Authentication for user joe denied in realm wl_realm
java.lang.SecurityException: Authentication for user joe denied in realm wl_realm
at weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.java:76)
I don't know what this wl_realm is? As far as I know, we are using RDBMS realm
- which
authenicate the logon user with the users kept in some database tables(i.e. USER,
ACLENTRIES, GROUPMEMBER)
Doesn't anyone know what this wl_realm error? what about wl_realm vs RDBMS realm?
What's the different?
Why does this message occur when we are using RDBMS realm?
Thanks in advance.
terry
Also, yaodong, where did you learn this information? There seems to a lot
of knowledge that is required to
write a custom realm or even to take the RDBMS realm and make it production
ready, but
I cannot find this information in any of the WL6.0 documentation. My only
hope is that
people who like to be helpful, (such as yourself), answer posts to this
group.
As an observation, the lack of documentation about realms and in particular
the RDBMS realm happens often
on this group.
Bill.
"yaodong Hu" <y...@netegrity.com> wrote in message
news:3af2b835$1...@newsgroups.bea.com...
Also, there was a mention about eliminating the cache and using only the
realm. As far as the documents that I have read, I understood that you need
to have a caching realm which could contain a custom realm (RDBMS, or LDAP
or NT ) as your alternative realm. The weblogic server first authenticates
against the custom realm and if that fails, it tries to authenticate against
the file realm. I have never seen any documents where you could only have
your custom realm authenticate a user.
Can somebody please clarify this.
1. Is it possible to not use the caching realm in 6.0 ?
2. If the cache goes bad or gets corrupted, how is possible to refresh the
cache.
3. If you do not install your custom realm into a caching realm and make the
security use that caching realm,
how would you hook up with the security (such as acls and permissions )
all your other resources (such as jsp, servlets etc.,)
thank you very much for your response.
veena.
"THorner" <THo...@DANCERACE01.DANCERACE.com> wrote in message
news:B4D7B3CBF165D311844100C04F4E3E1B031243@DANCERACE01...
You are correct - in WLS 6.0, when using a custom realm
(or rdbms realm, nt realm, unix realm or ldap realm),
you have to use the caching realm too and you are
backed up by the file realm. There's no getting around
this.
There are configuration parameters on the caching realm
to turn off caching, or to limit how long items are
kept in the cache. However, the caching realm itself
must be present (basically, it does more than caching -
it also coordinates the fail over to the file realm).
If you bring up the admin console, you can adjust the
caching realm parameters. You'll need to restart wls
after making the changes.
Also, you can clear the cache by using the console.
I don't remember the exact details but it's something
like right click the realm and there's an option to
synchronize or refresh the realms. Do this, and it
causes the caching realms in all servers to clear their
caches.
This is really useful - for example, imagine
that you've just deleted a user's account in ldap - this
will propagate that change to all the wls servers - great if
you need to immediately cancel a user's account.
Thanks, -Tom Moreau
"Bill Ralenkotter" <bill.ral...@ps.net> wrote in message
news:3af2ea1f$1...@newsgroups.bea.com...