Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

WebLogic7-EJB client receives java.rmi.AccessException: Security Violation: on one of managed Serve

 
Sandeep.Namdeo Mule
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am running my EJB Application on Weblogic7 server in clustered environment where I have 2 managed servers say mg1 and mg2.

I have plain java EJB client accessing EJB from weblogic clustered environment. But client is able to manage connection to only 1 server say mg1, when mg2 is selected for service by cluster client receives following Exception.

java.rmi.AccessException: Security Violation: User: 'xyz' has insufficient permission to access EJB: type=<ejb>, application=EJB_JAR_2013-08-28_12-19
, module=EJB.jar, ejb=EJB, method=run, methodInterface=Remote, signature={}.

Start server side stack trace:
java.rmi.AccessException: Security Violation: User: 'xyz' has insufficient permission to access EJB: type=<ejb>, application=EIB_JAR_prod_2013-08-28_12-19
, module=EJB.jar, ejb=EJB, method=run, methodInterface=Remote, signature={}.
at weblogic.ejb20.internal.MethodDescriptor.checkMethodPermissionsRemote(MethodDescriptor.java:452)
at weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:50)
at fi.elisa.dom.ejb.EJBImpl_xy2j8b_EOImpl.run(EJBImpl_xy2j8b_EOImpl.java:82)
at fi.elisa.dom.ejb.EJBImpl_xy2j8b_EOImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:362)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:114)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:313)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:821)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:308)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)

Interesting Part of this issue is if one managed server can manage proper execution between client to server why another managed server is at error.
Client code is perfect because same client code can access EJB from managed server 1.

the server environment was very stable for almost 3 years but with last deployment on production this behavior is seen.

I verified the problem at various level but unsuccessful.

can any buddy suggest what i need to do to come out of this problem.

Thanks in advance.
Sandeep N. Mule.
 
James Boswell
Bartender
Posts: 1051
5
Chrome Eclipse IDE Hibernate
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sandeep

Assuming you are using the same client code to invoke the EJB, I can only assume that the security credentials for each EJB are different.

Using the WLS admin console, are you able to check this? I haven't used WLS in a while but I think you will find the necessary configuration under Security -> Realms.
 
Sandeep.Namdeo Mule
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
James Boswell wrote:Sandeep

Assuming you are using the same client code to invoke the EJB, I can only assume that the security credentials for each EJB are different.

Using the WLS admin console, are you able to check this? I haven't used WLS in a while but I think you will find the necessary configuration under Security -> Realms.


Hi James,

Thanks for reply,

I did tried to find answer in security->realms as most of the google searches are taking me to this solution.
It did not worked out because Realms are configured at cluster level and I am not able to apply realms separately for each managed server. This setting seems correct as Managed server 1 responding correctly to client request.
Some more information about EJB is, Method Permission are given in ejb-jar.xml file and principle-name,role-names is specified in weblogic-ejb-jar.xml file.

Thanks again
-Sandeep.
 
James Boswell
Bartender
Posts: 1051
5
Chrome Eclipse IDE Hibernate
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So, do you have access to those files for each server? Is there perhaps a required role for a user to access one EJB which is not required for the other? There must be a difference in the security configuration of the EJBs if your client code is the same for both invocations.
 
Sandeep.Namdeo Mule
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
James Boswell wrote:So, do you have access to those files for each server? Is there perhaps a required role for a user to access one EJB which is not required for the other? There must be a difference in the security configuration of the EJBs if your client code is the same for both invocations.


its a single EAR I deployed from console on cluster level. So both server receives same jar files. As these 2 xml are under jar, they must be same for doth servers. I am confident about no difference in Security at least from with in ejb jar file. If at all there is a difference I feel that must be on breaking server, Something which is set out of Weblogic configuration. Do you know anything else can influence Weblogic Security from Unix level setting?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic