Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Customized AuthenticationProvider => Exception on doBootAuthorization

1 view
Skip to first unread message

Ki-Nam Choi

unread,
Oct 10, 2002, 3:17:26 PM10/10/02
to

I created and installed a Customized AuthenticationProvider (based on Weblogic
Security's SSPI) and created a customized security realm (Weblogic 7.0) using
this new AuthenticationProvider. The new security realm is using all others Weblogic's
default providers such as RoleMapper, .... etc.

Collaborating with this new authentication provider;
- A inhouse developed JAAS's login module
- A inhouse developed Principal implementation
- A inhouse developed PrincipalValidator currently always return true on sign()
and validate() methods.

After installing the new authentication module into weblogic, and when I trying
to start the Weblogic server, I can see the authentication is success and the
inhouse developed PrincipalValidator is being called. However, I got an Security
exception complaining that the user is not permitted to boot the server. Any
help is very much appreciated.

The following is a log on the exception raised by Weblogic.

<10-Oct-02 2:44:19 EDT PM> <Critical> <WebLogicServer> <000364> <Server failed
during initialization. Exception:java.lang.SecurityException: User Administrators
is not permitted to boot the server
java.lang.SecurityException: User Administrators is not permitted to boot the
server
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1126)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)


thanks
Ki-Nam Choi
mailto:KiNam...@mto.gov.on.ca

Burak Modali

unread,
Nov 4, 2002, 3:30:58 PM11/4/02
to

Hi,

If you keep the WebLogic default authentication provider in the security realm
you created and configured, not only your authentication provider implementation
attempts to authenticate the user but also WebLogic default authentication provider
does(all authentication provider implementations configured in the security realm
are called to authenticate the user and populate the JAAS subject with the JAAS
principal classes). And since the username and password you enter to boot the
server does not exist in the WebLogic's embedded LDAP, authentication in the WebLogic
default authentication provider fails.

Therefore you have two options, either get rid of the WebLogic default authentication
provider from your security realm(you should do this if your purpose is to centralize
the user repository and the security policy outside of Weblogic) or duplicate
the user repository in WebLogic's embedded LDAP server.

Hope this helps,
Burak Modali
bmo...@hotmail.com

0 new messages