> I'm getting a CORBA NO_PERMISSION exception when I try and invoke an secure EJB using the wlclient.jar and authenticating using JAAS.
>
> UsernamePasswordLoginModule.initialize(), debug enabled
> UsernamePasswordLoginModule.initialize(), authOnLogin enabled
> UsernamePasswordLoginModule.login(), username weblogic
> UsernamePasswordLoginModule.login(), URL t3://localhost:7001
> Logged in
> Invoking EJB
>
> java.rmi.AccessException: CORBA NO_PERMISSION 0 Maybe;
> nested exception is: org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: Maybe
> at com.sun.corba.se.internal.iiop.ShutdownUtilDelegate.mapSystemException(ShutdownUtilDelegate.java:95)
> at javax.rmi.CORBA.Util.mapSystemException(Util.java:65)
So it works for me :) Are you setting your jaas.config? Can you post
your client code? When you say "secure ejb" what do you mean?
> The login is successfull, but I get the org.omg.CORBA.NO_PERMISSION when invoking the EJB. If I replace wlclient.jar with weblogic.jar it works fine! But we can't use weblogic.jar in our deployed client, because a) it's HUGE, b) it conflicts with Ant 1.6.1.
What version of 8.1 are you using?
andy
--
Sorry, should have said. According to the manifest in weblogic.jar, it's 8.1.2.0
Cheers,
Tim
We've ran into this error before when we use a credential longer than 64 bytes.
Yes, 64 bytes. That's the limit on the length of the password for the stupid
IIOP implementation. I wish they increase this limit.
-alex
Tim Lee <tl...@nexagent.com> wrote:
>Hi,
>
>I'm getting a CORBA NO_PERMISSION exception when I try and invoke an
>secure EJB using the wlclient.jar and authenticating using JAAS.
>
>UsernamePasswordLoginModule.initialize(), debug enabled
>UsernamePasswordLoginModule.initialize(), authOnLogin enabled
>UsernamePasswordLoginModule.login(), username weblogic
>UsernamePasswordLoginModule.login(), URL t3://localhost:7001
>Logged in
>Invoking EJB
>
>java.rmi.AccessException: CORBA NO_PERMISSION 0 Maybe;
> nested exception is: org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor
>code: 0 completed: Maybe
> at com.sun.corba.se.internal.iiop.ShutdownUtilDelegate.mapSystemException(ShutdownUtilDelegate.java:95)
>
> at javax.rmi.CORBA.Util.mapSystemException(Util.java:65)
>
>The login is successfull, but I get the org.omg.CORBA.NO_PERMISSION when
>invoking the EJB. If I replace wlclient.jar with weblogic.jar it works
>fine! But we can't use weblogic.jar in our deployed client, because
>a) it's HUGE, b) it conflicts with Ant 1.6.1.
>
>Any ideas?
>
>Thanks,
>
> Tim
> We've ran into this error before when we use a credential longer than 64 bytes.
> Yes, 64 bytes. That's the limit on the length of the password for the stupid
> IIOP implementation. I wish they increase this limit.
That seems like an odd limitation to me. I would suspect that its a
bug rather than by design. The GSS encoding for tokens has a boundary
condition at 127 bytes, so I would expect you are seeing a problem
with the >127 codepath.
In any case you should raise a support call so that we can get this
fixed. Thanks for the report.
andy
Stephan
I haven't seen a support case and I checked with the person who did
the GSS implementation and it looks correct. So there is no obvious
problem that we can see. If you have a testcase that would help
expedite things.
andy
> Now did anybody raise a support call? I've encountered the same problem and would
> like to have this fixed.
I have replicated this. Turns out there is a bug in the server
decoding long GSS tokens. If you contact support you can get a
patch. The CR is CR181321.
Thanks
andy
Thanks alot for your help. There a several CRs existing for this bug: CR500902
and CR133552. I'm in contact with support to get the bug fix.
Thanks again,
Stephan
> Thanks alot for your help. There a several CRs existing for this bug: CR500902
> and CR133552. I'm in contact with support to get the bug fix.
You mean there are several bugs triggering the same apparent
failure. The ones you refer to here are not password length limit
bugs.
CR181321 made it into 8.1sp3 BTW
andy