Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Help with Weblogic 6 sp1 Custom Realm !!!!

0 views
Skip to first unread message

Anne

unread,
May 30, 2001, 4:31:20 PM5/30/01
to

We are trying to run Weblogic 6.0 sp1 with our current environment (ejb 1.1, custom
security realm)

We can compile and deploy our ejb 1.1 beans. We wish to start with ejb1.1 and
move to ejb2.0 once we can get our custom security working.

The JDBC connection pools are fine.

Our custom security realm uses LDAP for user authentication and an Oracle table
for authorization (acls).

Earlier, I wrote to the board and received the below following instructions to
use our existing custom realm in wl 60. You can read below, but I followed these
instructions on Solaris 5.6.

1. I ensured the SunOS patches were up to date.
2. We ensured the LD_LIBRARY_PATH reflected weblogic 6 (and not 5.1). We moved
the 5.1 classes over to wl6.
3. We copied our custom realm properties file to the weblogic root and/or the
config subdirectory (tried them both).
4. We ensured the security realm class we wrote is in the classpath (we bunch
all our serverside classes in a jar file anyway).
5. Then we created a custom realm via the console – name BFXRealm and it’s
class name <package>.BFXRealm, left configuration box blank.
6. Then we created a custom caching realm BFXCachingREalm and set its basic realm
as the custom realm, BFXRealm. All of the enable caches are checked to true.
7. Then we set the default realm to the BFXCachingRealm.

Now, when we perform a query, the everyone group should be implied. We don&#8217;t
implement LDAP lookup on queries. If I try to run a query from a client, I see
the client box connecting with the server:

Last line - you can see the client box connecting to the server -
<May 30, 2001 2:20:07 PM EDT> <Info> <J2EE> <Deployed : DefaultWebApp_myserver>

<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <WebLogic Server started>

<May 30, 2001 2:20:07 PM EDT> <Info> <Configuration Management> <Backed up booted
configuration /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml
at /opt/apps/weblogic/beasp1/wlserver6.0sp1/./config/mydomain/config.xml.booted>

<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <ListenThread listening
on port 7001>
<May 30, 2001 2:20:07 PM EDT> <Notice> <WebLogicServer> <SSLListenThread listening
on port 7002>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <System has file
descriptor limits of - soft: '1024', hard: '1024'>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Using effective
file descriptor limit of: '1024' open sockets/files.>
<May 30, 2001 2:20:08 PM EDT> <Info> <Posix Performance Pack> <Allocating: '3'
POSIX reader threads>
<May 30, 2001 2:20:23 PM EDT> <Info> <HTTP> <[HTTP myserver] Created log stream
/opt/apps/weblogic/beasp1/wlserver6.0sp1/config/mydomain/logs/access.log>
<May 30, 2001 2:21:50 PM EDT> <Info> <WebLogicServer> <Adding address: 152.51.164.233/152.51

The client receives the error:
javax.naming.AuthenticationException. Root exception is java.lang.SecurityException:
Authentication
for user aws4270 denied in realm weblogic

It&#8217;s as if the fileRealm.properties is only being looked at. We do not
use this for our user/groups/acls in wl5.1.0 and we do not want to in wl6

For &#8220;fun&#8221;, I added a user to the fileRealm.properties file via the
console and ran a client query. It worked.

But when I tried to call an ejbCreate from the client, I received these errors
from the server:
BFXSecurityRealmException is a custom exception we have written. A query works
but a create does not - obviously cannot get to acl in database (?)
and why the ejb20 errors? We just want to start with ejb 1.1

In SeqStoreSecurityHelper.isUserAuthorized(): schema = seqStore.INTNUC, class
= bioseq, project = HIPPI, permission = create
<May 30, 2001 2:50:10 PM EDT> <Info> <EJB> <EJB Exception in method: ejbCreate:
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBean.ejbCreate(BioSequenceBean.java:1562)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanImpl.ejbCreate(BioSequenceBeanImpl.java:833)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.ejb20.manager.DBManager.create(DBManager.java:408)
at weblogic.ejb20.internal.EntityEJBHome.create(EntityEJBHome.java:353)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl.create(BioSequenceBeanHomeImpl.java:111)
at com.gw.bioinfo.ejb.bioSeq.BioSequenceBeanHomeImpl_WLSkel.invoke(BioSequenceBeanHomeImpl_WLSkel.java:78)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:128)
at weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:118)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)

The client receives the error:
java.rmi.RemoteException: EJB Exception:; nested exception is:
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
o
ccurred.
com.gw.bioinfo.exception.BFXSecurityRealmException: BFX-90000: A BFXSecurityRealmException
occurred.

HOW CAN WE GET THE SERVER TO BYPASS FILEREALM and use BFXREALM ???????????


Thanks,
Anne


Subject: Re: Do Custom Security Realms have to use Mbeans?
Date: 17 May 2001 06:38:23 -0800
From: "Tom Moreau" <mor...@replytothisnewsgroup.com>
Newsgroup: weblogic.developer.interest.security

Yes this can be done. Here's how:

1) I'll assume that the classname to your custom realm is "com.yourcompany.YourCustomRealm"


2) I'll assume that your custom realm has some kind of properties file from which
it reads its configuration data. Let's call this file "YourCustomRealm.properties"


3) Copy YourCustomRealm.properties to every machine that you're running wls on
(you are probably already doing this today).

4) Make sure that com.yourcompany.YourCustomRealm is in the classpath when you
start wls (you should already be doing this today)

5) In 5.1, there used to be some utility classes that customers used for their
custom realms - something about Pools & Factories. These have been renamed in
6.0. If you're using these classes, then go to your 5.1 weblogic jar file and
pull out these classes and add them to your classpath for 6.0.

6) In the console, create a custom realm and set it's realm class name to com.yourcompany.YourCustomRealm.
Leave the configuration data section blank.

7) In the console, configure your custom realm as the alternate realm. That is,
create a caching realm and set it's basic realm to your custom realm, then set
the realm's caching realm to the caching realm you just created.

I'm pretty sure this should work for you. We did this to provide a patch that
let 6.0 users uses the LDAPRealm rewrite from 5.1.

The downside is that you don't get single point of administration - that is, you
have to make your custom realm's configuration data (YourCustomRealm.properties)
available on all the machines you're running WLS on. If you rework your custom
realm, then the configuration data gets put in the custom realm configuration
you create via the console and automatically copied to other machines for you.


- Tom


Anne

unread,
May 30, 2001, 4:31:23 PM5/30/01
to
0 new messages