this because the ServletAuthentication class really doesn't bind us
with the true backend acl list? or am I doing something wrong?
public void doGet(HttpServletRequest req, HttpServletResponse res)
InitialContext initialcontext = (InitialContext)
session.getValue("javax.naming.InitialContext");
if(initialcontext != null)
Debug.println("Context exists in Session allready!");
else
Debug.println("Context does not exist in Session!");
ServletAuthentication sa = new ServletAuthentication("txt_username",
"txt_password");
int authenticated = sa.weak(request, null); // I noticed that
response isn't used anywhere in the class...
Debug.println("Authentication is: " + authenticated);
Connection conn =
DriverManager.getConnection("jdbc:weblogic:jts:AribaUserPool");
<====> This is where we get the security exception telling us we are
user guest still
Do I need to fetch the username,password out of the Session myself and
pass it in the getConnection() call or does the weblogic driver manager
do that for me?
ThanksHi there,
I'm also having this problem, and not sure what the solution is. I've tried
both JProbe and OptimizeIt to no avail. Has anyone got any ideas why the
policies files are not being read when run through an auditor (profiler)?
vs. running as the main process?
-joe
Rob Sward <[email protected]> wrote in message
news:831iir$cku$[email protected]..
Does anyone know the tricks in getting JProbe 2.5 to work with WebLogic
4.5.1. on Win NT 4.0
I get JProbe (profiler, launchpad and jplauncher etc.) to load weblogic
4.5.1. However, when I access the jsp I keep getting the followingmessage
>
java.security.AccessControlException: access denied
However, when I run weblogic from the startWebLogic.cmd the jsp worksfine.
>
It appears that JProbe is not accepting the VM arguments
-Djava.security.manager -Djava.security.policy==weblogic.policy
Suggestions ? -
Weblogic 6.1 example/security/sslclient jsseWLS.bat does not work
I try to run the weblogic 6.1 example under the examples\security\sslclient.
I follow the instruction and setup the server.
wlsWLS.bat is working fine.
but jsseWLS.bat is not working
It gives back following error.
===== in jsseURLConnect =====
JDK Protocol Handlers and Security Providers:
java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
MD
5 digests; SecureRandom; X.509 certificates; JKS keystore)
provider[1] - SunRsaSign - SUN's provider for RSA signatures
provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
SunX509 key/trust factories, SSLv3, TLSv1)
provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
Trying a new HTTP connection using JDK client classes -
http://localhost:80/examplesWebApp/SnoopServlet.jsp
====Permission =(java.net.SocketPermission localhost:80 connect,resolve)
===== inside tryConnection
Connection refused: connectjava.net.ConnectException: Connection refused: connec
t
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120)
at java.net.Socket.<init>(Socket.java:273)
at java.net.Socket.<init>(Socket.java:100)
at sun.net.NetworkClient.doConnect(NetworkClient.java:50)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:331)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:517)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:277)
at sun.net.www.http.HttpClient.New(HttpClient.java:289)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection
.java:408)
at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:15
1)
at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:2
05)
at examples.security.sslclient.SSLClient.main(SSLClient.java:99)
JDK Protocol Handlers and Security Providers:
java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
MD
5 digests; SecureRandom; X.509 certificates; JKS keystore)
provider[1] - SunRsaSign - SUN's provider for RSA signatures
provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
SunX509 key/trust factories, SSLv3, TLSv1)
provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
Trying a new HTTPS connection using JDK client classes -
https://localhost:443/examplesWebApp/SnoopServlet.jsp
sconnection instanceof com.sun.net.ssl.HttpsURLConnection
using a com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection
===== inside tryConnection
java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120)
at java.net.Socket.<init>(Socket.java:273)
at java.net.Socket.<init>(Socket.java:100)
at javax.net.ssl.SSLSocket.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>([DashoPro-V1.2-1201
98])
at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket([Dasho
Pro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([Da
shoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(
[DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1
.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoP
ro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([Dasho
Pro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connec
t([DashoPro-V1.2-120198])
at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:15
1)
at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:2
30)
at examples.security.sslclient.SSLClient.main(SSLClient.java:99)
Connection refused: connect----
Does anyone know what happens..
i would appreciate if i get some code snippets or url pointers.
Thanks.
--Michael W.I try to run the weblogic 6.1 example under the examples\security\sslclient.
I follow the instruction and setup the server.
wlsWLS.bat is working fine.
but jsseWLS.bat is not working
It gives back following error.
===== in jsseURLConnect =====
JDK Protocol Handlers and Security Providers:
java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
MD
5 digests; SecureRandom; X.509 certificates; JKS keystore)
provider[1] - SunRsaSign - SUN's provider for RSA signatures
provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
SunX509 key/trust factories, SSLv3, TLSv1)
provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
Trying a new HTTP connection using JDK client classes -
http://localhost:80/examplesWebApp/SnoopServlet.jsp
====Permission =(java.net.SocketPermission localhost:80 connect,resolve)
===== inside tryConnection
Connection refused: connectjava.net.ConnectException: Connection refused: connec
t
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120)
at java.net.Socket.<init>(Socket.java:273)
at java.net.Socket.<init>(Socket.java:100)
at sun.net.NetworkClient.doConnect(NetworkClient.java:50)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:331)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:517)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:277)
at sun.net.www.http.HttpClient.New(HttpClient.java:289)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection
.java:408)
at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:15
1)
at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:2
05)
at examples.security.sslclient.SSLClient.main(SSLClient.java:99)
JDK Protocol Handlers and Security Providers:
java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
MD
5 digests; SecureRandom; X.509 certificates; JKS keystore)
provider[1] - SunRsaSign - SUN's provider for RSA signatures
provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
SunX509 key/trust factories, SSLv3, TLSv1)
provider[3] - SunJCE - SunJCE Provider (implements DES, Triple DES, Blowfish,
PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
Trying a new HTTPS connection using JDK client classes -
https://localhost:443/examplesWebApp/SnoopServlet.jsp
sconnection instanceof com.sun.net.ssl.HttpsURLConnection
using a com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection
===== inside tryConnection
java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120)
at java.net.Socket.<init>(Socket.java:273)
at java.net.Socket.<init>(Socket.java:100)
at javax.net.ssl.SSLSocket.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>([DashoPro-V1.2-1201
98])
at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket([Dasho
Pro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([Da
shoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer(
[DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1
.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoP
ro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([Dasho
Pro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connec
t([DashoPro-V1.2-120198])
at examples.security.sslclient.SSLClient.tryConnection(SSLClient.java:15
1)
at examples.security.sslclient.SSLClient.jsseURLConnect(SSLClient.java:2
30)
at examples.security.sslclient.SSLClient.main(SSLClient.java:99)
Connection refused: connect----
Does anyone know what happens..
i would appreciate if i get some code snippets or url pointers.
Thanks.
--Michael W. -
Weblogic server 7.0 security
When I start the server (it is a admin managed server in a domain), I got this message:
[java] <Oct 16, 2002 11:47:44 AM CDT> <Error> <Security> <090158> <The Server was unable to find the private key with alias demokey at location wlDefaultKeyStore.jks on server TracFoneSrv, realm myrealm. Make sure the KeyStore exists and contains the key entry under the specified alias.>
[java] java.lang.Exception: Cannot find the private key with alias demokey in the KeyStore at location wlDefaultKeyStore.jks
[java] <Oct 16, 2002 11:47:44 AM CDT> <Alert> <WebLogicServer> <000297> <Inconsistent security configuration, java.lang.Exception: Cannot find the private key
with alias demokey in the KeyStore at location wlDefaultKeyStore.jks>
How do I know whether the keystore contains a certain key or not? I see the demokey.pem and wlDefaultKeyStore.jks both exist in the same directory for that domain.
Thank you for your help,
BinHi Bin,
You can use keytool to display the contents of the keystore.
The keytool utility comes with the JDK so set your path to
include $JAVA_HOME/bin directory. Use the following command
to list all the entries in the keystore.
keytool -list -keystore <key-store-name>
You will be prompted for the keystore password.
I hope that helps.
Regards,
Tom Hegadorn
Developer Relations Engineer
BEA Support
Bin <[email protected]> wrote:
When I start the server (it is a admin managed server in a domain), I
got this message:
[java] <Oct 16, 2002 11:47:44 AM CDT> <Error> <Security> <090158>
<The Server was unable to find the private key with alias demokey at
location wlDefaultKeyStore.jks on server TracFoneSrv, realm myrealm.
Make sure the KeyStore exists and contains the key entry under the specified
alias.>
[java] java.lang.Exception: Cannot find the private key with
alias demokey in the KeyStore at location wlDefaultKeyStore.jks
[java] <Oct 16, 2002 11:47:44 AM CDT> <Alert> <WebLogicServer> <000297>
<Inconsistent security configuration, java.lang.Exception: Cannot find
the private key
with alias demokey in the KeyStore at location wlDefaultKeyStore.jks>
How do I know whether the keystore contains a certain key or not? I
see the demokey.pem and wlDefaultKeyStore.jks both exist in the same
directory for that domain.
Thank you for your help,
Bin -
Create , delete "security roles" in weblogic console - sample Security providers
Hi Everyone:
Weblogic gave out sample Security Providers for version 7.0 and 8.1. In
those sample Security Provider , the author of codes used property files as
Security Providers Database, however he/she didn't show how to create a
Manageable Sample Role Mapping Provider or Manageable Sample Authentication
Provider, so Administrator of weblogic console can create and delete
"security roles" in weblogic console.
Have anyone known how to do that?
Ming Qin"ming qin" <[email protected]> wrote in message news:[email protected]..
Hi Everyone:
Weblogic gave out sample Security Providers for version 7.0 and 8.1.In
those sample Security Provider , the author of codes used property filesas
Security Providers Database, however he/she didn't show how to create a
Manageable Sample Role Mapping Provider or Manageable SampleAuthentication
Provider, so Administrator of weblogic console can create and delete
"security roles" in weblogic console.
Have anyone known how to do that?
I would ask in the weblogic.developer.interest.management.console newsgroup.
>
Ming Qin -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
Using weblogic security roles in authentication: weblogic 9
Hi All,
I am trying to create a simple application which uses declarative authorization configured in web.xml. I use the simple form based authentication. While trying to deploy my application, I get the error:
weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: LTVORole.
But I have defined the role LTVORole in weblogic using the administrator console.
below are the details of what I have done:
Web.xml:
========
<?xml version='1.0' encoding='UTF-8'?>
<j2ee:web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee">
<j2ee:welcome-file-list>
<j2ee:welcome-file>login.jsp</j2ee:welcome-file>
<j2ee:welcome-file>index.html</j2ee:welcome-file>
<j2ee:welcome-file>index.htm</j2ee:welcome-file>
</j2ee:welcome-file-list>
<j2ee:login-config>
<j2ee:auth-method>FORM</j2ee:auth-method>
<j2ee:form-login-config>
<j2ee:form-login-page>/login.jsp</j2ee:form-login-page>
<j2ee:form-error-page>/error.jsp</j2ee:form-error-page>
</j2ee:form-login-config>
</j2ee:login-config>
<security-constraint>
<display-name>checkAccountConstraint</display-name>
<web-resource-collection>
<web-resource-name>checkAccountCollection</web-resource-name>
<url-pattern>test.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>LTVORole</role-name>
</auth-constraint>
</security-constraint>
</j2ee:web-app>Weblogic.xml
===========
<?xml version="1.0" encoding="UTF-8"?>
<ns:weblogic-web-app xmlns:ns="http://www.bea.com/ns/weblogic/90">
<security-role-assignment>
<role-name>LTVORole</role-name>
<externally-defined/>
</security-role-assignment>
</ns:weblogic-web-app>I have created the role in weblogic in the menu
security realms > myrealm > roles and policies > Global Roles > roles > LTVORole
Is it the right way to define a role?
Please help me find where I am going wrong.
Thanking you all in advance,
GireeshHi All,
I am trying to create a simple application which uses declarative authorization configured in web.xml. I use the simple form based authentication. While trying to deploy my application, I get the error:
weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: LTVORole.
But I have defined the role LTVORole in weblogic using the administrator console.
below are the details of what I have done:
Web.xml:
========
<?xml version='1.0' encoding='UTF-8'?>
<j2ee:web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee">
<j2ee:welcome-file-list>
<j2ee:welcome-file>login.jsp</j2ee:welcome-file>
<j2ee:welcome-file>index.html</j2ee:welcome-file>
<j2ee:welcome-file>index.htm</j2ee:welcome-file>
</j2ee:welcome-file-list>
<j2ee:login-config>
<j2ee:auth-method>FORM</j2ee:auth-method>
<j2ee:form-login-config>
<j2ee:form-login-page>/login.jsp</j2ee:form-login-page>
<j2ee:form-error-page>/error.jsp</j2ee:form-error-page>
</j2ee:form-login-config>
</j2ee:login-config>
<security-constraint>
<display-name>checkAccountConstraint</display-name>
<web-resource-collection>
<web-resource-name>checkAccountCollection</web-resource-name>
<url-pattern>test.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>LTVORole</role-name>
</auth-constraint>
</security-constraint>
</j2ee:web-app>Weblogic.xml
===========
<?xml version="1.0" encoding="UTF-8"?>
<ns:weblogic-web-app xmlns:ns="http://www.bea.com/ns/weblogic/90">
<security-role-assignment>
<role-name>LTVORole</role-name>
<externally-defined/>
</security-role-assignment>
</ns:weblogic-web-app>I have created the role in weblogic in the menu
security realms > myrealm > roles and policies > Global Roles > roles > LTVORole
Is it the right way to define a role?
Please help me find where I am going wrong.
Thanking you all in advance,
Gireesh -
Weblogic.security.acl in Weblogic 6
I came across the following in the migration documention
(http://edocs.bea.com/wls/docs60/notes/migrate.html#1026915):
I'm assuming that this is just a typo or wording issue but it currently
reads "weblogic.security.acl" is deprecated? Can't be the whole package.
Anyone else notice this?
Deprecated APIs and Features
The following APIs and features are deprecated in anticipation of future
removal from the product:
a.. weblogic.security.acl
b.. WebLogic Events
WebLogic Events are deprecated and should be replaced by JMS messages with
NO_ACKNOWLEDGE or MULTICAST_NO_ACKNOWLEDGE delivery modes. See Programming
WebLogic JMS for more information.
c.. WebLogic HTMLKona
d.. T3 Driverrequest.getRemoteUser() still works fine for me after I implented a custom
Autthenication / LoginModule.
"patrik" <[email protected]> wrote in message
news:[email protected]..
>
Yes, I have. see:
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.develo
per.interest.security&item=8553&utag=
>
But if you've managed to get out the information from it I'd be gratefulto know
how.
/Patrik
"Utpal" <[email protected]> wrote:
Have you tried weblogic.security.Security.getCurrentSubject() ??
-utpal -
JMS MODULE SECURITY IN WEBLOGIC
Hi,
I have one JMS Module that having two queues. I have to create the one user who will read and write the data.
That user do not have the access to the console so that this user will not create and delete resources in the server as well start and stop the server.
Could you please help me how to put the security for that user?
I have already tried below mentioned steps, but this is only for securing queues with indidual user.
http://weblogic-wonders.com/weblogic/2011/02/01/securing-weblogic-jms-resources/
Advance Thanks,
Anil.Hi Arun,
A NullPointerException is almost always an indication of a bug (99% of the time), and rarely an indicator of user error.
If the NPE is thrown by WebLogic code (and not app code), I recommend filing a customer support case (or if you happen to be on old version or service-pack, updating to the latest).
As for your configuration change, it will very likely take effect upon a cluster restart regardless of the NPE - (the NPE, based on your description, is likely a localized problem with the console). You can check your JMS module XML to see if the console change was reflected in the configuration file...
Tom -
Hello,
I am trying to install Fusion Client on a CentOS 5.10 machine. I have installed:
* java version 1.6.0_45 (have also tried with latest 1.7 version, but IIRC 1.6 is recommended)
* Oracle WebLogic Server 11gR1 (10.3.5) + Coherence - Package Installer
* Application Development Runtime realease 11.1.1.6.0
* ADF patches p13952743 and p13956635
In case more information is needed, I followed this guide: Weblogic Installation 1. Download Oracle WebLogic Server 11gR1 (10.3.5) + Co - Pastebin.com
I create a new domain on WebLogic (with Oracle JRF), and everything seems to be running fine up to that point. However, when I try to run ./startWebLogic.sh , I get this error:
. . JAVA Memory arguments: -Xms256m -Xmx512m -XX:MaxPermSize=512m . WLS Sta - Pastebin.com
I have tried reinstalling Java, creating the domain again, and also completely removing WebLogic and reinstalling it from scratch - nothing seems to make that error go away. Any suggestions?
Thank you in advance!
Message was edited by: 1c089563-55cd-4545-a4db-48707a92b950 (Corrected pastebin link)Hi,
This might be a different issue if it worked before. Please paste the contents of your /etc/hosts file just in case.
Also, try starting WebLogic with the -Djava.security.debug=jpspolicy flag and paste the output.
You might want to refer to this page: http://www.weblogic-tips.com/2011/07/07/error-related-to-opss-security-failing-while-starting-weblogic-servers/
Maybe you are looking for
-
How to decrypt data when you can't get the private key in Windows?
I'm very confuse. My english is poor, but I try to say my question clearly. When browser connects to a https website which needs client certificate to authenticate the identity, the browser will send client certificate to web server. Then the web ser
-
In-Store pickup does not show any stores in Commerce Service Center
Hi All, I have configured ATG 10.2 and the CSC with it. I can see the "Pickup In-Store' button when I try to place an order as an agent, but when I click it, the popup says "No Store Found." I have verified that the item has onlineOnly flag as false
-
MDM 7.1 SP03 Java API - setRetrieveResultCounts & taxonomy aliases = error
We just upgraded our test MDM system to 7.1 SP03 so we could use the new methods in the Java API to get result counts. However, we've run into a problem with the result counts when taxonomy aliases are being used. The following code works when there
-
Hi While doing MIGO, I am getting the error as Material Ledger is not active. There is no requirement for material ledger activation. How does this error can be solved. Please suggest Thanks Sanjay
-
I would like to clarify if it is OK to create an iBook photo/video album for potential wedding clients? I would give them the ibooks file ( via dvd or dropbox ) as a complimentary gift but I would also include my design rate for the time it took to c