Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Caching Realm check ACL for freshly created user not working correctly with WL6.1

0 views
Skip to first unread message

Joel Marsden

unread,
Oct 22, 2001, 4:22:18 AM10/22/01
to

G'Day,

after moving from Weblogic 6.0 SP2 to Weblogic 6.1 SP1 we have found some behaviour
in the Caching Realm to be broken.

Environment Weblogic 6.1 SP1
Realm Custom RDBMSRealm (adapted from the sample weblogic code)

The scenario is create a new user, then try to login as that user (create a new
InitialContext and then fetch a session bean that has restricted access via an
ACL in the DD)
What we see get the following stack trace

Exception in thread "main" java.rmi.AccessException: Security violation: insufficient
permission to access method; nested exception is:
java.lang.SecurityException: Security violation: insufficient permission
to access method

Start server side stack trace:
java.rmi.AccessException: Security violation: insufficient permission to access
method; nested exception is:
java.lang.SecurityException: Security violation: insufficient permission
to access method
java.lang.SecurityException: Security violation: insufficient permission to access
method
at weblogic.ejb20.internal.BaseEJBHome.preHomeInvoke(BaseEJBHome.java:345)
at weblogic.ejb20.internal.StatefulEJBHome.create(StatefulEJBHome.java:135)
......

After the group TTL cache on the Caching Realm expires then we can login no problems
(i.e there is nothing wrong with the ACL). Note when we create the new user in
the realm we also call "ensureFreshness" on the RDBMSGroup (as derived from FlatGroup).
This used to work fine in Weblogic 6.0 SP2 and for that matter Weblogic 5.1 SP8

Anyone else encounter the same problem? Is this a known problem with Weblogic
6.1??. We would like this to work as at the moment the solution is to wind down
the TTL on the group cache (and so performance suffers somewhat)

Thanks Joel Marsden
mailto:jmar...@fast-track.com

Joel Marsden

unread,
Nov 23, 2001, 5:12:23 PM11/23/01
to

G'Day,

as a few people have asked me about this - this is I currently work around this
problem.

Every time a new user is created - get a handle to the weblogic.security.acl.CachingRealm
- and clear out the group cache component programatically.

/**
* clearGroupCache
* if the realm is fronted by a CachingRealm - then clear
* the group caches. This is needed when a new user is added
* as the group cache may be out of date until the TTL expires
*/
public void clearGroupCache() {
BasicRealm realm = Security.getRealm();
if( realm != null && realm instanceof CachingRealm ) {
((CachingRealm)realm).clearGroupCaches();
}
}

Hope that helps -
Joel

0 new messages