To give a background, we use the LoginModule for logging in where we populate
the Principal in the subject using an anonymous inner class. This works fine.
We store the Subject in the session. When the user tries to access any of the
pages, there is a Filter that checks if the user is authenticated or not. If the
user is authenticated, then we call Security.runAs with the subject and a PrivilegedAction.
All this goes through fine till it hits the Action class where a InitialContext
is looked up.
Do we need to set any more credentials?
Thanks for your help.
Start server side stack trace:
java.lang.SecurityException: Invalid Subject: principals=[gfsadmin]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:993)
at weblogic.security.service.RoleManager.getRoles(RoleManager.java:277)
at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:589)
at weblogic.jndi.internal.ServerNamingNode.checkPermission(ServerNamingNode.java:332)
at weblogic.jndi.internal.ServerNamingNode.checkLookup(ServerNamingNode.java:295)
at weblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:146)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:187)
at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:159)
at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:263)
at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:230)
at weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
at javax.naming.InitialContext.lookup(InitialContext.java:345)
at com.frk.ci.gfs.core.dao.GFSDataSources.getConnection(GFSDataSources.java:95)
at com.frk.ci.gfs.common.web.tag.DataElementCategoriesTag.doStartTag(DataElementCategoriesTag.java:169)
at jsp_servlet._marketing.__search_mardata._jspService(__search_mardata.java:2490)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1058)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:445)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:20)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at com.frk.ci.gwa.security.GWAPrivilegedAction.run(GWAPrivilegedAction.java:108)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
at weblogic.security.Security.runAs(Security.java:41)
at com.frk.ci.gfs.core.framework.web.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:188)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:5451)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3105)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2588)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
End server side stack trace
Are you calling the login module outside of WLS. Try calling the
weblogic.security.services.Authentication.login method.