This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes BEA/Weblogic and the fly likes SQLAuthetication Issue on Weblogic 10.3 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "SQLAuthetication Issue on Weblogic 10.3" Watch "SQLAuthetication Issue on Weblogic 10.3" New topic
Author

SQLAuthetication Issue on Weblogic 10.3

Prakash Pethe
Greenhorn

Joined: Jan 19, 2012
Posts: 7
Hi,

I have configured the data-source(MySql) and SQLAuthentication (TestSQL) provider using admin console. Below is config.xml file

<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>TestSQL</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:data-source-name>MySql</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>REQUIRED</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>

Below is weblogic,xml

<?xml version="1.0"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security-role-assignment>
<role-name>dbuser</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>

Below is web,xml file

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>WebLogicSQL</display-name>
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>dbuser</role-name>


</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>dbuser</role-name>

</security-role>
<servlet>
<description> SQLAuthenticator Servlet Test </description>
<display-name>SQLAuthenticator </display-name>
<servlet-name>SQLAuthenticator </servlet-name>
<servlet-class>test.SQLAuthenticator </servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SQLAuthenticator </servlet-name>
<url-pattern>/SQLAuthenticator </url-pattern>
</servlet-mapping>


<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>

I am able to see the Users and groups correctly under myrealm-->user and group tab.

when I tried to send request on servlet with URL http://localhost:7001/WebLogicSQL/SQLAuthenticator the BASIC login pop appears. After entering correct ID (TestUsr1) and Password in pop it gives error

Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.


Below is log


[b]
#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =SUCCESS> <<<Event Type = Authentication Audit Event><TestUsr1><AUTHENTICATE>>> Audit Record End ####

#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =[b]FAILURE
> <<<Event Type = Authorization Audit Event V2 ><Subject: 2
Principal = class weblogic.security.principal.WLSUserImpl("TestUsr1")
Principal = class weblogic.security.principal.WLSGroupImpl("dbuser")[/b][/b]
anandraj tadkal
Ranch Hand

Joined: Feb 22, 2011
Posts: 98

Hi Prakash,

Error code 403 represents Forbidden error. That means the user is not having sufficient privileges to access the application.

Check the web.xml for the </security-role> specified
and make sure that you have the corresponding entry in the weblogic.xml

For a working sample of SQL Authenticator you can refer the below link.

http://weblogic-wonders.com/weblogic/2010/03/11/configuring-sql-authenticator-with-weblogic-server/

Cheers,
Anandraj
http://weblogic-wonders.com


Regards,
Anandraj
http://weblogic-wonders.com
Follow us on facebook:
https://www.facebook.com/weblogicwonders
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SQLAuthetication Issue on Weblogic 10.3
 
Similar Threads
EJB3 in Weblogic 10.3
getting error when deploying web app in weblogic 10.0
LocalHost Start up Error
Unable to access my Web Application deployed on Weblogic 10.3 for configured SQLAuth
he doesn't ask for authenticate