Comments on: WebLogic 10 Active Directory Authentication Provider Bug http://monduke.com/2008/07/27/bug-in-the-weblogic-10-active-directory-authentication-provider/ Covering J2EE Security and WebLogic Topics Tue, 13 Apr 2010 01:53:49 -0600 http://wordpress.org/?v=2.9.2 hourly 1 By: Sen http://monduke.com/2008/07/27/bug-in-the-weblogic-10-active-directory-authentication-provider/comment-page-1/#comment-14278 Sen Thu, 04 Mar 2010 10:41:17 +0000 http://monduke.com/?p=57#comment-14278 Hi Kris, Mike, I am facing the same problem. (Waiting for notification on: netscape.ldap.LDAPSearchListener@2899caa[fat lock]) It will be really helpful if you could give any inputs on solving this. Many Thanks, Sen Hi Kris, Mike,

I am facing the same problem. (Waiting for notification on: netscape.ldap.LDAPSearchListener@2899caa[fat lock])

It will be really helpful if you could give any inputs on solving this.

Many Thanks,
Sen

]]> By: Mike Fleming http://monduke.com/2008/07/27/bug-in-the-weblogic-10-active-directory-authentication-provider/comment-page-1/#comment-14157 Mike Fleming Thu, 26 Mar 2009 00:39:45 +0000 http://monduke.com/?p=57#comment-14157 Kris, Sorry for the response delay -- I just got back from vacation. Unfortunately, I don't have a solution for the problem you're seeing. Sorry! Kris,

Sorry for the response delay — I just got back from vacation. Unfortunately, I don’t have a solution for the problem you’re seeing. Sorry!

]]> By: Kris http://monduke.com/2008/07/27/bug-in-the-weblogic-10-active-directory-authentication-provider/comment-page-1/#comment-14155 Kris Wed, 18 Mar 2009 14:37:40 +0000 http://monduke.com/?p=57#comment-14155 Hi Mike, Not sure if this is related to the bug described in the blog - but we are getting prod issues and the server got buried because of stuck threads. I am attaching the stack trace. Any help would be appreciated. Thank you. <blockquote> Thread-1533 "[STUCK] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'" { -- Waiting for notification on: netscape.ldap.LDAPResponseListener@ffffffff80fe87c1[fat lock] java.lang.Object.wait(Object.java:474) netscape.ldap.LDAPMessageQueue.waitForMessage(Unknown Source) netscape.ldap.LDAPMessageQueue.waitFirstMessage(Unknown Source) netscape.ldap.LDAPConnection.sendRequest(Unknown Source) ^-- Holding lock: netscape.ldap.LDAPConnection@ffffffff80fe7aad[thin lock] netscape.ldap.LDAPConnection.simpleBind(Unknown Source) netscape.ldap.LDAPConnection.authenticate(Unknown Source) netscape.ldap.LDAPConnection.authenticate(Unknown Source) netscape.ldap.LDAPConnection.bind(Unknown Source) weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3687) weblogic.security.utils.Pool.newInstance(Pool.java:37) weblogic.security.utils.Pool.getInstance(Pool.java:29) weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3142) weblogic.security.providers.authentication.LDAPAtnDelegate.userExists(LDAPAtnDelegate.java:2260) weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:136) com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110) com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:101) sun.reflect.GeneratedMethodAccessor9101.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:570) javax.security.auth.login.LoginContext.invoke(LoginContext.java:720) javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) javax.security.auth.login.LoginContext.login(LoginContext.java:566) com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:71) sun.reflect.GeneratedMethodAccessor1066.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:570) com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57) $Proxy11.login(Unknown Source) weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(Unknown Source) com.bea.common.security.internal.service.IdentityAssertionCallbackServiceImpl.assertIdentity(IdentityAssertionCallbackServiceImpl.java:96) sun.reflect.GeneratedMethodAccessor702.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:570) com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57) $Proxy14.assertIdentity(Unknown Source) com.bea.common.security.internal.service.IdentityAssertionServiceImpl.assertIdentity(IdentityAssertionServiceImpl.java:78) sun.reflect.GeneratedMethodAccessor699.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:570) com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57) $Proxy35.assertIdentity(Unknown Source) weblogic.security.service.PrincipalAuthenticator.assertIdentity(Unknown Source) weblogic.servlet.security.internal.CertSecurityModule.assertIdentity(CertSecurityModule.java:103) weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:65) weblogic.servlet.security.internal.SecurityModule.checkAccess(SecurityModule.java:107) weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:57) weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2076) weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1998) weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1331) weblogic.work.ExecuteThread.execute(ExecuteThread.java:197) weblogic.work.ExecuteThread.run(ExecuteThread.java:164) </blockquote> Hi Mike,

Not sure if this is related to the bug described in the blog – but we are getting prod issues and the server got buried because of stuck threads. I am attaching the stack trace. Any help would be appreciated. Thank you.

Thread-1533 “[STUCK] ExecuteThread: ‘17′ for queue: ‘weblogic.kernel.Default (self-tuning)’” {
— Waiting for notification on: netscape.ldap.LDAPResponseListener@ffffffff80fe87c1[fat lock]
java.lang.Object.wait(Object.java:474)
netscape.ldap.LDAPMessageQueue.waitForMessage(Unknown Source)
netscape.ldap.LDAPMessageQueue.waitFirstMessage(Unknown Source)
netscape.ldap.LDAPConnection.sendRequest(Unknown Source)
^– Holding lock: netscape.ldap.LDAPConnection@ffffffff80fe7aad[thin lock]
netscape.ldap.LDAPConnection.simpleBind(Unknown Source)
netscape.ldap.LDAPConnection.authenticate(Unknown Source)
netscape.ldap.LDAPConnection.authenticate(Unknown Source)
netscape.ldap.LDAPConnection.bind(Unknown Source)
weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3687)
weblogic.security.utils.Pool.newInstance(Pool.java:37)
weblogic.security.utils.Pool.getInstance(Pool.java:29)
weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3142)
weblogic.security.providers.authentication.LDAPAtnDelegate.userExists(LDAPAtnDelegate.java:2260)
weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:136)
com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:101)
sun.reflect.GeneratedMethodAccessor9101.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:570)
javax.security.auth.login.LoginContext.invoke(LoginContext.java:720)
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
javax.security.auth.login.LoginContext.login(LoginContext.java:566)
com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:71)
sun.reflect.GeneratedMethodAccessor1066.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:570)
com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
$Proxy11.login(Unknown Source)
weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(Unknown Source)
com.bea.common.security.internal.service.IdentityAssertionCallbackServiceImpl.assertIdentity(IdentityAssertionCallbackServiceImpl.java:96)
sun.reflect.GeneratedMethodAccessor702.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:570)
com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
$Proxy14.assertIdentity(Unknown Source)
com.bea.common.security.internal.service.IdentityAssertionServiceImpl.assertIdentity(IdentityAssertionServiceImpl.java:78)
sun.reflect.GeneratedMethodAccessor699.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:570)
com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
$Proxy35.assertIdentity(Unknown Source)
weblogic.security.service.PrincipalAuthenticator.assertIdentity(Unknown Source)
weblogic.servlet.security.internal.CertSecurityModule.assertIdentity(CertSecurityModule.java:103)
weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:65)
weblogic.servlet.security.internal.SecurityModule.checkAccess(SecurityModule.java:107)
weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:57)
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2076)
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1998)
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1331)
weblogic.work.ExecuteThread.execute(ExecuteThread.java:197)
weblogic.work.ExecuteThread.run(ExecuteThread.java:164)

]]> By: Mike Fleming http://monduke.com/2008/07/27/bug-in-the-weblogic-10-active-directory-authentication-provider/comment-page-1/#comment-13965 Mike Fleming Mon, 10 Nov 2008 01:40:53 +0000 http://monduke.com/?p=57#comment-13965 Sharon, As I understand it, the security providers are started before JNDI is available. That makes sense since JNDI can have security policies against it but it makes it harder to do what you want to do. I suppose you could get around it by catching that exception and trying again until you can get the InitialContext. One thing to watch out for is infinite loops since BEA/ORACLE recommends not accessing resources that can have security constraints. Good Luck! Sharon,

As I understand it, the security providers are started before JNDI is available. That makes sense since JNDI can have security policies against it but it makes it harder to do what you want to do.

I suppose you could get around it by catching that exception and trying again until you can get the InitialContext.

One thing to watch out for is infinite loops since BEA/ORACLE recommends not accessing resources that can have security constraints.

Good Luck!

]]> By: sharon http://monduke.com/2008/07/27/bug-in-the-weblogic-10-active-directory-authentication-provider/comment-page-1/#comment-13964 sharon Sun, 09 Nov 2008 01:52:14 +0000 http://monduke.com/?p=57#comment-13964 I have a question on weblogic security. I have a custom authentication provider (wls816). In the login module I need to get the datasource and connect the db. I used new Initia lContext();When I start the server, I got error: javax.naming.NoInitialContextException: Need to specify class name in environmen t or system property, or as an applet parameter, or in an application resource f ile: java.naming.factory.initial Can't the security provider access the weblogic context? Thanks I have a question on weblogic security. I have a custom authentication provider (wls816). In the login module I need to get the datasource and connect the db. I used new Initia lContext();When I start the server, I got error:
javax.naming.NoInitialContextException: Need to specify class name in environmen
t or system property, or as an applet parameter, or in an application resource f
ile: java.naming.factory.initial
Can’t the security provider access the weblogic context? Thanks

]]>