Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SecurityException: Invalid Subject: principals=[someuser]

1 view
Skip to first unread message

Michel Beauvais

unread,
May 4, 2003, 9:06:15 AM5/4/03
to

Hi!

Foo_1_EJB deployed on one server(S1) calls Foo_2_EJB on another server(S2).
(S1 and S2 is NOT simply two different domains running on the same server. It
is actually two different weblogic servers listening on different ports).

S2 gets a db-connection from a pool. When running a web-solution deployed on S2,
EVERYTHING works fine and has done so for several months.

But when I connect from S1 I get this error:
java.lang.SecurityException: Invalid Subject: principals=[someuser]

Via the home-interface-object S1 DOES get a reference to Foo_2_EJB deployed on
S2, but when I refer to the functionality on Foo_2_EJB (the functionality that
needs to use the db-connection) I get the exception mentioned above.

Foo_2_EJB DOES get myDataSource-object, but myDataSource.getConnection() fails,
and that's when I get the Exception.
!!!see stack trace below!!!

By the way: "someuser" HAS been created and works, all right.


Any kind af help is appreciated :-)

Cheers,
Michel


Start server side stack trace:
java.lang.SecurityException: Invalid Subject: principals=[someuser]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:943)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:309)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)
End server side stack trace

Paul Callahan

unread,
May 5, 2003, 8:59:47 AM5/5/03
to
From: "Paul Callahan" <pcalla...@braunconsult.com>
Newsgroups: weblogic.developer.interest.security
References: <3eb50237$1...@newsgroups.bea.com>
Subject: Re: SecurityException: Invalid Subject: principals=[someuser]
Date: Mon, 5 May 2003 08:59:47 -0400
Lines: 79
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
NNTP-Posting-Host: 65.242.68.130
X-Original-NNTP-Posting-Host: 65.242.68.130
Message-ID: <3eb66044$1...@newsgroups.bea.com>
X-Trace: newsgroups.bea.com 1052139588 65.242.68.130 (5 May 2003 05:59:48 -0800)
X-Original-Trace: 5 May 2003 05:59:48 -0800, 65.242.68.130
Organization: BEA NEWS SITE
XPident: Unknown
Path: newsgroups.bea.com!not-for-mail
Xref: newsgroups.bea.com weblogic.developer.interest.security:10019

Hi Michel,

Can you post the code which does the authentication between S1 and S2, and
the code which makes a remote method call to S2? Are you using JNDI or JAAS
to do authentication?

If you are using JNDI, remember that you must get an initial context for the
remote machine, and call the remote methods with that initial context... To
do so means that you must open and close the context for each call to S2.
This might help:
http://dev2dev.bea.com/articles/142.jsp

Otherwise, you can look into a solution using JAAS. Instead of getting an
initial context, you may want to mark specific areas of code (where you are
calling S2 functionality) as privileged, and by doing so you will need to
call weblogic's authenticate method to create a Subject object to run this
code (outside the current application context)--using:
http://e-docs.bea.com/wls/docs70/javadocs/index.html

-pc


"Michel Beauvais" <mi...@dsb.dk> wrote in message
news:3eb50237$1...@newsgroups.bea.com...

0 new messages