Weblogic.security.CipherException: Incorrect block length 256 (modulus

Hi,
I have a stand alone java client which runs in the weblogic 8.1 server and when I tried to connect to the external site using the weblogic's HttpsURLConnection ,its throws the below exception.
weblogic.security.CipherException: Incorrect block length 256 (modulus length 128)
<Info> <Security> <BEA-090511> <The following exception has occurred:
weblogic.security.CipherException: Incorrect encrypted block
     at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:205)
     at weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
     at weblogic.security.X509.verifySignature(X509.java:246)
     at weblogic.security.X509.verify(X509.java:176)
     at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:133)
     at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
     at weblogic.security.SSL.Handshake.input(Handshake.java:121)
     at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
     at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
     at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
     at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
     at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
     at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
     at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
     at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
     at weblogic.net.http.HttpClient.New(HttpClient.java:228)
     at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
     at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:319)
     at HttpsConnect.main(HttpsConnect.java:13)
<Info> <SSL> <000000> <weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate>
java.io.IOException: weblogic.security.AuthenticationException: Incorrect encrypted block possibly incorrect SSLServerCertificateChainFileName set for this server certificate
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:172)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:359)
at HttpsConnect.main(HttpsConnect.java:13)
I verified the certifiate chain by using the weblogic's ValidateCertChain utility, and the output seems to be confusing for the intermediate site and the entity site.
java utils.ValidateCertChain -pem inter.cerCert[0]: CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/r
pa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Certificate chain is incomplete, can't confirm the entire chain is valid
Certificate chain appears valid
Any pointers will be appreciated.

This might be because Verisign has included anadditional intermediate certificate in its chain
You can find it here
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=search&viewlocale=en_US
Contact Verisign Support, u can chat with them even...
Let me know if you have any doubt.
Cheers!
Faisal
http://www.weblogic-wonders.com

Similar Messages

Weblogic.security.CipherException: Invalid padding length

I am having some difficulties configuring SSL for WebLogic 6.0.2J (Japanese).
Here is the history of my problem:
1. A CSR was generated, but on a completely different platform (Windows) and
for a slightly older version of WebLogic (6.0.1J)
2. I was then brought in to install and configure WebLogic 6.0.2J on UNIX.
3. I was then given the encrypted private key (security_net-chef_net-key.der),
the CSR files, and the server cert from VeriSign Japan (cert.pem). I went to VeriSign
Japan to get an intermediate CA cert (Server Chain Cert), which I saved as ca.pem.
4. In the Admin Console, I configured the server in my target domain with: Server
Certificate File Name = cert.pem, Trusted CA File Name = ca.pem, and Trusted CA
File Name = security_net-chef_net-key.der.
5. When I attempt to start my target server, I am seeing the following alert:
===========================================================
<2001/08/07 13:22:25:JST> <Alert> <WebLogicServer> <認証ファイル
config/net-chef
/security_net-chef_net-key.der にセキュリティ
コンフィグレーション上の問題があり
ます。java.io.IOException: weblogic.security.CipherException:
Invalid padding le
ngth 72>
java.io.IOException: weblogic.security.CipherException: Invalid padding length
7
2
at weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:15
7)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
25)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:387)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
===========================================================
Please note that as I am doing this on a Japanese OS, some of the above messages
may be rendered illegible.
If anyone out there has a clue to why I am seeing the above error, I would greatly
appreciate your help.
Thanks and aloha in advance,
Brooke

See Posting 5457.

Incorrect Block Length error when configuring SSL

Hello, gurus:
I am messing around with SSL configurations on WebLogic 6.0.2. I have generated
a CSR, and located my non-password protected private key and CSR files to the
/config/[my_test_domain] folder. I have received my test cert from VeriSign, which
I have saved to /config/[my_test_domain] as cert.pem. Lastly, I copied off of
VeriSign's site an Intermediate CA certificate (or Server Cert Chain), and saved
that at ca.pem.
Now when I attempt to start WebLogic, I am seeing the following Alert messages:
==============================================================
<2001/08/07 12:03:04:JST> <Alert> <WebLogicServer> <セキュリティ
コンフィグレー
ション weblogic.security.AuthenticationException: Incorrect
block length 64 (mod
ulus length 128) possibly incorrect SSLServerCertificateChainFileName set for
th
is server certificate に矛盾があります。>
weblogic.security.AuthenticationException: Incorrect block length 64 (modulus
le
ngth 128) possibly incorrect SSLServerCertificateChainFileName set for this serv
er certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
==============================================================
BTW, I am doing all of this on a Japanese (EUC_JP) OS, so I apologize if part
of the above message is rendered illegible.
Anyhow, does anyone have any idea as to what is bombing?
Thanks in advance,
Brooke

Can you elaborate on what you did to get the root ca cert from verisign's repository
page and
convert it to DER format using OpenSSL? I've been trying to figure out how to do
this for about
a week now... I finally got verisign support to just email me a root ca cert but I
would like to know
what you did.. Did you just cut & paste the class 1 root ca from the repository page
(http://www.verisign.com/repository/root.html) to a file? Where did you get OpenSSL
and what
did you do to convert the file to a DER? I looked at the OpenSSL site but I couldn't
figure it out.
Any help on this would be greatly appreciated. I can't believe how much time I have
wasted
looking into this...
Kirk Everett
Brooke wrote:
"Brooke" <[email protected]> wrote:
...Lastly, I copied off of VeriSign's site an Intermediate CA
certificate (or Server Cert Chain), and saved that as ca.pem.
..... And that was the whole problem. After doing more search of the resources here,
I discovered that the Server Certificate Chain File Name needed the Root Server
CA cert from VeriSign. The solution was to copy VeriSign's Root Server CA cert
from their repository page, and then use OpenSSL to transform that into a .der
file. Using this .der file as the Server Certificate Chain File did the trick.

Weblogic.security.X509 alternative in WLS 9.1

Hi All
We have setup IIS 5.0 with 2 way SSL for client connection. We have also configured IIS weblogic proxy for Weblogic 9.1 using iisproxy.dll. The connection between IIS and WebLogic 9.1 is HTTP based. We are trying to get the client certificate in Weblogic 9.1 using the following code
java.security.cert.X509Certificate certs [];
certs = (java.security.cert.X509Certificate [])
request.getAttribute("javax.servlet.request.X509Certificate");
However the returned certificates are NULL.
We have also enabled Client Cert Proxy and Weblogic Plug-in in Weblogic 9.1 configuration.
We are trying to migrate from weblogic 8 to 9.1 and our previous code was as follows
weblogic.security.X509 [] certs = (weblogic.security.X509[])req.getAttribute("javax.net.ssl.peer_certificates");
This code work fine with the same IIS setup. Since weblogic.security.X509 is removed in WLS 9.1 we are forced to change our code.
Please help!
Message was edited by:
rmkandan

hi
Currently I am using
req.getHeader("WL-Proxy-Client-Cert")
to get the client certificate and then i do the following to get the X509 cert format
     if (pemCert != null && pemCert.length() > 0 ){
          pemCertBuff.append("-----BEGIN CERTIFICATE-----");
          pemCertBuff.append(pemCert);
          pemCertBuff.append("-----END CERTIFICATE-----");
     System.out.println("CertificateUtil:getFingerPrint: pemCertBuff --"+pemCertBuff.toString());
     X509Certificate certs = null;
     try {
          CertificateFactory cf = CertificateFactory.getInstance("X.509");
          ByteArrayInputStream bis = new ByteArrayInputStream(pemCertBuff.toString().getBytes());
          weblogic.security.PEMInputStream pemIs = new weblogic.security.PEMInputStream(bis);
          BufferedInputStream bufis = new BufferedInputStream(pemIs);
          certs = (X509Certificate)cf.generateCertificate(bufis);
     } catch (CertificateException e) {
          // TODO Auto-generated catch block
          e.printStackTrace();
     } catch (IOException e) {
          // TODO Auto-generated catch block
          e.printStackTrace();
And I am able to get the certificate, but I need to know is there any other elegant way to get the certificate as we did using weblogic.security.X509 class?
Please help!!
Message was edited by:
rmkandan

Error in Admin and manager server startup - BEA-149205- due to error weblogic.security.internal.encryption.EncryptionServiceException

Hi -
I have installed OIM 11g r2 ps2, I an tring to start my Admin and SOA server :
1. Though my admin server is coming up fine, but I am getting the following error when I am trying to start Admin server.
####<Apr 22, 2015 12:22:27 AM PDT> <Error> <Deployer> <devoimx003> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS
Kernel>> <> <> <1429687347654> <BEA-149205> <Failed to initialize the application 'opss-DBDS' due to error weblogic.security.internal.encryption.EncryptionServiceException.
weblogic.security.internal.encryption.EncryptionServiceException
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
        at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
        at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
        at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
        at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
        at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
        at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
        at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
        at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
        at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
        at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
        at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
        at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
        at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
        at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
        at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
        at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
        at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
        at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
        at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
        at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
    at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
        at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
        at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
        at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
        at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
        at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
        at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
        at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
        at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: weblogic.security.internal.encryption.EncryptionServiceException
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
        at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
        at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
        at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
        at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
        at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
        at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
        at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
        at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
        at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
        at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
        at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
        at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
      at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
        at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
        at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
        at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
        at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
        at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
        at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
        at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
        at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
        at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
        at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
        at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
        at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
        at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
        at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
        at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
        at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
2. My SOA server is coming up but in admin mode and giving OPSS connections errors.
Any help is really appreciated!
Thanks,
SK

Hi Faisal -
is your domain in development mode or production mode?
     - While configuring my domian , I had selected Prod Mode, but pon start up when I see in admin server console, it is starting in developement mode already ?
Any idea how, why ?
if its production mode you can switch to development mode, change all the credentials in the config.xml and configurations under sub folders to cleartext and start the server..
- Let me still try these and get back to you.
Thanks,
SK

Weblogic Security(Change Password)

We are implementing “Forgot Password" feature for our web application which is based on Weblogic Portal Server. We are using Spring JMS POJO(http://static.springsource.org/spring/docs/2.5.x/reference/jms.html#jms-asynchronousMessageReception) for anonymous user to recover their password, We have the Spring JMS listener which receives the password reset request, but while doing the password reset we are getting security error
Here is the code where we do the reset onMessage() of MessageListener
com.bea.p13n.security.management.authentication.AtnManagerProxy proxy = AtnProxyHelper.getAtnProxy("SQLAuthenticator");
proxy .setPassword(loginId, newPassword);
Looks like Spring JMS listener is running as a client within the WL server, but even this pair of code does not work too
Subject subject = com.bea.p13n.security.Authentication.authenticate("weblogic","weblogic");
com.bea.p13n.security.management.authentication.AtnManagerProxy proxy = AtnProxyHelper.getAtnProxy("SQLAuthenticator");
proxy .setPassword(loginId, newPassword);
java.lang.SecurityException: The caller is not in the proper role for attempted user operation. Required role(s) [Admin, PortalSystemAdministrator, Self, updateRole]. Caller role(s) Anonymous.
     at com.bea.p13n.security.management.authentication.AtnSecurityMgmtHelper.validateUserCallerRole(AtnSecurityMgmtHelper.java:567)
     at com.bea.p13n.security.management.authentication.internal.UserProvider.setPassword(UserProvider.java:330)
     at com.bea.p13n.security.management.authentication.internal.UserProvider.setPassword(UserProvider.java:314)
     at com.bea.p13n.security.management.authentication.AtnManagerProxy.setPassword(AtnManagerProxy.java:544)
     at com.pics.weblogic.UserManagement.recoverPassword(UserManagement.java:623)
     at com.pics.core.service.ForgotPasswordServiceImpl.changePassword(ForgotPasswordServiceImpl.java:44)
     at com.pics.messaging.MessageQueueReceiver.onMessage(MessageQueueReceiver.java:100)
     at org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:505)
     at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:444)
     at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:414)
     at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:293)
     at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:239)
     at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.java:872)
     at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:812)
     at java.lang.Thread.run(Thread.java:619)

Yes, I agree it is a bad idea, but initially we did the password reset in sync but the e-mail notification in async, but then when doing the password reset we got into trouble of same security exceptions, so we moved that all the reset password and e-mail into same async code block assuming that Spring JMS listener will not ask for authorization since the WL server and JMS listener both are running on the same thread/context, but looks like Spring JMS listener in running on a different thread context. I need to impersonate since user has not logged into the system("forgot password" recovery feature). Looks like it does not matter sync or async I need to impersonate user, Here is the work around that I have put for now
     Subject subject = com.bea.p13n.security.Authentication.authenticate("weblogic","weblogic"); //I need to create a special user for this, Ugly!!
     ResetPassword resetPassword = new ResetPassword ("ForgotUserID","ForgotEmail"); //Now every thing happens here, setPassword API
     weblogic.security.Security.runAs(subject, resetPassword );
If I had used MDB instead of Spring MDB then it would have worked(I have done the same in WL couple years back)
Thanks
Edited by: lbrocks_prn on Nov 19, 2009 10:18 PM
Edited by: lbrocks_prn on Nov 19, 2009 10:19 PM

Error:- weblogic.security.SecurityInitializationException: Authentication

Hi,
I am getting below error when ever i am trying to start the Managed server in cluster environment(unix).
I am able to start the server on local machine but in case of remote machine its not gettig started.
I have tried most of the steps as mentioned below:-
1) Changed the weblogic passowrd.
2) Delete boot.properties.
3) deleted $DOMAIN_DIR\servers\<admin-server-name>\data\ldap
4) Followed below post also but nothing worked:-
https://forums.oracle.com/forums/thread.jspa?threadID=956750&start=30&tstart=0
####<Nov 14, 2011 7:41:28 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888310> <BEA-000000> <WebLogic Server "soa_server2" version:
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Nov 14, 2011 7:41:28 PM IST> <Notice> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888419> <BEA-170019> <The server log file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/logs/soa_server2.log is opened. All server side log events will be written to this file.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888426> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Diagnostics> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888494> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3s" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "http" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "https" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888561> <BEA-002622> <The protocol "iiop" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "iiops" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldap" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888564> <BEA-002622> <The protocol "cluster" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888565> <BEA-002622> <The protocol "clusters" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "snmp" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "admin" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888569> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <RJVM> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888583> <BEA-000570> <Network Configuration for Channel "soa_server2"
Listen Address          172.17.103.42:8101
Public Address          N/A
Http Enabled          true
Tunneling Enabled     false
Outbound Enabled     false
Admin Traffic Enabled     true>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889336> <BEA-002609> <Channel Service initialized.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889410> <BEA-000436> <Allocating 4 reader threads.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889412> <BEA-000446> <Native IO Enabled.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <IIOP> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889612> <BEA-002014> <IIOP subsystem enabled.>
####<Nov 14, 2011 7:41:32 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279892649> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893102> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893224> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_qMT60FRl3kIPYftFoWhBFbhSxuY=>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893501> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893509> <BEA-090074> <Initializing Authorizer provider using LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893921> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-090827> <LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894250> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894251> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894265> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server soa_server2 for security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090082> <Security initializing using security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894594> <BEA-090403> <Authentication for user weblogic denied>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894596> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
     at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
     at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
     at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
     at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy28.login(Unknown Source)
     at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
     at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy46.authenticate(Unknown Source)
     at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
     at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000365> <Server state changed to FAILED>
####<Nov 14, 2011 7:41:34 PM IST> <Error> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894608> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894618> <BEA-000236> <Stopping execute threads.>
Please help.
thanks in advance

I've tried every trick in the book but no luck and finally I found a solution for this problem. Maybe it is not the best practice but it works:
1-Uninstall JDeveloper.
2-Delete Oracle Middleware file located in C:\Oracle
3-Delete the JDeveloper file located in C:\Users\MyUser\AppData\Roaming (Because the integrated Weblogic server is actually there)
4-Reinstall JDeveloper
That solved the issue.
Thanks

Weblogic.security.internal.SerializedSystemIniException

While starting weblogic server, I am getting the following error,
Exception raised:
weblogic.security.internal.SerializedSystemIniException: Version mismatch. have
0, expected 1
     at weblogic.security.internal.SerializedSystemIni.<init>(SerializedSystemIni.java:119)
     at weblogic.security.internal.SerializedSystemIni.getEncryptionService(SerializedSystemIni.java:208)
     at weblogic.management.internal.EncryptedData.getEncryptionService(EncryptedData.java:82)
Can anybody give a clue in this to resolve urgently?

It seems like your SerializedSystemIni.dat is currupted.
Do you have SerializedSystemIni.dat and fileRealm.property from any other
working domain?
Please try to replace both of them and see if this fixes the problem.
-utpal
"Ramanan " <[email protected]> wrote in message
news:[email protected]..
>
While starting weblogic server, I am getting the following error,
Exception raised:
weblogic.security.internal.SerializedSystemIniException: Version mismatch.have
0, expected 1
atweblogic.security.internal.SerializedSystemIni.<init>(SerializedSystemIni.ja
va:119)
atweblogic.security.internal.SerializedSystemIni.getEncryptionService(Serializ
edSystemIni.java:208)
atweblogic.management.internal.EncryptedData.getEncryptionService(EncryptedDat
a.java:82)
>
Can anybody give a clue in this to resolve urgently?

The weblogic.security.Security.runAs() and JAAS Subject

Let say that I have Java client with some JAAS code that authenticates
the user. The LoginContext generates a Subject containing the Principal
name of the authenticated user, but also some private credentials that
makes the Subject secure.
Now I want to call an EJB on WLS.
Having JNDI (EJB) code inside a PriviledgesAction and using the
weblogic.security.Security.runAs() method, I assume that the Subject is
sent over the wire with the EJB call. If not, please correct me.
Question is: How does WLS authenticate this call? What modules are
called? IdentityAsserter? LoginModule? Is the Subject simply assumed
"valid"? Any documentation describing how this is done?
/Bo

Hi,
Problem is solved, we also got security exception when we tried to call MBeans.For this to work we have to set
-Dweblogic.disableMBeanAuthorization=true in weblogic startup script so that our application can access MBeans.
Thanks
girish

New to Weblogic Security

I have an ORACLE database which contains a table of 100s of users and passwords with their group information. I developed a Webapplication (in Tomcat) in which one of the servlets works as authenticator for the user logging in by fetching row from the datbase and validating him.(This is a simple authentication)
Now I have switched to Weblogic platform 8.1 SP2 and am completely new to Weblogic Security. I want to use Weblogic security features for my application and the users & groups should be retrieved from the database for authentication.
How can I do this ? Any clear-cut steps ?
Where can I find them in documentation ?
Please help me...Urgent !!

I found it in
Weblogic Administration Console Home -> Summary of Security Realms->myrealm->Providers.
Click on new Authentication provider button-> you will see 'TrustServiceIdentityAsserter' as one of the types.

Weblogic security authentication; question to interact with the realm

Hi, I have a quick question about weblogic security authentication....
We are using weblogic 81sp3. We have user-group info in an Novell eDirectory LDAP server.
Currently, a Novell Authenticator provider is configured under : Security > Realms > myRealm > Providers > Authentication This tells Weblogic from where to get the user and groups. Weblogic caches this information of the logged on users for certain time ( example : 60 secs ) after which it cleans the cache for all inactive users. We want to interact with the Weblogic cache. Add more user profile information to this cache and use it in our application .
Does somebody know how to programmatically interact with Weblogic user-group cache - read , write , update and delete user-group info in cache and control time to live for the cache ?

already checked
TTLCache class which weblogic provides. But they seem to depracetd it
help ?

I need to reset security question but the email that was saved for changing the password and security question is blocked , what can i do

i need to reset security question but the email that was saved for changing the password and security question is blocked , what can i do?
i purchased my account but i cant use that because apple ask me about security question and i forgot the correct answer

Alternatives for Help Resetting Security Questions and/or Rescue Mail
     1. If you have a valid rescue email address, then use this procedure:
         Rescue email address and how to reset Apple ID security questions.
     2. Fill out and submit this form. Select the topic, Account Security. You must
         have a Rescue Email to use this option.
     3. This is the only option if you do not already have a valid Rescue Email.
         These are telephone numbers for contacting Apple Support in your country.
         Apple ID- Contacting Apple for help with Apple ID account security. Select
         the appropriate country and call. Ask to speak to the Account Security Team.
Note: If you have already forgotten your security questions, then you cannot
         set up a rescue email address in order to reset them. You must set up
         the rescue email address beforehand.
Your Apple ID: Manage My Apple ID.
                         Apple ID- All about Apple ID security questions.

Should I allow a file: firefox.exe to be loaded on my computer. My security system is blocking ?

keep getting request to allow following file to be loaded on computer. firefox.exe library ddl. My security
system is blocking.

Please do allow it to run. Thank you.

Weblogic security: coping URL into other tab

Hi,
We have two Weblogic servers on two phisically different locations.
First of them, WLS A, have perfect security. When you login into any application that is deployed on it, and try:
- copy URL into another tab or browser window, you are getting returned at login page
- when you close browser (without logout), and try to start application from history, you are getting login page, again
So, URL that you have when you enter the application is absolutely useless. Closing the browser, or tab with application have practicaly same meaning as logout.
Second of them, WLS B, have not that security. When you login into any application that is deployed on it, and:
- copy URL into another tab or browser window, you are getting application without need to login! So that URL can be very dangerous, because it is possible to misuse it, if the user don't make logout
- closing browser without logout: it is possible to find out the URL in history and go back into application without login!
It is obvious that the problem is some setting on weblogic server. We tried to compare the settings on WLS A and WLS B but we have not found the setting that we have search for. The programmer that have found and set that property on WLS A working not more in our company.
Can anybody help, we will be very greatful!
Thanks,

Hi,
The authenticate method would take the user and the password details from the environment
(env) that is passed and after successful authentication would populate the subject with
the principals (i.e user, group the user belongs to ..)
It should work with any user that is defined in the WLS not just weblogic/weblogic.
Do you have any other users defined and which group do they belong to?
Vimala
Khalid Rizvi wrote:
I am playing (learning) with weblogic.security.auth.login.UsernamePasswordLoginModule
as a LoginModule using JAAS based authentication. Surprisingly, the only userid
and password combination acceptable is uid=weblogic, pw=weblogic combination.
I went through and looked at the example code under
http://e-docs.bea.com/wls/docs70/security/cli_apps.html#1042212. I found that
the UsernamePasswordLoginModule.login calls into
if (url != null) {
Environment env = new Environment();
env.setProviderUrl(url);
env.setSecurityPrincipal(username);
env.setSecurityCredentials(password);
try {
Authenticate.authenticate(env, subject);
Seems like UsernamePasswordLoginModule only is a router, as it instantiates an
instance of Environemt using the userid and password and passes this Environemtn
instance (env) to Authenticate.authenticate along with the empty Subject instance.
I read about that the Subject instance will be filled in with Principals by the
WL Server.
My question is that firstly,
1. As Authenticate.authenticate is not passed in the uid and pw, will it pick
those from the env?
2. Secondly, why does it only accept uid=weblogic & pw=weblogic.
I will appreciate if some one can put me in the right direction.
Khalid R. Rizvi
508-641-1192
[email protected]

SOAP handlers and the WebLogic Security Provider Framework

I am new to WebLogic... I am trying to understand the Weblogic security framework in terms of how a SOAP message would be processed. Do SOAP handlers get called before the configured security providers? after being processed by the Authentication provider? after being processed by the Authorization provider? or at some other point?

Thanks. But I have some questions about the seed:
- where is it stored?
- how is it encrypted?
- is the seed regenerated periodically? or under certain circumstances?
Regards,
Janice Pang
"Tom Hegadorn" <[email protected]> wrote:
>
>
Hi Janice,
If you choose to use the PrincipalValidatorImpl class in the
weblogic.security.provider package, the sign() implementation
will be the internal weblogic implementation. This implementation
generates a random seed and computes a digest based on the
random seed. I hope that helps you.
Regards,
Tom Hegadorn
Sr. Developer Relations Engineer
BEA Support
"Janice Pang" <[email protected]> wrote:
From the online documentations, it is said that this weblogic.security.provider.PrincipalValidatorImpl
"signs" the authenticated principals to make sure they are not altered
while they
are transported on the network.
The document also mentioned, as a suggested way to develop a customprincipal
validation provider, to use this class and extend the capabilities of
user and
group classes. What kind of private information from the server isused
for the
signature and where is that information stored?

Weblogic.security.CipherException: Incorrect block length 256 (modulus

Similar Messages

Maybe you are looking for