Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

wl_realm vs rdbms realm

2 views
Skip to first unread message

Cy Young

unread,
May 3, 2001, 2:15:27 PM5/3/01
to

I got this error message, which said it can't verify user 'joe' in the wl_realm

Authentication for user joe denied in realm wl_realm
java.lang.SecurityException: Authentication for user joe denied in realm wl_realm
at weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.java:76)

I don't know what this wl_realm is? As far as I know, we are using RDBMS realm
- which
authenicate the logon user with the users kept in some database tables(i.e. USER,
ACLENTRIES, GROUPMEMBER)

Doesn't anyone know what this wl_realm error? what about wl_realm vs RDBMS realm?
What's the different?
Why does this message occur when we are using RDBMS realm?

Thanks in advance.

Allan

unread,
May 3, 2001, 10:31:21 PM5/3/01
to
I am interested in finding out as well. I noticed today that even if I had
RDBMSRealm configured (and working), WL 6.0SP1 was still parsing
filerealm.properties and actually checking if the users defined in it can be
authenticated. If I renamed the file, WL wouldn't start. Weird and
dangerous.
"Cy Young" <sil...@visto.com> wrote in message
news:3af1922f$1...@newsgroups.bea.com...

THorner

unread,
May 4, 2001, 5:03:11 AM5/4/01
to
I imagine wl_realm is the weblogic realm, which is weblogic.properties,
which the caching realm uses as its backup realm

terry

yaodong Hu

unread,
May 4, 2001, 11:09:57 AM5/4/01
to

check the cachingRealm cache, if the user, authenticate, acl cache is turn on,
then when server startup , if may check the file realm first and then custom realm,
so it could got bad cache from fileRealm. My sense is that if you are using custom
realm , you could maintain your own cache and totally turn off the cachingRealm
cache.

Bill Ralenkotter

unread,
May 4, 2001, 1:41:28 PM5/4/01
to
Can WL6.0 be configured to not look for the FileRealm at all? I have not
been able
to remove this file even though I am using an RDBMS Realm. I assume that
some
base information will need to be in my RDBMS realm, something like system.

Also, yaodong, where did you learn this information? There seems to a lot
of knowledge that is required to
write a custom realm or even to take the RDBMS realm and make it production
ready, but
I cannot find this information in any of the WL6.0 documentation. My only
hope is that
people who like to be helpful, (such as yourself), answer posts to this
group.

As an observation, the lack of documentation about realms and in particular
the RDBMS realm happens often
on this group.

Bill.


"yaodong Hu" <y...@netegrity.com> wrote in message
news:3af2b835$1...@newsgroups.bea.com...

veena

unread,
May 4, 2001, 5:05:20 PM5/4/01
to
I don't think WL6.0 uses weblogic.properties file. What version are you
using?

Also, there was a mention about eliminating the cache and using only the
realm. As far as the documents that I have read, I understood that you need
to have a caching realm which could contain a custom realm (RDBMS, or LDAP
or NT ) as your alternative realm. The weblogic server first authenticates
against the custom realm and if that fails, it tries to authenticate against
the file realm. I have never seen any documents where you could only have
your custom realm authenticate a user.

Can somebody please clarify this.
1. Is it possible to not use the caching realm in 6.0 ?
2. If the cache goes bad or gets corrupted, how is possible to refresh the
cache.
3. If you do not install your custom realm into a caching realm and make the
security use that caching realm,
how would you hook up with the security (such as acls and permissions )
all your other resources (such as jsp, servlets etc.,)

thank you very much for your response.
veena.

"THorner" <THo...@DANCERACE01.DANCERACE.com> wrote in message
news:B4D7B3CBF165D311844100C04F4E3E1B031243@DANCERACE01...

Tom Moreau

unread,
May 7, 2001, 12:09:22 PM5/7/01
to

Veena,

You are correct - in WLS 6.0, when using a custom realm
(or rdbms realm, nt realm, unix realm or ldap realm),
you have to use the caching realm too and you are
backed up by the file realm. There's no getting around
this.

There are configuration parameters on the caching realm
to turn off caching, or to limit how long items are
kept in the cache. However, the caching realm itself
must be present (basically, it does more than caching -
it also coordinates the fail over to the file realm).
If you bring up the admin console, you can adjust the
caching realm parameters. You'll need to restart wls
after making the changes.

Also, you can clear the cache by using the console.
I don't remember the exact details but it's something
like right click the realm and there's an option to
synchronize or refresh the realms. Do this, and it
causes the caching realms in all servers to clear their
caches.

This is really useful - for example, imagine
that you've just deleted a user's account in ldap - this
will propagate that change to all the wls servers - great if
you need to immediately cancel a user's account.

Thanks, -Tom Moreau

Narinder Gaheer

unread,
May 11, 2001, 6:46:47 PM5/11/01
to
You can go to examples server to look for an RDBMSRealm example. Look for
the config.xml and there will be an RDBMSRealm tag in there. I initially
struggled with
weblogic documentation too (which doesn't mention about examples anywhere).

"Bill Ralenkotter" <bill.ral...@ps.net> wrote in message
news:3af2ea1f$1...@newsgroups.bea.com...

0 new messages