WebLogic RMI security
Hello,
I'm planning to create some client-server applications using the WebLogic
RMI implementation but I'm a little bit worried about the security issues
that can be raised.
Basically, I don't know whether or not WebLogic provides dynamic class
loading (RMIClassLoader). If so, how to prevent this to happen, since I want
to make it sure that no hostile client will be able to hack my application
in that it will download some classes that will mess with my data.
Anybody has any comments on that?
Thanks in advance for any help.
Andre Mendonca
[email protected]
Just to make things clearer, this is the RMI specification from Javasoft
(very interesting, by the way):
"When parameters and return values for a remote method invocation are
unmarshalled to become live objects in the receiving JVM, class definitions
are required for all of the types of objects in the stream. The
unmarshalling process first attempts to resolve classes by name in its local
class loading context (the context class loader of the current thread). RMI
also provides a facility for dynamically loading the class definitions for
the actual types of objects passed as parameters and return values for
remote method invocations from network locations specified by the
transmitting endpoint. This includes the dynamic downloading of remote stub
classes corresponding to particular remote object implementation classes
(and used to contain remote references) as well as any other type that is
passed by value in RMI calls, such as the subclass of a declared parameter
type, that is not already available in the class loading context of the
unmarshalling side."
My question is: If a client invokes a method in the object residing in the
weblogic server, passing as a parameter an object that the server doesn't
know, will weblogic try to download the class from the client location?
Continuing: later in the specification, one can read:
"For every class descriptor read from an RMI marshal stream, the
resolveClass method reads a single object from the stream. If the object is
a String (and the value of the java.rmi.server.useCodebaseOnly property is
not true), then resolveClass returns the result of calling
RMIClassLoader.loadClass with the annotated String object as the first
parameter and the name of the desired class in the class descriptor as the
second parameter. Otherwise, resolveClass returns the result of calling
RMIClassLoader.loadClass with the name of the desired class as the only
parameter."
So, can I set this property to false in the StartWebLogic.cmd file and
expect weblogic not to download any unknown code? Will weblogic classloader
understand it? What's the default behavior of weblogic server?
By the way, I'm using WLS 4.5.1, in a windows NT environment.
Thanks in advance.
Andre Mendonca
[email protected]
"Andre Mendonca" <[email protected]> wrote in message
news:[email protected]...
Hello,
I'm planning to create some client-server applications using the WebLogic
RMI implementation but I'm a little bit worried about the security issues
that can be raised.
Basically, I don't know whether or not WebLogic provides dynamic class
loading (RMIClassLoader). If so, how to prevent this to happen, since Iwant
to make it sure that no hostile client will be able to hack my application
in that it will download some classes that will mess with my data.
Anybody has any comments on that?
Thanks in advance for any help.
Andre Mendonca
[email protected]
Similar Messages
-
I am trying to implement a basic RMI class, using the example in "Programming Weblogic RMI" book. I used java rmic instead of wls rmic.
The only difference from the book example is that I am tyring to bind remote object implementation from within a servlet GET/init. I am getting the following exception stack:
java.security.AccessControlException: access denied (java.io.FilePermission <path>\user_projects\domains\my_domain\servers\my_ms1\tmp\_WL_user\MyApp\6210pw\war\WEB-INF\lib\_wl_cls_gen.jar read)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:323)
at java.security.AccessController.checkPermission(AccessController.java:
546)
I am not using a securitymanager explicitlty in my code, as adviced in the book.
Please advise, what's going wrong here.I am trying to implement a basic RMI class, using the example in "Programming Weblogic RMI" book. I used java rmic instead of wls rmic.
The only difference from the book example is that I am tyring to bind remote object implementation from within a servlet GET/init. I am getting the following exception stack:
java.security.AccessControlException: access denied (java.io.FilePermission <path>\user_projects\domains\my_domain\servers\my_ms1\tmp\_WL_user\MyApp\6210pw\war\WEB-INF\lib\_wl_cls_gen.jar read)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:323)
at java.security.AccessController.checkPermission(AccessController.java:
546)
I am not using a securitymanager explicitlty in my code, as adviced in the book.
Please advise, what's going wrong here. -
Weblogic problem,weblogic.rmi.extensions.RemoteRuntimeException: Unexpected
hello,everyone.
I have a problem.please help me.
My application is running on weblogic 9.2. My oracle is oracle10g. system:linux redhat4.
my weblogic's log have a problem.
java.sql.SQLException: weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
at weblogic.jdbc.rmi.SerialStatement.close(SerialStatement.java:109)
at com.goldpalm.common.jdbc.DBController.releaseConn(DBController.java:273)
at com.goldpalm.sale.team.TeamXml.exeTeamLog(TeamXml.java:762)
at jsp_servlet._ctssale.__teamline_show._jspService(__teamline_show.java:264)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:225)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:127)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:230)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at filters.AuthFilter.doFilter(AuthFilter.java:95)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3200)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:1983)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1844)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1344)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)Hi
Looking at the error stack trace, you are getting this error when trying to close the statement object from your own java code (not weblogic code...) - DBController.releaseConn(...)
at com.goldpalm.common.jdbc.DBController.releaseConn(DBController.java:273)
java.sql.SQLException: weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
at weblogic.jdbc.rmi.SerialStatement.close(SerialStatement.java:109)
at com.goldpalm.common.jdbc.DBController.releaseConn(DBController.java:273)
at com.goldpalm.sale.team.TeamXml.exeTeamLog(TeamXml.java:762)
Well check the code you have at this location. Usually the way we release/close the db resources are like first close ResultSet, then Statement, then Connection. But if you close connection first, then try to close the Statement object, it throws errors like what you see.
I am giving 2 methods code snippet. One method is caleld like closeAll(..). This method gets called in finally block of all other db methods that does the actual db code to connect and get data etc etc.
// Sample main method that does all db stuff...This is just code snippet only and NOT the full code. Focus on try catch finally block
public static void getCustomerProfile(long custId) throws Exception {
Connection aConnection = getConnection();
CallableStatement aCallableStatement = null;
ResultSet aResultSet = null;
try {
aCallableStatement = aConnection.prepareCall("{ call someFunction(?, ?) }");
aCallableStatement.execute();
aResultSet = (ResultSet) aCallableStatement.getObject("variable_name_from_sp");
while(aResultSet.next()) {
// get all data for each record etc...
} catch (Exception e) {
e.printStackTrace();
throw e;
} finally {
closeAll(aConnection, aCallableStatement, aResultSet);
// While closing RS, Statment, Connection, enclose them in their own try/catch block and ofcourse check for nulls first
public static void closeAll(Connection aConn, Statement aStmt, ResultSet aRS) {
if (aRS != null) {
try {
aRS.close();
} catch (Exception e) {
System.out.println("Not Able To Close The ResultSet");
//e.printStackTrace();
if (aStmt != null) {
try {
aStmt.close();
} catch (Exception e) {
System.out.println("Not Able To Close The Statement");
//e.printStackTrace();
if (aConn != null) {
try {
aConn.close();
} catch (Exception e) {
System.out.println("Not Able To Close The Connection");
//e.printStackTrace();
}Thanks
Ravi Jegga -
Hi
I've a few questions on WL RMI that I couldn't figure out from the
documentation.
Suppose I have a cluster containing Weblogic servers server1 and server2.
Server1 hosts an RMI object o1 that is bind to the cluster wide JNDI tree.
O1 implements remote interface i1 that has a method m1 which takes as an
argument an object o2 implementing remote interface i2. That is:
public class o1 implements i1 {...}
public interface i1 extends weblogic.rmi.Remote {
public void m1 (i2 _o2);
public class o2 implements i2 {...}
public interface i2 extends weblogic.rmi.Remote {...}
Now if inside server2 I create o2 using the default constructor, lookup a
reference to o1 and call method m1, will o2 get passed by value or by
reference? Is there any way to control this? What if I don't use the
constructor to create the object but the object is hosted in server2 and I
get a reference to the object using JNDI lookup? In short, how does WL RMI
decide when to pass an object by reference and when by value.
I'm trying to increase the scalability of a system by distributing its
modules as RMI objects to several machines running Weblogic server, and I
need to know the details on how WL RMI works. The documentation seems to be
rather inadequate...
Thanks for reading this far :)
- Juha
Actually, O2 will always be passed by reference because it is an RMI object
(i.e., it implements weblogic.rmi.Remote). If O2 were a non-RMI object, it would
be passed by value if O1 is in a different process and by reference if O1 and O2
are in the same process.
Edwin Marcial wrote:
> My 2 cents on this:
>
> I believe in this case, since O2 is a remote object, it will get passed by
> reference. If it were not a remote object, it would be passed by value.
>
> Edwin
>
> "Juha Lindström" wrote:
>
> > Hi
> >
> > I've a few questions on WL RMI that I couldn't figure out from the
> > documentation.
> > Suppose I have a cluster containing Weblogic servers server1 and server2.
> > Server1 hosts an RMI object o1 that is bind to the cluster wide JNDI tree.
> > O1 implements remote interface i1 that has a method m1 which takes as an
> > argument an object o2 implementing remote interface i2. That is:
> >
> > public class o1 implements i1 {...}
> >
> > public interface i1 extends weblogic.rmi.Remote {
> > public void m1 (i2 _o2);
> > }
> >
> > public class o2 implements i2 {...}
> >
> > public interface i2 extends weblogic.rmi.Remote {...}
> >
> > Now if inside server2 I create o2 using the default constructor, lookup a
> > reference to o1 and call method m1, will o2 get passed by value or by
> > reference? Is there any way to control this? What if I don't use the
> > constructor to create the object but the object is hosted in server2 and I
> > get a reference to the object using JNDI lookup? In short, how does WL RMI
> > decide when to pass an object by reference and when by value.
> >
> > I'm trying to increase the scalability of a system by distributing its
> > modules as RMI objects to several machines running Weblogic server, and I
> > need to know the details on how WL RMI works. The documentation seems to be
> > rather inadequate...
> >
> > Thanks for reading this far :)
> >
> > - Juha
-
Using weblogic.servlet.security.ServletAuthentication
I am currently using weblogic.servlet.security.ServletAuthentication.authenticate(Callback,
request) to peform a weblogic form-based authentication/login and would like to
see the session stored user info....
The doc for authenticate states that a session will be created, but does this
method also place user information into the session [after authentication]. If
so, how exactly do I get the default user information stored in the session after
this call?
Is there a String title associated with the user info so that I can use getAttribute(String)?
Using session.getAttributeNames(), I can see that the session has a "sessionContext"
and "org.apache.struts.action.LOCALE". Is there a way I can user/parse these objects
for the user information. Your help is very much appreciated, thanks!I think we have most of the functionality you've asked for.
ServletAuthentication.runAs() associates a Subject with the session.
weblogic.security.services.Authentication.authenticate() creates a Subject.
ServletAuthentication.authenticate() is merely a convenience wrapper around
these two methods. That is, it creates a CallbackHandler from the request,
calls authenticate() and then calls runAs(). So, in answer to your question,
yes, ServletAuthentication.authenticate() does associate the Subject with
the current session.
There is no direct way of getting the Subject associated with a session but
we can give you the current Subject which is almost always the same thing
(if you have a run-as tag the current Subject may be different than the one
associated with the session). To get the current Subject call
weblogic.security.Security.getCurrentSubject().
- Neil
"Richard " <[email protected]> wrote in message
news:4002e8a6$[email protected]..
>
I am currently usingweblogic.servlet.security.ServletAuthentication.authenticate(Callback,
request) to peform a weblogic form-based authentication/login and wouldlike to
see the session stored user info....
The doc for authenticate states that a session will be created, but doesthis
method also place user information into the session [afterauthentication]. If
so, how exactly do I get the default user information stored in thesession after
this call?
Is there a String title associated with the user info so that I can usegetAttribute(String)?
>
Using session.getAttributeNames(), I can see that the session has a"sessionContext"
and "org.apache.struts.action.LOCALE". Is there a way I can user/parsethese objects
for the user information. Your help is very much appreciated, thanks! -
I have a question about weblogic RMI , how can I resolve it.Thank you
I have a question about the weblogic RMI .
I have a program.web services+weblogic RMI +Data Sources When I run the program in the console application.it is ok.But When i run it with the web services(it 'is mean Get some parameter and run the different program).it's fail.The Exception is
cannot assign instance of yype weblogic.rmi.RMIServices_1033_WLStub to field demo.RMIServer_1033_WLStub.stubinfo of type weblogic.rmi.internal.StubInfo in instance of demo.RMIEsrver_1033_WLStub
how to resolve .Thank you.Hi Charles,
Parental Controls has always had problems with https sites, no idea if it's fixed in 10.9.x or not.
When you setup your Mac it shouldv'e made an admin account, are you not running from that account, or did you somehow change it to a Managed account??? -
Weblogic.management.security with transactions, Please HELP
I am using weblogic.management.security.authentication API to programmatically insert/delete users and passwords into/from default security provider on Weblogic Server 8.1. I want to add transactional support to this these actions, I tried using UserTransaction API but without any luck. Does weblogi.managment.security.authenication has no transactional support (rollback-commit) or am I doing something wrong? I very much appreciate your help and looking forward to hearing from you!!!!
It doesn't rollback, Here is the code:
UserTransaction transaction = (UserTransaction)ctx.lookup("javax.transaction.UserTransaction");
transaction.begin();
UserEditorMBean userEditor = (UserEditorMBean)providers;
userEditor.createUser(userName, password, description);
transaction.rollback();I do not think you can have transactions over MBean calls as they communicate with relevant object over t3 and this objects are possibly in different class loader.
-TJ -
Java.lang.NoSuchMethodError: weblogic.rmi.extensions.WRMIOutputStream
Hi,
I'm trying to run examples.jdbc.datasource.simplesql with Weblogic 5.1sp8,
but am hitting this problem when it executes:
An exception was caught. javax.naming.NamingException [Root exception is
weblogic.rmi.ServerError: A Rem
oteException occurred in the server method
- with nested exception:
[java.lang.NoSuchMethodError: weblogic.rmi.extensions.WRMIOutputStream:
method writeObject(Ljava/lang/Ob
ject;)V not found]]
An exception was caught. java.lang.NullPointerException:
Any pointers would be appreciated.
Thanks,
-TrietHi..
I guess itzz more of the service pack problems.
Jars built on the later version won't work in the previous version (service packs) of weblogic.
Try building a jar on the oldest version (service pack) u have and then try deploying it to the later version , i think it won't give u any problems.
Try it out and let me know if u face any problems -
How to run the rmi security manager
how to run the rmi security manager
You need to make a special class, where you give all permissions or socket permissions, then in promt you just call this class with following:
java -Djava.security.all=all then package name, then Class name. All is the name og permission class.
Good luck! -
Weblogic.servlet.security.ServletAuthentication Question
Hi all,
I am developing on WebLogic 5.1 with service pack 6 installed. WegLogic 5.1 documentation on the ServletAuthentication class says that along with the non-static weak() method, there are two static versions of the weak() method available in the class that one could use. I would like to use the static version that takes in username, password, and the servlet request or session object. But I tried compiling my program, the compiler could not find the method implementation.
This prompted me to run the javap utility on the weblogic.servlet.security.ServletAuthentication class in the weblogic510sp6.jar file and sure enough I did not find the static methods in that class.
I did see them in an older Weblogicaux.jar file's version of ServletAuthentication class. Does that mean that these methods are deprecated and if so I would love to know the reason. For implementations that store passwords in an encrypted form those are the only methods that are useful.
Any help/clarification on this is greatly appreciated,
arif.
Hi all,
I am developing on WebLogic 5.1 with service pack 6 installed. WegLogic 5.1 documentation on the ServletAuthentication class says that along with the non-static weak() method, there are two static versions of the weak() method available in the class that one could use. I would like to use the static version that takes in username, password, and the servlet request or session object. But I tried compiling my program, the compiler could not find the method implementation.
This prompted me to run the javap utility on the weblogic.servlet.security.ServletAuthentication class in the weblogic510sp6.jar file and sure enough I did not find the static methods in that class.
I did see them in an older Weblogicaux.jar file's version of ServletAuthentication class. Does that mean that these methods are deprecated and if so I would love to know the reason. For implementations that store passwords in an encrypted form those are the only methods that are useful.
Any help/clarification on this is greatly appreciated,
arif.
-
Weblogic.rmi.internal.LocalServerRefMissing
I am Attempting to serialize and deserialize a stateful session
bean. The deserialization seems to be the problem. I have
figured out that the line throwing the error is the "readObject"
line.
A similar problem was reported on Jan 31 2002, but the solution
suggested deals with the "getEJBObject" line. I have tryed to
implement this solution, as you can see below, but since the
error I am getting is thrown before getting to that line, it
makes no difference.
The Exception I am getting is an "InvalidClassException".
The message reads as follows = "weblogic.rmi.internal.
LocalServerRefMissing no-arg constructor for class".
As far as the "no-arg constructor" error goes, as I understand
it I should not be having that problem. My Session bean
implements the SessionBean interface and does not explicitly
extend anything, so by default it extends Object, right?!
Object has a no-args constructor, so there should be no problem.
My code is as follows:
---SERIALIZATION---
Handle msaHandle = contributions.getHandle();
ObjectOutputStream toFile = new ObjectOutputStream(
new FileOutputStream(handleFile));
toFile.writeObject(msaHandle);
toFile.close();
---DESERIALIZATION---
ObjectInputStream fromFile = new ObjectInputStream(
new FileInputStream(handleFile));
Handle msaHandle = (Handle) fromFile.readObject();
//MsaSession contributions =
(MsaSession) msaHandle.getEJBObject();
MsaSession contributions = (MsaSession) javax.rmi.PortableRemote
Object.narrow(msaHandle.getEJBObject(), MsaSession.class);
fromFile.close();
I have tried to print "classname" (available in the
InvalidClassException class), but only get null as the value.
Anyone have any ideas?
MatthewI am Attempting to serialize and deserialize a stateful session
bean. The deserialization seems to be the problem. I have
figured out that the line throwing the error is the "readObject"
line.
A similar problem was reported on Jan 31 2002, but the solution
suggested deals with the "getEJBObject" line. I have tryed to
implement this solution, as you can see below, but since the
error I am getting is thrown before getting to that line, it
makes no difference.
The Exception I am getting is an "InvalidClassException".
The message reads as follows = "weblogic.rmi.internal.
LocalServerRefMissing no-arg constructor for class".
As far as the "no-arg constructor" error goes, as I understand
it I should not be having that problem. My Session bean
implements the SessionBean interface and does not explicitly
extend anything, so by default it extends Object, right?!
Object has a no-args constructor, so there should be no problem.
My code is as follows:
---SERIALIZATION---
Handle msaHandle = contributions.getHandle();
ObjectOutputStream toFile = new ObjectOutputStream(
new FileOutputStream(handleFile));
toFile.writeObject(msaHandle);
toFile.close();
---DESERIALIZATION---
ObjectInputStream fromFile = new ObjectInputStream(
new FileInputStream(handleFile));
Handle msaHandle = (Handle) fromFile.readObject();
//MsaSession contributions =
(MsaSession) msaHandle.getEJBObject();
MsaSession contributions = (MsaSession) javax.rmi.PortableRemote
Object.narrow(msaHandle.getEJBObject(), MsaSession.class);
fromFile.close();
I have tried to print "classname" (available in the
InvalidClassException class), but only get null as the value.
Anyone have any ideas?
Matthew -
Error when trying to acess a remote bean ??(weblogic.rmi.UnmarshalException
hi,
i have a component (with weblogic 5.1) one one system (say A).
I have an application on other systen (say B) which must connect to that component and insert data in the database.
when i am trying to acces
i get this error...
Exception javax.naming.CommunicationException [Root exception is weblogic.rmi.UnmarshalException: Unmarshalling return
- with nested exception:
[java.lang.ClassNotFoundException: class com.fn.trading.TDorderVettingSessionEJBHomeImpl_ServiceStub previously not found]]
My Bean class Name is TDorderVettingSessionEJB.class in a package com.fn.trading..
when i am running the application on the same system A the code is working. but giving priblem when accessed with system B.
i tried to copy the bean class files in the system B also and kept in classpath..but still it did not work...
regards
sowjanyaSet property weblogic.system.enableUnsafeClassloading=true
-
Java.lang.ClassCastException: Cannot narrow remote object weblogic.rmi.inte
Hi,
I am trying to deploy ejb3.0 on weblogic 10 server. I am able to find the JNDI name of the stateless session bean correctly, but getting an exception while narrowing it down. My ejb3.0 client is a standalone java client. I am trying to access the stateless session ejb3.0 bean.Please help me. i have been trying it for many days.
thanks in advance,
Sanjeev
[sanpraka@localhost certEjb]$ java -cp ./:/usr/weblogic/bea/wlserver_10.0/server/lib/weblogic.jar:/usr/weblogic/bea/wlserver_10.0/server/lib/wlclient.jar com.titan.clients.Client
Object is weblogic.rmi.internal.BasicRemoteRef - hostID: '5337880647112897730S:127.0.0.1:[7001,7001,-1,-1,-1,-1,-1]:wl_server:examplesServer', oid: '302', channel: 'null'
java.lang.ClassCastException: Cannot narrow remote object weblogic.rmi.internal.BasicRemoteRef - hostID: '5337880647112897730S:127.0.0.1:[7001,7001,-1,-1,-1,-1,-1]:wl_server:examplesServer', oid: '302', channel: 'null' to com.titan.travelagent.TravelAgentRemote
at weblogic.corba.server.naming.ReferenceHelperImpl.narrow(ReferenceHelperImpl.java:206)
at weblogic.rmi.extensions.PortableRemoteObject.narrow(PortableRemoteObject.java:88)
at weblogic.iiop.PortableRemoteObjectDelegateImpl.narrow(PortableRemoteObjectDelegateImpl.java:32)
at javax.rmi.PortableRemoteObject.narrow(Unknown Source)
at com.titan.clients.Client.main(Client.java:24)
[sanpraka@localhost certEjb]$We have a similar problem. We have a web application (on server A) that invokes an EJB on a remote server (server B). This works fine, until we deploy another web application to server A at which point the existing web application starts to throw java.lang.ClassCastException when narrowing the remote EJB interface. The exception starts to be thrown at the moment the latter web application is deployed - start is not required.
The latter web application contains (actually in APP-INF/lib) the old version of the EJB remote interface, that somehow gets to be loaded into the classpath of the existing web application. The solution is to delete the old version of the EJB remote interface from APP-INF/lib of the latter web application (we didn't need it anyway), but it would be interesting to know in which circumstances classes can get mixed between enterprise applications.
I failed to reproduce the error in simple scenario, so this does not happen always. -
Weblogic.xml.security.SecurityConfigurationException running encrypt example
Hi,
I am trying to run the tutorial examples that are detailed at http://webservice.bea.com.
I am having problems running the encrypt SOAP messages example.
The command line client version works fine (the full transaction goes smoothly,
returning me the string I sent using the encryption). The browser version, though
, gives me an error.
(See attached).
I am using WLS 8.1. sp2.
I configured the server keystore and client keystore using the command line utilities
included
in the zipped example.
I configured the servers default identity asserter as well as the ssl & keystore
according to the
instructions of the zipped file.
Thanks in advance.i meet the same problem as Juan Campos'.
the error information as follow:
Request sent to the server
<!--REQUEST.................-->
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<env:Header>
</env:Header>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>Exception during processing: weblogic.xml.security.SecurityConfigurationException: Service requires signed requests, but no Token was provided (see Fault Detail for stacktrace)</faultstring>
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">weblogic.xml.security.SecurityConfigurationException: Service requires signed requests, but no Token was provided
at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:325)
at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:101)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:423)
at weblogic.webservice.server.servlet.ServletBase.invokeMultiOutput(ServletBase.java:349)
at weblogic.webservice.server.servlet.WebServiceServlet.invokeMultiOutput(WebServiceServlet.java:354)
at weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.java:300)
at weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServiceServlet.java:344)
at weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:266)
at weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:158)
at weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
</bea_fault:stacktrace>
</detail>
</env:Fault>
</env:Body>
</env:Envelope>
Response from the server
<!--RESPONSE.................-->
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<env:Header>
</env:Header>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>Exception during processing: weblogic.xml.security.SecurityConfigurationException: Service requires signed requests, but no Token was provided (see Fault Detail for stacktrace)</faultstring>
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">weblogic.xml.security.SecurityConfigurationException: Service requires signed requests, but no Token was provided
at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:325)
at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:101)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:423)
at weblogic.webservice.server.servlet.ServletBase.invokeMultiOutput(ServletBase.java:349)
at weblogic.webservice.server.servlet.WebServiceServlet.invokeMultiOutput(WebServiceServlet.java:354)
at weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.java:300)
at weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServiceServlet.java:344)
at weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:266)
at weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:158)
at weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
</bea_fault:stacktrace>
</detail>
</env:Fault>
</env:Body>
</env:Envelope>
i try Bruce Stephens' advise,but don't know exactly how to do,(which certificate should be imported?)will someone please tell the details? -
Failover when using weblogic rmi
does anyone that
if i keep some plain java objects in collections in a RMI server using
weblogic RMI.
will the java objects be available to me on the new server it fails over to?
iam using weblogic servber 6.0 sp 1
the collections hold plain old java objects(POJO)
Mridul PaliwalHi Giuseppe --
I would open a service request with Oracle support for this.
-steve-
Maybe you are looking for
-
my iPhone 5 has someone in Contacts that is not on my iPad or Mac even though they are all connected to my iCloud account how can I re-sycronise them?
-
Project Server 2013 - Remove user from resource pool via sync
Hello everyone, has anyone managed to configure their Project Server 2013 box with a resource pool sync that will actually remove user from the resource pool (disable "User can be assigned as resource" or deactivate users) when the user is removed fr
-
I am getting an error 7 (windows error 999) message and can't uninstall iTunes or install new versions of iTunes on my PC? Any suggestions?
-
Is there a way to adjust the level of several audio tracks at once?
I am working in Adobe Premiere CS6 and all of the audio is out of wack. Is there a way to adjust all of it at the same time to the same level or do I have to go clip by clip?
-
Can I just issue sqlplus command like a Korn shell does in python?
Hi I have a question on python as an Oracle DBA. Do I have to have cx_oracle or another similar compenent in order to access Orade database? Can I just do sqlplus like a Korn shell does? I am an Oracle DBA. Daily job requires shell scripting. I am sk