java.lang.SecurityException: Invalid Subject: principals=[sureshg]
Suresh G
We are trying to authenticate using JAAS and LDAP. The authentication itself goes
off fine. However, when I try to lookup an EJB, I get the exception given below.
To give a background, we use the LoginModule for logging in where we populate
the Principal in the subject using an anonymous inner class. This works fine.
We store the Subject in the session. When the user tries to access any of the
pages, there is a Filter that checks if the user is authenticated or not. If the
user is authenticated, then we call Security.runAs with the subject and a PrivilegedAction.
All this goes through fine till it hits the Action class where a InitialContext
is looked up.
Do we need to set any more credentials?
Thanks for your help.
Start server side stack trace:
java.lang.SecurityException: Invalid Subject: principals=[gfsadmin]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:993)
at weblogic.security.service.RoleManager.getRoles(RoleManager.java:277)
at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:589)
at weblogic.jndi.internal.ServerNamingNode.checkPermission(ServerNamingNode.java:332)
at weblogic.jndi.internal.ServerNamingNode.checkLookup(ServerNamingNode.java:295)
at weblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:146)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:187)
at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:159)
at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:263)
at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:230)
at weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
at javax.naming.InitialContext.lookup(InitialContext.java:345)
at com.frk.ci.gfs.core.dao.GFSDataSources.getConnection(GFSDataSources.java:95)
at com.frk.ci.gfs.common.web.tag.DataElementCategoriesTag.doStartTag(DataElementCategoriesTag.java:169)
at jsp_servlet._marketing.__search_mardata._jspService(__search_mardata.java:2490)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1058)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:445)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:20)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at com.frk.ci.gwa.security.GWAPrivilegedAction.run(GWAPrivilegedAction.java:108)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
at weblogic.security.Security.runAs(Security.java:41)
at com.frk.ci.gfs.core.framework.web.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:188)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:5451)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3105)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2588)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
End server side stack trace
Peter
"Suresh G" <sur...@mindtree.com> wrote in message
news:3e792d53$1...@newsgroups.bea.com...
>
> We are trying to authenticate using JAAS and LDAP. The authentication
itself goes
> off fine. However, when I try to lookup an EJB, I get the exception given
below.
>
Are you calling the login module outside of WLS. Try calling the
weblogic.security.services.Authentication.login method.