I just upgraded from wls 6.1 to wls 8.1 sp2. My Connection pools are not working
anymore.
I am using sybase server 11.5.1 with the jconnect 5. I am making database calls
(that
used to work). Here's the strange thing, I have a startup class that runs an
sql query when weblogic server comes up (in the main thread i am assuming) and
it works. But calling the same exact sql query fails when i click on my webapp
that leads to the same query (it is called from a different thread).
Any ideas? I am assuming it's a security issue where the main thread uses the
correct username and password and the other threads don't. Heres my config file
and my exception trace:
<JDBCTxDataSource JNDIName="FOO" Name="MyJDBC Data Source"
PoolName="MyJDBC Connection Pool-1" Targets="portal"/>
<JDBCConnectionPool DriverName="com.sybase.jdbc2.jdbc.SybDriver"
Name="MyJDBC Connection Pool-1" Password="xxx"
Properties="user=vwap;url=jdbc:sybase:Tds:myhost:9501/vwap;networkProtocol=Tds;portNumber=9501;userName=vwap;databaseName=vwap;serverName=myhost"
Targets="portal"
TestTableName="SQL SELECT COUNT(*) FROM sysobjects" URL="jdbc:sybase:Tds:myhost:9501/vwap"/>
I also tried it with weblogic sybase driver and same results:
<JDBCConnectionPool DriverName="weblogic.jdbc.sybase.SybaseDriver"
Name="MyJDBC Connection Pool" Password="xxx"
Properties="user=vwap;url=jdbc:bea:sybase://myhost:9501;portNumber=9501;databaseName=vwap;serverName=myhost"
Targets="portal"
TestTableName="SQL SELECT COUNT(*) FROM sysobjects" URL="jdbc:bea:sybase://myhost:9501"/>
error.weblogic.common.resourcepool.ResourcePermissionsException: User "<anonymous>"
does not have permission to perform operation "reserve" on resource "MyJDBC Connection
Pool-1" of application "null" of type "ConnectionPool"
weblogic.jdbc.extensions.PoolPermissionsSQLException: weblogic.common.resourcepool.ResourcePermissionsException:
User "<anonymous>" does not have permission to perform operation "reserve" on
resource "MyJDBC Connection Pool-1" of application "null" of type "ConnectionPool"
at weblogic.jdbc.common.internal.JDBCUtil.wrapAndThrowResourceException(JDBCUtil.java:157)
at weblogic.jdbc.pool.Driver.connect(Driver.java:156)
at weblogic.jdbc.jts.Driver.getNonTxConnection(Driver.java:444)
at weblogic.jdbc.jts.Driver.connect(Driver.java:138)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:305)
at com.itginc.strategyServers.common.database.Database.initializeUserCache(Database.java:729)
at com.itginc.strategyServers.common.database.Database.connect(Database.java:104)
at com.itginc.strategyServers.common.database.Database.getClients(Database.java:157)
at com.itginc.strategyServers.common.servlets.ClientsServlet.doPost(ClientsServlet.java:41)
at com.itginc.strategyServers.common.servlets.BaseServlet.doGet(BaseServlet.java:110)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at com.itginc.strategyServers.common.servlets.BaseServlet.service(BaseServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
at com.itginc.strategyServers.common.servlets.LoginServlet.doPost(LoginServlet.java:230)
at com.itginc.strategyServers.common.servlets.LoginServlet.doGet(LoginServlet.java:242)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
1. My acl settings (i looked at them via the console) seems to have "everyone"
permission for all jdbc operations: reserve, shrink, etc.
2. If acl is not the way to set security policies why is it shown in the console?
3. I cannot find anywhere in the wls8.1 documentation on how to set security policies
for jdbc.
Can i see an example?
4. I was not using any java securtiy when i got that error, so then I added the
-Djava.security.manager to my startup cmd line for starting weblogic using the
default weblogic policy in $WLSHOME/server/lib/weblogic policy (unmodified) and
got the following exception on startup, help!
The Horizon Portal could not be started, because the Application Manager failed
to initialize. access denied (java.lang.RuntimePermission weblogic.kernelPermission)
java.security.AccessControlException: access denied (java.lang.RuntimePermission
weblogic.kernelPermission)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at weblogic.security.service.SubjectManagerImpl.checkKernelPermission(SubjectManagerImpl.java:202)
at weblogic.security.service.SubjectManagerImpl.getKernelIdentity(SubjectManagerImpl.java:181)
at weblogic.security.subject.SubjectManager.isKernelIdentity(SubjectManager.java:102)
at weblogic.security.service.SubjectManagerImpl.checkKernelIdentity(SubjectManagerImpl.java:214)
at weblogic.security.subject.DelegatingSubjectStack.getCurrentSubject(DelegatingSubjectStack.java:31)
at weblogic.security.service.SubjectManagerImpl.getCurrentSubject(SubjectManagerImpl.java:61)
at weblogic.security.service.SecurityManager.getCurrentSubject(SecurityManager.java:43)
at weblogic.jndi.internal.ServerNamingNode.checkPermission(ServerNamingNode.java:330)
at weblogic.jndi.internal.ServerNamingNode.checkModify(ServerNamingNode.java:306)
at weblogic.jndi.internal.ServerNamingNode.rebindHere(ServerNamingNode.java:166)
at weblogic.jndi.internal.BasicNamingNode.rebind(BasicNamingNode.java:382)
at weblogic.jndi.internal.WLEventContextImpl.rebind(WLEventContextImpl.java:118)
at javax.naming.InitialContext.rebind(InitialContext.java:363)
at com.itginc.strategyServers.common.database.DatabaseLookup.bind(DatabaseLookup.java:45)
at com.itginc.strategyServers.horizon.services.AppManager.Initialize(AppManager.java:66)
at com.itginc.strategyServers.horizon.services.AppManager.<init>(AppManager.java:44)
at com.itginc.strategyServers.horizon.services.AppManager.makeClass(AppManager.java:22)
at com.itginc.strategyServers.horizon.services.Startup.startup(Startup.java:27)
at weblogic.t3.srvr.StartupClassService.invokeStartup(StartupClassService.java:177)
at weblogic.t3.srvr.StartupClassService.invokeClass(StartupClassService.java:158)
at weblogic.t3.srvr.StartupClassService.access$000(StartupClassService.java:36)
at weblogic.t3.srvr.StartupClassService$1.run(StartupClassService.java:121)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.t3.srvr.StartupClassService.invokeStartupClass(StartupClassService.java:116)
at weblogic.t3.srvr.PostDeploymentStartupService.resume(PostDeploymentStartupService.java:22)
at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:964)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
at weblogic.Server.main(Server.java:32)
acl.reserve.weblogic.jdbc.connectionPool=system
changed to
acl.reserve.weblogic.jdbc.connectionPool=everyone
farnaz wrote:
> I changed the following line in my fileRealm.properties and fixed the problem.
> Is this the correct thing to do?
>
> acl.reserve.weblogic.jdbc.connectionPool=system
>
> changed to
> acl.reserve.weblogic.jdbc.connectionPool=everyone
yes.
Joe