4 Replies Latest reply on Mar 1, 2004 7:10 PM by 3004

    Custom User and Group classes

    3004

      Hi,
      I have a login custom module which does the authentication for my application.
      Till now I was using WLSUserImpl and WLSGroupIpml and everything was working fine.
      Now to make the LoginModule weblogic independent , I replaced the User and Group
      classes with my own classes which extend from java.security.Principal.
      But for some reason this isnt working. Am I missing something obvious.??

      This the exception stack trace which I get
      java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
      com.isone.security.providers.authentication.ISOGroup@9719f4, com.isone.security.providers.authentication.ISOGroup@28ebb4,
      com.isone.security.providers.authentication.ISOGroup@8ab721, com.isone.security.providers.authentication.ISOGroup@fcf06c,
      com.isone.security.providers.authentication.ISOGroup@c7539, com.isone.security.providers.authentication.ISOGroup@1e41830,
      com.isone.security.providers.authentication.ISOGroup@1f01b29, com.isone.security.providers.authentication.ISOGroup@8721bd,
      com.isone.security.providers.authentication.ISOGroup@1b81d4f, com.isone.security.providers.authentication.ISOGroup@8c6e04,
      com.isone.security.providers.authentication.ISOGroup@18aeabe, com.isone.security.providers.authentication.ISOGroup@13968f1,
      com.isone.security.providers.authentication.ISOGroup@18c28a, com.isone.security.providers.authentication.ISOGroup@18bff68,
      com.isone.security.providers.authentication.ISOGroup@2d2da4]
           at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
           at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
           at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
           at weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
           at weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
           at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
           at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
           at weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
           at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
           at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
           at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
           at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
           at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
        • 1. Re: Custom User and Group classes
          3004
          On 25 Feb 2004 06:45:50 -0800, Anil <ainamdar@iso-ne.com> wrote:

          >
          Hi,
          I have a login custom module which does the authentication for my
          application.
          Till now I was using WLSUserImpl and WLSGroupIpml and everything was
          working fine.
          Now to make the LoginModule weblogic independent , I replaced the User
          and Group
          classes with my own classes which extend from java.security.Principal.
          But for some reason this isnt working. Am I missing something obvious.??

          This the exception stack trace which I get
          java.lang.SecurityException: [Security:090398]Invalid Subject:
          principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
          com.isone.security.providers.authentication.ISOGroup@9719f4,
          com.isone.security.providers.authentication.ISOGroup@28ebb4,
          com.isone.security.providers.authentication.ISOGroup@8ab721,
          com.isone.security.providers.authentication.ISOGroup@fcf06c,
          com.isone.security.providers.authentication.ISOGroup@c7539,
          com.isone.security.providers.authentication.ISOGroup@1e41830,
          com.isone.security.providers.authentication.ISOGroup@1f01b29,
          com.isone.security.providers.authentication.ISOGroup@8721bd,
          com.isone.security.providers.authentication.ISOGroup@1b81d4f,
          com.isone.security.providers.authentication.ISOGroup@8c6e04,
          com.isone.security.providers.authentication.ISOGroup@18aeabe,
          com.isone.security.providers.authentication.ISOGroup@13968f1,
          com.isone.security.providers.authentication.ISOGroup@18c28a,
          com.isone.security.providers.authentication.ISOGroup@18bff68,
          com.isone.security.providers.authentication.ISOGroup@2d2da4]
               at
          weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
               at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
               at
          weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
               at
          weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
               at
          weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
               at
          weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
               at
          weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
               at
          weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
               at
          weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
               at
          weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
               at
          weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
               at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
               at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
          I think that you need to extend WLSAbstractPrincipal I think instead of
          WLSPrincipal if you aren't going to implement your own
          PrincipalValidator. The default PrincipalValidator is going to expect a
          principal that extends WLSAbstractPrincipal.

          PaulF


          --
          Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
          • 2. Re: Custom User and Group classes
            3004

            I actually extended PrincipalValidatorImpl and returned java.security.Principal
            as the base class.
            But still I got the same exception.

            PaulF <paulf@reply_in_newsgroup.com> wrote:
            On 25 Feb 2004 06:45:50 -0800, Anil <ainamdar@iso-ne.com> wrote:
            Hi,
            I have a login custom module which does the authentication for my
            application.
            Till now I was using WLSUserImpl and WLSGroupIpml and everything was
            working fine.
            Now to make the LoginModule weblogic independent , I replaced the User
            and Group
            classes with my own classes which extend from java.security.Principal.
            But for some reason this isnt working. Am I missing something obvious.??

            This the exception stack trace which I get
            java.lang.SecurityException: [Security:090398]Invalid Subject:
            principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
            com.isone.security.providers.authentication.ISOGroup@9719f4,
            com.isone.security.providers.authentication.ISOGroup@28ebb4,
            com.isone.security.providers.authentication.ISOGroup@8ab721,
            com.isone.security.providers.authentication.ISOGroup@fcf06c,
            com.isone.security.providers.authentication.ISOGroup@c7539,
            com.isone.security.providers.authentication.ISOGroup@1e41830,
            com.isone.security.providers.authentication.ISOGroup@1f01b29,
            com.isone.security.providers.authentication.ISOGroup@8721bd,
            com.isone.security.providers.authentication.ISOGroup@1b81d4f,
            com.isone.security.providers.authentication.ISOGroup@8c6e04,
            com.isone.security.providers.authentication.ISOGroup@18aeabe,
            com.isone.security.providers.authentication.ISOGroup@13968f1,
            com.isone.security.providers.authentication.ISOGroup@18c28a,
            com.isone.security.providers.authentication.ISOGroup@18bff68,
            com.isone.security.providers.authentication.ISOGroup@2d2da4]
                 at
            weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
                 at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
                 at
            weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
                 at
            weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
                 at
            weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
                 at
            weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
                 at
            weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
                 at
            weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
                 at
            weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
                 at
            weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
                 at
            weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
                 at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
                 at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
            I think that you need to extend WLSAbstractPrincipal I think instead
            of
            WLSPrincipal if you aren't going to implement your own
            PrincipalValidator. The default PrincipalValidator is going to expect
            a
            principal that extends WLSAbstractPrincipal.

            PaulF


            --
            Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
            • 3. Re: Custom User and Group classes
              3004

              See if this will help:
              http://edocs.bea.com/wls/docs81/dvspisec/pv.html

              Pavel.

              "Anil" <ainamdar@iso-ne.com> wrote:
              >
              I actually extended PrincipalValidatorImpl and returned java.security.Principal
              as the base class.
              But still I got the same exception.

              PaulF <paulf@reply_in_newsgroup.com> wrote:
              On 25 Feb 2004 06:45:50 -0800, Anil <ainamdar@iso-ne.com> wrote:
              Hi,
              I have a login custom module which does the authentication for my
              application.
              Till now I was using WLSUserImpl and WLSGroupIpml and everything was
              working fine.
              Now to make the LoginModule weblogic independent , I replaced the
              User
              and Group
              classes with my own classes which extend from java.security.Principal.
              But for some reason this isnt working. Am I missing something obvious.??

              This the exception stack trace which I get
              java.lang.SecurityException: [Security:090398]Invalid Subject:
              principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
              com.isone.security.providers.authentication.ISOGroup@9719f4,
              com.isone.security.providers.authentication.ISOGroup@28ebb4,
              com.isone.security.providers.authentication.ISOGroup@8ab721,
              com.isone.security.providers.authentication.ISOGroup@fcf06c,
              com.isone.security.providers.authentication.ISOGroup@c7539,
              com.isone.security.providers.authentication.ISOGroup@1e41830,
              com.isone.security.providers.authentication.ISOGroup@1f01b29,
              com.isone.security.providers.authentication.ISOGroup@8721bd,
              com.isone.security.providers.authentication.ISOGroup@1b81d4f,
              com.isone.security.providers.authentication.ISOGroup@8c6e04,
              com.isone.security.providers.authentication.ISOGroup@18aeabe,
              com.isone.security.providers.authentication.ISOGroup@13968f1,
              com.isone.security.providers.authentication.ISOGroup@18c28a,
              com.isone.security.providers.authentication.ISOGroup@18bff68,
              com.isone.security.providers.authentication.ISOGroup@2d2da4]
                   at
              weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
                   at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
                   at
              weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
                   at
              weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
                   at
              weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
                   at
              weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
                   at
              weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
                   at
              weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
                   at
              weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
                   at
              weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
                   at
              weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
                   at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
                   at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
              I think that you need to extend WLSAbstractPrincipal I think instead
              of
              WLSPrincipal if you aren't going to implement your own
              PrincipalValidator. The default PrincipalValidator is going to expect
              a
              principal that extends WLSAbstractPrincipal.

              PaulF


              --
              Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
              • 4. Re: Custom User and Group classes
                3004
                And this will explain you why there is no way to do this right now:
                (CR125681 -- although it says 7.0SP1 it is not fixed even in 8.1 SP2 and
                there is no time frame for the fix)
                http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_clfydoc&answerpage=solution&page=wls/S-21705.htm


                We've had the same issue and even have an open support case and for now
                the only way to workaround the bug is to
                use the WLSUserImpl and WLSGroupImpl classes.

                HTH,
                Dejan

                Pavel wrote:
                See if this will help:
                http://edocs.bea.com/wls/docs81/dvspisec/pv.html

                Pavel.

                "Anil" <ainamdar@iso-ne.com> wrote:

                I actually extended PrincipalValidatorImpl and returned java.security.Principal
                as the base class.
                But still I got the same exception.

                PaulF <paulf@reply_in_newsgroup.com> wrote:

                On 25 Feb 2004 06:45:50 -0800, Anil <ainamdar@iso-ne.com> wrote:


                Hi,
                I have a login custom module which does the authentication for my


                application.
                Till now I was using WLSUserImpl and WLSGroupIpml and everything was


                working fine.
                Now to make the LoginModule weblogic independent , I replaced the

                User

                and Group
                classes with my own classes which extend from java.security.Principal.
                But for some reason this isnt working. Am I missing something obvious.??

                This the exception stack trace which I get
                java.lang.SecurityException: [Security:090398]Invalid Subject:
                principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
                com.isone.security.providers.authentication.ISOGroup@9719f4,
                com.isone.security.providers.authentication.ISOGroup@28ebb4,
                com.isone.security.providers.authentication.ISOGroup@8ab721,
                com.isone.security.providers.authentication.ISOGroup@fcf06c,
                com.isone.security.providers.authentication.ISOGroup@c7539,
                com.isone.security.providers.authentication.ISOGroup@1e41830,
                com.isone.security.providers.authentication.ISOGroup@1f01b29,
                com.isone.security.providers.authentication.ISOGroup@8721bd,
                com.isone.security.providers.authentication.ISOGroup@1b81d4f,
                com.isone.security.providers.authentication.ISOGroup@8c6e04,
                com.isone.security.providers.authentication.ISOGroup@18aeabe,
                com.isone.security.providers.authentication.ISOGroup@13968f1,
                com.isone.security.providers.authentication.ISOGroup@18c28a,
                com.isone.security.providers.authentication.ISOGroup@18bff68,
                com.isone.security.providers.authentication.ISOGroup@2d2da4]
                     at
                weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
                     at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
                     at
                weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
                     at
                weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
                     at
                weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
                     at
                weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
                     at
                weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
                     at
                weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
                     at
                weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
                     at
                weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
                     at
                weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
                     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
                     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

                I think that you need to extend WLSAbstractPrincipal I think instead
                of
                WLSPrincipal if you aren't going to implement your own
                PrincipalValidator. The default PrincipalValidator is going to expect
                a
                principal that extends WLSAbstractPrincipal.

                PaulF


                --
                Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/