1 Reply Latest reply on Mar 22, 2005 9:16 PM by 666705

    Domain trust problem

    666705
      Hi,
      My env is as follows:
      I have two instances of weblogic 8.1 sp3 installed in two diffrent boxes say A and B. On A, I have weblogic domain d1 in which my webapplication is deployed. On B, I have weblogic domain d2 in which my ejbs are deployed. From another client machine, I give a jmx notification to the mbean which calls one of the class C of my webapplication in domain d1. Now, class C in domain d1 lookups for ejb in domain d2..and I get the following error on d1 side while doing this...
      java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[system, Administrators]
      at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
      at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:284)
      at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:244)
      at weblogic.jndi.internal.ServerNamingNode_813_WLStub.lookup(Unknown Source)
      at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:369)
      at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:357)
      at weblogic.rmi.cluster.BasicReplicaHandler.refreshReplicaList(BasicReplicaHandler.java:453)
      at weblogic.rmi.cluster.BasicReplicaHandler.failOver(BasicReplicaHandler.java:193)
      at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:246)
      at com.cibc.ipas.businfo.rates.app.ratessb.RatesBean_622dls_EOImpl_813_WLStub.getProductRates(Unknown Source)
      at com.cibc.web.services.rates.impl.DefaultRatesGetterService.executeGetRates(DefaultRatesGetterService.java:327)
      at com.cibc.web.services.rates.impl.DefaultRatesGetterService.getProductRateFromIPAS(DefaultRatesGetterService.java:101)
      at com.cibc.web.services.rates.impl.DefaultRatesGetterService.cacheProductRateFromIPAS(DefaultRatesGetterService.java:159)
      at com.cibc.web.services.rates.config.NamedRatesConfigListener.performConfigChange(NamedRatesConfigListener.java:68)
      at com.cibc.common.config.AbstractConfiguration.renew(AbstractConfiguration.java:234)
      at com.cibc.common.config.NamedConfigurationManager.renewConfiguration(NamedConfigurationManager.java:175)
      at com.cibc.web.util.content.cachemanager.CacheListener.renewNamedConfig(CacheListener.java:219)
      at com.cibc.web.util.content.cachemanager.CacheListener.handleNotification(CacheListener.java:88)
      at com.sun.management.jmx.MBeanServerNotificationListener.handleNotification(MBeanServerNotificationListener.java:48)


      On the d2 side, I get this error....
      ####<Feb 24, 2005 3:52:24 PM EST> <Warning> <RMI> <toast> <da2c2ms1> <ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <BEA-080003> <RuntimeException thrown by rmi server: weblogic.jndi.internal.AdminRoleBasedDispatchServerRef@9 - hostID: '-980018557409868688S:10.3.242.111:[14722,14722,-1,-1,14722,-1,-1,0,0]:10.3.242.111,10.3.242.113:da2:da2c2ms1', oid: '9', implementation: 'weblogic.jndi.internal.RootNamingNode@13c2d7f'
      java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[system, Administrators].
      java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[system, Administrators]
      at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:680)
      at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:187)
      at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:827)
      at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:300)
      at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:996)
      at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:917)
      at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:225)
      at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)

      The username and password for Admin user is same on both the domains...thus obeys the trusted domain rule. The onlt diff I see among two domains is d1 users my_realm and d2 uses compatibility realm. But both have 'system' user as 'Administrator'.

      Any help is greatly appreciated on this.

      Thanks,
      Richa
        • 1. Re: Domain trust problem
          666705
          i am getting a similar error while using JMX. i finally figured out that you need to set the credentials of these two servers to be the same.

          http://e-docs.bea.com/wls/docs70/faq/msgbridge.html#500493
          http://e-docs.bea.com/wls/docs70/secmanage/domain.html

          hope it helps.

          winston huang