weblogic.management.NoAccessRuntimeException
Prema
Hi All,
I am getting NoAccessRuntime exeception while creating ApplicationMbean from
my web application.
ApplicationMBean appMBean = (ApplicationMBean)mBean.createAdminMBean(appName,
"Application", domain);
Here's the exception stcak trace
weblogic.management.NoAccessRuntimeException: Access not allowed for subject:
principals=[], on ResourceType: Application Action: register, Target: null
at weblogic.management.internal.SecurityHelper$IsAccessAllowedPrivilegeAction.wlsRun(SecurityHelper.java:535)
at weblogic.management.internal.SecurityHelper$IsAccessAllowedPrivilegeAction.run(SecurityHelper.java:451)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:97)
at weblogic.management.internal.SecurityHelper.isAccessAllowed(SecurityHelper.java:345)
at weblogic.management.internal.RemoteMBeanServerImpl.registerMBean(RemoteMBeanServerImpl.java:436)
at weblogic.management.internal.Helper.createMBean(Helper.java:1137)
at weblogic.management.internal.Helper.createAdminMBean(Helper.java:483)
at weblogic.management.internal.RemoteMBeanServerImpl.createAdminMBean(RemoteMBeanServerImpl.java:512)
at weblogic.management.internal.MBeanHomeImpl.createAdminMBean(MBeanHomeImpl.java:575)
at weblogic.management.internal.MBeanHomeImpl.createAdminMBean(MBeanHomeImpl.java:565)
at weblogic.management.internal.AdminMBeanHomeImpl.createAdminMBean(AdminMBeanHomeImpl.java:857)
at com.siptech.webjunit.util.WeblogicDeployTool.EJBDeploy(WeblogicDeployTool.java:114)
at jsp_servlet.__ejbupload._jspService(__ejbupload.java:291)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1053)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:387)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:431)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6291)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:97)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3575)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2573)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:178)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:151)
--------------- nested within: ------------------
weblogic.management.MBeanCreationException: - with nested exception:
[weblogic.management.NoAccessRuntimeException: Access not allowed for subject:
principals=[], on ResourceType: Application Action: register, Target: null]
at weblogic.management.internal.Helper.createMBean(Helper.java:1148)
at weblogic.management.internal.Helper.createAdminMBean(Helper.java:483)
at weblogic.management.internal.RemoteMBeanServerImpl.createAdminMBean(RemoteMBeanServerImpl.java:512)
at weblogic.management.internal.MBeanHomeImpl.createAdminMBean(MBeanHomeImpl.java:575)
at weblogic.management.internal.MBeanHomeImpl.createAdminMBean(MBeanHomeImpl.java:565)
at weblogic.management.internal.AdminMBeanHomeImpl.createAdminMBean(AdminMBeanHomeImpl.java:857)
at com.siptech.webjunit.util.WeblogicDeployTool.EJBDeploy(WeblogicDeployTool.java:114)
at jsp_servlet.__ejbupload._jspService(__ejbupload.java:291)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1053)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:387)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:431)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6291)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:97)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3575)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2573)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:178)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:15
Do I need to configure any security set ups?
Thanks
Prema
Chris Chiodo
Assuming this is 7.x or later, in order to register (create) new mbeans, you
have to be running as a user that has access to do this. In other words,
you need to be running as a user in the Admin role. This can be
accomplished in a variety of ways, the easiest probably being to let the web
container authenticate your user. Alternatively, you could perform your own
authentication, and do a runAs() to acheive the same results.
This describes standard "fat-client" authentication:
http://e-docs.bea.com/wls/docs70/security/fat_client.html
And this describes using security in web applications:
http://e-docs.bea.com/wls/docs70/security/thin_client.html
Its very similar between 7.x and 8.x.
Regards,
Chris Chiodo
BEA Systems
"Prema" <pr...@siptech.co.in> wrote in message
news:3f1d...@newsgroups.bea.com...
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
va:114)
> at jsp_servlet.__ejbupload._jspService(__ejbupload.java:291)
> at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
> at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1053)
> at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:387)
> at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:431)
> at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:305)
> at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:6291)
> at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
t.java:317)
> at
weblogic.security.service.SecurityManager.runAs(SecurityManager.java:97)
> at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
Prema
Hi Chris,
Thanks for your reply. Viewed the links. Not getting clear ideas of doing it.
It would be great if you could tell me how do i do that ?
Thanks
Prema
Chris Chiodo
Ill show you how to do this with web security:
In your web.xml you'll need something like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>SomeResourceName</web-resource-name>
<description>
Security constraint for your app
</description>
<url-pattern>/orders/east/*</url-pattern> <---- change this part
to match whatever url you need to protect.
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>
Constraint for the Admin roles
</description>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>Admin</role-name>
<security-role>
Then in the weblogic.xml:
<weblogic-web-app> <security-role-assignment>
<role-name>Admin</role-name> <global-role/>
</security-role-assignment></weblogic-web-app>
The only other part to this is to have a user which is in the "Admin" role.
The easiest way to do this is by using the admin console. Create a new
user, and make sure this user is in the "Administrators" group.
Now access your application. You should be prompted for a username and
password from the browser. If you login with the user you just created, the
NoAccessRuntimeException should go away.
--chris
"Prema" <pr...@siptech.co.in> wrote in message
news:3f1e...@newsgroups.bea.com...
>weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletC
o
> >ntext.java:3575)
> >> at
>
>weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.jav
> >t.java:317)
> >> at
> >weblogic.security.service.SecurityManager.runAs(SecurityManager.java:97)
> >> at
>
>weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletC
o
> >ntext.java:3575)
> >> at
>
>weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.jav
Simon Evans
and then run the code as this user (subject)...
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import weblogic.security.services.Authentication;
import weblogic.security.Security;
public class RunActionAsSomebody implements PrivilegedExceptionAction {
/**
* this will call the run method as the given user
* supplied from the MyCallbackHandler class
*/
public void runAsSomebody(){
// login with username and password using a CallbackHandler
Subject subject = Authentication.login(new MyCallbackHandler())
// Run your action as the above subject.
// 'this' is used as the action since this class implements
// PrivilegedExceptionAction
Object result = Security.runAs(subject, this);
}
/**
* implementation of PrivilegedExceptionAction
*/
public Object run() throws Exception {
/// do your stuff here
}
}
/**
* a simple callback handler to provide a username and
* a password.
*/
class MyCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback)callbacks[i];
nc.setName("username");
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback)callbacks[i];
pc.setPassword("password".toCharArray());
Prema
Thanks Folks.
Problem solved .
Prema
SIP Technologies & Exports Ltd