3 Replies Latest reply: Nov 19, 2012 12:06 AM by Kalyan Pasupuleti-Oracle RSS

    WLS SOA startup issues

    564841
      We installed SOA(11.1.5) on Linux without any issue,however when i am trying to start SOA
      <May 30, 2012 3:30:49 PM IST> <Error> <oracle.wsm.resources.policymanager> <WSM-02311> <Failed to retrieve requested documents due to underlying error "java.rmi.AccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=wsm-pm, module=wsm-pmserver-wls.jar, ejb=DocumentManager, method=retrieveDocuments, methodInterface=Remote, signature={java.lang.String,java.util.Map}.".>

      Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User OracleSystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User OracleSystemUser denied
      at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
      at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
      at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
      at sun.reflect.GeneratedMethodAccessor850.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
      at $Proxy28.login(Unknown Source)
      at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
      at com.bea.common.security.internal.service.IdentityImpersonationServiceImpl.impersonateIdentity(IdentityImpersonationServiceImpl.java:128)
      at sun.reflect.GeneratedMethodAccessor289.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
      at $Proxy49.impersonateIdentity(Unknown Source)
      at weblogic.security.service.PrincipalAuthenticator.impersonateIdentity(PrincipalAuthenticator.java:471)
      at weblogic.security.service.PrincipalAuthenticator.impersonateIdentity(PrincipalAuthenticator.java:452)
      at oracle.security.jps.wls.jaas.module.assertion.WlsUserAssertor.assertUser(WlsUserAssertor.java:65)
      at oracle.security.jps.internal.jaas.AbstractSubjectSecurity.getActionExecutor(AbstractSubjectSecurity.java:88)
      at oracle.wsm.policyaccess.ConfigurationFramework$ExecutorGetter.run(ConfigurationFramework.java:847)
      at oracle.wsm.policyaccess.ConfigurationFramework$ExecutorGetter.run(ConfigurationFramework.java:820)
      at oracle.wsm.policyaccess.ConfigurationFramework.getBean(ConfigurationFramework.java:1613)
      at oracle.wsm.policyaccess.ConfigurationFramework.access$500(ConfigurationFramework.java:133)
      at oracle.wsm.policyaccess.ConfigurationFramework$ContextualAccessor.configure(ConfigurationFramework.java:452)
      at oracle.wsm.policyaccess.ConfigurationFramework$ContextualAccessor.access$1400(ConfigurationFramework.java:299)
      at oracle.wsm.policyaccess.ConfigurationFramework.initializeAccessors(ConfigurationFramework.java:1915)
      at oracle.wsm.policyaccess.ConfigurationFramework.access$200(ConfigurationFramework.java:133)
      at oracle.wsm.policyaccess.ConfigurationFramework$ConfigRefreshTask.run(ConfigurationFramework.java:277)
      at oracle.wsm.common.scheduler.TimerManagerWrapper$TimerListenerImpl.timerExpired(TimerManagerWrapper.java:57)
      at weblogic.timers.internal.commonj.ListenerWrap.timerExpired(ListenerWrap.java:37)
      at weblogic.timers.internal.TimerImpl.run(TimerImpl.java:273)
      at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
        • 1. Re: WLS SOA startup issues
          ngsankar
          are u starting the soa managed server using nodemanger? if so try to start the managed server from the putty console and check, Make sure to give the correct username and password,
          • 2. Re: WLS SOA startup issues
            paddys
            Did you resolve this? We have the same problem on one of a 4-node cluster, running on a clustered, shared filesystem. Managed servers 2-4 start up fine but managed server 1 doesn't.
            • 3. Re: WLS SOA startup issues
              Kalyan Pasupuleti-Oracle
              Hi,


              The following steps can be followed to ensure that, at startup, an encrypted version of the username and password are always available transparently from a boot.properties file at the expected location:

              Create a new file named boot.properties at the location $DOMAIN_HOME/servers/<SERVER_NAME>/security/boot.properties
              for example: $DOMAIN_HOME/servers/soa_server1/security/boot.properties
              Within boot.properties, add the following two lines of text:
              username=weblogic
              password=welcome1
              Start the managed server one time, from the command prompt, using the startManagedWebLogic.sh script (located at $DOMAIN_HOME/bin/startManagedWebLogic.sh).
              This will allow you to confirm the credentials are appropriate and verify that after successful startup the values in boot.properties have been suitably encrypted and are no longer plain text.
              After startup, review $DOMAIN_HOME/servers/soa_server1/security/boot.properties to confirm it now looks something similar to the following:
              #Mon Apr 25 10:04:59 EDT 2011
              password={AES}YhkE4gNwUPiPtPG6DrZ86nY1Y24UtXgz19pyWli3FtA\=
              username={AES}pX4Ky4ZDoJh7bdU/e0I1eeAhCEMh/xogN6PnSz/2GJA\=



              Regards,
              Kal