7 Replies Latest reply on May 11, 2001 10:46 PM by 3004

    wl_realm vs rdbms realm

    3004

      I got this error message, which said it can't verify user 'joe' in the wl_realm

      Authentication for user joe denied in realm wl_realm
      java.lang.SecurityException: Authentication for user joe denied in realm wl_realm
      at weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.java:76)

      I don't know what this wl_realm is? As far as I know, we are using RDBMS realm
      - which
      authenicate the logon user with the users kept in some database tables(i.e. USER,
      ACLENTRIES, GROUPMEMBER)

      Doesn't anyone know what this wl_realm error? what about wl_realm vs RDBMS realm?
      What's the different?
      Why does this message occur when we are using RDBMS realm?

      Thanks in advance.

        • 1. Re: wl_realm vs rdbms realm
          3004
          I am interested in finding out as well. I noticed today that even if I had
          RDBMSRealm configured (and working), WL 6.0SP1 was still parsing
          filerealm.properties and actually checking if the users defined in it can be
          authenticated. If I renamed the file, WL wouldn't start. Weird and
          dangerous.
          "Cy Young" <siliang@visto.com> wrote in message
          news:3af1922f$1@newsgroups.bea.com...
          >
          I got this error message, which said it can't verify user 'joe' in the
          wl_realm
          >
          Authentication for user joe denied in realm wl_realm
          java.lang.SecurityException: Authentication for user joe denied in realm
          wl_realm
          at
          weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.java:76)
          >
          I don't know what this wl_realm is? As far as I know, we are using RDBMS
          realm
          - which
          authenicate the logon user with the users kept in some database
          tables(i.e. USER,
          ACLENTRIES, GROUPMEMBER)

          Doesn't anyone know what this wl_realm error? what about wl_realm vs RDBMS
          realm?
          What's the different?
          Why does this message occur when we are using RDBMS realm?

          Thanks in advance.
          • 2. wl_realm vs rdbms realm
            3004
            I imagine wl_realm is the weblogic realm, which is weblogic.properties,
            which the caching realm uses as its backup realm

            terry
            -----Original Message-----
            From: Cy Young [mailto:siliang@visto.com]
            Posted At: Thu 03 May 2001 19:15
            Posted To: weblogic.developer.interest.security
            Conversation: wl_realm vs rdbms realm
            Subject: wl_realm vs rdbms realm



            I got this error message, which said it can't verify user
            'joe' in the wl_realm

            Authentication for user joe denied in realm wl_realm
            java.lang.SecurityException: Authentication for user joe
            denied in realm wl_realm
            at
            weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRe
            quest.java:76)

            I don't know what this wl_realm is? As far as I know, we are
            using RDBMS realm
            - which
            authenicate the logon user with the users kept in some
            database tables(i.e. USER,
            ACLENTRIES, GROUPMEMBER)

            Doesn't anyone know what this wl_realm error? what about
            wl_realm vs RDBMS realm?
            What's the different?
            Why does this message occur when we are using RDBMS realm?

            Thanks in advance.
            • 3. Re: wl_realm vs rdbms realm
              3004

              check the cachingRealm cache, if the user, authenticate, acl cache is turn on,
              then when server startup , if may check the file realm first and then custom realm,
              so it could got bad cache from fileRealm. My sense is that if you are using custom
              realm , you could maintain your own cache and totally turn off the cachingRealm
              cache.




              "Allan" <dfusdfsdfsd> wrote:
              I am interested in finding out as well. I noticed today that even if
              I had
              RDBMSRealm configured (and working), WL 6.0SP1 was still parsing
              filerealm.properties and actually checking if the users defined in it
              can be
              authenticated. If I renamed the file, WL wouldn't start. Weird and
              dangerous.
              "Cy Young" <siliang@visto.com> wrote in message
              news:3af1922f$1@newsgroups.bea.com...
              I got this error message, which said it can't verify user 'joe' in
              the
              wl_realm
              Authentication for user joe denied in realm wl_realm
              java.lang.SecurityException: Authentication for user joe denied in
              realm
              wl_realm
              at
              weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.java:76)
              I don't know what this wl_realm is? As far as I know, we are using
              RDBMS
              realm
              - which
              authenicate the logon user with the users kept in some database
              tables(i.e. USER,
              ACLENTRIES, GROUPMEMBER)

              Doesn't anyone know what this wl_realm error? what about wl_realm vs
              RDBMS
              realm?
              What's the different?
              Why does this message occur when we are using RDBMS realm?

              Thanks in advance.
              • 4. Re: wl_realm vs rdbms realm
                3004
                Can WL6.0 be configured to not look for the FileRealm at all? I have not
                been able
                to remove this file even though I am using an RDBMS Realm. I assume that
                some
                base information will need to be in my RDBMS realm, something like system.

                Also, yaodong, where did you learn this information? There seems to a lot
                of knowledge that is required to
                write a custom realm or even to take the RDBMS realm and make it production
                ready, but
                I cannot find this information in any of the WL6.0 documentation. My only
                hope is that
                people who like to be helpful, (such as yourself), answer posts to this
                group.

                As an observation, the lack of documentation about realms and in particular
                the RDBMS realm happens often
                on this group.

                Bill.


                "yaodong Hu" <yhu@netegrity.com> wrote in message
                news:3af2b835$1@newsgroups.bea.com...
                >
                check the cachingRealm cache, if the user, authenticate, acl cache is turn
                on,
                then when server startup , if may check the file realm first and then
                custom realm,
                so it could got bad cache from fileRealm. My sense is that if you are
                using custom
                realm , you could maintain your own cache and totally turn off the
                cachingRealm
                cache.




                "Allan" <dfusdfsdfsd> wrote:
                I am interested in finding out as well. I noticed today that even if
                I had
                RDBMSRealm configured (and working), WL 6.0SP1 was still parsing
                filerealm.properties and actually checking if the users defined in it
                can be
                authenticated. If I renamed the file, WL wouldn't start. Weird and
                dangerous.
                "Cy Young" <siliang@visto.com> wrote in message
                news:3af1922f$1@newsgroups.bea.com...
                I got this error message, which said it can't verify user 'joe' in
                the
                wl_realm
                Authentication for user joe denied in realm wl_realm
                java.lang.SecurityException: Authentication for user joe denied in
                realm
                wl_realm
                at
                weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.java:76
                )
                >>>
                I don't know what this wl_realm is? As far as I know, we are using
                RDBMS
                realm
                - which
                authenicate the logon user with the users kept in some database
                tables(i.e. USER,
                ACLENTRIES, GROUPMEMBER)

                Doesn't anyone know what this wl_realm error? what about wl_realm vs
                RDBMS
                realm?
                What's the different?
                Why does this message occur when we are using RDBMS realm?

                Thanks in advance.
                • 5. Re: wl_realm vs rdbms realm
                  3004
                  I don't think WL6.0 uses weblogic.properties file. What version are you
                  using?

                  Also, there was a mention about eliminating the cache and using only the
                  realm. As far as the documents that I have read, I understood that you need
                  to have a caching realm which could contain a custom realm (RDBMS, or LDAP
                  or NT ) as your alternative realm. The weblogic server first authenticates
                  against the custom realm and if that fails, it tries to authenticate against
                  the file realm. I have never seen any documents where you could only have
                  your custom realm authenticate a user.

                  Can somebody please clarify this.
                  1. Is it possible to not use the caching realm in 6.0 ?
                  2. If the cache goes bad or gets corrupted, how is possible to refresh the
                  cache.
                  3. If you do not install your custom realm into a caching realm and make the
                  security use that caching realm,
                  how would you hook up with the security (such as acls and permissions )
                  all your other resources (such as jsp, servlets etc.,)

                  thank you very much for your response.
                  veena.

                  "THorner" <THorner@DANCERACE01.DANCERACE.com> wrote in message
                  news:B4D7B3CBF165D311844100C04F4E3E1B031243@DANCERACE01...
                  I imagine wl_realm is the weblogic realm, which is weblogic.properties,
                  which the caching realm uses as its backup realm

                  terry
                  -----Original Message-----
                  From: Cy Young [mailto:siliang@visto.com]
                  Posted At: Thu 03 May 2001 19:15
                  Posted To: weblogic.developer.interest.security
                  Conversation: wl_realm vs rdbms realm
                  Subject: wl_realm vs rdbms realm



                  I got this error message, which said it can't verify user
                  'joe' in the wl_realm

                  Authentication for user joe denied in realm wl_realm
                  java.lang.SecurityException: Authentication for user joe
                  denied in realm wl_realm
                  at
                  weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRe
                  quest.java:76)

                  I don't know what this wl_realm is? As far as I know, we are
                  using RDBMS realm
                  - which
                  authenicate the logon user with the users kept in some
                  database tables(i.e. USER,
                  ACLENTRIES, GROUPMEMBER)

                  Doesn't anyone know what this wl_realm error? what about
                  wl_realm vs RDBMS realm?
                  What's the different?
                  Why does this message occur when we are using RDBMS realm?

                  Thanks in advance.
                  • 6. Re: wl_realm vs rdbms realm
                    3004

                    Veena,

                    You are correct - in WLS 6.0, when using a custom realm
                    (or rdbms realm, nt realm, unix realm or ldap realm),
                    you have to use the caching realm too and you are
                    backed up by the file realm. There's no getting around
                    this.

                    There are configuration parameters on the caching realm
                    to turn off caching, or to limit how long items are
                    kept in the cache. However, the caching realm itself
                    must be present (basically, it does more than caching -
                    it also coordinates the fail over to the file realm).
                    If you bring up the admin console, you can adjust the
                    caching realm parameters. You'll need to restart wls
                    after making the changes.

                    Also, you can clear the cache by using the console.
                    I don't remember the exact details but it's something
                    like right click the realm and there's an option to
                    synchronize or refresh the realms. Do this, and it
                    causes the caching realms in all servers to clear their
                    caches.

                    This is really useful - for example, imagine
                    that you've just deleted a user's account in ldap - this
                    will propagate that change to all the wls servers - great if
                    you need to immediately cancel a user's account.

                    Thanks, -Tom Moreau

                    "veena" <veena@powermarket.com> wrote:
                    I don't think WL6.0 uses weblogic.properties file. What version are
                    you
                    using?

                    Also, there was a mention about eliminating the cache and using only
                    the
                    realm. As far as the documents that I have read, I understood that you
                    need
                    to have a caching realm which could contain a custom realm (RDBMS, or
                    LDAP
                    or NT ) as your alternative realm. The weblogic server first authenticates
                    against the custom realm and if that fails, it tries to authenticate
                    against
                    the file realm. I have never seen any documents where you could only
                    have
                    your custom realm authenticate a user.

                    Can somebody please clarify this.
                    1. Is it possible to not use the caching realm in 6.0 ?
                    2. If the cache goes bad or gets corrupted, how is possible to refresh
                    the
                    cache.
                    3. If you do not install your custom realm into a caching realm and make
                    the
                    security use that caching realm,
                    how would you hook up with the security (such as acls and permissions
                    )
                    all your other resources (such as jsp, servlets etc.,)

                    thank you very much for your response.
                    veena.

                    "THorner" <THorner@DANCERACE01.DANCERACE.com> wrote in message
                    news:B4D7B3CBF165D311844100C04F4E3E1B031243@DANCERACE01...
                    I imagine wl_realm is the weblogic realm, which is weblogic.properties,
                    which the caching realm uses as its backup realm

                    terry
                    -----Original Message-----
                    From: Cy Young [mailto:siliang@visto.com]
                    Posted At: Thu 03 May 2001 19:15
                    Posted To: weblogic.developer.interest.security
                    Conversation: wl_realm vs rdbms realm
                    Subject: wl_realm vs rdbms realm



                    I got this error message, which said it can't verify user
                    'joe' in the wl_realm

                    Authentication for user joe denied in realm wl_realm
                    java.lang.SecurityException: Authentication for user joe
                    denied in realm wl_realm
                    at
                    weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRe
                    quest.java:76)

                    I don't know what this wl_realm is? As far as I know, we are
                    using RDBMS realm
                    - which
                    authenicate the logon user with the users kept in some
                    database tables(i.e. USER,
                    ACLENTRIES, GROUPMEMBER)

                    Doesn't anyone know what this wl_realm error? what about
                    wl_realm vs RDBMS realm?
                    What's the different?
                    Why does this message occur when we are using RDBMS realm?

                    Thanks in advance.
                    • 7. Re: wl_realm vs rdbms realm
                      3004
                      You can go to examples server to look for an RDBMSRealm example. Look for
                      the config.xml and there will be an RDBMSRealm tag in there. I initially
                      struggled with
                      weblogic documentation too (which doesn't mention about examples anywhere).



                      "Bill Ralenkotter" <bill.ralenkotter@ps.net> wrote in message
                      news:3af2ea1f$1@newsgroups.bea.com...
                      Can WL6.0 be configured to not look for the FileRealm at all? I have not
                      been able
                      to remove this file even though I am using an RDBMS Realm. I assume that
                      some
                      base information will need to be in my RDBMS realm, something like system.

                      Also, yaodong, where did you learn this information? There seems to a lot
                      of knowledge that is required to
                      write a custom realm or even to take the RDBMS realm and make it
                      production
                      ready, but
                      I cannot find this information in any of the WL6.0 documentation. My only
                      hope is that
                      people who like to be helpful, (such as yourself), answer posts to this
                      group.

                      As an observation, the lack of documentation about realms and in
                      particular
                      the RDBMS realm happens often
                      on this group.

                      Bill.


                      "yaodong Hu" <yhu@netegrity.com> wrote in message
                      news:3af2b835$1@newsgroups.bea.com...
                      check the cachingRealm cache, if the user, authenticate, acl cache is
                      turn
                      on,
                      then when server startup , if may check the file realm first and then
                      custom realm,
                      so it could got bad cache from fileRealm. My sense is that if you are
                      using custom
                      realm , you could maintain your own cache and totally turn off the
                      cachingRealm
                      cache.




                      "Allan" <dfusdfsdfsd> wrote:
                      I am interested in finding out as well. I noticed today that even if
                      I had
                      RDBMSRealm configured (and working), WL 6.0SP1 was still parsing
                      filerealm.properties and actually checking if the users defined in it
                      can be
                      authenticated. If I renamed the file, WL wouldn't start. Weird and
                      dangerous.
                      "Cy Young" <siliang@visto.com> wrote in message
                      news:3af1922f$1@newsgroups.bea.com...
                      I got this error message, which said it can't verify user 'joe' in
                      the
                      wl_realm
                      Authentication for user joe denied in realm wl_realm
                      java.lang.SecurityException: Authentication for user joe denied in
                      realm
                      wl_realm
                      at
                      weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.java:76
                      )
                      I don't know what this wl_realm is? As far as I know, we are using
                      RDBMS
                      realm
                      - which
                      authenicate the logon user with the users kept in some database
                      tables(i.e. USER,
                      ACLENTRIES, GROUPMEMBER)

                      Doesn't anyone know what this wl_realm error? what about wl_realm vs
                      RDBMS
                      realm?
                      What's the different?
                      Why does this message occur when we are using RDBMS realm?

                      Thanks in advance.