aspose file tools*
The moose likes BEA/Weblogic and the fly likes Unable to access my Web Application deployed on Weblogic 10.3 for configured SQLAuth Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "Unable to access my Web Application deployed on Weblogic 10.3 for configured SQLAuth" Watch "Unable to access my Web Application deployed on Weblogic 10.3 for configured SQLAuth" New topic
Author

Unable to access my Web Application deployed on Weblogic 10.3 for configured SQLAuth

Prakash Pethe
Greenhorn

Joined: Jan 19, 2012
Posts: 7
Hi,

I have created web application which have only one servlet LdapAuthenticator and configured BASIC security constraints as below in web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>WebLogicLdap</display-name>
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
<servlet>
<description></description>
<display-name>LdapAuthenticator</display-name>
<servlet-name>LdapAuthenticator</servlet-name>
<servlet-class>test.LdapAuthenticator</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LdapAuthenticator</servlet-name>
<url-pattern>/LdapAuthenticator</url-pattern>
</servlet-mapping>
</web-app>

Below is my weblogic.xml file

<?xml version="1.0"?>

<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security-role-assignment>
<role-name>manager</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>

I have follow the proper steps to configure realm for SQLAuthProvide and I am able to check the user and groups from database using admin console of weblogic, In short the configuration is correct.

Below is config.xml file entry



<realm>
<sec:auditor xsi:type="wls:default-auditorType">
<sec:name>nXchangeAuditing</sec:name>
<wls:information-audit-severity-enabled>true</wls:information-audit-severity-enabled>
<wls:warning-audit-severity-enabled>true</wls:warning-audit-severity-enabled>
<wls:error-audit-severity-enabled>true</wls:error-audit-severity-enabled>
<wls:success-audit-severity-enabled>true</wls:success-audit-severity-enabled>
<wls:failure-audit-severity-enabled>true</wls:failure-audit-severity-enabled>
</sec:auditor>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>SUFFICIENT</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>TestSQLAuthenticatorProvider</sec:name>
<sec:control-flag>REQUIRED</sec:control-flag>
<wls:data-source-name>MySql</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>

when I hit URL http://xx.xx.xx.xxx:7001/WebLogicLdap/ the dialogue box appear to enter login id and password. I have then eneter the user id and correct password which is belong to manager group. I have encounter the below error message on browser


Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.


Please let me know if someone has face and resolved same issue before.

robin patel
Greenhorn

Joined: Jan 03, 2011
Posts: 16
Hi,

Please try to add the <Principal Name>UserName</Principal Name> inside your weblogic.xml
Also double check on that user's identity and it association to the respective group.
Mapping seems to be issue as of now, Try to enable the securityAtz on WLS and observe as to why Authorization is failing.


Regards
Rob
Prakash Pethe
Greenhorn

Joined: Jan 19, 2012
Posts: 7
Thanks Robin,

I have tried the same but not got sucess. Also I have enabled the log, please see below log file


#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =SUCCESS> <<<Event Type = Authentication Audit Event><TestUsr1><AUTHENTICATE>>> Audit Record End ####

#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =FAILURE> <<<Event Type = Authorization Audit Event V2 ><Subject: 2
Principal = class weblogic.security.principal.WLSUserImpl("TestUsr1")
Principal = class weblogic.security.principal.WLSGroupImpl("manager")


Regards,
Prakash
Swaroop Gururaj
Greenhorn

Joined: Nov 08, 2012
Posts: 1
Hi Prakash,
Hope you have managed to solve this problem.. I have a similar one. Do you have any leads on this?

Thanks,
Swaroop
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Unable to access my Web Application deployed on Weblogic 10.3 for configured SQLAuth