0 Replies Latest reply: May 10, 2013 6:14 PM by 1008312 RSS

    Security realm - Security:097533 - Developing own authentication provider

    1008312
      hi everyone,

      i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server  encountered the below Exeption:




      <10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
      weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
      at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
      at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
      at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
      at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
      at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
      Truncated. see log file for complete stacktrace
      Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
      at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
      at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
      at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
      at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
      at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
      Truncated. see log file for complete stacktrace
      Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
      at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
      at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
      at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
      at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
      at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
      Truncated. see log file for complete stacktrace





      this is the config.xml :





      <domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
      <name>base_domain</name>
      <domain-version>12.1.1.0</domain-version>
      <security-configuration>
      <name>base_domain</name>
      <realm>
      <sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
      <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
      <sec:active-type>AuthenticatedUser</sec:active-type>
      </sec:authentication-provider>
      <sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
      <sec:name>AS400Realm</sec:name>
      <sec:control-flag>OPTIONAL</sec:control-flag>
      </sec:authentication-provider>
      <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
      <sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
      <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
      <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
      <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
      <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
      <sec:user-lockout-manager>
      <sec:lockout-enabled>false</sec:lockout-enabled>
      </sec:user-lockout-manager>
      <sec:deploy-role-ignored>false</sec:deploy-role-ignored>
      <sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
      <sec:security-dd-model>DDOnly</sec:security-dd-model>
      <sec:name>myrealm</sec:name>
      <sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
      <sec:name>SystemPasswordValidator</sec:name>
      <pas:min-password-length>8</pas:min-password-length>
      <pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
      </sec:password-validator>
      </realm>
      <default-realm>myrealm</default-realm>
      <credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
      <node-manager-username>weblogic</node-manager-username>
      <node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
      <cross-domain-security-enabled>true</cross-domain-security-enabled>
      </security-configuration>
      <server>
      <name>AdminServer</name>
      <listen-address>localhost</listen-address>
      <staging-mode>nostage</staging-mode>
      </server>
      <embedded-ldap>
      <name>base_domain</name>
      <credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
      </embedded-ldap>
      <configuration-version>12.1.1.0</configuration-version>





      this is the mbean xml (A400Realmmbean.xml):


      <?xml version="1.0" ?>
      <!DOCTYPE MBeanType SYSTEM "commo.dtd">
           
      <MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
      Package = "co.com.claro.security"
      Extends = "weblogic.management.security.authentication.Authenticator"
      PersistPolicy = "OnUpdate"
      >

      <MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
      Writeable = "false"
      Default =
      "&quot;co.com.claro.AS400Realm&quot;"
      />

      <MBeanAttribute Name = "Description" Type = "java.lang.String"
      Writeable = "false" Default = "&quot;My Identity Assertion Provider&quot;"
      />

      <MBeanAttribute Name = "Version" Type = "java.lang.String"
      Writeable = "false" Default = "&quot;1.0&quot;"
      />

      </MBeanType>



      and the runtime class:





      AS400Realm.java:



      /*
      * To change this template, choose Tools | Templates
      * and open the template in the editor.
      */
      package co.com.claro.security;

      import java.util.HashMap;
      import javax.security.auth.login.AppConfigurationEntry;
      import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
      import weblogic.management.security.ProviderMBean;
      import weblogic.security.provider.PrincipalValidatorImpl;
      import weblogic.security.spi.AuthenticationProviderV2;
      import weblogic.security.spi.IdentityAsserterV2;
      import weblogic.security.spi.PrincipalValidator;
      import weblogic.security.spi.SecurityServices;
      import weblogic.security.principal.WLSGroupImpl;
      import weblogic.security.principal.WLSUserImpl;

      public final class AS400Realm implements AuthenticationProviderV2
      {
      private String description;
      // private SimpleSampleAuthenticatorDatabase database;
      private LoginModuleControlFlag controlFlag;
      // public String PARAM_JAAS_CONTEXT = "jaas-context";
      // public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
      // public String DEFAULT_GROUP_NAME = "default";

      public void initialize(ProviderMBean mbean, SecurityServices services)
      {
      System.out.println("AS400Realm.initialize");
      AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
      description = myMBean.getDescription() + "\n" + myMBean.getVersion();
      // database = new SimpleSampleAuthenticatorDatabase(myMBean);
      String flag = myMBean.getControlFlag();
      if (flag.equalsIgnoreCase("REQUIRED")) {
      controlFlag = LoginModuleControlFlag.REQUIRED;
      } else if (flag.equalsIgnoreCase("OPTIONAL")) {
      controlFlag = LoginModuleControlFlag.OPTIONAL;
      } else if (flag.equalsIgnoreCase("REQUISITE")) {
      controlFlag = LoginModuleControlFlag.REQUISITE;
      } else if (flag.equalsIgnoreCase("SUFFICIENT")) {
      controlFlag = LoginModuleControlFlag.SUFFICIENT;
      } else {
      throw new IllegalArgumentException("invalid flag value" + flag);
      }
      }
      public String getDescription()
      {
      return description;
      }
      public void shutdown()
      {
      System.out.println("AS400Realm.shutdown");
      }
      private AppConfigurationEntry getConfiguration(HashMap options)
      {
      options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
      return new
      AppConfigurationEntry(
      "co.com.claro.security.AS400LoginModule",
      controlFlag,
      options
      );
      }
      public AppConfigurationEntry getLoginModuleConfiguration()
      {
      HashMap options = new HashMap();
      return getConfiguration(options);
      }
      public AppConfigurationEntry getAssertionModuleConfiguration()
      {
      HashMap options = new HashMap();
      options.put("IdentityAssertion","true");
      return getConfiguration(options);
      }
      public PrincipalValidator getPrincipalValidator()
      {
      return new PrincipalValidatorImpl();
      }
      public IdentityAsserterV2 getIdentityAsserter()
      {
      return null;
      }
      }









      AS400LoginModule.java :





      /*
      * To change this template, choose Tools | Templates
      * and open the template in the editor.
      */
      package co.com.claro.security;

      import com.ibm.as400.access.AS400;
      import java.io.IOException;
      import java.sql.Connection;
      import java.sql.PreparedStatement;
      import java.sql.ResultSet;
      import java.sql.SQLException;
      import java.util.Enumeration;
      import java.util.Map;
      import java.util.Vector;
      import java.util.logging.Level;
      import java.util.logging.Logger;
      import javax.naming.Context;
      import javax.naming.InitialContext;
      import javax.naming.NamingException;
      import javax.security.auth.Subject;
      import javax.security.auth.callback.Callback;
      import javax.security.auth.callback.CallbackHandler;
      import javax.security.auth.callback.NameCallback;
      import javax.security.auth.callback.PasswordCallback;
      import javax.security.auth.callback.UnsupportedCallbackException;
      import javax.security.auth.login.LoginException;
      import javax.security.auth.login.FailedLoginException;
      import javax.security.auth.spi.LoginModule;
      import javax.sql.DataSource;
      import weblogic.security.spi.WLSGroup;
      import weblogic.security.spi.WLSUser;
      import weblogic.security.principal.WLSGroupImpl;
      import weblogic.security.principal.WLSUserImpl;

      /**
      *
      * @author dmunoz
      */
      final public class AS400LoginModule implements LoginModule {

      private Subject subject;
      private CallbackHandler callbackHandler;
      private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
      private String DEFAULT_GROUP_NAME = "default";
      // Determine whether this is a login or assert identity
      private boolean isIdentityAssertion;
      // Authentication status
      private boolean loginSucceeded;
      private boolean principalsInSubject;
      private Vector principalsForSubject = new Vector();

      public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
      // only called (once!) after the constructor and before login
      System.out.println("SimpleSampleLoginModuleImpl.initialize");
      this.subject = subject;
      this.callbackHandler = callbackHandler;
      // Check for Identity Assertion option
      isIdentityAssertion =
      "true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
      }

      private boolean authenticateAS400(String user, String passwd) throws Exception {
      String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
      AS400 as400System;
      as400System = new AS400(host, user, passwd);
      return as400System.validateSignon();
      }

      public boolean login() throws LoginException {
      // only called (once!) after initialize
      System.out.println("SimpleSampleLoginModuleImpl.login");
      // loginSucceeded should be false
      // principalsInSubject should be false

      Callback[] callbacks = getCallbacks();
      String userName = getUserName(callbacks);
      if (userName.length() > 0) {       
      if (!isIdentityAssertion) {               
      String passwordHave = getPasswordHave(userName, callbacks);
      try{
      loginSucceeded = authenticateAS400(userName, passwordHave);
      }catch(Exception e){
      Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
      throw new LoginException(e.getMessage());
      }
      }
      } else {
      // anonymous login - let it through?
      System.out.println("\tempty userName");
      }
      if (loginSucceeded) {
      principalsForSubject.add(new WLSUserImpl(userName));
      addGroupsForSubject(userName);
      }
      return loginSucceeded;
      }

      public boolean commit() throws LoginException {
      // only called (once!) after login
      // loginSucceeded should be true or false
      // principalsInSubject should be false
      // user should be null if !loginSucceeded, null or not-null otherwise
      // group should be null if user == null, null or not-null otherwise

      System.out.println("SimpleSampleLoginModule.commit");
      if (loginSucceeded) {
      subject.getPrincipals().addAll(principalsForSubject);
      principalsInSubject = true;
      return true;
      } else {
      return false;
      }
      }

      public boolean abort() throws LoginException {
      // The abort method is called to abort the authentication process. This is
      // phase 2 of authentication when phase 1 fails. It is called if the
      // LoginContext's overall authentication failed.
      // loginSucceeded should be true or false
      // user should be null if !loginSucceeded, otherwise null or not-null
      // group should be null if user == null, otherwise null or not-null
      // principalsInSubject should be false if user is null, otherwise true
      // or false

      System.out.println("SimpleSampleLoginModule.abort");
      if (principalsInSubject) {
      subject.getPrincipals().removeAll(principalsForSubject);
      principalsInSubject = false;
      }
      return true;
      }

      public boolean logout() throws LoginException {
      // should never be called
      System.out.println("SimpleSampleLoginModule.logout");
      return true;
      }

      private void throwLoginException(String msg) throws LoginException {
      System.out.println("Throwing LoginException(" + msg + ")");
      throw new LoginException(msg);
      }

      private void throwFailedLoginException(String msg) throws FailedLoginException {
      System.out.println("Throwing FailedLoginException(" + msg + ")");
      throw new FailedLoginException(msg);
      }

      private Callback[] getCallbacks() throws LoginException {
      if (callbackHandler == null) {
      throwLoginException("No CallbackHandler Specified");
      }
      Callback[] callbacks;
      if (isIdentityAssertion) {
      callbacks = new Callback[1];
      } else {
      callbacks = new Callback[2];
      callbacks[1] = new PasswordCallback("password: ", false);
      }
      callbacks[0] = new NameCallback("username: ");
      try {
      callbackHandler.handle(callbacks);
      } catch (IOException e) {
      throw new LoginException(e.toString());
      } catch (UnsupportedCallbackException e) {
      throwLoginException(e.toString() + " " + e.getCallback().toString());
      }
      return callbacks;
      }

      private String getUserName(Callback[] callbacks) throws LoginException {
      String userName = ((NameCallback) callbacks[0]).getName();
      if (userName == null) {
      throwLoginException("Username not supplied.");
      }
      System.out.println("\tuserName\t= " + userName);
      return userName;
      }

      private void addGroupsForSubject(String userName) {
      try {
      for (Enumeration e = getGroupNamesAS400(userName);
      e.hasMoreElements();) {
      String groupName = (String) e.nextElement();
      System.out.println("\tgroupName\t= " + groupName);
      principalsForSubject.add(new WLSGroupImpl(groupName));
      }
      } catch (Exception ex) {
      Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
      }
      }

      public Enumeration getGroupNamesAS400(String usuario)
      throws Exception {
      if(usuario == null) {
      throw new Exception("Usuario no puede ser vacio");
      }
      Vector<String> grupos = new Vector<String>();
      grupos.add(DEFAULT_GROUP_NAME);
      Connection conn = null;
      ResultSet rs = null;
      PreparedStatement statement = null;
      try {
      Context c = new InitialContext();
      DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
      conn = dst.getConnection();
      String query = "SELECT COD_ROL AS ROL " +
      "FROM gestionnew.us_rol_perfil " +
      "JOIN gestionnew.usuarios " +
      "ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
      "WHERE upper(usuarios.usuariorr) = ?";

      statement = conn.prepareStatement(query);
      statement.setString(1, usuario.toUpperCase());
      rs = statement.executeQuery();
      while (rs.next()) {
      grupos.add(rs.getString("ROL"));
      }
      } catch (SQLException ex) {
      Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
      } catch (NamingException ex) {
      Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
      } finally {
      if (conn != null) {
      try {
      conn.close();
      } catch (SQLException ex) {
      Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
      }
      }
      if (rs != null) {
      try {
      rs.close();
      } catch (SQLException ex) {
      Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
      }
      }
      if (statement != null) {
      try {
      statement.close();
      } catch (SQLException ex) {
      Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
      }
      }
      }
      return grupos.elements();
      }

      private String getPasswordHave(String userName, Callback[] callbacks) throws
      LoginException {
      PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
      char[] password = passwordCallback.getPassword();
      passwordCallback.clearPassword();
      if (password == null || password.length < 1) {
      throwLoginException("Authentication Failed: User " + userName +
      ". Password not supplied");
      }
      String passwd = new String(password);
      System.out.println("\tpasswordHave\t= " + passwd);
      return passwd;
      }
      }



      thanks