3 Replies Latest reply: Mar 1, 2013 9:20 AM by 993957 RSS

    Custom Authentication provider in clustered weblogic

    993957
      Hi all!

      I have written a custom authentication provider to perform authentication for our web application and put a jar to WL_HOME\server\lib\mbeantypes folder. There is a class PrincipalImpl that implements java.security.Principal and Serializable

      Our application is a EAR file with war and ejb inside. In WAR\WEB-INF\weblogic.xml we have

      <wls:session-descriptor>
      <wls:persistent-store-type>replicated_if_clustered</wls:persistent-store-type>
      </wls:session-descriptor>

      Everything goes fine if there is a standalone weblogic server.

      In case of cluster I put provider jar on each server to mbeantypes folder.
      If we launch application on a clustered environment with a turned on session replication, then in logs of weblogic I find

      <Cluster> <node2.serverqd.local> <Server-1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1362058050219> <BEA-000126> <All session objects should be serializable to replicate. Check the objects in your session. Failed to replicate non-serializable object.
      java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
           java.lang.ClassNotFoundException: Failed to load class xxx.yyy.zz.PrincipalImpl
           at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
           at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
           at weblogic.cluster.replication.ReplicationManager_1036_WLStub.create(Unknown Source)
           at sun.reflect.GeneratedMethodAccessor483.invoke(Unknown Source)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at weblogic.cluster.replication.SecureReplicationInvocationHandler$ReplicationServicesInvocationAction.run(SecureReplicationInvocationHandler.java:194)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
           at weblogic.cluster.replication.SecureReplicationInvocationHandler.invoke(SecureReplicationInvocationHandler.java:164)
           at $Proxy206.create(Unknown Source)
           at weblogic.cluster.replication.ReplicationManager.trySecondary(ReplicationManager.java:937)
           at weblogic.cluster.replication.ReplicationManager.createSecondary(ReplicationManager.java:890)
           at weblogic.cluster.replication.ReplicationManager.getPrimary(ReplicationManager.java:866)
           at weblogic.cluster.replication.ReplicationManager.lookup(ReplicationManager.java:428)
           at weblogic.servlet.internal.session.ReplicatedSessionContext.lookupSession(ReplicatedSessionContext.java:395)
           at weblogic.servlet.internal.session.ReplicatedSessionContext.getSessionInternal(ReplicatedSessionContext.java:244)
           at weblogic.servlet.internal.session.ReplicatedSessionContext.getSessionInternal(ReplicatedSessionContext.java:237)
           at weblogic.servlet.internal.ServletRequestImpl$SessionHelper.getValidSession(ServletRequestImpl.java:2949)
           at weblogic.servlet.internal.ServletRequestImpl$SessionHelper.getSessionInternal(ServletRequestImpl.java:2489)
           at weblogic.servlet.internal.ServletRequestImpl$SessionHelper.getSession(ServletRequestImpl.java:2456)
           at weblogic.servlet.internal.ServletRequestImpl.getSession(ServletRequestImpl.java:1330)
           at weblogic.servlet.security.internal.SecurityModule$SessionRetrievalAction.run(SecurityModule.java:630)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
           at weblogic.servlet.security.internal.SecurityModule.getUserSession(SecurityModule.java:516)
           at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:81)
           at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2209)
           at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
           at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
           at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
           at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
      Caused By: java.lang.ClassNotFoundException: Failed to load class xxx.yyy.zz.PrincipalImpl
           at weblogic.rmi.utils.WLRMIClassLoaderDelegate.loadClass(WLRMIClassLoaderDelegate.java:208)
           at weblogic.rmi.utils.WLRMIClassLoaderDelegate.loadClass(WLRMIClassLoaderDelegate.java:135)
           at weblogic.rmi.utils.Utilities.loadClass(Utilities.java:305)
           at weblogic.rjvm.MsgAbbrevInputStream.resolveClass(MsgAbbrevInputStream.java:436)
           at weblogic.utils.io.ChunkedObjectInputStream$NestedObjectInputStream.resolveClass(ChunkedObjectInputStream.java:268)
           at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
           at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
           at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1731)
           at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
           at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
           at java.util.LinkedList.readObject(LinkedList.java:964)
           at sun.reflect.GeneratedMethodAccessor787.invoke(Unknown Source)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:969)
           at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
           at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
           at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
           at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
           at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
           at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
           at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
           at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
           at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:479)
           at weblogic.security.acl.internal.AuthenticatedSubject.readObject(AuthenticatedSubject.java:406)
           at sun.reflect.GeneratedMethodAccessor788.invoke(Unknown Source)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:969)
           at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
           at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
           at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
           at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
           at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
           at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
           at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
           at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
           at java.util.Hashtable.readObject(Hashtable.java:859)
           at sun.reflect.GeneratedMethodAccessor358.invoke(Unknown Source)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:969)
           at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
           at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
           at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
           at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
           at weblogic.servlet.internal.session.ReplicatedSessionData.readExternal(ReplicatedSessionData.java:152)
           at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1791)
           at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1750)
           at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
           at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
           at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:208)
           at weblogic.rjvm.MsgAbbrevInputStream.readObject(MsgAbbrevInputStream.java:599)
           at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:204)
           at weblogic.cluster.replication.ReplicationManager_WLSkel.invoke(Unknown Source)
           at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
           at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
           at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
           at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
           at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
           at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

      This prevents http session to be replicated.
      But in our EAR we don't have any usage of PrincipalImpl class - no imports of it. And moreover PrincipalImpl implements Serializable.

      Does anybody know what may be the reason and how to overcome it? Any help is appreciated!