This discussion is archived
3 Replies Latest reply: Mar 1, 2013 7:20 AM by 993957 RSS

Custom Authentication provider in clustered weblogic

993957 Newbie
Currently Being Moderated
Hi all!

I have written a custom authentication provider to perform authentication for our web application and put a jar to WL_HOME\server\lib\mbeantypes folder. There is a class PrincipalImpl that implements java.security.Principal and Serializable

Our application is a EAR file with war and ejb inside. In WAR\WEB-INF\weblogic.xml we have

<wls:session-descriptor>
<wls:persistent-store-type>replicated_if_clustered</wls:persistent-store-type>
</wls:session-descriptor>

Everything goes fine if there is a standalone weblogic server.

In case of cluster I put provider jar on each server to mbeantypes folder.
If we launch application on a clustered environment with a turned on session replication, then in logs of weblogic I find

<Cluster> <node2.serverqd.local> <Server-1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1362058050219> <BEA-000126> <All session objects should be serializable to replicate. Check the objects in your session. Failed to replicate non-serializable object.
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
     java.lang.ClassNotFoundException: Failed to load class xxx.yyy.zz.PrincipalImpl
     at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
     at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
     at weblogic.cluster.replication.ReplicationManager_1036_WLStub.create(Unknown Source)
     at sun.reflect.GeneratedMethodAccessor483.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at weblogic.cluster.replication.SecureReplicationInvocationHandler$ReplicationServicesInvocationAction.run(SecureReplicationInvocationHandler.java:194)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
     at weblogic.cluster.replication.SecureReplicationInvocationHandler.invoke(SecureReplicationInvocationHandler.java:164)
     at $Proxy206.create(Unknown Source)
     at weblogic.cluster.replication.ReplicationManager.trySecondary(ReplicationManager.java:937)
     at weblogic.cluster.replication.ReplicationManager.createSecondary(ReplicationManager.java:890)
     at weblogic.cluster.replication.ReplicationManager.getPrimary(ReplicationManager.java:866)
     at weblogic.cluster.replication.ReplicationManager.lookup(ReplicationManager.java:428)
     at weblogic.servlet.internal.session.ReplicatedSessionContext.lookupSession(ReplicatedSessionContext.java:395)
     at weblogic.servlet.internal.session.ReplicatedSessionContext.getSessionInternal(ReplicatedSessionContext.java:244)
     at weblogic.servlet.internal.session.ReplicatedSessionContext.getSessionInternal(ReplicatedSessionContext.java:237)
     at weblogic.servlet.internal.ServletRequestImpl$SessionHelper.getValidSession(ServletRequestImpl.java:2949)
     at weblogic.servlet.internal.ServletRequestImpl$SessionHelper.getSessionInternal(ServletRequestImpl.java:2489)
     at weblogic.servlet.internal.ServletRequestImpl$SessionHelper.getSession(ServletRequestImpl.java:2456)
     at weblogic.servlet.internal.ServletRequestImpl.getSession(ServletRequestImpl.java:1330)
     at weblogic.servlet.security.internal.SecurityModule$SessionRetrievalAction.run(SecurityModule.java:630)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
     at weblogic.servlet.security.internal.SecurityModule.getUserSession(SecurityModule.java:516)
     at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:81)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2209)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.lang.ClassNotFoundException: Failed to load class xxx.yyy.zz.PrincipalImpl
     at weblogic.rmi.utils.WLRMIClassLoaderDelegate.loadClass(WLRMIClassLoaderDelegate.java:208)
     at weblogic.rmi.utils.WLRMIClassLoaderDelegate.loadClass(WLRMIClassLoaderDelegate.java:135)
     at weblogic.rmi.utils.Utilities.loadClass(Utilities.java:305)
     at weblogic.rjvm.MsgAbbrevInputStream.resolveClass(MsgAbbrevInputStream.java:436)
     at weblogic.utils.io.ChunkedObjectInputStream$NestedObjectInputStream.resolveClass(ChunkedObjectInputStream.java:268)
     at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
     at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1731)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
     at java.util.LinkedList.readObject(LinkedList.java:964)
     at sun.reflect.GeneratedMethodAccessor787.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:969)
     at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
     at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
     at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:479)
     at weblogic.security.acl.internal.AuthenticatedSubject.readObject(AuthenticatedSubject.java:406)
     at sun.reflect.GeneratedMethodAccessor788.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:969)
     at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
     at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
     at java.util.Hashtable.readObject(Hashtable.java:859)
     at sun.reflect.GeneratedMethodAccessor358.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:969)
     at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
     at weblogic.servlet.internal.session.ReplicatedSessionData.readExternal(ReplicatedSessionData.java:152)
     at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1791)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1750)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
     at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
     at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:208)
     at weblogic.rjvm.MsgAbbrevInputStream.readObject(MsgAbbrevInputStream.java:599)
     at weblogic.utils.io.ChunkedObjectInputStream.readObject(ChunkedObjectInputStream.java:204)
     at weblogic.cluster.replication.ReplicationManager_WLSkel.invoke(Unknown Source)
     at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
     at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
     at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
     at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

This prevents http session to be replicated.
But in our EAR we don't have any usage of PrincipalImpl class - no imports of it. And moreover PrincipalImpl implements Serializable.

Does anybody know what may be the reason and how to overcome it? Any help is appreciated!
  • 1. Re: Custom Authentication provider in clustered weblogic
    770632 Explorer
    Currently Being Moderated
    +<Cluster> <node2.serverqd.local> <Server-1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <1362058050219> <BEA-000126> *<All session objects should be serializable to replicate. Check the objects in your session.* Failed to replicate non-serializable object.+

    I think that should help.

    All the objects in the session need to be serializable for replication to work.

    Atul
  • 2. Re: Custom Authentication provider in clustered weblogic
    993957 Newbie
    Currently Being Moderated
    I checked all the objects in the session - all of them (and objects inside them) are serializable.

    And I'm confused about PrincipalImpl class in that error.
  • 3. Re: Custom Authentication provider in clustered weblogic
    993957 Newbie
    Currently Being Moderated
    Hmm, it seems you're right. While debugging I noticed that @EJB injection makes my session scoped managed bean not serializable.

    public class MbProcessesSearch implements Serializable{
         @EJB
         private ProcessRemote _processEjb;
    ....
    }

    ProcessRemote - interface of my ejb with @Remote annotation

    I'm using Weblogic 10.3.5, JSF 1.2

    Does it mean that I have to use only JNDI lookup in the case of session scoped managed bean to get SLSB?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points