Weblogic.security.ldaprealmv2.LDAPRealm problem..

Hi All,
I'm running WLS6.1sp1 and I have a bit of a snag. I've been able to
successfully configure WLS6.1 to authenticate against a single development
LDAP server, but I'm running into problems with my production LDAP
environment.
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide some assistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
Jason Hanna
Lead Technical Architect - EMC.com

>
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide someassistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
The ldap realm v2 uses the netscape sdk. By default, a netscape sdk client
follows
referrals automatically.However, the client binds anonymously to the server.
There is currently no method for the ldap realm v2 to follow referrals and
bind
as a specific user.
Does your production system have the same principal and credentials for
both the original and referral directory server?
Peter

Similar Messages

  • Weblogic.security.ldaprealmv2.LDAPRealmException

    Environment:
    WebLogic version: WebLogic Server 6.1 SP2 12/18/2001 11:13:46 #154529
    jdk: 1.3.1
    OS: Solaris 7
    LDAP server: iPlanet Directory Server 5.0
    Realm: LDAP2Realm CustomRealm weblogic.security.ldaprealmv2.LDAPRealm
    ISSUE:
    Certain LDAP users cause an Exception to propagate up to produce a 500
    internal server error. How can one programmetically catch this
    internal Exception? Why is this Exception thrown? I would have assumed
    that the WebLogic realm componet would would prevent such Exceptions
    from reaching the top?
    NOTE1: Other users that exhast their login tries DO NOT produces this
    Exception.
    NOTE2: I know this could very well be a bug in the iPlanet Directory
    Server 5.0 and/or the weblogic custom ream classes.
    EXCEPTION:
    <Apr 30, 2002 10:32:20 AM PDT> <Error> <HTTP>
    <[WebAppServletContext(8204614,dailyrpts,/dailyrpts)] Servlet failed
    with Exception
    netscape.ldap.LDAPException: error result (19); Exceed password retry
    limit. Please try later.; Constraint violation
    at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
    at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
    at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
    at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
    at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
    at weblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:782)
    at weblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:60)
    at weblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRealm.java:186)
    at weblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRealm.java:127)
    at weblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.java:110)
    at weblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:956)
    at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:863)
    at weblogic.security.acl.Realm.authenticate(Realm.java:200)
    at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
    at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
    at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:262)
    at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:217)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:155)
    at weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:169)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:144)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2467)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    --------------- nested within: ------------------
    weblogic.security.ldaprealmv2.LDAPRealmException: caught unexpected
    exception - with nested exception:
    [netscape.ldap.LDAPException: error result (19); Exceed password retry
    limit. Please try later.; Constraint violation]
    at weblogic.security.ldaprealmv2.LDAPDelegate.handleException(LDAPDelegate.java:884)
    at weblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:801)
    at weblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:60)
    at weblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRealm.java:186)
    at weblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRealm.java:127)
    at weblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.java:110)
    at weblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:956)
    at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:863)
    at weblogic.security.acl.Realm.authenticate(Realm.java:200)
    at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
    at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
    at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:262)
    at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:217)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:155)
    at weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:169)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:144)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2467)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)

    Ok, so the only way to catch this is to create an "error-page" in the
    web.xml file that will catch this exception-type. I hoping I could do
    this in code somewhere...
    Thanks!
    Now I need to figure out why this Exceptionis being thrown!!
    My Research:
    http://developer.netscape.com/docs/manuals/dirsdk/jsdk30/exceptns.htm
    http://developer.netscape.com/docs/manuals/dirsdk/jsdk30/exceptn1.htm
    http://docs.iplanet.com/docs/manuals/dirsdk/jsdk41/Reference/netscape/ldap/LDAPException.html
    CONSTRAINT_VIOLATION
    An internal error occurred in the LDAP server.
    Constant of Class
    LDAPException
    Syntax
    public static final int CONSTRAINT_VIOLATION
    Description
    This exception corresponds to a result code of 19.
    "kirann" <[email protected]> wrote in message news:<[email protected]>...
    hi,
    you can catch this by defining.. <exception> in the web.xml.. see that
    dtd..
    thanks
    kiran
    "Matrix" <[email protected]> wrote in message
    news:[email protected]...
    Environment:
    WebLogic version: WebLogic Server 6.1 SP2 12/18/2001 11:13:46 #154529
    jdk: 1.3.1
    OS: Solaris 7
    LDAP server: iPlanet Directory Server 5.0
    Realm: LDAP2Realm CustomRealm weblogic.security.ldaprealmv2.LDAPRealm
    ISSUE:
    Certain LDAP users cause an Exception to propagate up to produce a 500
    internal server error. How can one programmetically catch this
    internal Exception? Why is this Exception thrown? I would have assumed
    that the WebLogic realm componet would would prevent such Exceptions
    from reaching the top?
    NOTE1: Other users that exhast their login tries DO NOT produces this
    Exception.
    NOTE2: I know this could very well be a bug in the iPlanet Directory
    Server 5.0 and/or the weblogic custom ream classes.
    EXCEPTION:
    <Apr 30, 2002 10:32:20 AM PDT> <Error> <HTTP>
    <[WebAppServletContext(8204614,dailyrpts,/dailyrpts)] Servlet failed
    with Exception
    netscape.ldap.LDAPException: error result (19); Exceed password retry
    limit. Please try later.; Constraint violation
    at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
    atnetscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
    atnetscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
    atnetscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
    at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
    atweblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:78
    2)
    atweblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:60)
    atweblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRea
    lm.java:186)
    atweblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRea
    lm.java:127)
    atweblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.ja
    va:110)
    atweblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:956)
    atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:863)
    at weblogic.security.acl.Realm.authenticate(Realm.java:200)
    atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
    atweblogic.security.acl.internal.Security.authenticate(Security.java:125)
    atweblogic.servlet.security.internal.SecurityModule.checkAuthenticate(Security
    Module.java:262)
    atweblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecu
    rityModule.java:217)
    atweblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.
    java:155)
    atweblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityMod
    ule.java:169)
    atweblogic.servlet.security.internal.ServletSecurityManager.checkAccess(Servle
    tSecurityManager.java:144)
    atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
    ntext.java:2467)
    atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
    :2204)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    --------------- nested within: ------------------
    weblogic.security.ldaprealmv2.LDAPRealmException: caught unexpected
    exception - with nested exception:
    [netscape.ldap.LDAPException: error result (19); Exceed password retry
    limit. Please try later.; Constraint violation]
    atweblogic.security.ldaprealmv2.LDAPDelegate.handleException(LDAPDelegate.java
    :884)
    atweblogic.security.ldaprealmv2.LDAPDelegate.authenticate(LDAPDelegate.java:80
    1)
    atweblogic.security.ldaprealmv2.LDAPRealm.authUserPassword(LDAPRealm.java:60)
    atweblogic.security.acl.AbstractListableRealm.authInternal(AbstractListableRea
    lm.java:186)
    atweblogic.security.acl.AbstractListableRealm.authenticate(AbstractListableRea
    lm.java:127)
    atweblogic.security.acl.AbstractListableRealm.getUser(AbstractListableRealm.ja
    va:110)
    atweblogic.security.acl.CachingRealm.authenticate(CachingRealm.java:956)
    atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:863)
    at weblogic.security.acl.Realm.authenticate(Realm.java:200)
    atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
    atweblogic.security.acl.internal.Security.authenticate(Security.java:125)
    atweblogic.servlet.security.internal.SecurityModule.checkAuthenticate(Security
    Module.java:262)
    atweblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecu
    rityModule.java:217)
    atweblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.
    java:155)
    atweblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityMod
    ule.java:169)
    atweblogic.servlet.security.internal.ServletSecurityManager.checkAccess(Servle
    tSecurityManager.java:144)
    atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
    ntext.java:2467)
    atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
    :2204)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)

  • ActiveDirectory/LDAPRealm Problem

    I'm trying to authenticate users of my Web Application against users in an
    ActiveDirectory LDAP Server.
    When the admin console lists all of the users in the ActiveDirectory server
    it lists then by their full name which is stored in the 'cn' attribute. It
    does not allow users to log into the application with either their username
    or their full name as contained in the 'cn' attribute. I have tried both
    'local' and 'bind' UserAuthentication.
    When I try to access their login name or email address, using
    'sAMAccountName' or 'userPrincipalName' in the UserNameAttribute field, I
    get a RuntimeOperationsException when accessing either my application or the
    admin console. Abbreviated exception folloed by LDAPRealm config...
    javax.management.RuntimeOperationsException: RuntimeException thrown by the
    getAttribute method of t
    he DynamicMBean for the attribute FileTimeSpan
    at
    com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.java:118
    3)
    at
    com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.java:115
    1)
    at
    weblogic.management.internal.MBeanProxy.getAttribute(MBeanProxy.java:223)
    at
    weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:156)
    at $Proxy3.getFileTimeSpan(Unknown Source)
    at weblogic.logging.FileStreamLogger.log(FileStreamLogger.java:169)
    My LDAPRealm looks like this
    <LDAPRealm
    Name="ActiveDirectoryRealm"
    LDAPURL="ldap://server:389"
    AuthProtocol="simple"
    Principal="[email protected]"
    Credential="credential"
    GroupDN="DC=com,DC=xxx,DC=server,CN=Users"
    GroupIsContext="false"
    GroupNameAttribute="cn"
    GroupUsernameAttribute="member"
    UserAuthentication="local"
    UserDN="DC=com,DC=xxx,DC=server,CN=Users"
    UserNameAttribute="cn"
    UserPasswordAttribute="userPassword"/>

    >
    My production LDAP environment returns referrals. Normally this is dealt
    with by setting the Context.Referral parameter to "follow" rather than the
    default JNDI "ignore" value. I can't seem to find any documentation on the
    "configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
    even get at any API docs for this class.
    Can somebody tell me if there is a configuration parameter I can pass to
    this class which accomplishes this? If not, can BEA provide someassistance
    (source code or API documentation) so that we can modify this class? (I'm
    not excited about writing my own CustomAuthentication class this week..)
    The ldap realm v2 uses the netscape sdk. By default, a netscape sdk client
    follows
    referrals automatically.However, the client binds anonymously to the server.
    There is currently no method for the ldap realm v2 to follow referrals and
    bind
    as a specific user.
    Does your production system have the same principal and credentials for
    both the original and referral directory server?
    Peter

  • Weblogic.security.ldaprealm.LDAPException

    hi all,
    i'm trying to authenticate users/groups with weblogic 6.0sp2 against iplanet 5.0
    on an nt operating system.
    from time to time weblogic server is throwing exceptions like the one below:
    weblogic.security.ldaprealm.LDAPException: search error: user xyz - with nested
    exception:
    [javax.naming.ServiceUnavailableException: server:389; remaining name 'ou=People,dc=comp,dc=com']
    The App is reconnecting and able to get the connection, but those exceptions are
    thrown on a very frequent basis.Any ideas what causes this behaviour?
    Your help is very much appreciated.
    mdheur

    weblogic.security.ldaprealm.LDAPException: search error: user xyz - withnested
    >
    From the API,
    This exception is thrown when attempting to communcate with a directory or
    naming service and that service is not available. It might be unavailble for
    different reasons. For example, the server might be too busy to service the
    request, or the server might not be registered to service any requests, etc.
    -utpal

  • Image loading problem with weblogic security page

    I developed an j2ee application on tomcat server. After successful working in tomcat I migrated to weblogic server.
    So problem is the application is working properly with out security in weblogic. Later security is added to the application, then the back ground images are not loading in .jsp pages. Please suggest me what i have to follow to display back ground images in the .jsp pages. I was unable to find solution.
    Thanks
    Ananda

    Hi,
    There is a BADI (TRIP_IMP_EXP) that can help you to restrict trip amount by set delimit date.
    Use RESTRICT_TRAVEL_RANGE method ot do this.
    BR, Jurijs

  • Heap Problem with weblogic.security.auth.login.PasswordCredential

    Hello,
    I am calling EJB's from a Tomcat 6.0.20. The EJB's are contained on a Weblogic 10 mp2. For getting EJBHome, I'm using the following InitialContext-Call:
    EJBHome home = null;
    try
    Properties initialContextProperties = new Properties();
    initialContextProps.put(InitialContext.INITIAL_CONTEXT_FACTORY, initialContextFactory);
    initialContextProps.put(InitialContext.SECURITY_PRINCIPAL, username);
    initialContextProps.put(InitialContext.SECURITY_CREDENTIALS, password);
    initialContextProps.put(InitialContext.PROVIDER_URL, url);
    initialContext = new InitialContext(initialContextProps);
    Object objref = this.initialContext.lookup(jndiHomeName);
    home = (EJBHome) PortableRemoteObject.narrow(objref, narrowClass);
    finally
    if ( initialContext != null )
    try
    initialContext.close();
    catch(Throwable t)
    return home;
    The Problem is, that after a bulk test on the tomcat (Xmx=256MB), 200MB are filled with 1.500.000 instances of the following class:
    weblogic.security.auth.login.PasswordCredential
    Has somebody an idea how to remove these classes from tomcat heap, because now the result is an OutOfMemory?
    Best regards,
    sebbay

    Hi,
    The authenticate method would take the user and the password details from the environment
    (env) that is passed and after successful authentication would populate the subject with
    the principals (i.e user, group the user belongs to ..)
    It should work with any user that is defined in the WLS not just weblogic/weblogic.
    Do you have any other users defined and which group do they belong to?
    Vimala
    Khalid Rizvi wrote:
    I am playing (learning) with weblogic.security.auth.login.UsernamePasswordLoginModule
    as a LoginModule using JAAS based authentication. Surprisingly, the only userid
    and password combination acceptable is uid=weblogic, pw=weblogic combination.
    I went through and looked at the example code under
    http://e-docs.bea.com/wls/docs70/security/cli_apps.html#1042212. I found that
    the UsernamePasswordLoginModule.login calls into
    if (url != null) {
    Environment env = new Environment();
    env.setProviderUrl(url);
    env.setSecurityPrincipal(username);
    env.setSecurityCredentials(password);
    try {
    Authenticate.authenticate(env, subject);
    Seems like UsernamePasswordLoginModule only is a router, as it instantiates an
    instance of Environemt using the userid and password and passes this Environemtn
    instance (env) to Authenticate.authenticate along with the empty Subject instance.
    I read about that the Subject instance will be filled in with Principals by the
    WL Server.
    My question is that firstly,
    1. As Authenticate.authenticate is not passed in the uid and pw, will it pick
    those from the env?
    2. Secondly, why does it only accept uid=weblogic & pw=weblogic.
    I will appreciate if some one can put me in the right direction.
    Khalid R. Rizvi
    508-641-1192
    [email protected]

  • Weblogic security & EJB role based access

    How does (or not) weblogic security tie into the EJB notion of role based
    control ? Can we create a 'custom' security mechanism for EJB (which
    basically uses the EJB facilities but extends it within the application) by
    using custom weblogic realms ?
    Thanks
    Raju

    Thanks !
    "Terry" <[email protected]> wrote in message
    news:[email protected]...
    comments inline
    r <[email protected]> wrote in message
    news:[email protected]...
    >>
    Here are some more specific questions around an 'example' scenario:
    The application has an entity bean 'Account' that can be accessed by the
    roles 'Bank Employee' and 'Customer'
    'Bank Employee' can execute the 'getBalance()' and 'placeOnHold()'
    methods on the 'Account' bean
    'Customer' can execute the 'withdraw()', 'deposit()', and'getBalance()'
    methods on the 'Account' bean
    These permissions are set up through the deployment descriptor by
    mapping
    the 'Bank Employee' and 'Customer' roles
    to the particular bean methods that the role should be given access to.
    1. How does weblogic provide the facility to map the EJB deployment
    descriptor
    <security-role> to a particular weblogic principal (user orgroup)
    Or, should I say, how do I map the user or group to a
    deployment-descriptor defined role?In the deployment tool, once in the jar select the 'Security' item,create
    an application role (in your case it is probably best to create 2 security
    roles - the bank employee role refering to the bank employee group (usethe
    'in role' checkboxes, and the customer role refering to the customergroup -
    there may at some point be use for an allUsers role, which includes both
    groups, maybe not. What I am saying is that a role is made of a one ormore
    of Principals - in our case groups)
    In the Account Bean select the method permissions item, and create amethod
    permission perm-0, select the perm-0 item that has just popped up in the
    left hand window, tick the box for placeOnHold(), and the boxes for<remote>
    and <home> one level deeper than this in the tree (as an aside, I have
    absolutely no idea why there would be a 'home' box here, ho hum). Selectthe
    'bank employee' 'can invoke' tickbox
    Create perm-1, and do what you did above for 'withdraw()' and 'deposit()'
    methods, and the 'customer' tickbox
    I believe the documents say you would have to set up another permission to
    allow both groups access to the getBalance method, but in practive Ihaven't
    found this the case.
    The documentation for this is at
    http://www.weblogic.com/docs51/classdocs/API_ejb/EJB_deploy.html#1102211
    (or
    search for 'Deploying EJBs with DeployerTool'
    2. Are there any administrative tools provided by weblogic to do
    this
    mapping ?The deployer tool. Otherwise I think it's the acse of writing your own xml
    files
    3. How much effort & complexity is involved in creating a custom
    realm
    Hmmm, depends - you could have the RDBMSRealm that is provided in'examples'
    in half an hour or so (there is a problem with one of the RDBMSUser's
    methods - getUserType or something like that - the solution can be foundin
    the newsgroups if you search), the same is probably true of the LDAPRealm,
    NTRealm etc (although I have never used these).
    Which one you choose depends on what equipment you have available,although
    I would say that the RDBMSRealm canuse a lot of optimisation
    Thanks,Welcome
    Raju
    "Terry" <[email protected]> wrote in message
    news:[email protected]...
    The Principals (i.e. groups and users) from your custom realm are used
    to
    define application roles for the EJBs, but, as far as I am aware youcannot
    use a custom implementation for the ACLs for EJBs
    terry
    r <[email protected]> wrote in message
    news:[email protected]...
    How does (or not) weblogic security tie into the EJB notion of rolebased
    control ? Can we create a 'custom' security mechanism for EJB (which
    basically uses the EJB facilities but extends it within the
    application)
    by
    using custom weblogic realms ?
    Thanks
    Raju

  • Error:- weblogic.security.SecurityInitializationException: Authentication

    Hi,
    I am getting below error when ever i am trying to start the Managed server in cluster environment(unix).
    I am able to start the server on local machine but in case of remote machine its not gettig started.
    I have tried most of the steps as mentioned below:-
    1) Changed the weblogic passowrd.
    2) Delete boot.properties.
    3) deleted $DOMAIN_DIR\servers\<admin-server-name>\data\ldap
    4) Followed below post also but nothing worked:-
    https://forums.oracle.com/forums/thread.jspa?threadID=956750&start=30&tstart=0
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888310> <BEA-000000> <WebLogic Server "soa_server2" version:
    WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Notice> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888419> <BEA-170019> <The server log file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/logs/soa_server2.log is opened. All server side log events will be written to this file.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888426> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Diagnostics> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888494> <BEA-320001> <The ServerDebug service initialized successfully.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3s" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "http" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "https" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888561> <BEA-002622> <The protocol "iiop" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "iiops" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldap" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldaps" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888564> <BEA-002622> <The protocol "cluster" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888565> <BEA-002622> <The protocol "clusters" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "snmp" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "admin" is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888569> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
    ####<Nov 14, 2011 7:41:28 PM IST> <Info> <RJVM> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888583> <BEA-000570> <Network Configuration for Channel "soa_server2"
    Listen Address          172.17.103.42:8101
    Public Address          N/A
    Http Enabled          true
    Tunneling Enabled     false
    Outbound Enabled     false
    Admin Traffic Enabled     true>
    ####<Nov 14, 2011 7:41:29 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889336> <BEA-002609> <Channel Service initialized.>
    ####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889410> <BEA-000436> <Allocating 4 reader threads.>
    ####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889412> <BEA-000446> <Native IO Enabled.>
    ####<Nov 14, 2011 7:41:29 PM IST> <Info> <IIOP> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889612> <BEA-002014> <IIOP subsystem enabled.>
    ####<Nov 14, 2011 7:41:32 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279892649> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
    ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893102> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
    ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893224> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_qMT60FRl3kIPYftFoWhBFbhSxuY=>
    ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893501> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
    ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893509> <BEA-090074> <Initializing Authorizer provider using LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
    ####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893921> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
    ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
    ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-090827> <LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
    ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894250> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
    ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894251> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift.>
    ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894265> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift>
    ####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server soa_server2 for security realm myrealm.>
    ####<Nov 14, 2011 7:41:34 PM IST> <Notice> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090082> <Security initializing using security realm myrealm.>
    ####<Nov 14, 2011 7:41:34 PM IST> <Critical> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894594> <BEA-090403> <Authentication for user weblogic denied>
    ####<Nov 14, 2011 7:41:34 PM IST> <Critical> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894596> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
    weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
         at weblogic.security.SecurityService.start(SecurityService.java:141)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
         at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
         at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
         at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
         at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
         at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
         at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
         at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
         at $Proxy28.login(Unknown Source)
         at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
         at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
         at $Proxy46.authenticate(Unknown Source)
         at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
         at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
         at weblogic.security.SecurityService.start(SecurityService.java:141)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    >
    ####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000365> <Server state changed to FAILED>
    ####<Nov 14, 2011 7:41:34 PM IST> <Error> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000383> <A critical service failed. The server will shut itself down>
    ####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894608> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
    ####<Nov 14, 2011 7:41:34 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894618> <BEA-000236> <Stopping execute threads.>
    Please help.
    thanks in advance

    I've tried every trick in the book but no luck and finally I found a solution for this problem. Maybe it is not the best practice but it works:
    1-Uninstall JDeveloper.
    2-Delete Oracle Middleware file located in C:\Oracle
    3-Delete the JDeveloper file located in C:\Users\MyUser\AppData\Roaming (Because the integrated Weblogic server is actually there)
    4-Reinstall JDeveloper
    That solved the issue.
    Thanks

  • Weblogic.security.internal.SerializedSystemIniException

    While starting weblogic server, I am getting the following error,
    Exception raised:
    weblogic.security.internal.SerializedSystemIniException: Version mismatch. have
    0, expected 1
         at weblogic.security.internal.SerializedSystemIni.<init>(SerializedSystemIni.java:119)
         at weblogic.security.internal.SerializedSystemIni.getEncryptionService(SerializedSystemIni.java:208)
         at weblogic.management.internal.EncryptedData.getEncryptionService(EncryptedData.java:82)
    Can anybody give a clue in this to resolve urgently?

    It seems like your SerializedSystemIni.dat is currupted.
    Do you have SerializedSystemIni.dat and fileRealm.property from any other
    working domain?
    Please try to replace both of them and see if this fixes the problem.
    -utpal
    "Ramanan " <[email protected]> wrote in message
    news:[email protected]..
    >
    While starting weblogic server, I am getting the following error,
    Exception raised:
    weblogic.security.internal.SerializedSystemIniException: Version mismatch.have
    0, expected 1
    atweblogic.security.internal.SerializedSystemIni.<init>(SerializedSystemIni.ja
    va:119)
    atweblogic.security.internal.SerializedSystemIni.getEncryptionService(Serializ
    edSystemIni.java:208)
    atweblogic.management.internal.EncryptedData.getEncryptionService(EncryptedDat
    a.java:82)
    >
    Can anybody give a clue in this to resolve urgently?

  • The weblogic.security.Security.runAs() and JAAS Subject

    Let say that I have Java client with some JAAS code that authenticates
    the user. The LoginContext generates a Subject containing the Principal
    name of the authenticated user, but also some private credentials that
    makes the Subject secure.
    Now I want to call an EJB on WLS.
    Having JNDI (EJB) code inside a PriviledgesAction and using the
    weblogic.security.Security.runAs() method, I assume that the Subject is
    sent over the wire with the EJB call. If not, please correct me.
    Question is: How does WLS authenticate this call? What modules are
    called? IdentityAsserter? LoginModule? Is the Subject simply assumed
    "valid"? Any documentation describing how this is done?
    /Bo

    Hi,
    Problem is solved, we also got security exception when we tried to call MBeans.For this to work we have to set
    -Dweblogic.disableMBeanAuthorization=true in weblogic startup script so that our application can access MBeans.
    Thanks
    girish

  • Weblogic security: coping URL into other tab

    Hi,
    We have two Weblogic servers on two phisically different locations.
    First of them, WLS A, have perfect security. When you login into any application that is deployed on it, and try:
    - copy URL into another tab or browser window, you are getting returned at login page
    - when you close browser (without logout), and try to start application from history, you are getting login page, again
    So, URL that you have when you enter the application is absolutely useless. Closing the browser, or tab with application have practicaly same meaning as logout.
    Second of them, WLS B, have not that security. When you login into any application that is deployed on it, and:
    - copy URL into another tab or browser window, you are getting application without need to login! So that URL can be very dangerous, because it is possible to misuse it, if the user don't make logout
    - closing browser without logout: it is possible to find out the URL in history and go back into application without login!
    It is obvious that the problem is some setting on weblogic server. We tried to compare the settings on WLS A and WLS B but we have not found the setting that we have search for. The programmer that have found and set that property on WLS A working not more in our company.
    Can anybody help, we will be very greatful!
    Thanks,

    Hi,
    The authenticate method would take the user and the password details from the environment
    (env) that is passed and after successful authentication would populate the subject with
    the principals (i.e user, group the user belongs to ..)
    It should work with any user that is defined in the WLS not just weblogic/weblogic.
    Do you have any other users defined and which group do they belong to?
    Vimala
    Khalid Rizvi wrote:
    I am playing (learning) with weblogic.security.auth.login.UsernamePasswordLoginModule
    as a LoginModule using JAAS based authentication. Surprisingly, the only userid
    and password combination acceptable is uid=weblogic, pw=weblogic combination.
    I went through and looked at the example code under
    http://e-docs.bea.com/wls/docs70/security/cli_apps.html#1042212. I found that
    the UsernamePasswordLoginModule.login calls into
    if (url != null) {
    Environment env = new Environment();
    env.setProviderUrl(url);
    env.setSecurityPrincipal(username);
    env.setSecurityCredentials(password);
    try {
    Authenticate.authenticate(env, subject);
    Seems like UsernamePasswordLoginModule only is a router, as it instantiates an
    instance of Environemt using the userid and password and passes this Environemtn
    instance (env) to Authenticate.authenticate along with the empty Subject instance.
    I read about that the Subject instance will be filled in with Principals by the
    WL Server.
    My question is that firstly,
    1. As Authenticate.authenticate is not passed in the uid and pw, will it pick
    those from the env?
    2. Secondly, why does it only accept uid=weblogic & pw=weblogic.
    I will appreciate if some one can put me in the right direction.
    Khalid R. Rizvi
    508-641-1192
    [email protected]

  • Weblogic.security.SecurityInitializationException: Authentication for user system denied

    Reason: weblogic.security.SecurityInitializationException: Authentication for user system denied
    I tried my user name.But server didn't start.PLz help me and tell me what i have to do.
    Thanks

    Hi,
    The admin server is also able to start the managed server. The easiest way is
    to use a script. The command of starting a managed server is not much different
    from the one for the admin server. Just make sure that you reference the admin
    server URL (eg. http://localhost:7001). The more production environment way of
    managing managed server is to use the notemanger. See the admin guide for more
    infos.
    Which version are you using?
    Kai
    "hari" <[email protected]> wrote:
    >
    Hi!Kai..
    I tried with system/weblogic....but same error.Actually i created domain
    and managed
    server in existing domain throgh config.sh
    But the admin server is running properly.But the manager is not starting,user
    authentication problem is coming.When i was created domain..i created
    a user.I
    started admin server with that user...but manged server is not starting.Plz
    help
    me.

  • Weblogic 8.1.6 problem.......

    Hi All,
    i am facing a strange problem, when i start the weblogic server after starting successfully it throws an exception :-
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Info> <Socket> <BEA-000440> <Native IO Enabled.>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "admin_svr" for doma
    in "charter" running in Development Mode>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 16
    818, ip address *.*>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Info> <WebLogicServer> <BEA-000213> <Adding address: 10.55.13.58 to licensed client list>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Info> <Management> <BEA-140009> <Configuration changes for the domain have been saved to
    the repository.>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Info> <Configuration Management> <BEA-150007> <The booted configuration ./config.xml has
    been backed up at /home/chrtr18/domains/charter/./config.xml.booted.>
    <1-Nov-2007 3:12:04 o'clock AM EDT> <Info> <HTTP> <BEA-101047> <[ServletContext(id=24067799,name=console,context-path=/console
    )] FileServlet: init>
    <1-Nov-2007 3:12:04 o'clock AM EDT> <Info> <HTTP> <BEA-101047> <[ServletContext(id=24067799,name=console,context-path=/console
    )] FileServlet: Using standard I/O>
    <1-Nov-2007 3:12:22 o'clock AM EDT> <Info> <HTTP> <BEA-101047> <[ServletContext(id=24067799,name=console,context-path=/console
    )] actions: init>
    <1-Nov-2007 3:13:24 o'clock AM EDT> <Warning> <RMI> <BEA-080003> <RuntimeException thrown by rmi server: weblogic.rmi.internal
    .BasicServerRef@109 - hostID: '8499232654163808380S:10.55.13.31:[16818,16818,-1,-1,-1,-1,-1,0,0]:charter:admin_svr', oid: '265
    ', implementation: 'weblogic.jms.dispatcher.DispatcherImpl@e5f0d2'
    java.lang.SecurityException: [Security:090398]Invalid Subject: system.
    java.lang.SecurityException: [Security:090398]Invalid Subject: system
    at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:698)
    at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:205)
    at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:841)
    at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:307)
    at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1114)
    at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1032)
    at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:225)
    at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:809)
    at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:782)
    at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:718)
    at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:664)
    at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:123)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    Is i am missing something...any suggestion will help...
    Thanks.

    Hi All,
    i am facing a strange problem, when i start the weblogic server after starting successfully it throws an exception :-
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Info> <Socket> <BEA-000440> <Native IO Enabled.>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "admin_svr" for doma
    in "charter" running in Development Mode>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 16
    818, ip address *.*>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Info> <WebLogicServer> <BEA-000213> <Adding address: 10.55.13.58 to licensed client list>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Info> <Management> <BEA-140009> <Configuration changes for the domain have been saved to
    the repository.>
    <1-Nov-2007 3:10:23 o'clock AM EDT> <Info> <Configuration Management> <BEA-150007> <The booted configuration ./config.xml has
    been backed up at /home/chrtr18/domains/charter/./config.xml.booted.>
    <1-Nov-2007 3:12:04 o'clock AM EDT> <Info> <HTTP> <BEA-101047> <[ServletContext(id=24067799,name=console,context-path=/console
    )] FileServlet: init>
    <1-Nov-2007 3:12:04 o'clock AM EDT> <Info> <HTTP> <BEA-101047> <[ServletContext(id=24067799,name=console,context-path=/console
    )] FileServlet: Using standard I/O>
    <1-Nov-2007 3:12:22 o'clock AM EDT> <Info> <HTTP> <BEA-101047> <[ServletContext(id=24067799,name=console,context-path=/console
    )] actions: init>
    <1-Nov-2007 3:13:24 o'clock AM EDT> <Warning> <RMI> <BEA-080003> <RuntimeException thrown by rmi server: weblogic.rmi.internal
    .BasicServerRef@109 - hostID: '8499232654163808380S:10.55.13.31:[16818,16818,-1,-1,-1,-1,-1,0,0]:charter:admin_svr', oid: '265
    ', implementation: 'weblogic.jms.dispatcher.DispatcherImpl@e5f0d2'
    java.lang.SecurityException: [Security:090398]Invalid Subject: system.
    java.lang.SecurityException: [Security:090398]Invalid Subject: system
    at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:698)
    at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:205)
    at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:841)
    at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:307)
    at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1114)
    at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1032)
    at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:225)
    at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:809)
    at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:782)
    at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:718)
    at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:664)
    at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:123)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    Is i am missing something...any suggestion will help...
    Thanks.

  • Weblogic.security.CipherException: Invalid padding length

    I am having some difficulties configuring SSL for WebLogic 6.0.2J (Japanese).
    Here is the history of my problem:
    1. A CSR was generated, but on a completely different platform (Windows) and
    for a slightly older version of WebLogic (6.0.1J)
    2. I was then brought in to install and configure WebLogic 6.0.2J on UNIX.
    3. I was then given the encrypted private key (security_net-chef_net-key.der),
    the CSR files, and the server cert from VeriSign Japan (cert.pem). I went to VeriSign
    Japan to get an intermediate CA cert (Server Chain Cert), which I saved as ca.pem.
    4. In the Admin Console, I configured the server in my target domain with: Server
    Certificate File Name = cert.pem, Trusted CA File Name = ca.pem, and Trusted CA
    File Name = security_net-chef_net-key.der.
    5. When I attempt to start my target server, I am seeing the following alert:
    ===========================================================
    <2001/08/07 13:22:25:JST> <Alert> <WebLogicServer> <&#35469;&#35388;&#12501;&#12449;&#12452;&#12523;
    config/net-chef
    /security_net-chef_net-key.der &#12395;&#12475;&#12461;&#12517;&#12522;&#12486;&#12451;
    &#12467;&#12531;&#12501;&#12451;&#12464;&#12524;&#12540;&#12471;&#12519;&#12531;&#19978;&#12398;&#21839;&#38988;&#12364;&#12354;&#12426;
    &#12414;&#12377;&#12290;java.io.IOException: weblogic.security.CipherException:
    Invalid padding le
    ngth 72>
    java.io.IOException: weblogic.security.CipherException: Invalid padding length
    7
    2
    at weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:15
    7)
    at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
    25)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:387)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
    at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
    at weblogic.Server.main(Server.java:35)
    ===========================================================
    Please note that as I am doing this on a Japanese OS, some of the above messages
    may be rendered illegible.
    If anyone out there has a clue to why I am seeing the above error, I would greatly
    appreciate your help.
    Thanks and aloha in advance,
    Brooke

    See Posting 5457.

  • Weblogic security - acegi

    Hi,
    My application was using acegi security for basic authentication and now I am trying to deploy it under weblogic9.2. I am facing a problem that I need to define the users in weblogic security also to get it authenticated and so browser asks user/password twice, once for weblogic and once for acegi. Can anybody where I might be making mistake.
    My web.xml has this,
         <filter>
              <filter-name>Acegi Filter</filter-name>
              <filter-class>
                   org.acegisecurity.util.FilterToBeanProxy
              </filter-class>
              <init-param>
                   <param-name>targetClass</param-name>
                   <param-value>
                        org.acegisecurity.util.FilterChainProxy
                   </param-value>
              </init-param>
         </filter>
         <filter-mapping>
              <filter-name>Acegi Filter</filter-name>
              <url-pattern>/*</url-pattern>
         </filter-mapping>
    Please inform me about the problem,
    Best regards,
    mik

    There are some information you might be able to find in a SpringOne presentation. It contains the latest information on Spring integration with WebLogic Server, Coherence, and TopLink, respectively. It cites http://www.interface21.com/pitchfork, which contains download links.
    You might also would like to check the following link:
    http://www.oracle.com/technology/tech/java/spring/index.html
    http://www.infoq.com/news/Spring-WebLogic-EJB3
    I am not pretty sure how much it is related to your doubt, however still posting so that those link can be found by anyone browsing for Spring query
    /ed

Maybe you are looking for

  • My 13 inch macbook pro freezes,when i use the magic mouse.pleae any help to resolve this

    My 13 inch macbook pro freezes,when i use the magic mouse.pleae any help to resolve this.My OS is OS X 10.6.8.

  • MacBook Pro Starts Up Twice, Something is Wrong.

    I know all of you guys will say that after a software update, the computer will start up 2 times. But then it happened after I installed the software update. The Launchpad works when you launch it, but the background doesn't blur out the wallpaper, i

  • PDFs in Safai

    Can I force Safari (Mac) to use Adober Acrobat instead of defaulting to Adobe Reader and requesting approval for every PDF?

  • Personal

    2 weeks ago I took the ORACLE 9i PL/SQL programming course at oracle university. I was told by the instructor that I could go to otn.oracle.com and download Oracle 9i database (personal) and I'd be able to do the class exercises from home using usern

  • How to set CABAC option with Adobe Media Encoder CC2014

    hello everyone i would like to be sure that i'm setting an mp4 h264 video with the CABAC option. in the video settings of the Adobe Media Encoder cc2014 i didn't find this option. i know that i have to put the profile at Main, and i did! somebody can