Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Failed security check for DataSource JNDI lookup outside of WAS5

150 views
Skip to first unread message

Philip Tom

unread,
Apr 29, 2004, 6:51:39 PM4/29/04
to
In WAS5, I have a data source configured that works for my webapp. I
am now trying to use the same connection pool, but from a standalone
application. When I do the JNDI lookup, I get an exception telling me
that I'm not permitted to create the object.

I'm trying to set the principal and credentials in my lookup.
However, I don't know where to set the corresponding security in WAS5.
I tried adding a user/pass to my user registry. I also tried adding
a J2C entry. Neither worked for me.

Any pointers?

I'm running WAS 5.1 Trial on AIX 5.2. I'm using the
FileRegistrySample custom user registry.

Below is the JNDI lookup code and the exception that I receive.

The code is:

String appInitialContextFactory =
com.ibm.websphere.naming.WsnInitialContextFactory";
String appProviderURL = "iiop://myhost:2809";
String appSecurityPrincipal = "user";
String appSecurityCredential = "pass";

Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
appInitialContextFactory);
env.put(Context.PROVIDER_URL, appProviderURL);
env.put(Context.SECURITY_PRINCIPAL, appSecurityPrincipal);
env.put(Context.SECURITY_CREDENTIALS, appSecurityCredential);

Context ctx = new InitialContext(env);
Object obj = ctx.lookup("batch-ds");


The exception is:

com.ibm.websphere.naming.CannotInstantiateObjectException: Exception
occurred while the JNDI NamingManager was processing a
javax.naming.Reference object. Root exception is java.lang.Exception:
Failed security check. Client is not permitted to create connection
factory batch-ds
at com.ibm.ejs.j2c.J2CXAResourceFactory.createMCFEntry(J2CXAResourceFactory.java:463)
at com.ibm.ejs.j2c.ConnectionFactoryBuilderImpl.createMCFandPM(ConnectionFactoryBuilderImpl.java:1414)
at com.ibm.ejs.j2c.ConnectionFactoryBuilderImpl.getObjectInstance(ConnectionFactoryBuilderImpl.java:1201)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:313)
at com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookupExt(Helpers.java:873)
at com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookup(Helpers.java:680)
at com.ibm.ws.naming.jndicos.CNContextImpl.processResolveResults(CNContextImpl.java:1712)
at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1567)
at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1480)
at com.ibm.ws.naming.jndicos.CNContextImpl.lookupExt(CNContextImpl.java:1187)
at com.ibm.ws.naming.jndicos.CNContextImpl.lookup(CNContextImpl.java:1067)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:132)
at javax.naming.InitialContext.lookup(InitialContext.java:360)
at ICTest.main(ICTest.java:38)

Thanks.

Phil.

Mayur Dhanji

unread,
Apr 30, 2004, 5:28:00 AM4/30/04
to
Hae you tried the following:

Try running your java client using the IBM's JRE, ie.{WAS_INSTALL_ROOT}/java/jre

Regards
Mayur

mugw...@asdf.com (Philip Tom) wrote in message news:<98d991d.04042...@posting.google.com>...

Philip Tom

unread,
Apr 30, 2004, 1:00:49 PM4/30/04
to
yes. That's the one I'm using:

${WAS_INSTALL_ROOT}/java/jre/bin/java -cp
.:${WAS_INSTALL_ROOT}/lib/naming.jar:${WAS_INSTALL_ROOT}/lib/namingclient.jar:${WAS_INSTALL_ROOT}/properties/:${WAS_INSTALL_ROOT}/lib/j2cImpl.jar:${WAS_INSTALL_ROOT}/lib/rsadapterspi.jar:${WAS_INSTALL_ROOT}/lib/rsaexternal.jar:${WAS_INSTALL_ROOT}/lib/rsadaptercci.jar:/home/ptom/wasport/ojdbc14.jar
ICTest

Phil.


mdh...@hotmail.com (Mayur Dhanji) wrote in message news:<11280fb4.0404...@posting.google.com>...

Jonathan

unread,
May 11, 2004, 9:03:32 AM5/11/04
to
Could you fix this? I'm facing the same problem... Tx.

jlsimone

unread,
Jun 14, 2004, 3:58:51 PM6/14/04
to
I am having a similar (maybe identical) problem. It makes me question whether or not it is possible to do a JBDI lookup and use a WebSphere data source from within a Java application. If someone has gotten this to work, please provide a list of JARs and some sample code.

Many thanks!
JLS

chodgespdx

unread,
Jun 14, 2004, 4:04:29 PM6/14/04
to
Turns out you can turn off the client side credential check by telling WAS in j2c.properties. Thats what I finally dug out. Theres a section in there you can uncomment and put the name of your datasource (havent figured out a way to do this via wsadmin yet). From what I gather, this removes the need for the client to have a fullblown j2c environment complete with its own set of JAAS credentials. Course it would also have the same effect in the WAS container but its really no different (security wise) than what WAS4.x did for datasources in that case.

sman...@gmail.com

unread,
Oct 29, 2008, 2:35:11 PM10/29/08
to
Hi,
my problem is exactly opposite to this. I'm running application in WAS6.0. I'm not using any J2C entries, where the user id and password are defined as custom properties in the datasource. I'm able to look up for the datasources from outside the application (in standalone java program) which I want to control.
Could you please let me know how is the datasource configured and any global security enabled?

thanks in advance.

Paul Ilechko

unread,
Oct 30, 2008, 2:33:48 PM10/30/08
to

Is there a question in there somewhere? I have no idea what your problem
is.

sman...@gmail.com

unread,
Dec 22, 2008, 4:59:04 AM12/22/08
to
Hi,
Found a solution to my problem. If the datasource is not configured to use J2C authentication alias as component authentication alias, and user id and password are provided as custom properties, any java client (outside the application environment) can access the datasource just by lookup and not providing any credentials.

If the datasource is configured to use J2C authentication alias, clients outside the applciation can obtain the datasource by lookup but need to provide username and password while getting connection as below:


Hashtable ht = new Hashtable();
ht.put(Context.INITIAL_CONTEXT_FACTORY, "com.ibm.websphere.naming.WsnInitialContextFactory");
ht.put(Context.PROVIDER_URL, "iiop://localhost:2809");
String dbUser = "user";
String dbPwd = "pwd";

Context ctx = new InitialContext(ht);
Object objds = ctx.lookup("jdbc/claimsDS");
System.out.println("Oobj is ::"+objds.getClass());
DataSource ds = (DataSource)objds;
Connection con = ds.getConnection(dbUser,dbPwd );
Statement stmt = con.createStatement();

zahir_...@hotmail.com

unread,
Aug 28, 2009, 4:21:25 PM8/28/09
to
I'm getting the data source through JNDI in a java client.

Getting the following error:

Exception in thread "P=80820:O=0:CT" com.ibm.websphere.ce.cm.StaleConnectionException: [IBM][CLI Driver] SQL30082N Security processing failed with reason "3" ("PASSWORD MISSING"). SQLSTATE=08001
DSRA0010E: SQL State = 08001, Error Code = -30,082
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:67)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:521)
at com.ibm.websphere.rsadapter.GenericDataStoreHelper.mapExceptionHelper(GenericDataStoreHelper.java:523)
at com.ibm.websphere.rsadapter.GenericDataStoreHelper.mapException(GenericDataStoreHelper.java:578)
at com.ibm.ws.rsadapter.AdapterUtil.mapException(AdapterUtil.java:2124)
at com.ibm.ws.rsadapter.AdapterUtil.translateSQLException(AdapterUtil.java:1212)
at com.ibm.ws.rsadapter.spi.WSRdbDataSource.getConnection(WSRdbDataSource.java:1597)
at com.ibm.ws.rsadapter.spi.WSManagedConnectionFactoryImpl.createManagedConnection(WSManagedConnectionFactoryImpl.java:1100)
at com.ibm.ws.rsadapter.spi.WSDefaultConnectionManagerImpl.allocateConnection(WSDefaultConnectionManagerImpl.java:81)
at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcDataSource.java:439)
at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcDataSource.java:408)


Here is the code:

Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.ibm.websphere.naming.WsnInitialContextFactory");
env.put(Context.PROVIDER_URL, "corbaloc:iiop:localhost:2000");
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.ibm.websphere.naming.WsnInitialContextFactory");

InitialContext ctx = new InitialContext(env);
// Call to get ds is successful
DataSource ds = (DataSource) ctx.lookup("jdbc/datasourcename");
// Can't get the connection. It needs password??????????????????
return ds.getConnection();

0 new messages