Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CORBA NO_PERMISSION exception with JAAS & wlclient.jar

30 views
Skip to first unread message

Andy Piper

unread,
Mar 18, 2004, 12:46:30 PM3/18/04
to
Tim Lee <tl...@nexagent.com> writes:

> I'm getting a CORBA NO_PERMISSION exception when I try and invoke an secure EJB using the wlclient.jar and authenticating using JAAS.
>
> UsernamePasswordLoginModule.initialize(), debug enabled
> UsernamePasswordLoginModule.initialize(), authOnLogin enabled
> UsernamePasswordLoginModule.login(), username weblogic
> UsernamePasswordLoginModule.login(), URL t3://localhost:7001
> Logged in
> Invoking EJB
>
> java.rmi.AccessException: CORBA NO_PERMISSION 0 Maybe;
> nested exception is: org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: Maybe
> at com.sun.corba.se.internal.iiop.ShutdownUtilDelegate.mapSystemException(ShutdownUtilDelegate.java:95)
> at javax.rmi.CORBA.Util.mapSystemException(Util.java:65)

So it works for me :) Are you setting your jaas.config? Can you post
your client code? When you say "secure ejb" what do you mean?

> The login is successfull, but I get the org.omg.CORBA.NO_PERMISSION when invoking the EJB. If I replace wlclient.jar with weblogic.jar it works fine! But we can't use weblogic.jar in our deployed client, because a) it's HUGE, b) it conflicts with Ant 1.6.1.

What version of 8.1 are you using?

andy
--

Tim Lee

unread,
Mar 19, 2004, 4:28:29 AM3/19/04
to

Hi Andy,

Sorry, should have said. According to the manifest in weblogic.jar, it's 8.1.2.0

Cheers,

Tim

Alex Cheung

unread,
Mar 23, 2004, 10:44:05 AM3/23/04
to

Not sure if this help...

We've ran into this error before when we use a credential longer than 64 bytes.
Yes, 64 bytes. That's the limit on the length of the password for the stupid
IIOP implementation. I wish they increase this limit.

-alex

Tim Lee <tl...@nexagent.com> wrote:
>Hi,


>
>I'm getting a CORBA NO_PERMISSION exception when I try and invoke an
>secure EJB using the wlclient.jar and authenticating using JAAS.
>
>UsernamePasswordLoginModule.initialize(), debug enabled
>UsernamePasswordLoginModule.initialize(), authOnLogin enabled
>UsernamePasswordLoginModule.login(), username weblogic
>UsernamePasswordLoginModule.login(), URL t3://localhost:7001
>Logged in
>Invoking EJB
>
>java.rmi.AccessException: CORBA NO_PERMISSION 0 Maybe;
> nested exception is: org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor
>code: 0 completed: Maybe
> at com.sun.corba.se.internal.iiop.ShutdownUtilDelegate.mapSystemException(ShutdownUtilDelegate.java:95)
>
> at javax.rmi.CORBA.Util.mapSystemException(Util.java:65)
>

>The login is successfull, but I get the org.omg.CORBA.NO_PERMISSION when
>invoking the EJB. If I replace wlclient.jar with weblogic.jar it works
>fine! But we can't use weblogic.jar in our deployed client, because
>a) it's HUGE, b) it conflicts with Ant 1.6.1.
>

>Any ideas?
>
>Thanks,
>
> Tim

Andy Piper

unread,
Mar 23, 2004, 11:26:00 AM3/23/04
to
"Alex Cheung" <ac...@geac.com> writes:

> We've ran into this error before when we use a credential longer than 64 bytes.
> Yes, 64 bytes. That's the limit on the length of the password for the stupid
> IIOP implementation. I wish they increase this limit.

That seems like an odd limitation to me. I would suspect that its a
bug rather than by design. The GSS encoding for tokens has a boundary
condition at 127 bytes, so I would expect you are seeing a problem
with the >127 codepath.

In any case you should raise a support call so that we can get this
fixed. Thanks for the report.

andy

Stephan Staeheli

unread,
May 4, 2004, 9:28:33 AM5/4/04
to

Now did anybody raise a support call? I've encountered the same problem and would
like to have this fixed.

Stephan

Andy Piper

unread,
May 4, 2004, 11:21:55 AM5/4/04
to
"Stephan Staeheli" <stephan.nos...@swisslife.ch> writes:

I haven't seen a support case and I checked with the person who did
the GSS implementation and it looks correct. So there is no obvious
problem that we can see. If you have a testcase that would help
expedite things.

andy

Andy Piper

unread,
May 4, 2004, 2:52:50 PM5/4/04
to
"Stephan Staeheli" <stephan.nos...@swisslife.ch> writes:

> Now did anybody raise a support call? I've encountered the same problem and would
> like to have this fixed.

I have replicated this. Turns out there is a bug in the server
decoding long GSS tokens. If you contact support you can get a
patch. The CR is CR181321.

Thanks

andy

Stephan Staeheli

unread,
May 7, 2004, 4:54:15 AM5/7/04
to

Hi Andy

Thanks alot for your help. There a several CRs existing for this bug: CR500902
and CR133552. I'm in contact with support to get the bug fix.

Thanks again,
Stephan

Andy Piper

unread,
May 7, 2004, 11:46:13 AM5/7/04
to
"Stephan Staeheli" <stephan.nos...@swisslife.ch> writes:

> Thanks alot for your help. There a several CRs existing for this bug: CR500902
> and CR133552. I'm in contact with support to get the bug fix.

You mean there are several bugs triggering the same apparent
failure. The ones you refer to here are not password length limit
bugs.

CR181321 made it into 8.1sp3 BTW

andy

0 new messages