Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Archived » Eclipse Process Manager (Stardust) » Accessing Stardust dynamic web services on Weblogic 10.3 results in 401 Unauthorized response(Authentication problems on Weblogic, but Tomcat works)
Accessing Stardust dynamic web services on Weblogic 10.3 results in 401 Unauthorized response [message #1008817] Wed, 13 February 2013 22:41 Go to next message
Jan Hendrik Scheufen is currently offline Jan Hendrik ScheufenFriend
Messages: 77
Registered: October 2011
Member
Hi,

I've got a Stardust Spring Portal WAR in two versions, one for Tomcat and one for Weblogic, which were based on the corresponding archetypes.

Using a process model with a Process Interface defined that is exposed as a dynamic SOAP endpoint, I get different behavior on Weblogic vs. Tomcat.

To be more precise, on Tomcat I can start a process instance by sending a SOAP envelope to /services/soap/default/MyProcess/ProcessServiceHttpBasicAuth with username/password as HTTP basic auth parameters in the HTTP header.

When I deploy the same model on Weblogic and send the same SOAP request, I always get a HTTP 401 response saying that the user is not authorized.

Something that I noticed on the server log is that one of the Weblogic server threads actually says that the user "motu" has tried to login unsuccessfully 5 times and that the account will now be locked for 30 minutes!? This does not seem to be coming from Stardust, but how would Weblogic know about the "motu" user ...?
I can still logon to the Stardust portal with that user.

Any ideas?

[Updated on: Wed, 13 February 2013 22:49]

Report message to a moderator

Re: Accessing Stardust dynamic web services on Weblogic 10.3 results in 401 Unauthorized response [message #1008819 is a reply to message #1008817] Wed, 13 February 2013 22:46 Go to previous messageGo to next message
Jan Hendrik Scheufen is currently offline Jan Hendrik ScheufenFriend
Messages: 77
Registered: October 2011
Member
So, it turns out that Weblogic by default intercepts HTTP basic auth calls and eagerly tries to authenticate the credentials against its own security realm! And of course there is no user 'motu' configured in Weblogic!
This means that the web service call never reached Stardust web application. Why Weblogic would do such a thing by default is beyond my comprehension, but here's something to read about this behavior:

http://www.coderanch.com/t/482186/BEA-Weblogic/WebLogic-intercepting-credentials-passed-webservice
http://docs.oracle.com/cd/E12840_01/wls/docs103/security/thin_client.html#understanding_basic_atn

The solution is to set the following parameter in the <security-configuration> section of the config.xml for the WL domain:

<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>

Report message to a moderator

Re: Accessing Stardust dynamic web services on Weblogic 10.3 results in 401 Unauthorized response [message #1009414 is a reply to message #1008817] Fri, 15 February 2013 05:07 Go to previous messageGo to next message
Hideo Sashida is currently offline Hideo SashidaFriend
Messages: 5
Registered: September 2012
Junior Member
Hi,

If you run WebLogic domain in production mode, you cannot start WLS managed server bacause it regards "<enforce-valid-basic-auth-credentials>" tag as invalid.

To work around this, you need to add WLS-specific argument to get WLS managed server to disable schema validation for config.xml.

For example, when you have weblogic domain in C:\Oracle\Middleware\user_projects\domains\ipp_domain, modify the following line of bin\startWeblogic.cmd from:

set SAVE_JAVA_OPTS=%JAVA_OPTIONS%

to

set SAVE_JAVA_OPTS=%JAVA_OPTIONS% -Dweblogic.configuration.schemaValidationEnabled=false

Hope it helps.

Report message to a moderator

icon14.gif  Re: Accessing Stardust dynamic web services on Weblogic 10.3 results in 401 Unauthorized response [message #1009437 is a reply to message #1009414] Fri, 15 February 2013 06:23 Go to previous message
Robert Emsbach is currently offline Robert EmsbachFriend
Messages: 186
Registered: October 2011
Location: Singapore
Senior Member
[*Like*]

Report message to a moderator

Previous Topic:ConcurrencyException on AuditTrailPartitionBean with Tomcat 6 and MSSQL
Next Topic:IAF-Stardust: WSP_1018_POLICY_EXCEPTION_WHILE_FINISHING_PARSING_WSDL
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Apr 23 17:13:19 GMT 2024

Powered by FUDForum. Page generated in 0.03376 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly