Ws-security runtime authentication subject

Hi,
When the ws-runtime performs the authentication based on the security token, does it attach the authenticated subject to the current thread?
In the server-side handler for a webservices on which ws-security is enabled via ws-policy, if I call
SubjectUtils.getUsername(weblogic.security.Security.getCurrentSubject()
I am not getting the username i passed in the token as the authenticated subject.
Can you please tell me which user does it attach to the current thread in webservices?

Thanks for reply.
Does that mean - there is NO WAY for X.509 certificate Authentication between OEG and OAM - regardless any OEG filter ?
Cliff

Similar Messages

How to access the authenticated Subject?

Hello
I'm using WS Security, and I have made a custom login module. I have registered the login module and he is working fine. But I have problems accessing later the authenticated subject.
Any suggestions ?

Hi,
where do you store the authenticated Subject ?
Frank

Java.lang.SecurityException: [Security:090398]Invalid Subject - multithre..

Hi
I am getting java.lang.SecurityException: [Security:090398]Invalid Subject ... under the following scenario:
- I have a simple dispatcher class which is starting a number of threads, every one of them sending messages to different Weblogic server.
- The dispatcher class is a simple Java class, running from outside of Weblogic server; the authentication is done using the JNDI login.
- The message sender threads create an InitialContext for each message being sent and the context is closed after succesfully sending the message.
With just one message sender thread running, everything is OK.
The problems appear when at least two threads run at the same time. What happens is that one of the threads sends messages successfully while the other ones fail with:
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[user1, role1, role2, role3, role4]
at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:138)
at weblogic.jms.dispatcher.DispatcherImpl_812_WLStub.dispatchSyncFuture(Unknown Source)
at weblogic.jms.dispatcher.DispatcherWrapperState.dispatchSync(DispatcherWrapperState.java:339)
at weblogic.jms.client.JMSConnection.createSessionInternal(JMSConnection.java:400)
at weblogic.jms.client.JMSConnection.createTopicSession(JMSConnection.java:359)
at com.delta.parser.test.TestMessageThread.sendMessage(TestMessageThread.java:54)
at com.delta.parser.test.TestMessageThread.run(TestMessageThread.java:34)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[user1, role1, role2, role3, role4]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:182)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:825)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:300)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:923)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:844)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:222)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:570)
at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
The environment is Weblogic 8.1 (WebLogic Platform Developer license) running on Windows XP Professional.
In the classpath I have the following weblogic jar files: weblogic.jar, wlclient.jar, wljmsclient.jar.
The code that is generating the exceptions is:
/****************** Dispatcher ************************/
package test;
public class TestThreadDispatcher {
public TestThreadDispatcher() {
public static void main(String[] args) {
TestThreadDispatcher instance = new TestThreadDispatcher();
instance.doTest();
private void doTest() {
TestMessageThread t1 = new TestMessageThread("weblogic.jndi.WLInitialContextFactory",
"t3://pc10:7001",
"user1",
"passwd");
t1.start();
TestMessageThread t2 = new TestMessageThread("weblogic.jndi.WLInitialContextFactory",
"t3://sjn:7001",
"user1",
"passwd");
t2.start();
TestMessageThread t3 = new TestMessageThread("weblogic.jndi.WLInitialContextFactory",
"t3://pc99:7001",
"user1",
"passwd");
t3.start();
/****************** Message sender thread **************/
package test;
import java.util.*;
import javax.jms.*;
import javax.naming.*;
import com.delta.parser.util.*;
public class TestMessageThread extends Thread implements ParserConstants {
private Hashtable environment;
public TestMessageThread(String initialFactory,
String url,
String principal,
String credentials) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
initialFactory);
env.put(Context.PROVIDER_URL,
url);
env.put(Context.SECURITY_PRINCIPAL,
principal);
env.put(Context.SECURITY_CREDENTIALS,
credentials);
environment = env;
public void run() {
int cnt = 0;
while(true) {
sendMessage("" + cnt++);
try {
sleep(500);
} catch (InterruptedException iex) {
private void sendMessage(String text) {
try {
Context ctx = new InitialContext(environment);
TopicConnectionFactory factory = (TopicConnectionFactory)
ctx.lookup("javax.jms.TopicConnectionFactory");
TopicConnection connection = factory.createTopicConnection();
TopicSession session = connection.createTopicSession(false,
javax.jms.Session.AUTO_ACKNOWLEDGE);
Topic topic = (Topic)ctx.lookup("FileTopic");
TopicPublisher publisher = session.createPublisher(topic);
TextMessage message = session.createTextMessage(text);
publisher.publish(message);
System.out.println("Message " + text + " sent to " +
environment.get(Context.PROVIDER_URL));
ctx.close();
catch (JMSException jmsex) {
jmsex.printStackTrace();
catch (NamingException nex) {
nex.printStackTrace();
catch (SecurityException scex) {
scex.printStackTrace();
Any workarounds for this?
BTW, I also tried using weblogic.jndi.Environment to obtain an InitialContext and wrapping the code inside thread's run() into Security.runAs(subject, new PrivilegedAction() { ....}, without success.
Thanks in advance
Mirel Rata

Hi Kiran,
Thank you for replying.
Unfortunately the fix you suggested did not solve the problem. The server version I'm using is 8.1.
The application I'm sending messages from is a standalone Java application, does not run from inside Weblogic server.
Any thoughts?
Regards,
Mirel Rata

How To tell ADF Framework to use my authenticated subject?

Hi,
let's say that I have a subject instance which is authenticated through Weblogic server. Now I want to use this authenticated subject to protect my resources using ADF Security. So how should I tell this to ADF framework programmaically. For example I can think of storing my principal and roles in some type of objects and store it in session in a format that's understandable by the framework. By understandable I mean ADFContext.getCurrent.getSecurityContext.isUserAuthenticated returns true, getPrincipal returns my authenticated principal. I appreciate your helps.
Best Regards,
Salim

Hi Chris,
I want to implement programmatic authentication. I was able to authenticate given the LoginModule (weblogic.security.auth.login.UsernamePasswordLoginModule), LoginContext (javax.security.auth.login.LoginContext) and a callback handler.
try {
loginContext.login();
Subject subject = loginContext.getSubject();
It authenticates successfully. But he problem is that it does not push authenticated subject into session. My guess is that there should be a way to configure application server to use this subject for the session. I understand that adf security just delegates calls to application server. I thought may be there is a way to do it with adf. Thanks for the reply.
Best Regards,
Salim

Bind authenticated Subject to container

In a web application I use JAAS to authenticate users of the web application. When the authentication is successful, I retrieve the authenticated Subject from my LoginContext using the getSubject() method. As a result of the successful authentication, one or more Principal objects will be associated with this Subject.
Here is the point: After the user has been authenticated, I want to use the isUserInRole() method to check whether the user possesses certain roles (i.e. Principal objects). However, in order to do so, the container which runs the web application (JBoss 4) must know about the authenticated Subject. In other words: Before I can use the isUserInRole() method, I must somehow bind the authenticated Subject to the container. Is there a way in which this can be accomplished?
Note: I do not want to use container managed security by enabling FORM authentication in web.xml because this has as disadvantage that I lose the control over the authentication process (JBoss wil then under the hood instantiate a LoginContext object and there is no way, as far as I know, to obtain a reference to this LoginContext).
Thanks for any help.
Ronald

We have a howto for custom login modules here:
http://www.oracle.com/technology/tech/java/oc4j/1013/how_to/howtocustomjaasprovider/doc/howtocustomjaasprovider.html
As far as adding a third field, I think this would be managed in a login module's callback handler. This is from our docs:
A callback handler is a javax.security.auth.callback.CallbackHandler
instance that allows a login module to interact with a user to obtain login information.
The only method specified by CallbackHandler is the handle(Callback[])
method, which takes an array of callbacks, which are instances of a class that
implements the java.security.auth.callback.Callback interface. Callbacks
do not retrieve or display requested information from the underlying security service,
but simply provide the functionality to pass the requests to an application and, as
applicable, to return the requested information back to the security service.
Callback implementations in the javax.security.auth.callback package include: a
name callback handler (NameCallback) to handle a user name, a password callback handler (PasswordCallback) to handle a password, and a text input callback
handler (TextInputCallback) to handle any field in a login form other than a user
name or password field.
If authentication succeeds, then the authenticated subject can be retrieved by invoking
the getSubject() method of the LoginContext instance.
Different login modules can be configured with different applications, and a single
application can use multiple login modules. The JAAS framework defines a two-phase
authentication process to coordinate the login modules configured for an application.
You would probably follow these steps:
1. Create a LoginContext
2. Pass the CallbackHandlers to the LoginContext for gathering/processing authentication data
3. Then authenticate by calling the LoginContext's login() method
I think you can google examples of the TextInputHandler callback

Error:- weblogic.security.SecurityInitializationException: Authentication

Hi,
I am getting below error when ever i am trying to start the Managed server in cluster environment(unix).
I am able to start the server on local machine but in case of remote machine its not gettig started.
I have tried most of the steps as mentioned below:-
1) Changed the weblogic passowrd.
2) Delete boot.properties.
3) deleted $DOMAIN_DIR\servers\<admin-server-name>\data\ldap
4) Followed below post also but nothing worked:-
https://forums.oracle.com/forums/thread.jspa?threadID=956750&start=30&tstart=0
####<Nov 14, 2011 7:41:28 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888310> <BEA-000000> <WebLogic Server "soa_server2" version:
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Nov 14, 2011 7:41:28 PM IST> <Notice> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888419> <BEA-170019> <The server log file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/logs/soa_server2.log is opened. All server side log events will be written to this file.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888426> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Diagnostics> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888494> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3s" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "http" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "https" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888561> <BEA-002622> <The protocol "iiop" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "iiops" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldap" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888564> <BEA-002622> <The protocol "cluster" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888565> <BEA-002622> <The protocol "clusters" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "snmp" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "admin" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888569> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <RJVM> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888583> <BEA-000570> <Network Configuration for Channel "soa_server2"
Listen Address          172.17.103.42:8101
Public Address          N/A
Http Enabled          true
Tunneling Enabled     false
Outbound Enabled     false
Admin Traffic Enabled     true>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889336> <BEA-002609> <Channel Service initialized.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889410> <BEA-000436> <Allocating 4 reader threads.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889412> <BEA-000446> <Native IO Enabled.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <IIOP> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889612> <BEA-002014> <IIOP subsystem enabled.>
####<Nov 14, 2011 7:41:32 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279892649> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893102> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893224> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_qMT60FRl3kIPYftFoWhBFbhSxuY=>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893501> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893509> <BEA-090074> <Initializing Authorizer provider using LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893921> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-090827> <LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894250> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894251> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894265> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server soa_server2 for security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090082> <Security initializing using security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894594> <BEA-090403> <Authentication for user weblogic denied>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894596> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
     at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
     at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
     at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
     at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy28.login(Unknown Source)
     at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
     at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy46.authenticate(Unknown Source)
     at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
     at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000365> <Server state changed to FAILED>
####<Nov 14, 2011 7:41:34 PM IST> <Error> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894608> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894618> <BEA-000236> <Stopping execute threads.>
Please help.
thanks in advance

I've tried every trick in the book but no luck and finally I found a solution for this problem. Maybe it is not the best practice but it works:
1-Uninstall JDeveloper.
2-Delete Oracle Middleware file located in C:\Oracle
3-Delete the JDeveloper file located in C:\Users\MyUser\AppData\Roaming (Because the integrated Weblogic server is actually there)
4-Reinstall JDeveloper
That solved the issue.
Thanks

Security Problem when call EJB in servlet:[Security:090398]Invalid Subject

Hi guys,
I have several years experience with Java and EJB developing,but still I cann't explain this problem although I already knew the fix...
Please,can anyone help me to explain why? Thanks very much!
Ok,the problem is when I call a remote EJB in one method ,that is everything about EJB is in one method,then everything is ok.But when I just return the
*remote service object from an helper class's static method, and call the service in servlet ,then I get java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076],which sundan076 is username login into the web application.*
The right way, call method directCall(param) ; The wrong way, call method staticToolCall(final Map param) .
public class EJBServletClient extends HttpServlet
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
          this.doPost(request, response);
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
               IOException
          try
               Map<String, String> param = new HashMap<String, String>();
               param.put("CTS_CUSTOMER_ID", request.getParameter("CTS_CUSTOMER_ID"));
               param.put("CTS_TASK_ID", request.getParameter("CTS_TASK_ID"));
               param.put("SERIALNO", request.getParameter("SERIALNO"));
               param.put("CUSTOMER_SERVICE_UM", request.getParameter("CUSTOMER_SERVICE_UM"));
               Map result = this.directCall(param);
               System.out.println(result);
          } catch (Exception e)
               e.printStackTrace();
               throw new ServletException(e);
     private Map directCall(Map param) throws Exception
          Context context = null;
          try
               Properties p = new Properties();
               p.put(Context.PROVIDER_URL, "t3://10.25.32.13:31256");
               p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
               p.put(Context.SECURITY_PRINCIPAL, "username");
               p.put(Context.SECURITY_CREDENTIALS, "password");
               context = new InitialContext(p);
               BizApplyServiceHome home = (BizApplyServiceHome) PortableRemoteObject.narrow(
                         context.lookup("ejb/rcs-css/BizApplyService"), BizApplyServiceHome.class);
               BizApplyService bizApplyService = home.create();
               return bizApplyService.modifyApplyCustomerInfo(param);
          } finally
               if (context != null)
                    context.close();
     private Map staticToolCall(final Map param) throws Exception
          BizApplyService bizApplyService = EJBTool.getBizApplyService();
          return bizApplyService.modifyApplyCustomerInfo(param);
public class EJBTool
     public static BizApplyService getBizApplyService() throws Exception
          Context context = null;
          try
               Properties p = new Properties();
               p.put(Context.PROVIDER_URL, "t3://10.25.32.13:31256");
               p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
               p.put(Context.SECURITY_PRINCIPAL, "username");
               p.put(Context.SECURITY_CREDENTIALS, "password");
               context = new InitialContext(p);
               BizApplyServiceHome home = (BizApplyServiceHome) PortableRemoteObject.narrow(
                         context.lookup("ejb/rcs-css/BizApplyService"), BizApplyServiceHome.class);
               return home.create();
          } finally
               if (context != null)
                    context.close();
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076]
     at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
     at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
     at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
     at com.pingan.rcs.css.biz.service.remote.ejb.bizApplyService_u7jjbk_EOImpl_1032_WLStub.modifyApplyCustomerInfo(Unknown Source)
     at com.pingan.pafax.web.EJBServletClient.staticToolCall(EJBServletClient.java:80)
     at com.pingan.pafax.web.EJBServletClient.doPost(EJBServletClient.java:43)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076]
     at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:835)
     at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:524)
     at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:315)
     at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:875)
     at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:310)
     at weblogic.rmi.cluster.ClusterableServerRef.dispatch(ClusterableServerRef.java:242)
     at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1138)
     at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1020)
     at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
     at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:882)
     at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:453)
     at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:322)
     at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
     at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:915)
     at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:854)
     at weblogic.socket.EPollSocketMuxer.dataReceived(EPollSocketMuxer.java:215)
     at weblogic.socket.EPollSocketMuxer.processSockets(EPollSocketMuxer.java:177)
     at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
     at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
Edited by: 993478 on 2013-3-12 下午8:40

I tried your way,it works! Still ,does anyone know why staticToolCall() raised exception?
By the way,here is the code as you suggested:
public class EJBServletClient extends HttpServlet
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
               IOException
          Context context = null;
          try
               Map<String, String> param = new HashMap<String, String>();
               param.put("CTS_CUSTOMER_ID", request.getParameter("CTS_CUSTOMER_ID"));
               param.put("CTS_TASK_ID", request.getParameter("CTS_TASK_ID"));
               param.put("SERIALNO", request.getParameter("SERIALNO"));
               param.put("CUSTOMER_SERVICE_UM", request.getParameter("CUSTOMER_SERVICE_UM"));
               //Map result = this.staticToolCall(param);
               Properties p = new Properties();
               p.put(Context.PROVIDER_URL, "t3://10.25.32.13:31256");
               p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
               p.put(Context.SECURITY_PRINCIPAL, "username");
               p.put(Context.SECURITY_CREDENTIALS, "password");
               context = new InitialContext(p);
               Map result=EJBTool.modifyApplyCustomerInfo(context, param);
               System.out.println(result);
          } catch (Exception e)
               e.printStackTrace();
               throw new ServletException(e);
          }finally
               if (context != null)
                    try{context.close();} catch (NamingException e){e.printStackTrace();}
public class EJBTool
     public static Map modifyApplyCustomerInfo(Context context, Map param) throws Exception
          BizApplyServiceHome home = (BizApplyServiceHome) PortableRemoteObject.narrow(
                    context.lookup("ejb/rcs-css/BizApplyService"), BizApplyServiceHome.class);
          BizApplyService bizApplyService = home.create();
          Map result = bizApplyService.modifyApplyCustomerInfo(param);
          return result;
}

Java.lang.SecurityException: [Security:090398]Invalid Subject: WEBLOGIC 9.1

Hi
I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
I have enaled the trust between my two domains. Set the required class path settings.
My client call is from a JSP , say client.jsp.
Here I get remote object of the EJB and calls the required method
Now
1) My EJB calls are succesful when I DO NOT secure it
2) but when I make it is secured , ie when I
include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
, it gives me the follwing error
The stack trace is given below
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.ebreviate.security.wl9realm.EBRUser@a09a08, ess, everyone]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
Truncated. see log file for complete stacktrace
Any idea why it is ?
Please let me know
Thanks
Binu
Edited by binurajkr at 01/25/2008 4:36 AM

Hi. Contact official BEA Support. This is likely
to be a known issue with a patch available to fix it.
Joe
binu raj wrote:
Hi
I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
I have enaled the trust between my two domains. Set the required class path settings.
My client call is from a JSP , say client.jsp.
Here I get remote object of the EJB and calls the required method
Now
1) My EJB calls are succesful when I DO NOT secure it
2) but when I make it is secured , ie when I
include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
, it gives me the follwing error
The stack trace is given below
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.ebreviate.security.wl9realm.EBRUser@a09a08, ess, everyone]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
Truncated. see log file for complete stacktrace
Any idea why it is ?
Please let me know
Thanks
Binu
Edited by binurajkr at 01/25/2008 4:36 AM

Java.lang.SecurityException: [Security:090398]Invalid Subject

Hi
          I am getting this error when I am making an EJB method which resides in a different weblogic 9.1 server.
          I have enaled the trust between my two domains. Set the required class path settings.
          My client call is from a JSP , say client.jsp.
          Here I get remote object of the EJB and calls the required method
          Now
          1) My EJB calls are succesful when I DO NOT secure it
          2) but when I make it is secured , ie when I
          include the jsp in secured URL ie. under <security-constraint><url-pattern>client.jsp</> in web.xml
          , it gives me the follwing error
          The stack trace is given below
          java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.ebreviate.security.wl9realm.EBRUser@a09a08, ess, everyone]
          at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:191)
          at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:315)
          at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:250)
          at weblogic.jndi.internal.ServerNamingNode_910_WLStub.lookup(Unknown Source)
          at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:374)
          Truncated. see log file for complete stacktrace
          Any idea why it is ?
          Please let me know
          Thanks
          Binu

I got this issue resolved by setting
          Context.SECURITY_PRINCIPAL, "" , before the RMI ejb call
          Binu

Java.lang.SecurityException: [Security:090398]Invalid Subject: admin

I have a class that is used to check the status of all managed server in a domain. I use this class to check on the status of multiple domains.
I have a for loop over all the domains and then invoke the method below, one for each domain (I instantiate the class anew for each domain)
The 1st domain connects and returns the status properly. However on subsequent iterations thru the look I get the following SecuriyException below. I have tried a number of things such as setting MBeanHome to null etc but this error repeats anytime I connect to N+1 domains.
Is there a fix for this.
Note: I am using WLS 8.1 SP3 thru 5. And I know the username & pwd is correct cause I can connect using to the admin console using the same username & password and am part of the Administrators group.
Exception on the client on N+1 connect attemp:
java.lang.SecurityException: [Security:090398]Invalid Subject: admin
at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.j
ava:108)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:137)
at weblogic.management.internal.AdminMBeanHomeImpl_815_WLStub.getDomainN
ame(Unknown Source)
Exception on the server:
####<Mar 28, 2006 2:59:51 PM CST> <Warning> <RMI> <htx6056> <AdminServer> <Execu
teThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <BEA-080003>
<RuntimeException thrown by rmi server: weblogic.rmi.internal.BasicServerRef@10
2 - hostID: '-4547912678907759832S:htx6056.cce.hp.com:[10250,10250,10251,10251,1
0250,10251,-1,0,0]:arc_prd1:AdminServer', oid: '258', implementation: 'weblogic.
management.internal.AdminMBeanHomeImpl@1e22632'
java.lang.SecurityException: [Security:090398]Invalid Subject: admin.
java.lang.SecurityException: [Security:090398]Invalid Subject: admin
The code:
public void checkWebLogicServerState( String user, String pass, String url ) throws Exception {
          MBeanHome home = Helper.getAdminMBeanHome( user, pass, url );
          Set beans = home.getMBeansByType( "Server", home.getDomainName( ));
          for( Iterator iter = beans.iterator( ); iter.hasNext( );){
               WebLogicMBean bean = (WebLogicMBean)iter.next( );
               WebLogicObjectName objName = bean.getObjectName( );
               String serverName = objName.getName( );
               String location = objName.getLocation( );
               ServerRuntimeMBean serverRuntimeMBean = null;
               try {
                    serverRuntimeMBean = (ServerRuntimeMBean)home.getMBean( serverName, "ServerRuntime", home.getDomainName( ), serverName);
                    String state = serverRuntimeMBean.getState( );
                    System.out.println( "\t[" + serverName + "] IS " + state + "." );
               } catch( Exception ex ) {
                    System.out.println( "\t[" + serverName + "] IS NOT RUNNING." );
     }

I worked around the problem by removing the usage of the weblogic.management.Helper and using standard JNDI lookups instead.
Clearly there is a bug in the Helper class that stores securtiy information in a static variable since it cannot be re used within the same JVM/Classloader without sharing the security information.
Used instead:
               Environment env = new Environment();
               env.setProviderUrl( url );
               env.setSecurityPrincipal( user );
               env.setSecurityCredentials( pass );
               Context ctx = env.getInitialContext( );
               home = (MBeanHome)ctx.lookup( MBeanHome.ADMIN_JNDI_NAME );

Java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[

HI,
I am trying to monitor multiple weblogic servers, I am getting the exception when the program is trying to read multiple domains of the same weblogic server version 8.1.
Can any one help me in getting this fix programatically using weblogic.management.*;
I have searched all the sites where I got only a perticular solution which states to maintain the same domain level credentials.
please reply me back if there is a programatical approach to fix this exception.
The exception is given below:
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
     at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
     at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:138)
     at weblogic.management.internal.AdminMBeanHomeImpl_811_WLStub.getDomainName(Unknown Source)
     at MonitorServers.getDataWeblogic(MonitorServers.java:138)
     at MonitorServers.getServers(MonitorServers.java:89)
     at MonitorServers.main(MonitorServers.java:352)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
     at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
     at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:181)
     at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:814)
     at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:299)
     at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:920)
     at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:841)
     at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:222)
     at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
     at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:570)
     at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
     at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
Thanks in advance

Hi,
I think that if you don't specify the credentials, the current one will be used to connect to the server.
Try to specify the guest identity by explicitely adding the following properties to override the current identity
               properties.put(Context.SECURITY_PRINCIPAL, "");
properties.put(Context.SECURITY_CREDENTIALS, "");
Otherwise you will need to setup a trust between the servers.
I Hope this helps.
Giorgio Anastopoulos

PHP_MySQL version of a high security user authentication web app.

Since you folks deal with PHP Application Development, I am posting this here.
For a demo of the PHP_MySQL version of the UltraSuite High Security User Authentication Web Application, you can sign up at http://bit.ly/hgNjek.
It offers a multi-layered approach security approach towards protecting important information like user authentication credentials. Protection from dictionary attacks, rainbow table attacks, brute force attacks, SQL injection attacks and much more.
I hope your feedback will help make the application even more useful and secure.
Thank you!
J.S.

Hi,
could you or someone tell me if ADDT supports protection against these methods you mention:
Protection from dictionary attacks, rainbow table attacks, brute force attacks, SQL injection attacks and much more??
And can this system work alongside ADDT?
thanks again

Weblogic.security.SecurityInitializationException: Authentication for user

Folks,
I've newly installed Weblogic server on my home laptop.
I can't startup the weblogic server.
Errors are
Now, I know the location of the boot.properties file the server accesses, because if I delete and restart the server it asks for userid/password.
If that file does not exists it gives the following error
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
So, I thought the best way is to RECOVER the password and tried following the steps
1. At the command line, change directory to the domain and run the setEnv script to set the PATH and CLASSPATH.
2. cd <domain_home>/security
3. mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift_BKP
4. run java weblogic.security.utils.AdminAccount <tempadmin> <temppassword> ./
-above command will Create a new DefaultAuthenticatorInit.ldift
4. cd <domain_home>/servers/<AdminServer>/data/ldap
5. mv DefaultAuthenticatormyrealmInit.initialized DefaultAuthenticatormyrealmInit.initialized_BKP
6. Restart the Admin Server.
7. Login with new username/password
The question is how do I run Step 4) above? Like what is the Java home, or jar file that has the weblogic.security.utils.AdminsAccount class?
Thanks
Ravi

The class "weblogic.security.utils.AdminAccount" is part of weblogic.jar
And JAVA_HOME would be the java installation directory, for example "D:\Middleware\wls1036\jdk160_29\bin"
So, for example, the same command can be read as
D:\Middleware\wls1036\jdk160_29\bin\java -cp D:\Middleware\wls1036\wlserver_10.3\server\lib\weblogic.jar weblogic.security.utils.AdminAccount <tempadmin> <temppassword> .
OR
Another option for you is to just run setDomainEnv to set the JAVA_HOME and CLASSPATH variables for us.
For windows open a command prompt and run,
<domain_home>/bin/setDomainEnv.cmd
For linux run,
. <domain_home>/bin/setDomainEnv.sh {Remember the dot and space, ". ", at the beginning are very important for a open shell with the environment variables set}
After running the above command, then cd <domain_home>/security (step 2)
Now, after doing the above, you can directly run the command in step 4
java weblogic.security.utils.AdminAccount <tempadmin> <temppassword> ./
Arun

Weblogic.security.SecurityInitializationException: Authentication for user system denied

Reason: weblogic.security.SecurityInitializationException: Authentication for user system denied
I tried my user name.But server didn't start.PLz help me and tell me what i have to do.
Thanks

Hi,
The admin server is also able to start the managed server. The easiest way is
to use a script. The command of starting a managed server is not much different
from the one for the admin server. Just make sure that you reference the admin
server URL (eg. http://localhost:7001). The more production environment way of
managing managed server is to use the notemanger. See the admin guide for more
infos.
Which version are you using?
Kai
"hari" <[email protected]> wrote:
>
Hi!Kai..
I tried with system/weblogic....but same error.Actually i created domain
and managed
server in existing domain throgh config.sh
But the admin server is running properly.But the manager is not starting,user
authentication problem is coming.When i was created domain..i created
a user.I
started admin server with that user...but manged server is not starting.Plz
help
me.

Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied

Hi,
when I want to start managed server :
<Sep 5, 2014 4:56:12 PM GST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
weblogic.security.SecurityInitializationException: Authentication for user denied
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
        at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
        at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        Truncated. see log file for complete stacktrace
>
<Sep 5, 2014 4:56:12 PM GST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Sep 5, 2014 4:56:12 PM GST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Sep 5, 2014 4:56:12 PM GST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Thanks

Never mind, the correct command is:
wls:/nm/IDMDomain> pr=makePropertiesObject("username=weblogic;password=weblogic0");
wls:/nm/IDMDomain> nmStart('AdminServer',props=pr);
It would be interesting however to have a list of all names of environmental variables that we can possibly set.
Cheers.

Ws-security runtime authentication subject

Similar Messages

Maybe you are looking for