I searched the traces for any application exception but found none.
Could you pls comment on this?
thanks
sriram
SystemOut U =>loadFromDB
SystemOut U =>getConnection
SystemOut U <=getConnection
SystemOut U <=loadFromDB
SystemOut U =>getRealm
SystemOut U <=getRealm
CustomRegistr A SECJ0136A: Custom.Registry:was4.registry.DBRegistry.has.been.
initialized
SystemOut U =>checkPassword
SystemOut U <=checkPassword
SystemOut U ||getUserDisplayName
SystemOut U ||getUniqueUserId
SystemOut U ||getUniqueUserId
SystemOut U =>getUniqueGroupIds
SystemOut U =>getGroupsForUser
SystemOut U <=getGroupsForUser
SystemOut U <=getUniqueGroupIds
SystemOut U =>loadFromDB
SystemOut U =>getConnection
SystemOut U <=getConnection
SystemOut U <=loadFromDB
SystemOut U =>getRealm
SystemOut U <=getRealm
CustomRegistr A SECJ0136A: Custom.Registry:was4.registry.DBRegistry.has.been.
initialized
SystemOut U =>checkPassword
SystemOut U <=checkPassword
SystemOut U ||getUserDisplayName
SystemOut U ||getUniqueUserId
SystemOut U ||getUniqueUserId
SystemOut U =>getUniqueGroupIds
SystemOut U =>getGroupsForUser
SystemOut U <=getGroupsForUser
SystemOut U <=getUniqueGroupIds
ConnectO W Illegal use of 1PC resource in transaction
...
thanks
sriram
configure the datasource to use a 2 phase commit driver instead of a
1PC driver.
DB2:
COM.ibm.db2.jdbc.DB2ConnectionPoolDataSource (one phase commit
protocol)
COM.ibm.db2.jdbc.DB2XADataSource (two phase commit protocol)
Oracle:
oracle.jdbc.pool.OracleConnectionPoolDataSource (one phase commit
protocol)
oracle.jdbc.xa.client.OracleXADataSource (two phase commit protocol)
But I still don't know for sure why this change is needed. In my case,
I use Oracle as admin server DB and DB2 as application DB. My custom
registry uses the
application DB.
So I believe that changing the global security settings to use custom
registry in my case somehow necessitates a commit across Oracle and
DB2. That would explain why the custom registry implementation should
use an XADatasource. Of course, all this theorizing is based on the
assumption that the admin server itself uses a 2PC driver to talk to
the admin database.
Could someone from IBM pls comment on this?
thanks
sriram
I too have written an RDBMS implementation of the CustomRegistry
(thanks for figuring out about the 2 phase commit driver!). I'm
running into a different problem I don't quite understand, however.
I'm hoping maybe you have an idea.
I can install my CustomRegistry into WAS 4.0 with no problem. I enter
a username and password of a user that exists in my registry, and hit
"ok." I get no errors, just a message telling me I need to restart the
Admin Server before changes take effect. So far, so good.
The next time I start the admin server, however, I get the following
error:
=========
ExtendedMessage: CNTR0019E: Non-application exception occurred while
processing method find: com.ibm.websphere.csi.CSIException: SECJ0053E:
Authorization failed for MyRegistry/joe while invoking (Home)
ejsadmin/homes/SecurityConfigHome find:0 securityName:
MyRegistry/joe;accessID: MyRegistry/joe is not granted any of the
required roles:
AdminRole
========
I made sure that the user I entered on the authentication page ("joe")
is selected in the Administrative Role page, as well as a group that
joe is a member of. I would think that that's all I have to do to
insure that everything's fine, but I'm still getting the above error.
Is there something I'm missing?
Thanks!
Brad Koehn
You could check a little thing. There is a bug in the Custom Registry
implemenatation in that it calls the 'getDisplayName' method when it
actually should be calling the 'getSecurityName' method. You could try
keeping both names (display name and Security name- which is the user
Id) exactly same.
Apart from that, you could temporarily insert System.out traces into
each method of your CustomRegistry implementation (well, I don't have
to tell you this :-) )
Is you admin server failing to start or throwing the exception and
starting anyway?
-sriram
That's it! Thank you so much! I had inserted debugging calls into my
code, and saw WAS was calling getDisplayName(), but I assumed WAS knew
what it was doing (I know, why assume that WAS would work?). As soon
as I changed 'joe''s Display Name to be 'joe', everything worked
perfectly!
> Is you admin server failing to start or throwing the exception and
> starting anyway?
That was the interesting part. The admin server would throw an
exception, start anyway, and then when you tried to login via the
admin console, the admin server would immediately crash, and then
relaunch. After two or three cycles, the admin server would no longer
relaunch.
Thanks Sriram, I owe you a beer (or other pleasant beverage, as you
prefer).