WebLogic 9.1 Security Providers Issue

Similar Messages

• Create , delete "security roles" in weblogic console - sample Security providers

  Hi Everyone:
  Weblogic gave out sample Security Providers for version 7.0 and 8.1. In
  those sample Security Provider , the author of codes used property files as
  Security Providers Database, however he/she didn't show how to create a
  Manageable Sample Role Mapping Provider or Manageable Sample Authentication
  Provider, so Administrator of weblogic console can create and delete
  "security roles" in weblogic console.
  Have anyone known how to do that?
  Ming Qin

  "ming qin" <[email protected]> wrote in message news:[email protected]..
  Hi Everyone:
  Weblogic gave out sample Security Providers for version 7.0 and 8.1.In
  those sample Security Provider , the author of codes used property filesas
  Security Providers Database, however he/she didn't show how to create a
  Manageable Sample Role Mapping Provider or Manageable SampleAuthentication
  Provider, so Administrator of weblogic console can create and delete
  "security roles" in weblogic console.
  Have anyone known how to do that?
  I would ask in the weblogic.developer.interest.management.console newsgroup.
  >
  Ming Qin

• Java.rmi.UnmarshalException Failed to load class com.msl.security.providers

  Hi ,
  I have the following error while i am stopping a Weblogic instance. Did anyone face a similar issue, please let me know. I see a classnotfound error , but not sure what is that jar file. Is it a application jar or a weblogic one?
  Stopping Weblogic Server...
  Initializing WebLogic Scripting Tool (WLST) ...
  log4j: Trying to find [resources/comdev/default-log4j.properties] using context classloader java.net.URLClassLoader@183f74d.
  log4j: Using URL [jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties] for automatic log4j configuration.
  log4j: Reading configuration from URL jar:file:/teamrule/10.2/modules/com.bea.cie.comdev_5.3.0.0.jar!/resources/comdev/default-log4j.properties
  log4j: Hierarchy threshold set to [ALL].
  log4j: Parsing for [root] with value=[INFO, NA].
  log4j: Level token is [INFO].
  log4j: Category root set to INFO
  log4j: Parsing appender named "NA".
  log4j: Parsed "NA" options.
  log4j: Finished configuring.
  Welcome to WebLogic Server Administration Scripting Shell
  Type help() for help on available commands
  Connecting to t3://localhost:7009 with userid weblogic ...
  This Exception occurred at Sun Apr 10 14:17:03 UTC 2011.
  javax.naming.CommunicationException [Root exception is java.rmi.UnmarshalException: failed to unmarshal class weblogic.security.acl.internal.AuthenticatedUser; nested excep
  tion is:
          java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
  at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:74)
  at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:32)
  at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
  at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:673)
  at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
  ... 48 more
  Problem invoking WLST - Traceback (innermost last):
  File "/web/10.2/user_projects/domains/dom/shutdown.py", line 1, in ?
  File "<iostream>", line 22, in connect
  WLSTException: 'Error occured while performing connect : Error getting the initial context. There is no server running at t3://localhost:7009 Use dumpStac
  k() to view the full stacktrace'
  Thanks a lot for your time.
  Manish

  Hi Manish,
  It seems that you are using a custom security provider and the weblogic server is not able to find the class / jar file that contains the class.
  java.lang.ClassNotFoundException: Failed to load class com.msl.security.providers.SessionPrincipal]
  Make sure you have all the required jar files in the server classpath.
  You can use the JarScan utility to find the jar that contains the class.
  Refer the below link regarding the jarScan.
  http://weblogic-wonders.com/weblogic/2011/01/26/finding-jar-files-using-jarscan/
  Regards,
  Anandraj
  http://weblogic-wonders.com

• Weblogic 9.0b security provider

  Hello, I am looking for porting security provider developed in Weblogic 8.1.3, to 9.0 b. But in the product documentation the related section is stated as "(not for beta)".
  What does it mean? If it means "available soon", when will it be.

  Hi,
  I am having problems upgrading my 7.0 security providers.
  I have set my enviroment as stated in the documents but when I issue the command:
  java weblogic.Upgrade -mode silent -type securityproviders
  in the directory holding the security provider jar files (or the GUI equivalent), I get the following log messages:
  <feb 02, 2005 4:00:44 PM CET> <INFO > <Upgrade> <BEA-800000> <Started the Security Provider Upgrade
  process, this may take a while ...>
  <feb 02, 2005 4:00:44 PM CET> <INFO > <Upgrade> <BEA-800000> <Migrating old security provider jars f
  rom D:\tmp\.>
  <feb 02, 2005 4:00:44 PM CET> <INFO > <Upgrade> <BEA-800000> <No MDF's (.xml's) found in the old sec
  urity provider jar with name pseAuthenticator.jar>
  <feb 02, 2005 4:00:44 PM CET> <INFO > <Upgrade> <BEA-800000> <No Security Provider jars have been Up
  graded>
  <feb 02, 2005 4:00:44 PM CET> <INFO > <Upgrade> <BEA-800000> <>
  I.e., the upgrade utility does not recognize the xml file in the jar. However, it's really there, at root level, with the name PseAuthenticator.xml and with the following contents:
  <?xml version="1.0" ?>
  <!DOCTYPE MBeanType SYSTEM "commo.dtd">
  <MBeanType
  Name = "PostenSeAuthenticator"
  DisplayName = "PostenSeAuthenticator"
  Package = "se.posten.pse.framework.security.internal.authentication.weblogic"
  Extends = "weblogic.management.security.authentication.Authenticator"
  PersistPolicy = "OnUpdate"
  Description = "The MBean that represents configuration attributes for the PseAuthentication"
  >
  <MBeanAttribute
  Name = "ProviderClassName"
  Type = "java.lang.String"
  Writeable = "false"
  Default = ""se.posten.pse.framework.security.internal.authentication.weblogic.AuthenticationProviderImpl""
  Description = "The name of the Java class used to load the Posten.se
  Authentication provider."
  />
  <MBeanAttribute
  Name = "Description"
  Type = "java.lang.String"
  Writeable = "false"
  Default = ""Provider that performs authentication from the Pse DB""
  Description = "A short description of the Posten.se Authentication provider."
  />
  <MBeanAttribute
  Name = "Version"
  Type = "java.lang.String"
  Writeable = "false"
  Default = ""1.0""
  Description = "The version number of the Posten.se Authentication provider."
  />
  </MBeanType>
  Also, the stated class is present in the jar. What am I doing wrong?
  Kind Regards
  /Par

• Classloading of security providers

  I've stuck the MBeans for my security service providers in the %BEA_HOME%/weblogic81/server/lib/mbeantypes
  dir and was able to instrument them via the console. However, I cannot seem to
  get WebLogic to start up without throwing a ClassNotFoundException complaining
  that it cannot find my security providers. I've tried sticking them in in the
  mbeantypes dir as well as just server/lib.
  Do I REALLY have to stick them in the system classpath? I really don't want to
  if I don't have to.
  Cheers,
  Steve Maring
  AT&T Labs

  Steve,
  sorry, i am still unable to understand the problem. So typically this is
  what users do,
  1) Build security providers using the weblogic mbean maker, the output
  is a jar
  2) copy this jar file to the lib/mbeantypes directory.
  3) Start the server, these mbeans will be loaded into the server.
  4) Go to console and the new provider's show up, you can then configure
  the providers.
  5) After saving, you should see entries in your config.xml reflecting
  the provider mbean instances you just created via the console.
  6) If you re-start the server, you should be able to go back to the
  console and see your instances that you created in your previous session.
  Now, at what point in this cycle you are seeing issues? Also could you
  ptovide any stack traces, if there are any?
  Thanks,
  -satya
  Steve Maring wrote:
  OK, let me say that I was able to configure the security providers to use my custom
  providers, so obviously my mbeans were OK. However, the server itself, after
  reviewing the config.xml, and seeing my custom security providers configured,
  complains that it cannot find them. I've tried putting them in server/lib, common/lib,
  and server/lib/mbeantypes, but none of these seem to work.
  Satya Ghattu <[email protected]> wrote:
  Steve Maring wrote:
  I've stuck the MBeans for my security service providers in the %BEA_HOME%/weblogic81/server/lib/mbeantypes
  dir and was able to instrument them via the console. However, I cannotseem to
  get WebLogic to start up without throwing a ClassNotFoundExceptioncomplaining
  that it cannot find my security providers. I've tried sticking themin in the
  mbeantypes dir as well as just server/lib.They should not be put in the system classpath. When you say you have
  instrumented them via console, what exactly does this mean? Try
  accessing the MBeans via straight JMX calls instead of using the
  interfaces in your code.
  Do I REALLY have to stick them in the system classpath? No, you dont have to.
  thanks,
  -satya
  I really don't want to
  if I don't have to.
  Cheers,
  Steve Maring
  AT&T Labs

• Error occurred while preloading classes of security providers from jre/lib/

  Hello all,
  We are Upgrading our BW Production System with EHP1 Package.
  on the Step DEPLOY_ONLINE_DEPL the Upgrade stops and we get the error message
  Error occurred while preloading classes of security providers from jre/lib/ext folder: java.util.zip.ZipException: A file or directory in the path name does not e*
  *xist. jar:file:/usr/java14_64/jre/lib/ext/ibmjceprovider.jar
  I have checked the file Path and the Permission exist
  I have no Idea anymore
  Can you help us ?
  Best regards
  Vito Cecere

  Hi Vito,
  This issue looks similar to the following thread I believe the problem was with the SAPJSF user
  Cannot startup visual administrator due to UME logon client details changed

• Security related issues

  Hi everybody,
  We know that weblogic stores all its configuration
  parameters in an xml file,including the userid and password for the database
  in clear text form .
  I want to know whether it is a security flaw?
  Is there a way to encrypt the file contents,so that the userid and password
  will not be in clear text form.
  Any suggestions to increase the security on the config file by appliying os
  restriction or by any third party tool will be helpful.
  Thanks in advance
  prashant

  I am a co-founder of Calendar of Updates http://www.calendarofupdates.com/updates/index.php?act=idx This is a site that is primarily a Windows based security forum (I switched about 4-5 years ago). Over the years, I've tried to grow the Mac side of our forum, but, as you may know, there is little or no interest in security within the Mac community. For many, the feel security is a Windows issue.
  It's a free site, so don't think I have a vested interest in growing the membership, I'm not an owner, either.
  I just created an *Apple OS X Security Issues* forum http://www.calendarofupdates.com/updates/index.php?showforum=209
  Right now it's an empty forum since it was created 10 minutes ago. Please feel free to join the forum and share security related issues and questions.
  I am not aware of any other forums that deal with OS X security issues
  exclusively, so this forum could be a good place to bookmark and visit from time to time.

• Security design issue

  Hi Folks,
  I've a security design issue using J2EE architecture framework in my
  project..
  Proj Requirement:
  i) User Logs-into a health b2b/b2c portal website...
  ii) Check the user exist in the database or LDAP directory service.
  iii) If exist user then check the role Patient/Insurance Provider/Physician?
  iv)If Patient then display his personal health record history.
  else Insurance Provider then display about Insurance Policy information,
  which he can update/create insurance for entered patient id. If patient has
  granted access to Insurance Provider
  and if Physician then display about hospital information like
  waiting patients,sending appointments,etc..
  The above security access control role & policy has to be implemented
  very strong. so that other user cannot view/update someone health records..
  Development tool:WebLogic Server/Oracle/LDAP.. on Linux
  Security Problem:
  i)What is the best security solution for the above requirement?
  ii)How do I authenticate/validate user using J2EE security framework?
  Can anyone explain in details or steps to implement?
  Thanks,
  -raj-

  I'm assuming that your using WLS 6, if so check out (I know we cover this in
  the documentation but I'm guessing at the title) the "securing your site"
  guide. Some of what you're planning the WLS server can protect through good
  ACL usage. I'd recommend creating at least three groups (patient, provider,
  physician), clearly the danger lies in having a user who is a member of more
  than one group. I'd recommend implementing your own role checking at both
  the servlet and EJB levels to fully enforce information access, using
  servlet state and stateful session beans should help.
  Alex
  Raj <[email protected]> wrote in message
  news:[email protected]..
  Hi Folks,
  I've a security design issue using J2EE architecture framework in my
  project..
  Proj Requirement:
  i) User Logs-into a health b2b/b2c portal website...
  ii) Check the user exist in the database or LDAP directory service.
  iii) If exist user then check the role Patient/InsuranceProvider/Physician?
  iv)If Patient then display his personal health record history.
  else Insurance Provider then display about Insurance Policy information,
  which he can update/create insurance for entered patient id. If patienthas
  granted access to Insurance Provider
  and if Physician then display about hospital information like
  waiting patients,sending appointments,etc..
  The above security access control role & policy has to be implemented
  very strong. so that other user cannot view/update someone healthrecords..
  >
  Development tool:WebLogic Server/Oracle/LDAP.. on Linux
  Security Problem:
  i)What is the best security solution for the above requirement?
  ii)How do I authenticate/validate user using J2EE security framework?
  Can anyone explain in details or steps to implement?
  Thanks,
  -raj-

• Does OSB10gr3 support third-party security providers?

  Does OSB 10gr3 support third-party security providers and third-party token handlers ?
  If so what are they?
  Edited by: dbr6 on Jun 26, 2009 6:01 PM

  OSB will work with any security provider that is designed as per http://download.oracle.com/docs/cd/E12840_01/wls/docs103/dvspisec/index.html. OSB completely relies on Weblogic security framework and doesn't do any official certification for third-party security providers.
  Cheers
  Manoj

• How do i deal with 'security certificate' issues on my iPad2? I'm unable to answer the security questions that pop up when Im trying to download an app because the pop up does not load properly...

  Basically my Ipad2 stopped allowing me to go to sites such as Tumblr a little while ago. It wouldn't display the page properly because of 'security certificate' issues. This in itself would not have been such a problem, but when I went to the App store to try and download the Tumblr App, a pop up appeared asking me to answer some security questions before I could successfully install the App. However, the pop up would not display correctly because of 'security certificate' issues and as a result I can't download any apps from the App Store. Can anyone help with this??

  Well, I maged to delete some stuff, download the update...
  My Mac mail is still not ok. Still only displays today, yesterday and everything is the 16th of the month previous to this?
  All a bit strange to say the least any suggestons on how to resolve this.
  I now have a second issue in all my emails at the very top of each it describes in detail the full information of
            Delivered-To:  
            Received:  
            Received:  
            Received:  
            Received:  
            X-Received:  
            Return-Path:  
            Received-Spf:
            Authentication-Results:
            Content-Type:  
            Mime-Version:  
            X-Mailer:  
            X-Cloudmark-Analysis:  
  Surely this should not be displayed rather insecure I would think. Any suggestions on how to amend

• Can we set up a forum for Security related issues?

  I know many of us think security is a Windows related issue, but from time to time there are security issues that may come up. I had a question so I looked and couldn't find a forum, so I posted in one of the OS X 10.6 sub forums.
  Thanks!

  I am a co-founder of Calendar of Updates http://www.calendarofupdates.com/updates/index.php?act=idx This is a site that is primarily a Windows based security forum (I switched about 4-5 years ago). Over the years, I've tried to grow the Mac side of our forum, but, as you may know, there is little or no interest in security within the Mac community. For many, the feel security is a Windows issue.
  It's a free site, so don't think I have a vested interest in growing the membership, I'm not an owner, either.
  I just created an *Apple OS X Security Issues* forum http://www.calendarofupdates.com/updates/index.php?showforum=209
  Right now it's an empty forum since it was created 10 minutes ago. Please feel free to join the forum and share security related issues and questions.
  I am not aware of any other forums that deal with OS X security issues
  exclusively, so this forum could be a good place to bookmark and visit from time to time.

• Essbase Security Filter issue.

  Hi,
  Its regarding the security filter issue.
  The major problem is whosoever user is provisioned under that security filter, if the user is trying to connect to Application using Excel Addin / Smartview, it crashes the essbase server [Network Error [10061], timed out error)]
  When we figured out because of this filter essbase server is crashing, we tried to edit the filter. sometimes if we click on edit, it crashes the server or sometimes we can see some junk characters in the filter.
  We have applied the security on Entities dimension and problematic filter is ASP.
  Now the hirerachy is like this.
  Entities dimesnsion and then ASP member and under ASP we have our several members.
  Filter is like this:
  Write : @Idescendants("ASP")
  It was working fine for almost 15 days.
  Now if i edit the filter, i can see like this:
  Write : @Idescendants("ASP")
  Metaread:@Idescendants("*&^%?)
  Junk characters are coming in and no idea from where they are coming.
  I can't delete the filter also, again it crashes the essbase server.
  As a workaround i have created a temp filter and dome the assignation for this group, according to that.
  Everything is working fine.
  I just wanted to know, has anybody faced such kind of problem earlier.
  What cud be the root cause for this.
  How could I delete the filter.
  I have also get messages like security file is corrupted (we have restored it from old backup) but really worried about security file as we are moving the whole thing to production server this weekend.
  Please advise me on this, Please help me. Any help would be highly appreciated.
  I am really in trouble.
  Thanks,
  Pankaj Mehta.

  Try to edit the filter from MaxL command line using
  alter filter sample.basic.filt7 add write on '@IDescendants("ASP")';
  here sample=application
  basic=database
  filt7=filtername
  have good luck

• What is the risk of changing the order of the security providers?

  I have developed a SFTP solution for Webmethods. Webmethods has IAIK (class iaik.security.provider.IAIK) as its default DH provider. To get the SFTP solution to work, I had to change the DH provider to SunJCE.
  I did that through changing the order of the security providers in the
  java.security file
  in C:\j2sdk1.4.2_13\jre\lib\security
  Now it is
  security.provider.1=com.sun.crypto.provider.SunJCE
  security.provider.2=sun.security.provider.Sun
  security.provider.3=com.sun.net.ssl.internal.ssl.Provider
  security.provider.4=com.sun.rsajca.Provider
  Before it was
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.sun.net.ssl.internal.ssl.Provider
  security.provider.3=com.sun.rsajca.Provider
  security.provider.4=com.sun.crypto.provider.SunJCE
  security.provider.5=sun.security.jgss.SunProvider
  A lot of other webmethods services uses the same server, so if we change the order of the security providers, it will affect all of these. So what I want to know is what is the risk of changing the order of the security providers?

  Check here for compatibility of 3rd party Software you may be using...
  http://roaringapps.com/apps:table
  Also note that Rosetta is no longer supported in Lion and Mountain Lion...
  You will need more RAM... Get the Maximum you can for your Mac...
  It is important to get the Correct and Matching RAM
  See Here  >  OWC RAM  >  http://www.macsales.com
  The above site also has videos on how to Install RAM should you need it...

• HT5228 I am running OS 10.5.8 on an iMac. There is no security update issued for this operating system - it only covers 10.6. Is my comuter vulnerable? Do I need to do anything?

  I am running OS 10.5.8 on an iMac. There is no security update issued for this operating system - it only covers 10.6. Is my comuter vulnerable? Do I need to do anything?

  I'm still not clear why Apple only issued security updates for 10.6 and later. I assume they think we should all update our operating systems or maybe they are just focusing on the majority of users?
  Apple has had a long standing policy of only supporting the current and previous operating system releases.  Whether they decide to make an exception for even older releases is anyone's guess.
  You can send them feedback to express your opinion.
  Or does the new Trojan not affect older OS? I'd like to know , if anyone has information.
  As far as is known, it does affect older unsupported releases.  Disabling Java in your web browser is the current preventive approach (and that is a community derived approach)

• How I deal with security certificate issues on sites I use all of the time?

  I am being blocked from services like Drop Box and Yousendit.com because of security certicate issues. How do I resolve these?
  == URL of affected sites ==
  http://www.yousendit.com

  Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  See [[Secure Connection Failed]]