1 Reply Latest reply: Mar 28, 2012 11:02 AM by 799049 RSS

    EJB Remote Context lookup- Invalid Subject: principals.pls help

    706742
      Hi all,
      We have 2 weblogic 11 app server . ejbhost.ear project on one weblogic ,and the clientweb.war another weblogic . both of them same domain.
      1)ejbhost.ear contains one ejhost-module.jar
      below is weblogic-ejb-jar.xml inside ejbhost-module.jar

      <weblogic-ejb-jar xmlns="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-ejb-jar http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.0/weblogic-ejb-jar.xsd">
      <weblogic-enterprise-bean>
      <ejb-name>NOrtakOnlineConnector</ejb-name>
      <stateless-session-descriptor/>
      <enable-call-by-reference>true</enable-call-by-reference>
      </weblogic-enterprise-bean>
      <security-role-assignment>
      <role-name>ortakOnlineRole</role-name>
      <principal-name>userGroup</principal-name>
      </security-role-assignment>
      </weblogic-ejb-jar>

      weblogic-application.xml is inside ear project config file
      <weblogic-application xmlns="http://xmlns.oracle.com/weblogic/weblogic-application" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/javaee_5.xsd http://xmlns.oracle.com/weblogic/weblogic-application http://xmlns.oracle.com/weblogic/weblogic-application/1.0/weblogic-application.xsd">
      <security>
      <realm-name>myrealm</realm-name>
      <security-role-assignment>
      <role-name>ortakOnlineRole</role-name>
      <principal-name>userGroup</principal-name>
      </security-role-assignment>
      </security>
      </weblogic-application>
      </weblogic-ejb-jar>

      and my ejb bean on host side is

      @Stateless(mappedName="OrtakOnlineConnector",name="NOrtakOnlineConnector")
      public class OrtakOnlineConnector<T> implements OrtakOnlineConnectorRemote {

      private static Connection con = null;
      private AllSqlScripts sqlScripts=AllSqlScripts.getInstance();

      @Override
      @RolesAllowed({"ortakOnlineRole"})
      public List<T> getContainerFromRs(String clazzName, HashMap ortIds2Parameters) {
      System.out.println("\n\n\n\n\nGIRDI\n\n\n\n\n\n\n\n\n\n\n\n");
      return sqlScripts.findResultsetFromRs(clazzName, ortIds2Parameters);
      }
      }
      and client side web project

      login action{
      fc = FacesContext.getCurrentInstance();
      HttpServletRequest req = (HttpServletRequest) fc.getExternalContext().getRequest();
      System.out.println("u_name

      " + u_name);

      req.login(u_name, u_pass);// on client side authendicate is successfull sam user but i try to connect another weblogic throwss security exp
      functions = Functions.getInstance();
      remote = (OrtakOnlineConnectorRemote) this.functions.getLookedUpObjectFromContext(ApplicationBean.lookUp4MySessionBeanRemote);
      }
      Hashtable ht = new Hashtable();
      ht.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
      ht.put(Context.PROVIDER_URL, "t3://192.168.1.163:7001");
      ht.put(Context.SECURITY_PRINCIPAL, "129769");//username
      ht.put(Context.SECURITY_CREDENTIALS, "12345678");
      ht.put(Context.SECURITY_AUTHENTICATION, "simple");
      ctx4oracle = new InitialContext(ht);
      //----------client weblogic.xml------------

      ?xml version="1.0" encoding="UTF-8"?>
      <weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
      http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd
      http://xmlns.oracle.com/weblogic/weblogic-web-app
      http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
      <jsp-descriptor>
      <keepgenerated>true</keepgenerated>
      <debug>true</debug>
      </jsp-descriptor>
      <context-root>/WebOrtakOnlineClient</context-root>
      <fast-swap>
      <enabled>true</enabled>
      </fast-swap>
      <security-role-assignment>
      <role-name>OrtakOnlineRole</role-name>
      <principal-name>userGroup</principal-name>
      </security-role-assignment>
      </weblogic-web-app>
      //------------------below part is in web.xml


      <security-constraint>
      <display-name>userConstraints</display-name>
      <web-resource-collection>
      <web-resource-name>User</web-resource-name>
      <description/>
      <url-pattern>/secureuser/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <description/>
      <role-name>OrtakOnlineRole</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>myrealm</realm-name>
      <form-login-config>
      <form-login-page>/login.jsf</form-login-page>
      <form-error-page>/loginError.jsf</form-error-page>
      </form-login-config>
      </login-config>
      <security-role>
      <description/>
      <role-name>OrtakOnlineRole</role-name>
      </security-role>
      <security-role>
      <description/>
      <role-name>AdminRole</role-name>
      </security-role>
      this user 129769 exists in weblogic that ejbhost.ear is deployed and this user also exist the another weblogic.

      problem is : i can create context but whenever i try to do ctx4oracle.lookup(bla bla) , i get exception

      java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[129769, userGroup]
      at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
      at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464)
      at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272)
      at weblogic.jndi.internal.ServerNamingNode_1211_WLStub.lookup(Unknown Source)
      at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:418)
      at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:406)
      at javax.naming.InitialContext.lookup(InitialContext.java:392)
      at com.polsan.client.Functions.getLookedUpObjectFromContext(Functions.java:29)
      at com.polsan.managedbean.Login.login(Login.java:42)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.el.BeanELResolver.invokeMethod(BeanELResolver.java:748)
      at javax.el.BeanELResolver.invoke(BeanELResolver.java:470)
      at javax.el.CompositeELResolver.invoke(CompositeELResolver.java:257)
      at com.sun.el.parser.AstValue.invoke(AstValue.java:249)
      at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:302)
      at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
      at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
      at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
      at javax.faces.component.UICommand.broadcast(UICommand.java:315)
      at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:794)
      at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1259)
      at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
      at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
      at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
      at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:242)
      at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:216)
      at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:132)
      at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:352)
      at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
      at weblogic.servlet.utils.FastSwapFilter.doFilter(FastSwapFilter.java:64)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
      at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3288)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3254)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
      at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
      at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2163)
      at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2089)
      at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2074)
      at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1512)
      at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
      Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[129769, userGroup]
      at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
      at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
      at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:352)
      at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
      at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)
      at weblogic.rmi.cluster.ClusterableServerRef.dispatch(ClusterableServerRef.java:242)
      at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1141)
      at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1023)
      at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
      at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:888)
      at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:512)
      at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:330)
      at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
      at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
      at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
      at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
      <Mar 4, 2012 11:03:25 PM EET> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=ForeignJNDIProviderTablePage.>
        • 1. Re: EJB Remote Context lookup- Invalid Subject: principals.pls help
          799049
          I had a similar problem like this. The problem was caused by a pending security change that required the restart of the WL Admin Console. Restarting the Admin Console and all managed servers solved the problem.

          In the Admin Console, in the security configuration of the deployment instead of the table with the roles it was the following error message:
          This page is not available because non-dynamic changes have been made and the Admin Server requires a restart. Please restart the Admin Server to make this page available. Alternatively, you can make this page available by enabling "Allow Security Management Operations if Non-dynamic Changes have been Made" field on the Domain: Security page. (Link to Domain Security Page)

          Edited by: Mircea Vutcovici on Mar 28, 2012 12:00 PM