WlClient.jar & JAAS authentication Issues
If I run the JAAS example (examples/security/jaas) that comes with
wl8.1 sp1 but use wlclient.jar instead of weblogic.jar, the
LoginContext.login() method returns a Subject even if I pass in an
invalid user/password combination. If weblogic.jar is in the
classpath, a javax.security.auth.login.LoginException is thrown which
is what I want to happen for invalid credentials. When running with
wlclient.jar, the code doesn't fail until it actually attempts to
access the EJB at which point it gets a org.omg.CORBA.NO_PERMISSION.
I am trying to use JAAS to login from a swing app and I want to use
wlclient.jar instead of weblogic.jar, but I need to be able to
determine whether the login was successful without waiting until I
access a secured EJB. Why does wlclient.jar behave differently than
weblogic.jar? How can I determine if my login worked if Weblogic is
going to return a Subject no matter what username/password I pass in?
Hi,
I have a similar problem when using wlclient.jar. I am able to authenticate using
the UsernamePasswordLoginModule (with authOnLogin true), but I get an error when
invoking a secured EJB:
UsernamePasswordLoginModule.initialize(), debug enabled
UsernamePasswordLoginModule.initialize(), authOnLogin enabled
UsernamePasswordLoginModule.login(), username weblogic
UsernamePasswordLoginModule.login(), URL t3://localhost:7001
Logged in
Invoking EJB
java.rmi.AccessException: CORBA NO_PERMISSION 0 Maybe; nested exception is:
org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: Maybe
at com.sun.corba.se.internal.iiop.ShutdownUtilDelegate.mapSystemException(ShutdownUtilDelegate.java:95)
at javax.rmi.CORBA.Util.mapSystemException(Util.java:65)
The login is successfull, but I get the org.omg.CORBA.NO_PERMISSION when invoking
the EJB. If I replace wlclient.jar with weblogic.jar it works fine! But we can't
use weblogic.jar in our deployed client, because a) it's HUGE, b) it conflicts
with Ant 1.6.1.
Any ideas?
"Memo S" <[email protected]> wrote:
>
Here is the answer
A UsernamePasswordLoginModule LoginModule was added for use by the IIOP
thin-client.
This class has the same API as that of the weblogic.security.auth.login.UsernamePasswordLoginModule
class, but in this implementation, there is a new property called authOnLogin.
When true, this property forces the login method to perform authentication
(rather
than on the first invocation). The default for this new property is false.
Regards.
Memo S
"Ganapathi" <[email protected]> wrote:
If I run the JAAS example (examples/security/jaas) that comes with
wl8.1 sp1 but use wlclient.jar instead of weblogic.jar, the
LoginContext.login() method returns a Subject even if I pass in an
invalid user/password combination. If weblogic.jar is in the
classpath, a javax.security.auth.login.LoginException is thrown which
is what I want to happen for invalid credentials. When running with
wlclient.jar, the code doesn't fail until it actually attempts to
access the EJB at which point it gets a org.omg.CORBA.NO_PERMISSION.
I am trying to use JAAS to login from a swing app and I want to use
wlclient.jar instead of weblogic.jar, but I need to be able to
determine whether the login was successful without waiting until I
access a secured EJB. Why does wlclient.jar behave differently than
weblogic.jar? How can I determine if my login worked if Weblogic is
going to return a Subject no matter what username/password I pass in?
Similar Messages
-
Distributing wlclient.jar file - Licensing issues?
Hi,
I am working on creating an Eclipse plug-in which will be using wlclient.jar file. This is a open source project and is not used for commercial purpose. May I know if there are any licensing restrictions to distribute wlclient.jar as part of the free eclipse plugin project?
Thankspush
-
JAAS authentication is not working with IIOP and wlclient.jar
Hi,
I'm currently working on a remote client that requires authentication with JAAS.
The Application server is Weblogic 9.2 MP1.
The client is deployed with wlclient.jar and the used protocol is iiop.
I'm also using the default UsernamePasswordLoginModule module for authentication.
The LoginContext.login goes smoothly but the Principal Set in the obtained Subject object is empty!
Using the same code with weblogic.jar and t3 protocol the principals are filled(i.e. I can see the groups where the involved user is member).
Any suggestions ??
regards,
LucaSo, when you execute this, where exactly does it crash/stop, or what is the output you get from those dbms_output lines? Do you know the output of memberOf and are you sure that things will match?
-
Weblogic.jar vs wlclient.jar problems
Hi,
I have a swing client and am trying to get authentication working correctly.
A problem i am running across occurs when i try to login using empty strings.
new LoginContext("Sample", new SampleCallbackHandler("", "", server));
With weblogic.jar, no exceptions are thrown.
With wlclient.jar, this is thrown: "UsernamePasswordLoginModule Error: NamingException on authenticate, Unhandled exception in lookup"
Is this a bug, or am i doing something wrong? Thanks in advance.
ChetanHello Sir
Did u solve the problem
i am also getting the same problem
please help me if u found the solution -
Principals set empty when wlclient.jar used instead of weblogic.jar
Hi,
I have a swing client that makes use of JAAS for security.
When I use weblogic.jar in classpath the client works perfectly. But if I use wlclient.jar in classpath the LoginContext.login() is working fine, loginContext.getSubject() is working fine, but subject.getPrincipals() is returning a empty set. I will be using this principals to display different screens for different principals. Does any one what the solution is?
Thanks in advance
DannyWith the thin client jars there is no current programmatic way that a client could ever retrieve the principals.
Thin client uses IIOP internally and so this is currently not possible -
Weblogic9.0 wlclient.jar jdk1.5
I am using weblogic9.0 on jdk 1.5
I have a client that runs on jdk1.5. I see the following behavior:
When using weblogic.jar in the client side, everything runs fine. no issues.
When using wlclient.jar on the client side, I have to re-start weblogic after redeploying my EAR file each time.
If I do not, I get a "ClassCastException" in the backend and in the client.
Any help will be appreciated.Bhalchandra Gokhale <> writes:
You should raise a support call. Its not clear from your description
what is going on. Also its worth trying WLS 9.1 and the latest JDK 5.0 release (_06?)
andy
I am using weblogic9.0 on jdk 1.5
I have a client that runs on jdk1.5. I see the following behavior:
When using weblogic.jar in the client side, everything runs fine. no issues.
When using wlclient.jar on the client side, I have to re-start weblogic after redeploying my EAR file each time.
If I do not, I get a "ClassCastException" in the backend and in the client.
Any help will be appreciated. -
Exception while a session been lookup on weblogic 10.3.3 using wlclient.jar
Hi,
I am upgrading to weblogic 10.3.3.
I have a client that downloads the required to the client machines using Java web start 6.
I am using wlclient.jar at the client side.
When I am trying to lookup for a session bean it is throwing the below exception at the client side.
java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is:
org.omg.CORBA.MARSHAL: vmcid: 0x0 minor code: 0 completed: No
at com.sun.corba.se.impl.javax.rmi.CORBA.Util.mapSystemException(Unknown Source)
at javax.rmi.CORBA.Util.mapSystemException(Unknown Source)
at com.mbt.expert.server.util._ServerDBQueryObjectRemote_Stub.getExchangeList(Unknown Source)
at com.mbt.expert.util.DBQueryObject.getExchangeList(DBQueryObject.java:419)
at com.mbt.expert.view.dialogs.OpenExchangeDialog.actionPerformed(OpenExchangeDialog.java:425)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$000(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.Dialog$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.Dialog.show(Unknown Source)
at com.mbt.expert.view.dialogs.OpenExchangeDialog.displayDialog(OpenExchangeDialog.java:606)
at com.mbt.expert.mdi.actions.OpenExchangeAction.execute(OpenExchangeAction.java:204)
at com.mbt.mdi.MDICommand.actionPerformed(MDICommand.java:47)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$000(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.awt.EventQueue$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.awt.EventQueue$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: org.omg.CORBA.MARSHAL: vmcid: 0x0 minor code: 0 completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at com.sun.corba.se.impl.protocol.gio pmsgheaders.MessageBase.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(Unknown Source)
at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(Unknown Source)
at org.omg.CORBA.portable.ObjectImpl._invoke(Unknown Source)
... 80 more
I have checked the server logs and the server is able to receive the request from the client and fetching the required details.
I am sending these details to the client by adding to a Vector.
I have observed one more thing, the same is working in other machine which is in another network.
I have also tried with the other wl*.jar s but giving different exceptions.
My server classpath consists of weblogic.jar.
Do I have to include the client jars in my server classpath?
Please suggest me how to resolve this.
Please help me here :)Thanks for your time, :)
I have tried all the three wl*client jars, but no use. :(
Got the same error for wlclient.jar and wlfullclient.jar.
And for wlt3client.jar I got some different error which is very strange...
java.lang.AssertionError: Failed to generate class for com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:797)
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:786)
at weblogic.rmi.extensions.StubFactory.getStub(StubFactory.java:74)
at weblogic.rmi.internal.StubInfo.resolveObject(StubInfo.java:213)
at weblogic.rmi.internal.StubInfo.readResolve(StubInfo.java:207)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:197)
at weblogic.rjvm.MsgAbbrevInputStream.readObject(MsgAbbrevInputStream.java:598)
at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:193)
at weblogic.rmi.internal.ObjectIO.readObject(ObjectIO.java:62)
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:240)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at weblogic.jndi.internal.ServerNamingNode_1033_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:405)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:393)
at javax.naming.InitialContext.lookup(Unknown Source)
at com.mbt.expert.mdi.ExpertVariable.getLoginSession(ExpertVariable.java:455)
at com.mbt.expert.view.dialogs.Login.okPressed(Login.java:187)
at com.mbt.expert.view.dialogs.Login.keyPressed(Login.java:141)
at java.awt.Component.processKeyEvent(Unknown Source)
at javax.swing.JComponent.processKeyEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at weblogic.rmi.internal.StubGenerator.generateStub(StubGenerator.java:795)
... 55 more
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
at weblogic.utils.classloaders.AugmentableClassLoaderManager.getAugmentableClassLoader(AugmentableClassLoaderManager.java:48)
at weblogic.rmi.internal.ClientRuntimeDescriptor.findLoader(ClientRuntimeDescriptor.java:254)
at weblogic.rmi.internal.ClientRuntimeDescriptor.getInterfaces(ClientRuntimeDescriptor.java:132)
at weblogic.rmi.internal.StubInfo.getInterfaces(StubInfo.java:77)
at com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub.ensureInitialized(Unknown Source)
at com.mbt.expert.server.session.LoginSessionBean_tqw6yu_HomeImpl_1033_WLStub.<init>(Unknown Source)
... 60 more
Please tell me how can I get rid of this?? -
Hi
I am getting a problem while doing jndi lookup .It's throwing No_permission exeption .
I have figured out that the problem lies in using wlclient.jar as it uses iiop proptocol inside for lookup .
We do lookup from several servers .One server needs credentials for lookup and another doesn't need .
So the problem arises when i do a lookup with no credentials(As it's not required for a particular server) after a lookup with credentials(As it's required for that server) . These two lookups happening in same thread .
There is no problem occuring while using only weblogic.jar .
I think here the subject associated with a thread doesn't change when i give no credentials .
I have tried Security.runAs(....
But it's throwing exception Subjectmanager not installed .
Any help ..Pranab Dash <> writes:
I would raise a case with support. I can imagine lots of reasons why
this might be, but its not obvious what is going on.
andy
Hi
I am getting a problem while doing jndi lookup .It's throwing No_permission exeption .
I have figured out that the problem lies in using wlclient.jar as it uses iiop proptocol inside for lookup .
We do lookup from several servers .One server needs credentials for lookup and another doesn't need .
So the problem arises when i do a lookup with no credentials(As it's not required for a particular server) after a lookup with credentials(As it's required for that server) . These two lookups happening in same thread .
There is no problem occuring while using only weblogic.jar .
I think here the subject associated with a thread doesn't change when i give no credentials .
I have tried Security.runAs(....
But it's throwing exception Subjectmanager not installed .
Any help .. -
Authentication issue getting "UMELoginException"
Dear Guys,
I am facing an authentication issue. The situation is like this,
My NT password was about to expire (had 6 more days for expiry). I was able to login till yesterday and all of the sudden today, when I was trying to login, I was not able to (it gave me password change message). So I went back and changed my NT password and tried to login again into the portal, however I am still not able to. I am pasting the stack trace,
#1.5#001143FDCEA7006700000008000018C40004196E4AD849E8#1153861399615#com.sap.security.core.imp#sap.com/irj#com.sap.security.core.imp.[cf=com.sap.security.core.sapmimp.logon.SAPMLogonLogic][md=doLogon][cl=20282]#Guest#192####fff21cf01c2011dba425001143fdcea7#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###doLogon failed
[EXCEPTION]
#1#com.sap.security.core.logon.imp.UMELoginException
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:318)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:344)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
at java.security.AccessController.doPrivileged(Native Method)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:312)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:368)
at com.sap.portal.navigation.Gateway.service(Gateway.java:101)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Please help.
Regards,
DeepakHi Deepak,
it is most times that it needs to replicate through your system(s).
Regards,
Kai
PS: Please reward points if that was helpful. -
Authentication Issue, When Profile ReCreate
Hi,
i face authentication issue in SQL Server 2012 Evalution after i login in new account.
Take a look situation and what i did.
1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
2). Every Thing i Did i by using AD User name "SP_Farm"
3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
Note: during the whole process i only use SP_Farm (AD Admin User)
Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
after that i cant access Management Studio. :(
Please Guide if is there any other way.
Thanks you
Shariq Ayaz
[email protected]
www.shariqdon.com
www.shariqdon.com/itworld
www.shariqdon.comHi,
i face authentication issue in SQL Server 2012 Evalution after i login in new account.
Take a look situation and what i did.
1) I install SQL Server 2012 in Member Server (Server 2012 Standard).
2). Every Thing i Did i by using AD User name "SP_Farm"
3). I install SQL in Windows Authentication Mode only and i provide User ****\SP_Farm, when Ever Installation Ask.
Note: during the whole process i only use SP_Farm (AD Admin User)
Every thing going working fine till my mistake. By mistake i delete account SP_Farm from AD and i re create it.
Creating a user with the same name is
not the same user :-)
A user has a unique ID and you did not create the same ID, but a new user with same name.
after that i cant access Management Studio. :(
Please Guide if is there any other way.
Thanks you
Shariq Ayaz
[email protected]
www.shariqdon.com
www.shariqdon.com/itworld
www.shariqdon.com
You can try to use This solution:
http://blogs.msdn.com/b/raulga/archive/2007/07/12/disaster-recovery-what-to-do-when-the-sa-account-password-is-lost-in-sql-server-2005.aspx
* After the SQL Server Instance starts in single-user mode, the Windows Administrator account is able to connect to SQL Server using the sqlcmd utility using Windows authentication.
[Personal Site] [Blog] [Facebook] -
Essbase 6.5 External Authentication Issue!! Urgent Please!!
Hi all,
I am great trouble over an external authentication issue in Essbase 6.5. I request you all to please give me your feedback on the same as soon as possible.
I am in a situation where I need to get my Essbase 6.5 external Authentication converted from LDAP to Active Directory services.
I suppose there has been necessary changes done to the .cfg file for the same. However, I think I am getting an error
"User [vikc]'c external authentication protocol [MSEX]'s password check module is not loaded".
Please let me know if you have come across such an issue earlier and can anybody to able to help me with the same.
Its kinda Urgent. so any replies for the same will be appreciated.
Thanks and Regards,
VikramVikram,
Yes you will have to reconfigure the CSS.xml and cfg file for external auth.
Here is the Sample CSS
<spi>
<provider>
<msad name="full360">
<trusted>false</trusted>
<url>ldap://192.168.1.100:389/DC=full360,DC=com</url>
<userDN>CN=Ravinder Singh,DC=full360,DC=com</userDN>
<password>full@360</password>
<authType>simple</authType>
<identityAttribute>dn</identityAttribute>
<maxSize>1000</maxSize>
<user>
<loginAttribute>sAMAccountName</loginAttribute>
<nameAttribute>dn</nameAttribute>
</user>
<group>
<nameAttribute>cn</nameAttribute>
<objectclass>
<entry>group?member</entry>
</objectclass>
</group>
</msad>
Download this toll "http://www.ldapbrowser.com/download.htm"
LDAP browser to get the perfact DN information.
Let me know the status
Ravikant -
ACS 5.2 Authentication Issue with Local & Global ADs
Hi I am facing authentication issue with ACS 5.2. Below is AAA flow (EAP-TLS),
- Wireless Users >> Cisco WLC >> ADs <-- everything OK
- Wireless Users >> Cisco WLC >> ACS 5.2 >> ADs <-- problem
Last time I tested with ACS, it worked but didn't do migration as there'll be changes from ADs.
Now my customer wants ACS migration by creating new Group in AD, I also update ACS config.
For the user from the old group, authentication is ok.
For the user from the new group, authentication fails. With subject not found error, showing the user is from the old group.
Seems like ACS is querying from old records (own cache or database). Already restared the ACS but still the same error.
Can anyone advice to troubleshoot the issue?
Note: My customer can only access their local ADs (trusted by Global ADs). Local ADs & ACS are in the same network, ACS should go to local AD first.
How can we check or make sure it?
Thanks ahead,
YeHello,
There is an enhacement request open already:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte92062
ACS should be able to query only desired DCs
Symptom:
Currently on 5.0 and 5.1, the ACS queries the DNS with the domain, in order to get a list of all the DCs in the domain and then tries to communicate with all of them.If the connection to even one DC fails, then the ACS connection to the domain is declared as failed.A lot of customers are asking for a change on this behavior.
It should be possible to define which DCs to contact and/or make ACS to interpret DNS Resource Records Registered by the Active Directory Domain Controller to facilitate the location of domain controllers. Active Directory uses service locator, or SRV, records. An SRV record is a new type of DNS record described in RFC 2782, and is used to identify services located on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.
Conditions:
Domain with multiple DCs were some are not accessible from the ACS due to security/geographic constraints.
Workaround:
Make sure ALL DCs are UP and reachable from the ACS.
At the moment, we cannot determine which Domain Controller on the AD the ACS will contact. The enhacement request will include a feature on which we can specify the appropriate the Domain Controllers the ACS should contact on a AD Domain.
Hope this clarifies it.
Regards. -
Wireless Client Authentication issues when roaming Access Points (Local)
I have a Cisco 5508 with Software version 7.4.121.0 and Field Recovery 7.6.101.1.
There are a handful of clients that when roaming between AP's with the same SSID that get an authentication issue and have to restart the wireless to get back on.
From Cisco ISE
Event
5400 Authentication failed
Failure Reason
11514 Unexpectedly received empty TLS message; treating as a rejection by the client
Resolution
Ensure that the client's supplicant does not have any known compatibility issues and that it is properly configured. Also ensure that the ISE server certificate is trusted by the client, by configuring the supplicant with the CA certificate that signed the ISE server certificate. It is strongly recommended to not disable the server certificate validation on the client!
Root cause
While trying to negotiate a TLS handshake with the client, ISE expected to receive a non-empty TLS message or TLS alert message, but instead received an empty TLS message. This could be due to an inconformity in the implementation of the protocol between ISE and the supplicant. For example, it is a known issue that the XP supplicant sends an empty TLS message instead of a non-empty TLS alert message. It might also involve the supplicant not trusting the ISE server certificate for some reason. ISE treated the unexpected message as a sign that the client rejected the tunnel establishment.
I am having a hard time figuring out what is causing this. My assumption is if there were a problem with the Controller or AP configurations then it would happen to everyone. My further assumption is if the client had a problem with their laptop (windows 7) then why does work at other times? So I have checked and the ISE certificate is trusted by client.
Is something happening that the previous access point is holding on to the mac and the return authentication traffic is going to the old AP instead of the new one or something like that which is corrupting the data?
I also had this from Splunk for the same client:
Mar 5 13:44:51 usstlz-piseps01 CISE_Failed_Attempts 0014809622 1 0 2015-03-05 13:44:51.952 +00:00 0865003824 5435 NOTICE RADIUS: NAS conducted several failed authentications of the same scenario
FailureReason="12929 NAS sends RADIUS accounting update messages too frequently"
Any help on this would be appreciated. These error messages give me an idea but doesn't give me the exact answer to why the problem occurred and what needs to be done to fix it.
ThanksFurther detail From ISE for the failure:
11001
Received RADIUS Access-Request
11017
RADIUS created a new session
15049
Evaluating Policy Group
15008
Evaluating Service Selection Policy
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
11507
Extracted EAP-Response/Identity
12500
Prepared EAP-Request proposing EAP-TLS with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12301
Extracted EAP-Response/NAK requesting to use PEAP instead
12300
Prepared EAP-Request proposing PEAP with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12302
Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
12318
Successfully negotiated PEAP version 0
12800
Extracted first TLS record; TLS handshake started
12805
Extracted TLS ClientHello message
12806
Prepared TLS ServerHello message
12807
Prepared TLS Certificate message
12810
Prepared TLS ServerDone message
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
11514
Unexpectedly received empty TLS message; treating as a rejection by the client
12512
Treat the unexpected TLS acknowledge message as a rejection from the client
11504
Prepared EAP-Failure
11003
Returned RADIUS Access-Reject -
OOME when doing RMI with wlclient.jar
Hi,
I'm calling EJB-components that are hosted on a WLS 8.1 server.
The client uses wlclient.jar from WLS 9 distribution (WebLogic Server 9.2 Fri Jun 23 20:47:26 EDT 2006 783464) and jre 1.5.0_11.
I get OOME at the client after doing several hundred EJB calls.
I have checked that the client code does not leak ejb-references, initial contexts etc. I have also tried to call ejb remove and close the initialcontext and start anew but it does not help, the "com.sun.corba.se.impl.orbutil.CacheTable" still becomes the top heap consumer.
The outline of how the program proceeds is:
1. create initial context
2. lookup ejb home
3. call the create-method of a stateless session bean
4. call some ejb business methods several hundred times
-- here is the OOME, most often not during the ejb call, but when memory is examined the RMI-implementation objects are filling the heap
5. call ejb remove
6. close initial context
So that's the problem. How could I get around this?
I included some HPROF statistics below. HPROF made the stats immidiately after the OOME . All the top rank rows are related to RMI implementation classes, not application classes.
Regards,
Kari
SITES BEGIN (ordered by live bytes) Tue Oct 06 12:02:10 2009
percent live alloc'ed stack class
rank self accum bytes objs bytes objs trace name
1 10.29% 10.29% 3758560 3614 39151840 37646 310238 byte[]
2 9.31% 19.60% 3400848 45698 3400848 45698 312167 char[]
3 5.46% 25.06% 1994432 62326 3528256 110258 312197 com.sun.corba.se.impl.orbutil.CacheTable$Entry
4 3.21% 28.27% 1172952 8747 1172952 8747 312066 char[]
5 3.00% 31.27% 1096752 45698 1096752 45698 312166 java.lang.String
6 2.90% 34.17% 1059688 6869 1089912 7103 310593 byte[]
7 2.30% 36.47% 838592 26206 2827456 88358 312171 com.sun.corba.se.impl.orbutil.CacheTable$Entry
8 2.19% 38.65% 798200 25112 798200 25112 306612 char[]
9 2.02% 40.67% 738552 30773 769344 32056 310605 java.util.HashMap$Entry
10 1.99% 42.66% 727064 6991 3915184 37646 310235 com.sun.corba.se.impl.encoding.CDROutputStream_1_2
11 1.84% 44.50% 671712 1294 1196448 3818 312195 com.sun.corba.se.impl.orbutil.CacheTable$Entry[]
12 1.84% 46.34% 671712 1294 1196448 3818 312196 com.sun.corba.se.impl.orbutil.CacheTable$Entry[]
13 1.65% 48.00% 604472 6869 625064 7103 310578 com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl
14 1.65% 49.65% 603792 25158 628680 26195 300952 java.util.HashMap$Entry
15 1.65% 51.30% 602688 25112 602688 25112 306611 java.lang.String
16 1.50% 52.80% 549520 6869 568240 7103 310599 com.sun.corba.se.impl.protocol.giopmsgheaders.RequestMessage_1_2
17 1.50% 54.31% 549520 6869 568240 7103 310587 java.util.HashMap$Entry[]
18 1.44% 55.74% 524352 4 524352 4 302751 java.util.HashMap$Entry[]
19 1.26% 57.00% 460632 3387 475592 3497 310457 com.sun.corba.se.impl.interceptors.ClientRequestInfoImpl
20 1.21% 58.21% 441072 9189 2515152 52399 304085 java.nio.HeapByteBuffer
21 1.05% 59.27% 385000 6875 397768 7103 310405 com.sun.corba.se.impl.legacy.connection.SocketFactoryContactInfoImpl
22 1.03% 60.29% 375120 15630 375120 15630 313808 java.lang.StackTraceElement
23 1.00% 61.29% 364728 3507 1939496 18649 309771 com.sun.corba.se.impl.encoding.CDRInputStream_1_2
24 0.96% 62.25% 349696 3877 5040200 58488 310969 char[]
25 0.90% 63.15% 329712 6869 340944 7103 310231 com.sun.corba.se.impl.encoding.CDROutputObject
26 0.77% 63.92% 279904 8747 279904 8747 312070 com.sun.corba.se.impl.orbutil.CacheTable$Entry
27 0.75% 64.67% 275040 6876 365360 9134 304217 char[]
28 0.75% 65.42% 274760 6869 284120 7103 310586 java.util.HashMap
29 0.74% 66.16% 271200 3390 289920 3624 310960 java.util.HashMap$Entry[]
30 0.74% 66.91% 271200 3390 289920 3624 310941 com.sun.corba.se.impl.protocol.giopmsgheaders.ReplyMessage_1_2
31 0.74% 67.65% 271120 3389 287360 3592 311344 java.util.HashMap$Entry[]
32 0.67% 68.32% 243984 10166 257856 10744 310884 java.util.HashMap$Entry
33 0.67% 68.99% 243984 10166 257856 10744 310879 com.sun.corba.se.spi.servicecontext.UnknownServiceContext
34 0.65% 69.64% 239272 2583 908696 10308 300090 char[]
35 0.60% 70.24% 219808 6869 227296 7103 310799 com.sun.corba.se.impl.encoding.BufferManagerWriteStream
36 0.60% 70.84% 219808 6869 227296 7103 310584 com.sun.corba.se.spi.servicecontext.ServiceContexts
37 0.57% 71.42% 209928 8747 209928 8747 312065 java.lang.String
38 0.56% 71.98% 205776 8574 205776 8574 313784 java.lang.StackTraceElement
39 0.54% 72.52% 196800 5427 427112 11183 310920 byte[]
40 0.54% 73.06% 196352 1700 444904 4043 310971 char[]
41 0.47% 73.53% 172056 7169 172056 7169 312484 java.lang.StackTraceElement
42 0.47% 73.99% 170000 2125 178800 2235 311358 java.util.HashMap$Entry[]Andy Piper wrote:
Configuration:
=============
* Windows 2000 Prof SP3
* Sun JDK 1.4.1_01 (1.4.2)Incidentally you should be using 1.4.1_03 (or later) in the client if
you are using wlclient.jar.I tried some combinations of WL and client JDKs,
even that:
* WL started under Sun JDK 1.4.2
* client started under Sun JDK 1.4.2
* all classes (EJBs, value objects, etc)
compiled under Sun JDK 1.4.2
>
>
FAIL because of java.rmi.MarshalException
weblogic.iiop.IIOPInputStream.checkChunk(IIOPInputStream.java:449)
at
weblogic.iiop.IIOPInputStream.read_longlong(IIOPInputStream.java:1002)There is known bug with reading longs inside a chunked value. This is
fixed in SP2 and the relevant CR is CR124377 - you can get a patch for
SP1 from support.It's realy very nice news for us.
Thank you very match for help and quick response.
Best regards,
Eugene Voytitsky -
Is it possible to bypass JAAS authentication and use Authorisation alone?
I have to implement jsp level security (by checking roles) for my JSF application.
Authentications in my appln are done by a different servers. I don't want to disturb that.
I have to implement authorisation alone using JAAS.
Is it possible to bypass JAAS authentication and use Authorisation alone?
I am using custom login module( implements DatabaseLoginModule) for authorisation.
Moreover, after logging in, when a user tries to access a secured jsp page, he should NOT be redirected to login page again. Rather the role checks should be done using existing user credentials stored somewhere. How to invoke the custom DataBaseLoginModule without taking user to login screen?
Any help would be great.
Thanks,
Adhil.JI have to implement jsp level security (by checking roles) for my JSF application.
Authentications in my appln are done by a different servers. I don't want to disturb that.
I have to implement authorisation alone using JAAS.
Is it possible to bypass JAAS authentication and use Authorisation alone?
I am using custom login module( implements DatabaseLoginModule) for authorisation.
Moreover, after logging in, when a user tries to access a secured jsp page, he should NOT be redirected to login page again. Rather the role checks should be done using existing user credentials stored somewhere. How to invoke the custom DataBaseLoginModule without taking user to login screen?
Any help would be great.
Thanks,
Adhil.J
Maybe you are looking for
-
Please can anyone help. I decided to partition my disk so that I could use both windows XP and mac as Apple says you can, however I have incurred a problem part way through the process. I created a partition for windows and then inserted my Windows X
-
Space issue in smartform(very urgent)
Hi , Im printing vendor address in a RFQ. In that i have to print different fields like, company name address city, region postal code responsible sales person tel no. if the "responsible sales person" field is blank then im getting a blank space the
-
Authorisation in integration and configuration builder
Hello, I wonder how you can set up authorisation within the integration and configuraion builder ? I mean authorisation (security) at the level of 'Party' or 'service' in the configuration builder or 'SWC' or namespace within SWC' in the integratio
-
I have recently installed Windows 8 Dev Preview. I would like to know if anyone else is in the same situation and knows a solution? When I connect my iPhone to iTunes doesn't see it in the list of devices, however I did get the same prompt to install
-
Any idea when aperture3 will be updated to add the oly XZ-1?
I won't bring one in till I can use aperture3 with it and I am hopeful, but have not clue how long it takes apple to get around to these things. I have been shooting a camera that's RAW format is DNG so no issues till now with OFG I think it is and t