java.lang.SecurityException: Authentication for user system denied in realm wl_realm
Jed Zimmer
server and the init method of the preloaded item results in a call to the
app server. If I don't preload and then manually invoke the JSP or servlet
after the web server completely loads the call to the app server does not
produce the exception. The only security differences between the web and
app servers are the console and system passwords. I can fix the problem by
making the passwords (system and console) the same across the board, but
find it hard to believe that this is the true solution. I would prefer
sticking with the default security settings.
I've poured through hundreds of messages. I can find similar problems but
not this exact problem.
Any ideas would truly be appreciated!
More information:...
App and Web server are both wls 6.1.1.0 running on the same SUN Solaris box.
Both are using the basic, out of the box, security.
The App server has SSL disabled.
The exception reported in the app server's log is:
java.lang.SecurityException: Authentication for user system denied in realm
wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.security.acl.internal.Security.verify(Security.java:87)
at
weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
2)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The exception reported in the web server's log is:
java.lang.SecurityException: Authentication for user system denied in realm
wl_realm
at
weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
java:85)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:255)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:222)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy54.lookup(Unknown Source)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at
com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
at
com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
at
com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
ctory.java:305)
at
com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
)
at
com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
va:106)
at
com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
30)
at
weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
:700)
at
weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
va:643)
at
weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
a:588)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
ontext.java:2203)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
Context.java:2147)
at
weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
a:884)
at
weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
ava:807)
at
weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
at weblogic.j2ee.Application.addComponent(Application.java:160)
at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:329)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:144)
at
weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
76)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy33.addWebDeployment(Unknown Source)
at
weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
t(WebServerMBean_CachingStub.java:1094)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:315)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
Target.java:279)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
eploymentTarget.java:233)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
entTarget.java:193)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy32.updateDeployments(Unknown Source)
at
weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
ServerMBean_CachingStub.java:2734)
at
weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
icationManager.java:362)
at
weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
r.java:154)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy45.start(Unknown Source)
at
weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
ApplicationManagerMBean_CachingStub.java:480)
at
weblogic.management.Admin.startApplicationManager(Admin.java:1151)
at weblogic.management.Admin.finish(Admin.java:570)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
at weblogic.Server.main(Server.java:35)
Thanks,
Jed Zimmer
Joseph Nguyen
"Jed Zimmer" <jed.z...@qwest.com> wrote in message
news:3c9a...@newsgroups.bea.com...
> I am experiencing this error when a servlet or JSP is preloaded on the web
> server and the init method of the preloaded item results in a call to the
> app server. If I don't preload and then manually invoke the JSP or
servlet
> after the web server completely loads the call to the app server does not
> produce the exception. The only security differences between the web and
> app servers are the console and system passwords. I can fix the problem
by
> making the passwords (system and console) the same across the board, but
> find it hard to believe that this is the true solution
I don't quite understand what you mean by "console" password? Are you
talking about the admin console? If so then it's confusing because you have
to log into the console using the system user. If you can clarify more here
it would great.
Joseph Nguyen
BEA Support
Jed Zimmer
<domain-name>domain.ksh file. The DOMAIN_SYSTEM_PASSWORD value (if
specified) has to match the system user's password or else the server will
not start/stop.
I have determined more since my post. A startup class also produces the
same error. I have minimized my environments as follows and still receive
the exception, and a soon as I synchronize the system users' passwords on
the app/web server the problem goes away. Or, I can keep the passwords
different and just not access the app server EJBs until after the web server
finished loading, which also causes the error to go away. I'm just confused
about what I might be doing wrong.
Steps to produce the error:
App server:
- Installed from 6.1.1.0 from scratch and started it up.
- Changed the system user's password from the admin console, persisting the
changes.
- Modified logging settings to see more info in the log files.
- Disabled instrument stack traces.
- Stopped/Started the app server
Web server:
- Installed from 6.1.1.0 from scratch and started it up.
- Modified logging settings to see more info in the log files.
- Disabled instrument stack traces.
- Added a servlet to the DefaultWebApp_insiteserver application
- specified name and class
- the load on startup setting defaulted to zero, which will cause the
preloading
- Added 3 jar files to the classpath to support the EJB call
- Stopped/Started the web server
When the web server loads the servlet loads and tries to locate the EJB on
the app server. The app server throws the security exception. The app/web
servers are both running on the same SUN box, have the same IP address
(different ports) and I'm using non-SSL. Each server is it's own WLS
environment. The only installed file that is shared it the
weblogic_domain_registry.dat file in the root directory. As for security,
I'm doing nothing except changing one password (system user on the app
server).
I then tried to manually upgrade the app/web servers to 6.1.2.0 by updating
the WEBLOGIC_ROOT in the respective xxxxdomain.ksh files. Same problem.
I then cleanly reinstalled the app/web servers using version 6.1.2.0 and
configured as above. Same problem.
Let me know if I need to provide additional details.
Thanks,
Jed Zimmer
"Joseph Nguyen" <Re...@ToNewsgroups.Only> wrote in message
news:3ca3...@newsgroups.bea.com...