This discussion is archived
1 Reply Latest reply: Mar 28, 2012 9:02 AM by 799049 RSS

EJB Remote Context lookup- Invalid Subject: principals.pls help

706742 Newbie
Currently Being Moderated
Hi all,
We have 2 weblogic 11 app server . ejbhost.ear project on one weblogic ,and the clientweb.war another weblogic . both of them same domain.
1)ejbhost.ear contains one ejhost-module.jar
below is weblogic-ejb-jar.xml inside ejbhost-module.jar

<weblogic-ejb-jar xmlns="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-ejb-jar http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.0/weblogic-ejb-jar.xsd">
<weblogic-enterprise-bean>
<ejb-name>NOrtakOnlineConnector</ejb-name>
<stateless-session-descriptor/>
<enable-call-by-reference>true</enable-call-by-reference>
</weblogic-enterprise-bean>
<security-role-assignment>
<role-name>ortakOnlineRole</role-name>
<principal-name>userGroup</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>

weblogic-application.xml is inside ear project config file
<weblogic-application xmlns="http://xmlns.oracle.com/weblogic/weblogic-application" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/javaee_5.xsd http://xmlns.oracle.com/weblogic/weblogic-application http://xmlns.oracle.com/weblogic/weblogic-application/1.0/weblogic-application.xsd">
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>ortakOnlineRole</role-name>
<principal-name>userGroup</principal-name>
</security-role-assignment>
</security>
</weblogic-application>
</weblogic-ejb-jar>

and my ejb bean on host side is

@Stateless(mappedName="OrtakOnlineConnector",name="NOrtakOnlineConnector")
public class OrtakOnlineConnector<T> implements OrtakOnlineConnectorRemote {

private static Connection con = null;
private AllSqlScripts sqlScripts=AllSqlScripts.getInstance();

@Override
@RolesAllowed({"ortakOnlineRole"})
public List<T> getContainerFromRs(String clazzName, HashMap ortIds2Parameters) {
System.out.println("\n\n\n\n\nGIRDI\n\n\n\n\n\n\n\n\n\n\n\n");
return sqlScripts.findResultsetFromRs(clazzName, ortIds2Parameters);
}
}
and client side web project

login action{
fc = FacesContext.getCurrentInstance();
HttpServletRequest req = (HttpServletRequest) fc.getExternalContext().getRequest();
System.out.println("u_name

" + u_name);

req.login(u_name, u_pass);// on client side authendicate is successfull sam user but i try to connect another weblogic throwss security exp
functions = Functions.getInstance();
remote = (OrtakOnlineConnectorRemote) this.functions.getLookedUpObjectFromContext(ApplicationBean.lookUp4MySessionBeanRemote);
}
Hashtable ht = new Hashtable();
ht.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
ht.put(Context.PROVIDER_URL, "t3://192.168.1.163:7001");
ht.put(Context.SECURITY_PRINCIPAL, "129769");//username
ht.put(Context.SECURITY_CREDENTIALS, "12345678");
ht.put(Context.SECURITY_AUTHENTICATION, "simple");
ctx4oracle = new InitialContext(ht);
//----------client weblogic.xml------------

?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd
http://xmlns.oracle.com/weblogic/weblogic-web-app
http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
<jsp-descriptor>
<keepgenerated>true</keepgenerated>
<debug>true</debug>
</jsp-descriptor>
<context-root>/WebOrtakOnlineClient</context-root>
<fast-swap>
<enabled>true</enabled>
</fast-swap>
<security-role-assignment>
<role-name>OrtakOnlineRole</role-name>
<principal-name>userGroup</principal-name>
</security-role-assignment>
</weblogic-web-app>
//------------------below part is in web.xml


<security-constraint>
<display-name>userConstraints</display-name>
<web-resource-collection>
<web-resource-name>User</web-resource-name>
<description/>
<url-pattern>/secureuser/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>OrtakOnlineRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myrealm</realm-name>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/loginError.jsf</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>OrtakOnlineRole</role-name>
</security-role>
<security-role>
<description/>
<role-name>AdminRole</role-name>
</security-role>
this user 129769 exists in weblogic that ejbhost.ear is deployed and this user also exist the another weblogic.

problem is : i can create context but whenever i try to do ctx4oracle.lookup(bla bla) , i get exception

java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[129769, userGroup]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272)
at weblogic.jndi.internal.ServerNamingNode_1211_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:418)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:406)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at com.polsan.client.Functions.getLookedUpObjectFromContext(Functions.java:29)
at com.polsan.managedbean.Login.login(Login.java:42)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.el.BeanELResolver.invokeMethod(BeanELResolver.java:748)
at javax.el.BeanELResolver.invoke(BeanELResolver.java:470)
at javax.el.CompositeELResolver.invoke(CompositeELResolver.java:257)
at com.sun.el.parser.AstValue.invoke(AstValue.java:249)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:302)
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:794)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1259)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:242)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:216)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:132)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:352)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at weblogic.servlet.utils.FastSwapFilter.doFilter(FastSwapFilter.java:64)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3288)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3254)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2163)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2089)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2074)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1512)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[129769, userGroup]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:352)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)
at weblogic.rmi.cluster.ClusterableServerRef.dispatch(ClusterableServerRef.java:242)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1141)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1023)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:888)
at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:512)
at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:330)
at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
<Mar 4, 2012 11:03:25 PM EET> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=ForeignJNDIProviderTablePage.>
  • 1. Re: EJB Remote Context lookup- Invalid Subject: principals.pls help
    799049 Newbie
    Currently Being Moderated
    I had a similar problem like this. The problem was caused by a pending security change that required the restart of the WL Admin Console. Restarting the Admin Console and all managed servers solved the problem.

    In the Admin Console, in the security configuration of the deployment instead of the table with the roles it was the following error message:
    This page is not available because non-dynamic changes have been made and the Admin Server requires a restart. Please restart the Admin Server to make this page available. Alternatively, you can make this page available by enabling "Allow Security Management Operations if Non-dynamic Changes have been Made" field on the Domain: Security page. (Link to Domain Security Page)

    Edited by: Mircea Vutcovici on Mar 28, 2012 12:00 PM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points