Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SQLAuthetication Issue on Weblogic 10.3

 
Prakash Pethe
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have configured the data-source(MySql) and SQLAuthentication (TestSQL) provider using admin console. Below is config.xml file

<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>TestSQL</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:data-source-name>MySql</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>REQUIRED</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>

Below is weblogic,xml

<?xml version="1.0"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security-role-assignment>
<role-name>dbuser</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>

Below is web,xml file

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>WebLogicSQL</display-name>
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>dbuser</role-name>


</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>dbuser</role-name>

</security-role>
<servlet>
<description> SQLAuthenticator Servlet Test </description>
<display-name>SQLAuthenticator </display-name>
<servlet-name>SQLAuthenticator </servlet-name>
<servlet-class>test.SQLAuthenticator </servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SQLAuthenticator </servlet-name>
<url-pattern>/SQLAuthenticator </url-pattern>
</servlet-mapping>


<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>

I am able to see the Users and groups correctly under myrealm-->user and group tab.

when I tried to send request on servlet with URL http://localhost:7001/WebLogicSQL/SQLAuthenticator the BASIC login pop appears. After entering correct ID (TestUsr1) and Password in pop it gives error

Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.


Below is log


[b]
#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =SUCCESS> <<<Event Type = Authentication Audit Event><TestUsr1><AUTHENTICATE>>> Audit Record End ####

#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =[b]FAILURE
> <<<Event Type = Authorization Audit Event V2 ><Subject: 2
Principal = class weblogic.security.principal.WLSUserImpl("TestUsr1")
Principal = class weblogic.security.principal.WLSGroupImpl("dbuser")[/b][/b]
 
anandraj tadkal
Ranch Hand
Posts: 98
Oracle Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Prakash,

Error code 403 represents Forbidden error. That means the user is not having sufficient privileges to access the application.

Check the web.xml for the </security-role> specified
and make sure that you have the corresponding entry in the weblogic.xml

For a working sample of SQL Authenticator you can refer the below link.

http://weblogic-wonders.com/weblogic/2010/03/11/configuring-sql-authenticator-with-weblogic-server/

Cheers,
Anandraj
http://weblogic-wonders.com
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic