• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Unable to access my Web Application deployed on Weblogic 10.3 for configured SQLAuth

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have created web application which have only one servlet LdapAuthenticator and configured BASIC security constraints as below in web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>WebLogicLdap</display-name>
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
<servlet>
<description></description>
<display-name>LdapAuthenticator</display-name>
<servlet-name>LdapAuthenticator</servlet-name>
<servlet-class>test.LdapAuthenticator</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LdapAuthenticator</servlet-name>
<url-pattern>/LdapAuthenticator</url-pattern>
</servlet-mapping>
</web-app>

Below is my weblogic.xml file

<?xml version="1.0"?>

<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security-role-assignment>
<role-name>manager</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>

I have follow the proper steps to configure realm for SQLAuthProvide and I am able to check the user and groups from database using admin console of weblogic, In short the configuration is correct.

Below is config.xml file entry



<realm>
<sec:auditor xsi:type="wls:default-auditorType">
<sec:name>nXchangeAuditing</sec:name>
<wls:information-audit-severity-enabled>true</wls:information-audit-severity-enabled>
<wls:warning-audit-severity-enabled>true</wls:warning-audit-severity-enabled>
<wls:error-audit-severity-enabled>true</wls:error-audit-severity-enabled>
<wls:success-audit-severity-enabled>true</wls:success-audit-severity-enabled>
<wls:failure-audit-severity-enabled>true</wls:failure-audit-severity-enabled>
</sec:auditor>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>SUFFICIENT</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>TestSQLAuthenticatorProvider</sec:name>
<sec:control-flag>REQUIRED</sec:control-flag>
<wls:data-source-name>MySql</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>

when I hit URL http://xx.xx.xx.xxx:7001/WebLogicLdap/ the dialogue box appear to enter login id and password. I have then eneter the user id and correct password which is belong to manager group. I have encounter the below error message on browser


Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.


Please let me know if someone has face and resolved same issue before.

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Please try to add the <Principal Name>UserName</Principal Name> inside your weblogic.xml
Also double check on that user's identity and it association to the respective group.
Mapping seems to be issue as of now, Try to enable the securityAtz on WLS and observe as to why Authorization is failing.


Regards
Rob
 
Prakash Pethe
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Robin,

I have tried the same but not got sucess. Also I have enabled the log, please see below log file


#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =SUCCESS> <<<Event Type = Authentication Audit Event><TestUsr1><AUTHENTICATE>>> Audit Record End ####

#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =FAILURE> <<<Event Type = Authorization Audit Event V2 ><Subject: 2
Principal = class weblogic.security.principal.WLSUserImpl("TestUsr1")
Principal = class weblogic.security.principal.WLSGroupImpl("manager")


Regards,
Prakash
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Prakash,
Hope you have managed to solve this problem.. I have a similar one. Do you have any leads on this?

Thanks,
Swaroop
 
reply
    Bookmark Topic Watch Topic
  • New Topic