3 Replies Latest reply: Mar 5, 2012 3:35 AM by 706742 RSS

    EJB Remote Context lookup- Invalid Subject: principals.pls help

    706742
      Hi all,
      We have 2 weblogic 11 app server . ejbhost.ear project on one weblogic ,and the clientweb.war another weblogic . both of them same domain.
      1)ejbhost.ear contains one ejhost-module.jar
      below is weblogic-ejb-jar.xml inside ejbhost-module.jar

      <weblogic-ejb-jar xmlns="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-ejb-jar http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.0/weblogic-ejb-jar.xsd">

      <weblogic-enterprise-bean>
      <ejb-name>NOrtakOnlineConnector</ejb-name>
      <stateless-session-descriptor/>
      <enable-call-by-reference>true</enable-call-by-reference>
      </weblogic-enterprise-bean>
      <security-role-assignment>
      <role-name>ortakOnlineRole</role-name>
      <principal-name>userGroup</principal-name>
      </security-role-assignment>
      </weblogic-ejb-jar>

      weblogic-application.xml is inside ear project config file
      <weblogic-application xmlns="http://xmlns.oracle.com/weblogic/weblogic-application" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/javaee_5.xsd http://xmlns.oracle.com/weblogic/weblogic-application http://xmlns.oracle.com/weblogic/weblogic-application/1.0/weblogic-application.xsd">

      <security>
      <realm-name>myrealm</realm-name>
      <security-role-assignment>
      <role-name>ortakOnlineRole</role-name>
      <principal-name>userGroup</principal-name>
      </security-role-assignment>
      </security>
      </weblogic-application>
      </weblogic-ejb-jar>

      and my ejb bean on host side is

      @Stateless(mappedName="OrtakOnlineConnector",name="NOrtakOnlineConnector")
      public class OrtakOnlineConnector<T> implements OrtakOnlineConnectorRemote {

      private static Connection con = null;
      private AllSqlScripts sqlScripts=AllSqlScripts.getInstance();

      @Override
      @RolesAllowed({"ortakOnlineRole"})
      public List<T> getContainerFromRs(String clazzName, HashMap ortIds2Parameters) {
      System.out.println("\n\n\n\n\nGIRDI\n\n\n\n\n\n\n\n\n\n\n\n");
      return sqlScripts.findResultsetFromRs(clazzName, ortIds2Parameters);
      }
      }
      and client side web project

      login action{
      fc = FacesContext.getCurrentInstance();
      HttpServletRequest req = (HttpServletRequest) fc.getExternalContext().getRequest();
      System.out.println("u_name ----- " + u_name);

      req.login(u_name, u_pass);// on client side authendicate is successfull sam user but i try to connect another weblogic throwss security exp
      functions = Functions.getInstance();
      remote = (OrtakOnlineConnectorRemote) this.functions.getLookedUpObjectFromContext(ApplicationBean.lookUp4MySessionBeanRemote);
      }


      Hashtable ht = new Hashtable();
      ht.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
      ht.put(Context.PROVIDER_URL, "t3://192.168.1.163:7001");
      ht.put(Context.SECURITY_PRINCIPAL, "129769");//username
      ht.put(Context.SECURITY_CREDENTIALS, "12345678");
      ht.put(Context.SECURITY_AUTHENTICATION, "simple");
      ctx4oracle = new InitialContext(ht);
      //----------client weblogic.xml------------

      ?xml version="1.0" encoding="UTF-8"?>
      <weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
      http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd
      http://xmlns.oracle.com/weblogic/weblogic-web-app
      http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
      <jsp-descriptor>
      <keepgenerated>true</keepgenerated>
      <debug>true</debug>
      </jsp-descriptor>
      <context-root>/WebOrtakOnlineClient</context-root>
      <fast-swap>
      <enabled>true</enabled>
      </fast-swap>
      <security-role-assignment>
      <role-name>OrtakOnlineRole</role-name>
      <principal-name>userGroup</principal-name>
      </security-role-assignment>
      </weblogic-web-app>
      //------------------below part is in web.xml ---------------------

      <security-constraint>
      <display-name>userConstraints</display-name>
      <web-resource-collection>
      <web-resource-name>User</web-resource-name>
      <description/>
      <url-pattern>/secureuser/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <description/>
      <role-name>OrtakOnlineRole</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>myrealm</realm-name>
      <form-login-config>
      <form-login-page>/login.jsf</form-login-page>
      <form-error-page>/loginError.jsf</form-error-page>
      </form-login-config>
      </login-config>
      <security-role>
      <description/>
      <role-name>OrtakOnlineRole</role-name>
      </security-role>
      <security-role>
      <description/>
      <role-name>AdminRole</role-name>
      </security-role>


      this user 129769 exists in weblogic that ejbhost.ear is deployed and this user also exist the another weblogic.



      problem is : i can create context but whenever i try to do ctx4oracle.lookup(bla bla) , i get exception

      java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[129769, userGroup]
           at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
           at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:464)
           at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:272)
           at weblogic.jndi.internal.ServerNamingNode_1211_WLStub.lookup(Unknown Source)
           at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:418)
           at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:406)
           at javax.naming.InitialContext.lookup(InitialContext.java:392)
           at com.polsan.client.Functions.getLookedUpObjectFromContext(Functions.java:29)
           at com.polsan.managedbean.Login.login(Login.java:42)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at javax.el.BeanELResolver.invokeMethod(BeanELResolver.java:748)
           at javax.el.BeanELResolver.invoke(BeanELResolver.java:470)
           at javax.el.CompositeELResolver.invoke(CompositeELResolver.java:257)
           at com.sun.el.parser.AstValue.invoke(AstValue.java:249)
           at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:302)
           at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
           at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
           at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
           at javax.faces.component.UICommand.broadcast(UICommand.java:315)
           at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:794)
           at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1259)
           at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
           at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
           at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
           at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
           at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:242)
           at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:216)
           at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:132)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:352)
           at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
           at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
           at weblogic.servlet.utils.FastSwapFilter.doFilter(FastSwapFilter.java:64)
           at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
           at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
           at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3288)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3254)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
           at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
           at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2163)
           at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2089)
           at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2074)
           at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1512)
           at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
           at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
           at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
      Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[129769, userGroup]
           at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
           at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
           at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:352)
           at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
           at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)
           at weblogic.rmi.cluster.ClusterableServerRef.dispatch(ClusterableServerRef.java:242)
           at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1141)
           at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1023)
           at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
           at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:888)
           at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:512)
           at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:330)
           at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
           at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
           at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
           at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
           at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
           at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
      <Mar 4, 2012 11:03:25 PM EET> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=ForeignJNDIProviderTablePage.>