0 Replies Latest reply: Mar 13, 2013 8:48 PM by 996772 RSS

    Weblogic 12c JAX-WS usernametoken policy authentication issue

    996772
      I created a simple JAX-WS webservice on weblogic12c. I added a cutom policy -a simple usernametoken policy.

      I added the policy to the webservice via the admin console. (inbound only)
      Testing from soapui, I was able to get a good response with correct username/password.
      If I dont pass the username/password , I get an Invalid security message.

      The issue is when I send in an incorrect username/and or password, I get following error:

      <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
      <env:Body>
      <env:Fault>
      <faultcode>env:Server</faultcode>
      <faultstring>Unknown exception, internal system processing error.</faultstring>
      </env:Fault>
      </env:Body>
      </env:Envelope>


      Why is the correct reason not receved in teh soap message???

      On turning on debug log, I was able to see following message in the server log:

      ####<Mar 13, 2013 4:37:41 PM EDT> <Debug> <SecurityAtn> <NJCDTL02> <myServer1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1363207061361> <BEA-000000>
           at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
           at java.lang.reflect.Method.invoke(Method.java:601)
           at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
           at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
           at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
           at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
           at java.security.AccessController.doPrivileged(Native Method)
           at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
           at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
           at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
           at java.lang.reflect.Method.invoke(Method.java:601)
           at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
           at $Proxy16.login(Unknown Source)
           at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
           at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
           at java.lang.reflect.Method.invoke(Method.java:601)
           at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
           at $Proxy34.authenticate(Unknown Source)
           at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
           at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:338)
           at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:345)
           at weblogic.xml.crypto.wss.SecurityUtils.assertId(SecurityUtils.java:100)
           at weblogic.xml.crypto.wss.SecurityUtils.assertIdentity(SecurityUtils.java:72)
           at weblogic.xml.crypto.wss.UsernameTokenHandler.getSubject(UsernameTokenHandler.java:207)
           at weblogic.xml.crypto.wss.WSSecurityContext.getSubject(WSSecurityContext.java:656)
           at weblogic.xml.crypto.wss.WSSecurityContext.getSubject(WSSecurityContext.java:596)
           at weblogic.wsee.security.wssp.handlers.PostWssServerPolicyHandler.processRequest(PostWssServerPolicyHandler.java:56)
           at weblogic.wsee.security.wssp.handlers.WssHandler.handleRequest(WssHandler.java:112)
           at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:222)
           at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:892)
           at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:841)
           at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:804)
           at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:706)
           at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:430)
           at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:640)
           at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:265)
           at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:163)
           at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:171)
           at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:708)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
           at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:103)
           at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:311)
           at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:336)
           at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:99)
           at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
           at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:242)
           at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:216)
           at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:132)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:352)
           at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:235)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3284)
           at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3254)
           at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
           at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
           at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
           at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2163)
           at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2089)
           at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2074)
           at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1512)
           at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
           at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
           at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
      >
      ####<Mar 13, 2013 4:37:41 PM EDT> <Debug> <SecurityAtn> <NJCDTL02> <myServer1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1363207061361> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
      ####<Mar 13, 2013 4:37:41 PM EDT> <Debug> <SecurityAtn> <NJCDTL02> <myServer1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1363207061361> <BEA-000000> <LDAP Atn Abort>
      ####<Mar 13, 2013 4:37:41 PM EDT> <Debug> <SecurityAtn> <NJCDTL02> <myServer1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1363207061361> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning false>
      ####<Mar 13, 2013 4:37:41 PM EDT> <Debug> <SecurityAtn> <NJCDTL02> <myServer1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1363207061361> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate failed for user test1234>