Weblogic Security Issues
We are running our Web application on Weblogic 5.1 SP12. A security company just
audited our web application using its own tool and produced a report that stated
the following:
1. URL Trickery may be used to list server directories thus revealing sensitive
files. I learned that this problem was fixed in Weblogic server after version
5.1 SP8. I just wanted to make sure that is the case because I heard from another
source that it wasn't until version 6.1. If the latter is right then we have
a problem.
2. A Hacker may be able to use "Forceful Browsing" and "Forceful Browsing by Direcotry
Guessing" to gain access to restricted site content.
3. Parameter Tampering can be used by a hacker by setting a param value out of
the expected value range or changing that value to one beyond its designated range.
4. Cross site scripting (Standard Variants) can be used whereby customer session
and cookies are compromised thereby allowing the attackerto pose as a legitimate
user to view, alter records, or perfrom transactions as that user.
The question is: are still issues in 5.1 SP12? If not, can we provide a proof
of that? If any of those is then what is the workaround/solution/patch required?
Thanks
Sammi
"Sami" <[email protected]> wrote:
>
We are running our Web application on Weblogic 5.1 SP12. A security company
just
audited our web application using its own tool and produced a report
that stated
the following:
1. URL Trickery may be used to list server directories thus revealing
sensitive
files. I learned that this problem was fixed in Weblogic server after
version
5.1 SP8. I just wanted to make sure that is the case because I heard
from another
source that it wasn't until version 6.1. If the latter is right then
we have
a problem.
2. A Hacker may be able to use "Forceful Browsing" and "Forceful Browsing
by Direcotry
Guessing" to gain access to restricted site content.
3. Parameter Tampering can be used by a hacker by setting a param value
out of
the expected value range or changing that value to one beyond its designated
range.
4. Cross site scripting (Standard Variants) can be used whereby customer
session
and cookies are compromised thereby allowing the attackerto pose as a
legitimate
user to view, alter records, or perfrom transactions as that user.
The question is: are still issues in 5.1 SP12? If not, can we provide
a proof
of that? If any of those is then what is the workaround/solution/patch
required?
Thanks
Sammii don't believe some of these issues are necessarily Weblogic issues.
1 and 2) You should be able to setup error pages such that
weblogic.httpd.errorPage.xxx=whatever.html
3 and 4) These are really application architecture and design issues. Eg. If I
were to setup a parameter in the URL, anyone can change it and the page can display
different results. And, the issue with the cookies, again an application issue
as I do not know what you are storing in the local cookies file.
Similar Messages
-
Security issue between weblogic server
Hello,
Here is security issue that we are facing.
Here is setup
Environment 1
Admin server say "env1admin"
Managed Weblogic Server say "env1managed"
We deployed an EJB called HelloEJB in env1managed server and this has an api
sayHello(). HelloClient is a client to HelloEJB.
S/w Weblogic 6.1 sp3
Environment 2
Admin server say "env2admin"
Managed Weblogic Server say "env2managed"
We deployed an EJB called ServiceEJB in env2managed server and this has an api
serviceRequest(). We use weblogic role based security and restrict access to this
api by user HelloEJB.
s/w Weblogic 6.1 sp3
Here is how the system works:
We start the env2admin, env2managed (ServiceEJB is which is a Stateless session
EJB deployed in env2Managed)
We start the env1admin and env1managed (HelloEJB(which is a Stateless session
EJB is deployed in env1Managed)
Test case:
1)HelloClient invokes HelloEJB api sayHello().
2)Now at this point in ejbCreate() at HelloEJB() end we get a reference to ServiceEJB
using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
api in ServiceEJB. Then gets back a response and then returns response to HelloClient.
Now if we repeat the above testcase.
After step1 in step2 HelloEJB though has all the permissions to invoke api on
ServiceEJB gets an SecurityException.
Question is why doe this happen. Only way HelloEJB can make api calls to serviceEJB
is by making a lookup() every single time. Which is very expensive. I looked at
documents what they say is leave the context open and never close it. Though I
am doing that I am getting this exception.
Any thoughts ?
Thanks in advance,
VijayHere are the details of exception stack trace:
java.rmi.AccessException: Security violation: insufficient permission to access
method; nested exception is:
java.lang.SecurityException: Security violation: insufficient permission
to access method
java.lang.SecurityException: Security violation: insufficient permission to access
method
at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:92)
at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:63)
at service.ServiceBean_nr0s19_EOImpl.sendServiceRequest(ServiceBean_nr0s19_EOImpl.java:25)
at service.ServiceBean_nr0s19_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:298)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:93)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:267)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
End server side stack trace
; nested exception is:
Vijay
"Vijay" <[email protected]> wrote:
>
Hello,
Here is security issue that we are facing.
Here is setup
Environment 1
Admin server say "env1admin"
Managed Weblogic Server say "env1managed"
We deployed an EJB called HelloEJB in env1managed server and this has
an api
sayHello(). HelloClient is a client to HelloEJB.
S/w Weblogic 6.1 sp3
Environment 2
Admin server say "env2admin"
Managed Weblogic Server say "env2managed"
We deployed an EJB called ServiceEJB in env2managed server and this has
an api
serviceRequest(). We use weblogic role based security and restrict access
to this
api by user HelloEJB.
s/w Weblogic 6.1 sp3
Here is how the system works:
We start the env2admin, env2managed (ServiceEJB is which is a Stateless
session
EJB deployed in env2Managed)
We start the env1admin and env1managed (HelloEJB(which is a Stateless
session
EJB is deployed in env1Managed)
Test case:
1)HelloClient invokes HelloEJB api sayHello().
2)Now at this point in ejbCreate() at HelloEJB() end we get a reference
to ServiceEJB
using Jndi and the context is never closed ). HelloEJB then calls serviceRequest()
api in ServiceEJB. Then gets back a response and then returns response
to HelloClient.
Now if we repeat the above testcase.
After step1 in step2 HelloEJB though has all the permissions to invoke
api on
ServiceEJB gets an SecurityException.
Question is why doe this happen. Only way HelloEJB can make api calls
to serviceEJB
is by making a lookup() every single time. Which is very expensive. I
looked at
documents what they say is leave the context open and never close it.
Though I
am doing that I am getting this exception.
Any thoughts ?
Thanks in advance,
Vijay -
Monitoring WebLogic Using JMX - Security issue
Hi I'm trying to run the following code, which try to connect to 2 domain and retrieve their names. When I try to connect to each domain separately, everything works fine. When I try to connect to both domain I get a security exception:
MBeanHome home1 = null;
MBeanHome home2 = null;
try {
Environment env = new Environment();
env.setProviderUrl(url1);
env.setSecurityPrincipal("weblogic");
env.setSecurityCredentials("weblogic");
Context ctx = env.getInitialContext();
//getting the local MBeanHome
home1 = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
} catch (Exception e) {
System.out.println("Caught exception"+e); }
try {
Environment env = new Environment();
env.setProviderUrl(url2);
env.setSecurityPrincipal("weblogic");
env.setSecurityCredentials("weblogic");
Context ctx = env.getInitialContext();
//getting the local MBeanHome
home2 = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
} catch (Exception e) {
System.out.println("Caught exception" + e);
System.out.println("domain1: "+home1.getDomainName());
System.out.println("domain1: "+home2.getDomainName());
And the exception I get is:
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators, IntegrationAdministrators]
at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:137)
at weblogic.management.internal.AdminMBeanHomeImpl_814_WLStub.getDomainName(Unknown Source)
at com.jacada.weblogic.WLDomainMonitor.main(WLDomainMonitor.java:200)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators, IntegrationAdministrators]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:697)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:190)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:827)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:300)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1023)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:943)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:225)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:796)
at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:760)
at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Exception in thread "main"
Thanks!try enabling the trust between the weblogic server domains.
http://e-docs.bea.com/wls/docs81/secmanage/domain.html#1173731
If you want two WebLogic Server domains to interoperate, perform the following procedure in both domains:
Expand the Domains node (for example, Examples).
Click the View Domain-Wide Security Settings link on the Domain-->General page.
Select the Security Configuration-->Advanced tab.
Uncheck the Enable Generated Credential attribute.
Enter a password for the domain in the Credential text field. Choose the password carefully. BEA Systems recommends using a combination of upper and lower case letters and numbers.
Confirm the password by entering it in the Confirm Credential text field.
Click Apply
Sowjanya -
Error:- weblogic.security.SecurityInitializationException: Authentication
Hi,
I am getting below error when ever i am trying to start the Managed server in cluster environment(unix).
I am able to start the server on local machine but in case of remote machine its not gettig started.
I have tried most of the steps as mentioned below:-
1) Changed the weblogic passowrd.
2) Delete boot.properties.
3) deleted $DOMAIN_DIR\servers\<admin-server-name>\data\ldap
4) Followed below post also but nothing worked:-
https://forums.oracle.com/forums/thread.jspa?threadID=956750&start=30&tstart=0
####<Nov 14, 2011 7:41:28 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888310> <BEA-000000> <WebLogic Server "soa_server2" version:
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Nov 14, 2011 7:41:28 PM IST> <Notice> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888419> <BEA-170019> <The server log file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/logs/soa_server2.log is opened. All server side log events will be written to this file.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888426> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Diagnostics> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888494> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3s" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "http" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "https" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888561> <BEA-002622> <The protocol "iiop" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "iiops" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldap" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888564> <BEA-002622> <The protocol "cluster" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888565> <BEA-002622> <The protocol "clusters" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "snmp" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "admin" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888569> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <RJVM> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888583> <BEA-000570> <Network Configuration for Channel "soa_server2"
Listen Address 172.17.103.42:8101
Public Address N/A
Http Enabled true
Tunneling Enabled false
Outbound Enabled false
Admin Traffic Enabled true>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889336> <BEA-002609> <Channel Service initialized.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889410> <BEA-000436> <Allocating 4 reader threads.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889412> <BEA-000446> <Native IO Enabled.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <IIOP> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889612> <BEA-002014> <IIOP subsystem enabled.>
####<Nov 14, 2011 7:41:32 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279892649> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893102> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893224> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_qMT60FRl3kIPYftFoWhBFbhSxuY=>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893501> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893509> <BEA-090074> <Initializing Authorizer provider using LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893921> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-090827> <LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894250> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894251> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894265> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server soa_server2 for security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090082> <Security initializing using security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894594> <BEA-090403> <Authentication for user weblogic denied>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894596> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy28.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy46.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000365> <Server state changed to FAILED>
####<Nov 14, 2011 7:41:34 PM IST> <Error> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894608> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894618> <BEA-000236> <Stopping execute threads.>
Please help.
thanks in advanceI've tried every trick in the book but no luck and finally I found a solution for this problem. Maybe it is not the best practice but it works:
1-Uninstall JDeveloper.
2-Delete Oracle Middleware file located in C:\Oracle
3-Delete the JDeveloper file located in C:\Users\MyUser\AppData\Roaming (Because the integrated Weblogic server is actually there)
4-Reinstall JDeveloper
That solved the issue.
Thanks -
OAM WebLogic integration issue
Hi
I have integrated portal application hosted on WebLogic with OAM using SSPI.
The integration is successful and the application is working fine but we see following Error message in the weblogic logs whenever user hits the Portal home page.
<Dec 2, 2008 1:39:20 AM PST> <Error> <NetPointSecurityProviders> <700012> <Access system authorization failed for resource. Type [wl_authen], Name [Authen/Basic], Operation [LOGIN]. Reason - User's authentication level is insufficient for a requested resource.>
We see this message only when user is not authenticated before and hits Portal home page which also has Login portlet. Once user is authenticated and access any resource on the portal application, we do not see such error messages.
Has anyone faced this issue before? And what could be wrong with the integration?
Thanks
Kiran ThakkarHi kiran,
U hve said tht u r successfull in integrating weblogic application server with OAM using SSPI
The same oly v are also trying to do but we are facing some issues:
I'm using BEA weblogic8.1sp3,OAM10.1.4.0.1 and SSPI10.1.4.0.1
During instillation of SSPI i have selected the advanced instillation so the policies are automatically getting deployed in my OAM but after tht my weblogic is not able to start.
In the log file it is showing the following errors:
####<Jan 28, 2009 12:37:02 PM IST> <Debug> <NetPointSecurityProviders> <wipro-67b4e0638> <myserver> <main> <<WLS Kernel>> <000000> <ObUserSession ctor from username, password failed
com.oblix.access.ObAccessException: Unprotected resource LOGIN wl_authen:/Authen/Basic used in an ObAuthenticationScheme or ObUserSession constructor.
at com.oblix.access.ObUserSession.initCppSideAuthenticate(Native Method)
at com.oblix.access.ObUserSession.<init>(ObUserSession.java:243)
at com.oblix.weblogic.internal.OblixDatabase.login(OblixDatabase.java:192)
at com.oblix.weblogic.security.providers.authentication.OblixLoginModuleImpl.login(OblixLoginModuleImpl.java:193)
at weblogic.security.service.DelegateLoginModuleImpl.login(DelegateLoginModuleImpl.java:71)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at weblogic.security.service.PrincipalAuthenticator.authInternal(PrincipalAuthenticator.java:326)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:279)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.doBootAuthorization(SecurityServiceManagerDelegateImpl.java:786)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:886)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:717)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
at weblogic.Server.main(Server.java:32)
####<Jan 28, 2009 12:37:02 PM IST> <Debug> <NetPointSecurityProviders> <wipro-67b4e0638> <myserver> <main> <<WLS Kernel>> <000000> <Entering OblixLoginModuleImpl.abort>
####<Jan 28, 2009 12:37:02 PM IST> <Critical> <Security> <wipro-67b4e0638> <myserver> <main> <<WLS Kernel>> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
Can you please help me to solve this problem.
Thanks in advance. -
Managed Server won't talk to NodeManager-- Security issue... Certificate Chain incomplete
Hey All,
I am trying to set up a Managed Server and have it talk to the NodeManager running
(Weblogic 8.1 SP2) on the same machine. I can't, however, seem to get a good
SSL handshake between the two. I get the following error:
####<Mar 11, 2004 9:55:56 AM EST> <Warning> <Security> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <BEA-090508>
<Certificate chain received from hostname - ipaddress was incomplete.>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Validation
error = 4>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Certificate
chain is incomplete>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <SSLTrustValidator
returns: 4>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Trust
status (4): CERT_CHAIN_INCOMPLETE>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <NEW
ALERT: com.certicom.tls.record.alert.Alert@1642565 Severity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at java.io.BufferedWriter.flush(BufferedWriter.java:230)
at weblogic.nodemanager.client.CommandInvoker.execute(CommandInvoker.java:113)
at weblogic.nodemanager.client.CommandInvoker.invoke(CommandInvoker.java:91)
at weblogic.nodemanager.client.NodeManagerClient.executeCommand(NodeManagerClient.java:161)
at weblogic.nodemanager.client.NodeManagerRuntime.executeNMCommand(NodeManagerRuntime.java:1058)
at weblogic.nodemanager.client.NodeManagerRuntime.ping(NodeManagerRuntime.java:688)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:711)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:690)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:946)
at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProxy.java:481)
at weblogic.management.runtime.NodeManagerRuntimeMBean_Stub.ping(NodeManagerRuntimeMBean_Stub.java:543)
at weblogic.management.console.webapp._domain.__machine._jspService(__machine.java:669)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:150)
at weblogic.management.console.actions.ForwardAction.perform(ForwardAction.java:35)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doGet(ActionServlet.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <write
ALERT offset = 0 length = 2>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <close():
28959207>
Here is what I have done:
1) I created a managed server using admin console
2) I created both an Identity and Trust keystore (jks type file) with the server's
private key (Identity) and the root trusted certificate authority (Trust).
3) I configured my managed server to use the two keystores
4) I edited the NodeManager.properties file to use the same keystores.
5) I started the NodeManager on the machine and I used the following command line
options by editing the %WL_HOME%\server\bin\startNodeManager.cmd file:
-Dweblogic.nodemanager.debugLevel=90
-Dssl.debug=true
-Djava.protocol.handler.pkgs=weblogic.net
6) I also added the following commands to my startWebLogic.cmd file:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dssl.debug=true
-Djava.protocol.handler.pkgs=weblogic.net
7) I started my admin server and created a Machine that included the managed server.
8) I configured the NodeManager properties for the Machine I created to point
to the NodeManager already running on that physical box.
9) I clicked on the tab to "Monitor" the NodeManager/Machine and it died giving
the above exception.
I would have no idea why the Certificate chain would be "incomplete". The Issuer
and Subject DNs match up fine:
PRIVATE KEY BEING LOADED BY SSL MANAGER:
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[0]
= [
Version: V3
Subject: CN=host dns name, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@1a0
Validity: [From: Fri Mar 05 08:59:26 EST 2004,
To: Mon Mar 06 08:59:26 EST 2006]
Issuer: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
ROOT CERTIFICATE AUTHORITY BEING LOADED:
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[1]
= [
Version: V3
Subject: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffa28
Validity: [From: Wed Jul 05 09:00:29 EDT 2000,
To: Tue Jul 04 09:00:29 EDT 2006]
Issuer: CN=DoD CLASS 3 Root CA, OU=PKI, OU=DoD, O=U.S. Government, C=US
Anyway, if anyone could provide me with some insight as to why I might be receiving
this error I would be sincerely indebted to you. I can't seem to find any other
people with the same problem in the Support archives. Thanks for all of the help!
Regards,
Cabell FisherHi,
Can you please help me;
I have a similar problem on WL7 SP4 ( UNIX )
I have made a site that check https site.
When I try to read the page of the site, I've got Certificate chain is incomplete message.
On WL8 version ( WINDOWS ), I have no problem to retrieve certificate and then access to the site.
I have read that this error occure when Root CA Self signed certificat is not include in the keystore.
I'm using CACERTS keystore.
Can you tell me the process to generate the CA Root certificate and then import in the CACERTS.
Thanks a lot for your help.
Sincerely
Stephane -
OWSM security for a OSB service- authenticate from weblogic security realms
Hello,
I have a requirement to add security to a OSB service.
The user details are configured in weblogic security realms. lets say there are ten different users.
I need to protect my osb service using OWSM policy & the policy should be configured to authenticate the user from realms.
I am new to OWSM & wondering if this is possible?
Can the experts please direct me to any docs or steps?
Thanks
GaneshHi,
Thanks for the links.
I followed the blog and configured it using oracle/wss_username_token_service_policy.
Now my requirement is to send the username,password from proxy to business and to the BPEL. (the bpel needs this username /password & and in header)
The issue I am facing is the proxy service is not sending the soap header details to business service.
I dont want to make the proxy as passthrough. (ie set Process WS-Security Header to NO)
I have to authorize on proxy level and then send the same credential details to business service?
So the question is, how can I retrieve the header after osb process it?
Can anyone please help me here?
Thanks
Ganesh -
I've been searching through this board and through other sources to find some answers..... I recently tried to update fusion middleware (Fusion Middleware 11g Release 1 (11.1.1.5)) on top of an existing copy we had installed due to a forms error we kept encountering. I ran the install without any issues and ran it without any "config" options.... After all was said and I done, I was able to start the adminserver services without issues, however my WLS_FORMS will no longer start and I'm not clear as to why at this point and I've pretty much wasted the last day trying to troubleshoot this.... We're running Weblogic and Forms 11g on a Windows 2008 R2 (64bit) server. Here's the output from the WLS_FORMS log... any help would be appreciated!
+<Feb 2, 2012 9:13:49 AM> <INFO> <NodeManager> <Server output log file is 'C:\Oracle\Middleware\user_projects\domains\ClassicDomain\servers\WLS_FORMS\logs\WLS_FORMS.out'>+
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>SETLOCAL
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>GOTO :ENDFUNCTIONS
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>set DOMAIN_HOME=C:\Oracle\Middleware\user_projects\domains\ClassicDomain
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>for %i in ("C:\Oracle\Middleware\user_projects\domains\ClassicDomain") do set DOMAIN_HOME=%~fsi
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>set DOMAIN_HOME=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>call "C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\bin\setDomainEnv.cmd"
+'else' is not recognized as an internal or external command,+
operable program or batch file.
+.+
+.+
JAVA Memory arguments: -Xms256m -Xmx512m -XX:MaxPermSize=512m
+.+
WLS Start Mode=Development
+.+
CLASSPATH=C:\Oracle\MIDDLE~1\WLSERV~1.3\server\ext\jdbc\oracle\11g\ojdbc6dms.jar;C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\PROGRA~1\Java\JDK16~1.0_2\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\features\weblogic.server.modules_10.3.3.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.dms_11.1.1\dms.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.jmx_11.1.1\jmxframework.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.jmx_11.1.1\jmxspi.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.odl_11.1.1\ojdl.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar;C:\Oracle\Middleware\FORMS\opmn\lib\nonj2eembeans.jar;C:\Oracle\Middleware\FORMS\jdbc\lib\ojdbc6.jar;C:\Oracle\Middleware\FORMS\opmn\lib\optic.jar;C:\Oracle\Middleware\FORMS\opmn\lib\iasprovision.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.ldap_11.1.1\ldapjclnt11.jar;C:\Oracle\Middleware\oracle_common\jlib\rcucommon.jar;C:\Oracle\Middleware\FORMS\opmn\lib\opmneditor.jar;C:\Oracle\Middleware\FORMS\opmn\lib\wlfullclient.jar;C:\Oracle\MIDDLE~1\ORACLE~1\soa\modules\commons-cli-1.1.jar;C:\Oracle\MIDDLE~1\ORACLE~1\soa\modules\oracle.soa.mgmt_11.1.1\soa-infra-mgmt.jar;C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\xqrl.jar
+.+
PATH=C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\native;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\PROGRA~1\Java\JDK16~1.0_2\jre\bin;C:\PROGRA~1\Java\JDK16~1.0_2\bin;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\PROGRA~1\Java\JDK16~1.0_2\jre\bin;C:\PROGRA~1\Java\JDK16~1.0_2\bin;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64\oci920_8;C:\Oracle\product\11.2.0\client_1\bin;C:\Oracle\product\11.2.0\client32\bin;C:\Oracle\Middleware\FORMS\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\PROGRA~2\MICROF~1\NETEXP~1.1\Base\Bin\WIN64;C:\Oracle\Middleware\oracle_common\bin;C:\MinGW\mingw64\bin;c:\PROGRA~2\Adobe\READER~1.0\Reader;C:\Program Files\ASCI\ActiveBatchV8\;C:\Oracle\Middleware\FORMS\opmn\bin;C:\Oracle\Middleware\FORMS\opmn\lib;C:\Oracle\Middleware\FORMS\perl\bin;C:\Oracle\Middleware\FORMS\OPatch;;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64\oci920_8
+.+
+* To start WebLogic Server, use a username and *+
+* password assigned to an admin-level user. For *+
+* server administration, use the WebLogic Server *+
+* console at http:\\hostname:port\console *+
starting weblogic with Java version:
java version "1.6.0_21"
Java(TM) SE Runtime Environment (build 1.6.0_21-b07)
Java HotSpot(TM) 64-Bit Server VM (build 17.0-b17, mixed mode)
Starting WLS with line:
C:\PROGRA~1\Java\JDK16~1.0_2\bin\java -client -Xms256m -Xmx512m -XX:MaxPermSize=512m -Dweblogic.Name=WLS_FORMS -Djava.security.policy=C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -Dweblogic.system.BootIdentityFile=C:\Oracle\Middleware\user_projects\domains\ClassicDomain\servers\WLS_FORMS\data\nodemanager\boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -Dweblogic.security.SSL.ignoreHostnameVerification=false -Dweblogic.ReverseDNSAllowed=false -Xverify:none -da -Dplatform.home=C:\Oracle\MIDDLE~1\WLSERV~1.3 -Dwls.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Xms512m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Doracle.home=C:\Oracle\Middleware\FORMS -Ddomain.home=C:\Oracle\Middleware\user_projects\domains\ClassicDomain -Xms256m -Xmx512m -XX:PermSize=256m -XX:MaxPermSize=512m -Djava.ext.dirs=C:\Oracle\Middleware\FORMS\jdk\jre\lib\ext -Doracle.security.jps.config=C:\Oracle\Middleware\user_projects\domains\ClassicDomain\config\fmwconfig\jps-config.xml -Doracle.home=C:\Oracle\Middleware\FORMS -Ddomain.home=C:\Oracle\Middleware\user_projects\domains\ClassicDomain -Doracle.instance=C:\Oracle\Middleware\Instance\Frm_Domain -Doracle.instance.name=Frm_Domain -Doracle.forms.weblogic=1 -Ddomain.name=ClassicDomain -Ddomain.home=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1 -Dcommon.components.home=C:\Oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Djrockit.optfile=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.domain.config.dir=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\FMWCON~1 -Doracle.server.config.dir=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\FMWCON~1\servers\WLS_FORMS -Doracle.security.jps.config=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\fmwconfig\jps-config.xml -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Digf.arisidbeans.carmlloc=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\FMWCON~1\arisidprovider -Dweblogic.alternateTypesDirectory=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Dweblogic.jdbc.remoteEnabled=false -Dwc.oracle.home=C:\Oracle\Middleware\FORMS -Dclassic.oracle.home=C:\Oracle\Middleware\FORMS -Dem.oracle.home=C:\Oracle\Middleware\oracle_common -Djava.awt.headless=true -Dweblogic.management.discover=false -Dweblogic.management.server=http://192.168.200.166:7002 -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\sysext_manifest_classpath -Dweblogic.management.username=weblogic -Dweblogic.management.password=weblogic1 weblogic.Server
+<Feb 2, 2012 9:13:50 AM AST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 17.0-b17 from Sun Microsystems Inc.>+
+<Feb 2, 2012 9:13:52 AM AST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.3.0 Fri Apr 9 00:05:28 PDT 2010 1321401 >+
+<Feb 2, 2012 9:13:53 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>+
+<Feb 2, 2012 9:13:53 AM AST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>+
+<Feb 2, 2012 9:13:53 AM AST> <Notice> <Log Management> <BEA-170019> <The server log file C:\Oracle\Middleware\user_projects\domains\ClassicDomain\servers\WLS_FORMS\logs\WLS_FORMS.log is opened. All server side log events will be written to this file.>+
+<Feb 2, 2012 9:14:00 AM AST> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: javax.jdo.JDOFatalInternalException: Unexpected exception caught.+
NestedThrowables:
java.lang.reflect.InvocationTargetException.
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: javax.jdo.JDOFatalInternalException: Unexpected exception caught.
NestedThrowables:
java.lang.reflect.InvocationTargetException
+ at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:342)+
+ at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:221)+
+ at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1783)+
+ at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:442)+
+ at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)+
+ Truncated. see log file for complete stacktrace+
Caused By: com.bea.common.engine.ServiceInitializationException: javax.jdo.JDOFatalInternalException: Unexpected exception caught.
NestedThrowables:
java.lang.reflect.InvocationTargetException
+ at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)+
+ at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)+
+ at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)+
+ at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)+
+ at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)+
+ Truncated. see log file for complete stacktrace+
Caused By: javax.jdo.JDOFatalInternalException: Unexpected exception caught.
NestedThrowables:
java.lang.reflect.InvocationTargetException
+ at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:549)+
+ at com.bea.common.security.storeservice.util.StoreServiceDelegate.initJDO(StoreServiceDelegate.java:149)+
+ at com.bea.common.security.storeservice.util.StoreServiceDelegate.<init>(StoreServiceDelegate.java:98)+
+ at com.bea.common.security.internal.service.StoreServiceImpl.init(StoreServiceImpl.java:76)+
+ at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)+
+ Truncated. see log file for complete stacktrace+
Caused By: java.lang.reflect.InvocationTargetException
+ at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+ at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)+
+ at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)+
+ at java.lang.reflect.Method.invoke(Method.java:597)+
+ at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:534)+
+ Truncated. see log file for complete stacktrace+
Caused By: <openjpa-1.1.1-SNAPSHOT-r422266:891341 fatal internal error> org.apache.openjpa.util.InternalException: There was an error when invoking the static getInstance method on the named factory class "org.apache.openjpa.abstractstore.AbstractStoreBrokerFactory". See the nested exception for details.
+ at org.apache.openjpa.kernel.Bootstrap.getBrokerFactory(Bootstrap.java:95)+
+ at kodo.jdo.PersistenceManagerFactoryImpl.getPersistenceManagerFactory(PersistenceManagerFactoryImpl.java:41)+
+ at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+ at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)+
+ at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)+
+ Truncated. see log file for complete stacktrace+
Caused By: java.lang.OutOfMemoryError: Java heap space
+ at java.util.Arrays.copyOf(Arrays.java:2734)+
+ at java.util.ArrayList.ensureCapacity(ArrayList.java:167)+
+ at java.util.ArrayList.add(ArrayList.java:351)+
+ at org.apache.openjpa.conf.CacheMarshallerImpl.setInputUrlFromResourceLocation(CacheMarshallerImpl.java:226)+
+ at org.apache.openjpa.conf.CacheMarshallerImpl.endConfiguration(CacheMarshallerImpl.java:207)+
+ Truncated. see log file for complete stacktrace+
+>+
+<Feb 2, 2012 9:14:00 AM AST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>+
+<Feb 2, 2012 9:14:00 AM AST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:+
There are 1 nested errors:
+weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable+
+ at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:916)+
+ at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)+
+ at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)+
+ at weblogic.security.SecurityService.start(SecurityService.java:141)+
+ at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)+
+ at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)+
+ at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)+
+>+
+<Feb 2, 2012 9:14:00 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>+
+<Feb 2, 2012 9:14:00 AM AST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>+
+<Feb 2, 2012 9:14:00 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>+
+<Feb 2, 2012 9:14:01 AM> <FINEST> <NodeManager> <Waiting for the process to die: 5968>+
+<Feb 2, 2012 9:14:01 AM> <INFO> <NodeManager> <Server failed during startup so will not be restarted>+
+<Feb 2, 2012 9:14:01 AM> <FINEST> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>+I increased parameter values, but still similar outcome... I noticed on our production server that the WLS_FORMS server instance has security policy attached to the config (Servers --> WLS_FORMS --> Security (tab) --> Policies (tab), whereas this update now seems to force me to select "XACMLAuthorizer" where I just can't seem to disable this option at all, so based on the error highlighted below, could that have anything to do with it?
<Feb 2, 2012 10:08:17 AM> <INFO> <NodeManager> <Server output log file is 'C:\Oracle\Middleware\user_projects\domains\ClassicDomain\servers\WLS_FORMS\logs\WLS_FORMS.out'>
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>SETLOCAL
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>GOTO :ENDFUNCTIONS
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>set DOMAIN_HOME=C:\Oracle\Middleware\user_projects\domains\ClassicDomain
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>for %i in ("C:\Oracle\Middleware\user_projects\domains\ClassicDomain") do set DOMAIN_HOME=%~fsi
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>set DOMAIN_HOME=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1
C:\Oracle\Middleware\user_projects\domains\ClassicDomain>call "C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\bin\setDomainEnv.cmd"
'else' is not recognized as an internal or external command,
operable program or batch file.
JAVA Memory arguments: -Xms512m -Xmx512m -XX:MaxPermSize=512m
WLS Start Mode=Development
CLASSPATH=C:\Oracle\MIDDLE~1\WLSERV~1.3\server\ext\jdbc\oracle\11g\ojdbc6dms.jar;C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\PROGRA~1\Java\JDK16~1.0_2\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\features\weblogic.server.modules_10.3.3.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.dms_11.1.1\dms.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.jmx_11.1.1\jmxframework.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.jmx_11.1.1\jmxspi.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.odl_11.1.1\ojdl.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar;C:\Oracle\Middleware\FORMS\opmn\lib\nonj2eembeans.jar;C:\Oracle\Middleware\FORMS\jdbc\lib\ojdbc6.jar;C:\Oracle\Middleware\FORMS\opmn\lib\optic.jar;C:\Oracle\Middleware\FORMS\opmn\lib\iasprovision.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.ldap_11.1.1\ldapjclnt11.jar;C:\Oracle\Middleware\oracle_common\jlib\rcucommon.jar;C:\Oracle\Middleware\FORMS\opmn\lib\opmneditor.jar;C:\Oracle\Middleware\FORMS\opmn\lib\wlfullclient.jar;C:\Oracle\MIDDLE~1\ORACLE~1\soa\modules\commons-cli-1.1.jar;C:\Oracle\MIDDLE~1\ORACLE~1\soa\modules\oracle.soa.mgmt_11.1.1\soa-infra-mgmt.jar;C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\xqrl.jar
PATH=C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\native;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\PROGRA~1\Java\JDK16~1.0_2\jre\bin;C:\PROGRA~1\Java\JDK16~1.0_2\bin;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\PROGRA~1\Java\JDK16~1.0_2\jre\bin;C:\PROGRA~1\Java\JDK16~1.0_2\bin;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64\oci920_8;C:\Oracle\product\11.2.0\client_1\bin;C:\Oracle\product\11.2.0\client32\bin;C:\Oracle\Middleware\FORMS\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\PROGRA~2\MICROF~1\NETEXP~1.1\Base\Bin\WIN64;C:\Oracle\Middleware\oracle_common\bin;C:\MinGW\mingw64\bin;c:\PROGRA~2\Adobe\READER~1.0\Reader;C:\Program Files\ASCI\ActiveBatchV8\;C:\Oracle\Middleware\FORMS\opmn\bin;C:\Oracle\Middleware\FORMS\opmn\lib;C:\Oracle\Middleware\FORMS\perl\bin;C:\Oracle\Middleware\FORMS\OPatch;;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\x64\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_21"
Java(TM) SE Runtime Environment (build 1.6.0_21-b07)
Java HotSpot(TM) 64-Bit Server VM (build 17.0-b17, mixed mode)
Starting WLS with line:
C:\PROGRA~1\Java\JDK16~1.0_2\bin\java -client -Xms512m -Xmx512m -XX:MaxPermSize=512m -Dweblogic.Name=WLS_FORMS -Djava.security.policy=C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -Dweblogic.system.BootIdentityFile=C:\Oracle\Middleware\user_projects\domains\ClassicDomain\servers\WLS_FORMS\data\nodemanager\boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -Dweblogic.security.SSL.ignoreHostnameVerification=false -Dweblogic.ReverseDNSAllowed=false -Xverify:none -da -Dplatform.home=C:\Oracle\MIDDLE~1\WLSERV~1.3 -Dwls.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Xms512m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m -Doracle.home=C:\Oracle\Middleware\FORMS -Ddomain.home=C:\Oracle\Middleware\user_projects\domains\ClassicDomain -Xms256m -Xmx512m -XX:PermSize=256m -XX:MaxPermSize=512m -Djava.ext.dirs=C:\Oracle\Middleware\FORMS\jdk\jre\lib\ext -Doracle.security.jps.config=C:\Oracle\Middleware\user_projects\domains\ClassicDomain\config\fmwconfig\jps-config.xml -Doracle.home=C:\Oracle\Middleware\FORMS -Ddomain.home=C:\Oracle\Middleware\user_projects\domains\ClassicDomain -Doracle.instance=C:\Oracle\Middleware\Instance\Frm_Domain -Doracle.instance.name=Frm_Domain -Doracle.forms.weblogic=1 -Ddomain.name=ClassicDomain -Ddomain.home=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1 -Dcommon.components.home=C:\Oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Djrockit.optfile=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.domain.config.dir=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\FMWCON~1 -Doracle.server.config.dir=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\FMWCON~1\servers\WLS_FORMS -Doracle.security.jps.config=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\fmwconfig\jps-config.xml -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Digf.arisidbeans.carmlloc=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\Oracle\MIDDLE~1\USER_P~1\domains\CLASSI~1\config\FMWCON~1\arisidprovider -Dweblogic.alternateTypesDirectory=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Dweblogic.jdbc.remoteEnabled=false -Dwc.oracle.home=C:\Oracle\Middleware\FORMS -Dclassic.oracle.home=C:\Oracle\Middleware\FORMS -Dem.oracle.home=C:\Oracle\Middleware\oracle_common -Djava.awt.headless=true -Dweblogic.management.discover=false -Dweblogic.management.server=http://192.168.200.166:7002 -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\sysext_manifest_classpath -Dweblogic.management.username=weblogic -Dweblogic.management.password=weblogic1 weblogic.Server
<Feb 2, 2012 10:08:18 AM AST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 17.0-b17 from Sun Microsystems Inc.>
<Feb 2, 2012 10:08:20 AM AST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.3.0 Fri Apr 9 00:05:28 PDT 2010 1321401 >
<Feb 2, 2012 10:08:22 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Feb 2, 2012 10:08:22 AM AST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Feb 2, 2012 10:08:22 AM AST> <Notice> <Log Management> <BEA-170019> <The server log file C:\Oracle\Middleware\user_projects\domains\ClassicDomain\servers\WLS_FORMS\logs\WLS_FORMS.log is opened. All server side log events will be written to this file.>
*<Feb 2, 2012 10:08:28 AM AST> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: javax.jdo.JDOFatalInternalException: Unexpected exception caught.*
NestedThrowables:
java.lang.reflect.InvocationTargetException.
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: javax.jdo.JDOFatalInternalException: Unexpected exception caught.
NestedThrowables:
java.lang.reflect.InvocationTargetException
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:342)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:221)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1783)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:442)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: javax.jdo.JDOFatalInternalException: Unexpected exception caught.
NestedThrowables:
java.lang.reflect.InvocationTargetException
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)
Truncated. see log file for complete stacktrace
Caused By: javax.jdo.JDOFatalInternalException: Unexpected exception caught.
NestedThrowables:
java.lang.reflect.InvocationTargetException
at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:549)
at com.bea.common.security.storeservice.util.StoreServiceDelegate.initJDO(StoreServiceDelegate.java:149)
at com.bea.common.security.storeservice.util.StoreServiceDelegate.<init>(StoreServiceDelegate.java:98)
at com.bea.common.security.internal.service.StoreServiceImpl.init(StoreServiceImpl.java:76)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
Truncated. see log file for complete stacktrace
Caused By: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.jdo.JDOHelper.getPersistenceManagerFactory(JDOHelper.java:534)
Truncated. see log file for complete stacktrace
Caused By: <openjpa-1.1.1-SNAPSHOT-r422266:891341 fatal internal error> org.apache.openjpa.util.InternalException: There was an error when invoking the static getInstance method on the named factory class "org.apache.openjpa.abstractstore.AbstractStoreBrokerFactory". See the nested exception for details.
at org.apache.openjpa.kernel.Bootstrap.getBrokerFactory(Bootstrap.java:95)
at kodo.jdo.PersistenceManagerFactoryImpl.getPersistenceManagerFactory(PersistenceManagerFactoryImpl.java:41)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
Truncated. see log file for complete stacktrace
Caused By: java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:2734)
at java.util.ArrayList.ensureCapacity(ArrayList.java:167)
at java.util.ArrayList.add(ArrayList.java:351)
at org.apache.openjpa.conf.CacheMarshallerImpl.setInputUrlFromResourceLocation(CacheMarshallerImpl.java:226)
at org.apache.openjpa.conf.CacheMarshallerImpl.endConfiguration(CacheMarshallerImpl.java:207)
Truncated. see log file for complete stacktrace
>
<Feb 2, 2012 10:08:28 AM AST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Feb 2, 2012 10:08:28 AM AST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:916)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Feb 2, 2012 10:08:28 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Feb 2, 2012 10:08:28 AM AST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Feb 2, 2012 10:08:28 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
<Feb 2, 2012 10:08:29 AM> <FINEST> <NodeManager> <Waiting for the process to die: 3140>
<Feb 2, 2012 10:08:29 AM> <INFO> <NodeManager> <Server failed during startup so will not be restarted>
<Feb 2, 2012 10:08:29 AM> <FINEST> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters> -
Weblogic.security.acl in Weblogic 6
I came across the following in the migration documention
(http://edocs.bea.com/wls/docs60/notes/migrate.html#1026915):
I'm assuming that this is just a typo or wording issue but it currently
reads "weblogic.security.acl" is deprecated? Can't be the whole package.
Anyone else notice this?
Deprecated APIs and Features
The following APIs and features are deprecated in anticipation of future
removal from the product:
a.. weblogic.security.acl
b.. WebLogic Events
WebLogic Events are deprecated and should be replaced by JMS messages with
NO_ACKNOWLEDGE or MULTICAST_NO_ACKNOWLEDGE delivery modes. See Programming
WebLogic JMS for more information.
c.. WebLogic HTMLKona
d.. T3 Driverrequest.getRemoteUser() still works fine for me after I implented a custom
Autthenication / LoginModule.
"patrik" <[email protected]> wrote in message
news:[email protected]..
>
Yes, I have. see:
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.develo
per.interest.security&item=8553&utag=
>
But if you've managed to get out the information from it I'd be gratefulto know
how.
/Patrik
"Utpal" <[email protected]> wrote:
Have you tried weblogic.security.Security.getCurrentSubject() ??
-utpal -
Weblogic.security.ldaprealmv2.LDAPRealmException
Environment:
WebLogic version: WebLogic Server 6.1 SP2 12/18/2001 11:13:46 #154529
jdk: 1.3.1
OS: Solaris 7
LDAP server: iPlanet Directory Server 5.0
Realm: LDAP2Realm CustomRealm weblogic.security.ldaprealmv2.LDAPRealm
ISSUE:
Certain LDAP users cause an Exception to propagate up to produce a 500
internal server error. How can one programmetically catch this
internal Exception? Why is this Exception thrown? I would have assumed
that the WebLogic realm componet would would prevent such Exceptions
from reaching the top?
NOTE1: Other users that exhast their login tries DO NOT produces this
Exception.
NOTE2: I know this could very well be a bug in the iPlanet Directory
Server 5.0 and/or the weblogic custom ream classes.
EXCEPTION:
<Apr 30, 2002 10:32:20 AM PDT> <Error> <HTTP>
<[WebAppServletContext(8204614,dailyrpts,/dailyrpts)] Servlet failed
with Exception
netscape.ldap.LDAPException: error result (19); Exceed password retry
limit. Please try later.; Constraint violation
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
at weblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:782)
at weblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:60)
at weblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRealm.java:186)
at weblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRealm.java:127)
at weblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.java:110)
at weblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:956)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:863)
at weblogic.security.acl.Realm.authenticate(Realm.java:200)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:262)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:217)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:155)
at weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:169)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:144)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2467)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------
weblogic.security.ldaprealmv2.LDAPRealmException: caught unexpected
exception - with nested exception:
[netscape.ldap.LDAPException: error result (19); Exceed password retry
limit. Please try later.; Constraint violation]
at weblogic.security.ldaprealmv2.LDAPDelegate.handleException(LDAPDelegate.java:884)
at weblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:801)
at weblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:60)
at weblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRealm.java:186)
at weblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRealm.java:127)
at weblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.java:110)
at weblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:956)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:863)
at weblogic.security.acl.Realm.authenticate(Realm.java:200)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:262)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:217)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:155)
at weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:169)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:144)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2467)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)Ok, so the only way to catch this is to create an "error-page" in the
web.xml file that will catch this exception-type. I hoping I could do
this in code somewhere...
Thanks!
Now I need to figure out why this Exceptionis being thrown!!
My Research:
http://developer.netscape.com/docs/manuals/dirsdk/jsdk30/exceptns.htm
http://developer.netscape.com/docs/manuals/dirsdk/jsdk30/exceptn1.htm
http://docs.iplanet.com/docs/manuals/dirsdk/jsdk41/Reference/netscape/ldap/LDAPException.html
CONSTRAINT_VIOLATION
An internal error occurred in the LDAP server.
Constant of Class
LDAPException
Syntax
public static final int CONSTRAINT_VIOLATION
Description
This exception corresponds to a result code of 19.
"kirann" <[email protected]> wrote in message news:<[email protected]>...
hi,
you can catch this by defining.. <exception> in the web.xml.. see that
dtd..
thanks
kiran
"Matrix" <[email protected]> wrote in message
news:[email protected]...
Environment:
WebLogic version: WebLogic Server 6.1 SP2 12/18/2001 11:13:46 #154529
jdk: 1.3.1
OS: Solaris 7
LDAP server: iPlanet Directory Server 5.0
Realm: LDAP2Realm CustomRealm weblogic.security.ldaprealmv2.LDAPRealm
ISSUE:
Certain LDAP users cause an Exception to propagate up to produce a 500
internal server error. How can one programmetically catch this
internal Exception? Why is this Exception thrown? I would have assumed
that the WebLogic realm componet would would prevent such Exceptions
from reaching the top?
NOTE1: Other users that exhast their login tries DO NOT produces this
Exception.
NOTE2: I know this could very well be a bug in the iPlanet Directory
Server 5.0 and/or the weblogic custom ream classes.
EXCEPTION:
<Apr 30, 2002 10:32:20 AM PDT> <Error> <HTTP>
<[WebAppServletContext(8204614,dailyrpts,/dailyrpts)] Servlet failed
with Exception
netscape.ldap.LDAPException: error result (19); Exceed password retry
limit. Please try later.; Constraint violation
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
atnetscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
atnetscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
atnetscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
atweblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:78
2)
atweblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:60)
atweblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRea
lm.java:186)
atweblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRea
lm.java:127)
atweblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.ja
va:110)
atweblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:956)
atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:863)
at weblogic.security.acl.Realm.authenticate(Realm.java:200)
atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
atweblogic.security.acl.internal.Security.authenticate(Security.java:125)
atweblogic.servlet.security.internal.SecurityModule.checkAuthenticate(Security
Module.java:262)
atweblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecu
rityModule.java:217)
atweblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.
java:155)
atweblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityMod
ule.java:169)
atweblogic.servlet.security.internal.ServletSecurityManager.checkAccess(Servle
tSecurityManager.java:144)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:2467)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------
weblogic.security.ldaprealmv2.LDAPRealmException: caught unexpected
exception - with nested exception:
[netscape.ldap.LDAPException: error result (19); Exceed password retry
limit. Please try later.; Constraint violation]
atweblogic.security.ldaprealmv2.LDAPDelegate.handleException(LDAPDelegate.java
:884)
atweblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:80
1)
atweblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:60)
atweblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRea
lm.java:186)
atweblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRea
lm.java:127)
atweblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.ja
va:110)
atweblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:956)
atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:863)
at weblogic.security.acl.Realm.authenticate(Realm.java:200)
atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
atweblogic.security.acl.internal.Security.authenticate(Security.java:125)
atweblogic.servlet.security.internal.SecurityModule.checkAuthenticate(Security
Module.java:262)
atweblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecu
rityModule.java:217)
atweblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.
java:155)
atweblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityMod
ule.java:169)
atweblogic.servlet.security.internal.ServletSecurityManager.checkAccess(Servle
tSecurityManager.java:144)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:2467)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120) -
Weblogic.security.acl.internal.AuthenticatedSubject not resolved
Hi guys,
when I try to implement that code:
CallbackHandler handler = new URLCallbackHandler(username,
password);
Subject mySubject =
weblogic.security.services.Authentication.login(handler);
weblogic.servlet.security.ServletAuthentication.runAs(mySubject, request);
// Where request is the httpservletrequest object.
in my servlet I get that issue in workshop 9.2:
The type weblogic.security.acl.internal.AuthenticatedSubject cannot be resolved. It is indirectly
referenced from required .class files
Any idea??
Thanks a lot
L.solved!
simply import weblogic.jar in the project -
Bug in weblogic 8.1 SP6 at weblogic.security.SSL.SSLCertificate.verify()
Hi, I got an java.lang.NullPointerException
at weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:235)
at weblogic.security.SSL.SSLCertificate.input(SSLCertificate.java:116)
at weblogic.security.SSL.Handshake.input(Handshake.java:121)
at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1117)
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:432)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:276)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:222)
at weblogic.security.SSL.SSLSocketFactory.createSocket(SSLSocketFactory.java:213)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:238)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:389)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:209)
at weblogic.net.http.HttpClient.New(HttpClient.java:228)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:189)
when a small piece of code running in weblogic 8.1 SP6 and trying to make url connection to a https server.
I have verified that the runtime environment has the cacerts file including the CA ( issuer for the server certificate for the server the code was trying to connect to ).
I wonder that anybody has the same problem. Or you can give a hint how to fix it.
Thank you.Sorry, i saw the forum about your problem in BEA 8.1 SP 6 about a
weblogic.security.SSL.SSLCertificate.verify(SSLCertificate.java:235)
error and you said that bea sent a path named CR295205_810sp6.jar.
I have the same problem
Do you have this patch?
Could you send it to me?
my email address is
[email protected] -
Intermittent Security Issues with 11.1.5
Hello, I am new to the forum (read a lot, first time posting question).
We have recently implemented obiee 11.1.5. First 2 days no real issues but starting today we have experienced users that have incorrect privileges/permission. It was apparent with 2-3 users then after an hour or so they were working and 2-3 other user had the problem. I was able to log on with user account to confirm (ie bypassing proxy to confirm). It looks like the permissions are getting crossed where the user has access to folders they should not have and no access to subject areas – but proper security is still in place for access to analysis and no access to the admin page.
Here is the setup (basically the base setup from upgrading the RPD and Cat from 10g):
1.Weblogic security – nothing setup just the default authenticators, users etc.
2.EPM Security – have several ROLES (created during upgrade)
3.RPD – have same set of ROLES as in EPM (left over from upgrade).
4.Presentation – Have the same set of web cat groups (left over from upgrade) – each one mapped to the same ‘role’ from EPM
5.Authentication – Have init block that reads a table that populates the ROLE variable once the user logs in.
6.Cache at the BI server is off, cache at the security tables in the RPD is off
Basically the process works well. Init block kicks off, populates the ROLE (can see them in the ‘My Account’ – as roles, based on icon). The role being mapped to the web cat group – all folder permissions and privileges are based on the web cat group.
Since it was working and then does not, I am leaning towards something getting corrupt during the mapping of the roles to the web cat groups. But to redo all the security to roles only would take a lot of time.
Any help or idea to solve would be greatly appreciated.Yes, we that is intact .. the problem is like this..
User A has access to role R1 --> access to see dashboard D1
User B has access to role R2 --> access to see dashboard D2
In the middle of the day, suddenly User A sees Dashboard D2 !
The catalog privileges are correctly assigned for role R1 to see dashboard D1 , and role R2 to see dashboard D2 . -
AclEntry.setNegativePermissions() implemented by weblogic.security.acl.AclEntryImpl?
I've implemented a custom realm on wl6.1 sp1 which extends the LDAPv2 realm
(implementing the ManageableRealm interface) for users and groups and
delegates to a rdbms delegate for aclentry management. I read an earlier
post about revoking a permission which requires a custom realm to augment
the weblogic.security.acl.AclImpl class. My question is similar in nature.
In a situation where a positive AclEntry needs to be changed to a negative
entry, what are the requirements imposed on the custom realm implementer?
Do I need to worry about the checkPermission call on the Acl implementation?
On the AclEntry implementation? Is there a BEA recommended path similar to
that for revoking permissions?
I would also recommend that the BEA responses to the revoking permissions
post and this be included in the documentation outlining the
responsibilities for implementing a custom realm.
Thanks!
Jon
Jon Wilmoth
Software Architect
eSage Group
(206) 264-5675 (Voice & Fax)
[email protected]
http://www.esagegroup.comHi Jon,
Your issue should be raised with BEA support. With regard to your second isssue:
"and this be included in the documentation outlining the
responsibilities for implementing a custom realm."
You should raise this as an enhancement either via the support channels or via
[email protected]
Kind Regards,
Richard Wallace.
Senior Developer Relations Engineer.
BEA Support.
"Jon Wilmoth" <[email protected]> wrote:
I've implemented a custom realm on wl6.1 sp1 which extends the LDAPv2
realm
(implementing the ManageableRealm interface) for users and groups and
delegates to a rdbms delegate for aclentry management. I read an earlier
post about revoking a permission which requires a custom realm to augment
the weblogic.security.acl.AclImpl class. My question is similar in nature.
In a situation where a positive AclEntry needs to be changed to a negative
entry, what are the requirements imposed on the custom realm implementer?
Do I need to worry about the checkPermission call on the Acl implementation?
On the AclEntry implementation? Is there a BEA recommended path similar
to
that for revoking permissions?
I would also recommend that the BEA responses to the revoking permissions
post and this be included in the documentation outlining the
responsibilities for implementing a custom realm.
Thanks!
Jon
Jon Wilmoth
Software Architect
eSage Group
(206) 264-5675 (Voice & Fax)
[email protected]
http://www.esagegroup.com -
"There is a security issue with the JDK that we are using, 1.2.2_05a. It can only be exploited in certain circumstances. I have some questions that I can not find an answer to on ASK BEA:1. Is WebLogic 5.1 sp8 vulnerable to the exploit described in Sun Security Bulletin
为了方便Weblogic用户管理JKS证书,我发布了一个Eclipse插件,代号SecureX,该插件将集成Keytool, Axis数字签名,加密,和SSO/SSL向导,目前版本为1.0.0,改自于KeytoolGUI1.6版本。
作了不少的增强,原来的版本已经停止开发并被作者商业化,开源版本以后将由我提供:)
SecureX 的URL: http://www.blogjava.net/openssl/archive/2006/03/17/35781.html
关于SecureX,请参看http://www.blogjava.net/openssl/archive/2006/02/08/29886.aspx
该Project遵循GPL,参见https://sourceforge.net/projects/securex/
源代码将在2.0发布到SF。
代替Keytool的图形化界面,增加了数字签名功能,原来的版本来自于Keytool Gui 1.6(基于SWing),我重写了SWT界面,集成到SecureX并以SecureX为基础,不断扩展Java Security功能,包括加密,签名,SSO向导,SSL向导之类的功能。
下载:
http://www.blogjava.net/Files/openssl/plugins.part1.rar
http://www.blogjava.net/Files/openssl/plugins.part2.rar
http://www.blogjava.net/Files/openssl/plugins.part3.rar
http://www.blogjava.net/Files/openssl/plugins.part4.rar
http://www.blogjava.net/Files/openssl/plugins.part5.rar
http://www.blogjava.net/Files/openssl/plugins.part6.rar
http://www.blogjava.net/Files/openssl/plugins.part7.rar
下载完毕后,解压到plugins目录,然后找到
其子目录SecureX_1.0.0
然后,将其整个Copy到Eclipse目录下的Plugin目录下,重启Eclipse,
然后点击菜单项Securex下KeyTool,就可以运行。
如对SecureX有兴趣,请加入SecuritySite群(14966586)或者email给我:openssl(at)163.com
Maybe you are looking for
-
File "rpdeluxe.properties" in Home Folder
Hi, I have just noticed a file called "rpdeluxe.properties" in my home folder. When I open it I see the following info: #Thu Sep 27 21:28:48 CEST 2007 SerialNumber=RPRID-0400-58818-00783-71277 LocaleCountry=US LocaleLanguage=en Can anyone tell me wha
-
Wher I should I put the data sources.
Hi all, in connect pool where I shoul put the following staff <database> <jndi-name>jdbc/sqlserver</jndi-name> <driver type="com.microsoft.jdbcx.sqlserver.SQLServerDataSource"> <serverName>csdevsqla01.office.foo</serverName> <databaseName>Reports</da
-
Unable to use DIMLIST property in business rules
Hi Team, We have updated Account dimension with TYPELIM(10), DIMLIST(20) properties and in AUTOMATIC ADJUSTMENT DETAILS in the SOURCE ACCT when we update it with valid account ID or TYPELIM property value, it validates sucessfully.But, when we update
-
Yeah, like the Subject says, "Extract a clip from a DVD". How can I do that? And, I'd like the subtitles to be extracted as well. It's for my presentation thing. It's irritating if I have to search for a particular scene during the presentation, so h
-
Failed to install packages correctly
Hi, duringf my latest upgrade, (on x86_64) I had a strange problem: for almost all packages, pacman wrote: error: command failed to execute correctly Directly after that, my system became unusable, because every command returned: "Too many levels of