| Author |
SQLAuthetication Issue on Weblogic 10.3
|
Prakash Pethe
Greenhorn
Joined: Jan 19, 2012
Posts: 7
|
|
Hi,
I have configured the data-source(MySql) and SQLAuthentication (TestSQL) provider using admin console. Below is config.xml file
<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>TestSQL</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:data-source-name>MySql</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>REQUIRED</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
Below is weblogic,xml
<?xml version="1.0"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security-role-assignment>
<role-name>dbuser</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>
Below is web,xml file
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>WebLogicSQL</display-name>
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>dbuser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>dbuser</role-name>
</security-role>
<servlet>
<description> SQLAuthenticator Servlet Test </description>
<display-name>SQLAuthenticator </display-name>
<servlet-name>SQLAuthenticator </servlet-name>
<servlet-class>test.SQLAuthenticator </servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SQLAuthenticator </servlet-name>
<url-pattern>/SQLAuthenticator </url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>
I am able to see the Users and groups correctly under myrealm-->user and group tab.
when I tried to send request on servlet with URL http://localhost:7001/WebLogicSQL/SQLAuthenticator the BASIC login pop appears. After entering correct ID (TestUsr1) and Password in pop it gives error
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Below is log
[b]
#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =SUCCESS> <<<Event Type = Authentication Audit Event><TestUsr1><AUTHENTICATE>>> Audit Record End ####
#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =[b]FAILURE> <<<Event Type = Authorization Audit Event V2 ><Subject: 2
Principal = class weblogic.security.principal.WLSUserImpl("TestUsr1")
Principal = class weblogic.security.principal.WLSGroupImpl("dbuser")[/b][/b]
|
 |
anandraj tadkal
Ranch Hand
Joined: Feb 22, 2011
Posts: 80
|
|
Hi Prakash,
Error code 403 represents Forbidden error. That means the user is not having sufficient privileges to access the application.
Check the web.xml for the </security-role> specified
and make sure that you have the corresponding entry in the weblogic.xml
For a working sample of SQL Authenticator you can refer the below link.
http://weblogic-wonders.com/weblogic/2010/03/11/configuring-sql-authenticator-with-weblogic-server/
Cheers,
Anandraj
http://weblogic-wonders.com
|
Regards,
Anandraj
http://weblogic-wonders.com/
|
|
 |
|
|
subject: SQLAuthetication Issue on Weblogic 10.3
|
|
|
0
