Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

sybase jdbc throws Resource PermissionsException wls8.1 sp2

71 views
Skip to first unread message

farnaz

unread,
Jan 15, 2004, 8:54:07 PM1/15/04
to

HI,

I just upgraded from wls 6.1 to wls 8.1 sp2. My Connection pools are not working
anymore.
I am using sybase server 11.5.1 with the jconnect 5. I am making database calls
(that
used to work). Here's the strange thing, I have a startup class that runs an
sql query when weblogic server comes up (in the main thread i am assuming) and
it works. But calling the same exact sql query fails when i click on my webapp
that leads to the same query (it is called from a different thread).
Any ideas? I am assuming it's a security issue where the main thread uses the
correct username and password and the other threads don't. Heres my config file
and my exception trace:

<JDBCTxDataSource JNDIName="FOO" Name="MyJDBC Data Source"
PoolName="MyJDBC Connection Pool-1" Targets="portal"/>

<JDBCConnectionPool DriverName="com.sybase.jdbc2.jdbc.SybDriver"
Name="MyJDBC Connection Pool-1" Password="xxx"
Properties="user=vwap;url=jdbc:sybase:Tds:myhost:9501/vwap;networkProtocol=Tds;portNumber=9501;userName=vwap;databaseName=vwap;serverName=myhost"
Targets="portal"
TestTableName="SQL SELECT COUNT(*) FROM sysobjects" URL="jdbc:sybase:Tds:myhost:9501/vwap"/>


I also tried it with weblogic sybase driver and same results:

<JDBCConnectionPool DriverName="weblogic.jdbc.sybase.SybaseDriver"
Name="MyJDBC Connection Pool" Password="xxx"
Properties="user=vwap;url=jdbc:bea:sybase://myhost:9501;portNumber=9501;databaseName=vwap;serverName=myhost"
Targets="portal"
TestTableName="SQL SELECT COUNT(*) FROM sysobjects" URL="jdbc:bea:sybase://myhost:9501"/>


error.weblogic.common.resourcepool.ResourcePermissionsException: User "<anonymous>"
does not have permission to perform operation "reserve" on resource "MyJDBC Connection
Pool-1" of application "null" of type "ConnectionPool"
weblogic.jdbc.extensions.PoolPermissionsSQLException: weblogic.common.resourcepool.ResourcePermissionsException:
User "<anonymous>" does not have permission to perform operation "reserve" on
resource "MyJDBC Connection Pool-1" of application "null" of type "ConnectionPool"
at weblogic.jdbc.common.internal.JDBCUtil.wrapAndThrowResourceException(JDBCUtil.java:157)
at weblogic.jdbc.pool.Driver.connect(Driver.java:156)
at weblogic.jdbc.jts.Driver.getNonTxConnection(Driver.java:444)
at weblogic.jdbc.jts.Driver.connect(Driver.java:138)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:305)
at com.itginc.strategyServers.common.database.Database.initializeUserCache(Database.java:729)
at com.itginc.strategyServers.common.database.Database.connect(Database.java:104)
at com.itginc.strategyServers.common.database.Database.getClients(Database.java:157)
at com.itginc.strategyServers.common.servlets.ClientsServlet.doPost(ClientsServlet.java:41)
at com.itginc.strategyServers.common.servlets.BaseServlet.doGet(BaseServlet.java:110)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at com.itginc.strategyServers.common.servlets.BaseServlet.service(BaseServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
at com.itginc.strategyServers.common.servlets.LoginServlet.doPost(LoginServlet.java:230)
at com.itginc.strategyServers.common.servlets.LoginServlet.doGet(LoginServlet.java:242)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

Joe Weinstein

unread,
Jan 15, 2004, 9:05:20 PM1/15/04
to farnaz
Hi. Two things:
Your test table SQL is wasteful. sysobjects is a big table. No need to count everything
in it every time to check the connections. Try "SQL select 1" for a better one.
The problem isn't in the pool definition. It's a security issue. You should edit your
weblogic.policy file to allow jdbc access to everyone.
Joe

farnaz

unread,
Jan 16, 2004, 2:06:40 PM1/16/04
to

A few issues, i've been stuck on this problem for 2 days now, please HELP!

1. My acl settings (i looked at them via the console) seems to have "everyone"
permission for all jdbc operations: reserve, shrink, etc.
2. If acl is not the way to set security policies why is it shown in the console?
3. I cannot find anywhere in the wls8.1 documentation on how to set security policies
for jdbc.
Can i see an example?
4. I was not using any java securtiy when i got that error, so then I added the
-Djava.security.manager to my startup cmd line for starting weblogic using the
default weblogic policy in $WLSHOME/server/lib/weblogic policy (unmodified) and
got the following exception on startup, help!

The Horizon Portal could not be started, because the Application Manager failed
to initialize. access denied (java.lang.RuntimePermission weblogic.kernelPermission)
java.security.AccessControlException: access denied (java.lang.RuntimePermission
weblogic.kernelPermission)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at weblogic.security.service.SubjectManagerImpl.checkKernelPermission(SubjectManagerImpl.java:202)
at weblogic.security.service.SubjectManagerImpl.getKernelIdentity(SubjectManagerImpl.java:181)
at weblogic.security.subject.SubjectManager.isKernelIdentity(SubjectManager.java:102)
at weblogic.security.service.SubjectManagerImpl.checkKernelIdentity(SubjectManagerImpl.java:214)
at weblogic.security.subject.DelegatingSubjectStack.getCurrentSubject(DelegatingSubjectStack.java:31)
at weblogic.security.service.SubjectManagerImpl.getCurrentSubject(SubjectManagerImpl.java:61)
at weblogic.security.service.SecurityManager.getCurrentSubject(SecurityManager.java:43)
at weblogic.jndi.internal.ServerNamingNode.checkPermission(ServerNamingNode.java:330)
at weblogic.jndi.internal.ServerNamingNode.checkModify(ServerNamingNode.java:306)
at weblogic.jndi.internal.ServerNamingNode.rebindHere(ServerNamingNode.java:166)
at weblogic.jndi.internal.BasicNamingNode.rebind(BasicNamingNode.java:382)
at weblogic.jndi.internal.WLEventContextImpl.rebind(WLEventContextImpl.java:118)
at javax.naming.InitialContext.rebind(InitialContext.java:363)
at com.itginc.strategyServers.common.database.DatabaseLookup.bind(DatabaseLookup.java:45)
at com.itginc.strategyServers.horizon.services.AppManager.Initialize(AppManager.java:66)
at com.itginc.strategyServers.horizon.services.AppManager.<init>(AppManager.java:44)
at com.itginc.strategyServers.horizon.services.AppManager.makeClass(AppManager.java:22)
at com.itginc.strategyServers.horizon.services.Startup.startup(Startup.java:27)
at weblogic.t3.srvr.StartupClassService.invokeStartup(StartupClassService.java:177)
at weblogic.t3.srvr.StartupClassService.invokeClass(StartupClassService.java:158)
at weblogic.t3.srvr.StartupClassService.access$000(StartupClassService.java:36)
at weblogic.t3.srvr.StartupClassService$1.run(StartupClassService.java:121)


at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)

at weblogic.t3.srvr.StartupClassService.invokeStartupClass(StartupClassService.java:116)
at weblogic.t3.srvr.PostDeploymentStartupService.resume(PostDeploymentStartupService.java:22)
at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:131)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:964)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:359)
at weblogic.Server.main(Server.java:32)

farnaz

unread,
Jan 16, 2004, 2:36:53 PM1/16/04
to

I changed the following line in my fileRealm.properties and fixed the problem.
Is this the correct thing to do?

acl.reserve.weblogic.jdbc.connectionPool=system

changed to
acl.reserve.weblogic.jdbc.connectionPool=everyone

Joe Weinstein

unread,
Jan 16, 2004, 2:49:39 PM1/16/04
to farnaz

farnaz wrote:

> I changed the following line in my fileRealm.properties and fixed the problem.
> Is this the correct thing to do?
>
> acl.reserve.weblogic.jdbc.connectionPool=system
>
> changed to
> acl.reserve.weblogic.jdbc.connectionPool=everyone

yes.
Joe

0 new messages