Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WLS 5.1 sp9 and ACL exception! Urgent!

0 views
Skip to first unread message

minjiang

unread,
Jul 2, 2001, 4:59:17 AM7/2/01
to
Hi:
My applcation runs correctly on sp8.
Now even some of my jsp cannot run correctly with sp9. It also
compliants security exception. But strangely the first time WLS compiles
the
jsp, it can run correctly, the data is shown in the browser. But once
the
jsp is compiled, all subsequent call of this jsp will resort to
assertion
error.
Funny, seems the reason is that WLS sp9 changes the steteful beans
security checking. Previously the checking seems to be when the home is
obtained, now the checking seems to be in the time only the method is
called.
I am uisng bean home cache. Is it the cause of this error? I can get

around this by giving the jndi to guest, but it is not what i want. I
still
want to protect my beans jndi.

I need the solution urgently. Otherwise i have to roll back to sp8.

Thanks.

minjiang


See the stack trace below:


------------

Mon Jul 02 16:36:58 SGT 2001:<I> <EJB JAR deployment
d:/weblogic/myserver/kbf_de
ploy/ordermgr.jar> Transaction: '994062053580_3435' rolled back due to
EJB
excep
tion:
javax.naming.NoPermissionException: User guest does not have lookup
permission
on kbf
at
weblogic.jndi.internal.NamingSecurityManagerImpl.checkPermission(Nami
ngSecurityManagerImpl.java:100)
at
weblogic.jndi.internal.NamingSecurityManagerImpl.checkLookup(NamingSe
curityManagerImpl.java:45)
at
weblogic.jndi.toolkit.BasicWLContext.resolveName(BasicWLContext.java:
737)
at
weblogic.jndi.toolkit.BasicWLContext.lookup(BasicWLContext.java:133)
at javax.naming.InitialContext.lookup(InitialContext.java:354)
at
weblogic.ejb.internal.StatefulEJBHome.wrapEJBObject(StatefulEJBHome.j
ava:170)
at
weblogic.ejb.internal.StatefulEJBHome.findOrCreateEJBObject(StatefulE
JBHome.java:275)
at
weblogic.ejb.internal.StatefulEJBHome.findOrCreateEJBObject(StatefulE
JBHome.java:258)
at
com.kbf.ejb.order.OrderBeanHomeImpl.findByPrimaryKey(OrderBeanHomeImp
l.java:98)
at
com.kbf.ejb.order.OrderBeanHomeImpl_ServiceStub.findByPrimaryKey(Orde
rBeanHomeImpl_ServiceStub.java:262)
at
com.kbf.ejb.ordermgr.OrderManagerBean.getOrders(OrderManagerBean.java
:695)
at
com.kbf.ejb.ordermgr.OrderManagerBeanEOImpl.getOrders(OrderManagerBea
nEOImpl.java:872)
at
com.kbf.ejb.ordermgr.OrderManagerBeanEOImpl_ServiceStub.getOrders(Ord
erManagerBeanEOImpl_ServiceStub.java:311)
at
com.kbf.webremotemgr.WebRemoteMgr.getOrders(WebRemoteMgr.java:1500)
at jsp_servlet._orderview._jspService(_orderview.java:349)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubIm
pl.java:120)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletCon
textImpl.java:915)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletCon
textImpl.java:879)
at
weblogic.servlet.internal.ServletContextManager.invokeServlet(Servlet
ContextManager.java:269)
at
weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.jav
a:365)
at
weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:253)

at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)


minjiang

unread,
Jul 2, 2001, 5:56:23 AM7/2/01
to
Hi:
After i set this, it works for my jsp.

weblogic.allow.execute.weblogic.servlet=guest

Previously it is =everyone.

So can anyone tell me what the difference is between everyone and guest?
I thought they are same.

And, i still have one problem with my beans. See my next post.

Thanks.

minjiang

minjiang

unread,
Jul 2, 2001, 5:57:13 AM7/2/01
to
Hi all:
I just start using WLS 5.1 sp9 on windows (because it is said sp9
will passivate beans in one Tx, sp8 does not). Now i got a problem, my
client application cannot run because WLS throws security exception.
My client application first looks up one specific bean using ACL1,
then from this bean, looks up all the other beans using system acl.
This design works well before sp9. But now with sp9, it does not
work. I have to set all my beans to same ACL, which is one security
issue for my application.

Can anyone tell me why WLS change its security in sp9? Is it because
WLS starts using ThreadLocal in acl?

Pls refer to my following strack trace.

my previous properties:
weblogic.allow.lookup.weblogic.jndi.kbf=system

Now i have to use this one, in order to make WLS sp9 works:
weblogic.allow.lookup.weblogic.jndi.kbf=system,APPLEJMS


Thanks.

minjiang

----------------------
Mon Jul 02 11:18:47 SGT 2001:<I> <Security> Access failed (Thread =
Thread[Execu
teThread-14,5,Execute Thread Group])
java.lang.SecurityException: User "APPLEJMS" does not have Permission
"lookup" b
ased on ACL "weblogic.jndi.kbf".
at weblogic.security.acl.Security.logAndThrow(Security.java:372)

at
weblogic.security.acl.Security.checkPermission(Security.java:254)
at
weblogic.jndi.internal.NamingSecurityManagerImpl.checkPermission(Nami
ngSecurityManagerImpl.java:98)


at
weblogic.jndi.internal.NamingSecurityManagerImpl.checkLookup(NamingSe
curityManagerImpl.java:45)
at
weblogic.jndi.toolkit.BasicWLContext.resolveName(BasicWLContext.java:
737)
at
weblogic.jndi.toolkit.BasicWLContext.lookup(BasicWLContext.java:133)
at javax.naming.InitialContext.lookup(InitialContext.java:354)
at
weblogic.ejb.internal.StatefulEJBHome.wrapEJBObject(StatefulEJBHome.j
ava:170)
at
weblogic.ejb.internal.StatefulEJBHome.findOrCreateEJBObject(StatefulE
JBHome.java:275)
at
weblogic.ejb.internal.StatefulEJBHome.findOrCreateEJBObject(StatefulE
JBHome.java:258)
at

com.kbf.ejb.useraccount.UserAccountBeanHomeImpl.findByNothing(UserAcc
ountBeanHomeImpl.java:134)
at
com.kbf.ejb.useraccount.UserAccountBeanHomeImpl_ServiceStub.findByNot
hing(UserAccountBeanHomeImpl_ServiceStub.java:144)
at
com.kbf.ejb.usermgr.UserMgrBean.getMultiUserAccountData(UserMgrBean.j
ava:353)
at
com.kbf.ejb.usermgr.UserMgrBeanEOImpl.getMultiUserAccountData(UserMgr
BeanEOImpl.java:1209)
at
com.kbf.ejb.usermgr.UserMgrBeanEOImpl_ServiceStub.getMultiUserAccount
Data(UserMgrBeanEOImpl_ServiceStub.java:386)
at
com.kbf.webremotemgr.WebRemoteMgr.getMultiUserAccountData(WebRemoteMg
r.java:601)
at
com.kbf.webremotemgr.WebRemoteMgr.getAllUserState(WebRemoteMgr.java:2
272)
at
com.kbf.webremotemgr.WebRemoteMgr.getSystemStateData(WebRemoteMgr.jav
a:1878)
at
com.kbf.ejb.remotemgr.RemoteMgrBean.getSystemStateData(RemoteMgrBean.
java:183)
at
com.kbf.ejb.remotemgr.RemoteMgrBeanEOImpl.getSystemStateData(RemoteMg
rBeanEOImpl.java:1492)
at
com.kbf.ejb.remotemgr.RemoteMgrBeanEOImpl_WLSkel.invoke(RemoteMgrBean
EOImpl_WLSkel.java:395)
at
weblogic.rmi.extensions.BasicServerObjectAdapter.invoke(BasicServerOb
jectAdapter.java:347)
at
weblogic.rmi.extensions.BasicRequestHandler.handleRequest(BasicReques
tHandler.java:86)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest
.java:15)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)

minjiang

unread,
Jul 2, 2001, 6:05:43 AM7/2/01
to
Actually this is wrong. The "guest" prompts me to type in the "system"
credentials, before it can run everyting correctly.
So i must still miss out something.

Can anybody help me solve this?

mj

minjiang

unread,
Jul 2, 2001, 11:24:47 PM7/2/01
to
Hi all:
I made some debugging on WLS. It appears that the StatefulEJBCache,
StatefulEJBHome, StatefulEJBObject class in sp9 are different with sp8.
If i use weblogic510sp9.jar with these few files using sp8, my application can
run correctly. Only difference is WLS keeps complaining NoSuchMethodError on
StatefulEJBCache.trigger() (line 571).

So, since the reason is because this weblogic.ejb.internal package is changed,
this should be the proper group to post.

And, it also appears that WLS sp9 still does NOT passivate the entity beans in
one Tx. It throws CacheFullException in sp9, in sp8 WLS just hangs without any
exception till timeout the Tx after 300 seconds. (I remember somewhere i read sp9
will passivate beans in one Tx)

Thanks.

minjiang

0 new messages