*
The moose likes BEA/Weblogic and the fly likes WebLogic7-EJB client receives java.rmi.AccessException: Security Violation:  on one of managed Serve Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "WebLogic7-EJB client receives java.rmi.AccessException: Security Violation:  on one of managed Serve" Watch "WebLogic7-EJB client receives java.rmi.AccessException: Security Violation:  on one of managed Serve" New topic
Author

WebLogic7-EJB client receives java.rmi.AccessException: Security Violation: on one of managed Serve

Sandeep.Namdeo Mule
Greenhorn

Joined: Aug 01, 2013
Posts: 3
Hi,

I am running my EJB Application on Weblogic7 server in clustered environment where I have 2 managed servers say mg1 and mg2.

I have plain java EJB client accessing EJB from weblogic clustered environment. But client is able to manage connection to only 1 server say mg1, when mg2 is selected for service by cluster client receives following Exception.

java.rmi.AccessException: Security Violation: User: 'xyz' has insufficient permission to access EJB: type=<ejb>, application=EJB_JAR_2013-08-28_12-19
, module=EJB.jar, ejb=EJB, method=run, methodInterface=Remote, signature={}.

Start server side stack trace:
java.rmi.AccessException: Security Violation: User: 'xyz' has insufficient permission to access EJB: type=<ejb>, application=EIB_JAR_prod_2013-08-28_12-19
, module=EJB.jar, ejb=EJB, method=run, methodInterface=Remote, signature={}.
at weblogic.ejb20.internal.MethodDescriptor.checkMethodPermissionsRemote(MethodDescriptor.java:452)
at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:50)
at fi.elisa.dom.ejb.EJBImpl_xy2j8b_EOImpl.run(EJBImpl_xy2j8b_EOImpl.java:82)
at fi.elisa.dom.ejb.EJBImpl_xy2j8b_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:362)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:313)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:821)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:308)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)

Interesting Part of this issue is if one managed server can manage proper execution between client to server why another managed server is at error.
Client code is perfect because same client code can access EJB from managed server 1.

the server environment was very stable for almost 3 years but with last deployment on production this behavior is seen.

I verified the problem at various level but unsuccessful.

can any buddy suggest what i need to do to come out of this problem.

Thanks in advance.
Sandeep N. Mule.
James Boswell
Bartender

Joined: Nov 09, 2011
Posts: 1012
    
    5

Sandeep

Assuming you are using the same client code to invoke the EJB, I can only assume that the security credentials for each EJB are different.

Using the WLS admin console, are you able to check this? I haven't used WLS in a while but I think you will find the necessary configuration under Security -> Realms.
Sandeep.Namdeo Mule
Greenhorn

Joined: Aug 01, 2013
Posts: 3
James Boswell wrote:Sandeep

Assuming you are using the same client code to invoke the EJB, I can only assume that the security credentials for each EJB are different.

Using the WLS admin console, are you able to check this? I haven't used WLS in a while but I think you will find the necessary configuration under Security -> Realms.


Hi James,

Thanks for reply,

I did tried to find answer in security->realms as most of the google searches are taking me to this solution.
It did not worked out because Realms are configured at cluster level and I am not able to apply realms separately for each managed server. This setting seems correct as Managed server 1 responding correctly to client request.
Some more information about EJB is, Method Permission are given in ejb-jar.xml file and principle-name,role-names is specified in weblogic-ejb-jar.xml file.

Thanks again
-Sandeep.
James Boswell
Bartender

Joined: Nov 09, 2011
Posts: 1012
    
    5

So, do you have access to those files for each server? Is there perhaps a required role for a user to access one EJB which is not required for the other? There must be a difference in the security configuration of the EJBs if your client code is the same for both invocations.
Sandeep.Namdeo Mule
Greenhorn

Joined: Aug 01, 2013
Posts: 3
James Boswell wrote:So, do you have access to those files for each server? Is there perhaps a required role for a user to access one EJB which is not required for the other? There must be a difference in the security configuration of the EJBs if your client code is the same for both invocations.


its a single EAR I deployed from console on cluster level. So both server receives same jar files. As these 2 xml are under jar, they must be same for doth servers. I am confident about no difference in Security at least from with in ejb jar file. If at all there is a difference I feel that must be on breaking server, Something which is set out of Weblogic configuration. Do you know anything else can influence Weblogic Security from Unix level setting?
 
wood burning stoves
 
subject: WebLogic7-EJB client receives java.rmi.AccessException: Security Violation: on one of managed Serve
 
Similar Threads
Error Using client to access EJB
Security Violation: In Cabin EJB
EJBAccessException: [EJB:010160]Security Violation
[EJB:010160]Security Violation
WL 8.1--- Custom security service