java.lang.SecurityException: [Security:090398]Invalid Subject - Weblogic

This is a discussion on java.lang.SecurityException: [Security:090398]Invalid Subject - Weblogic ; Hello,=20 we are trying to restrict a Portlet's view in Portal 8.1 SP5. In Portal Administration: 1) We had created a group, and a role.=20 2) We assigned the role to the group. 3) The next is that we chose ...

+ Reply to Thread
Results 1 to 3 of 3

java.lang.SecurityException: [Security:090398]Invalid Subject

  1. Default java.lang.SecurityException: [Security:090398]Invalid Subject

    Hello,=20
    we are trying to restrict a Portlet's view in Portal 8.1 SP5.
    In Portal Administration:
    1) We had created a group, and a role.=20
    2) We assigned the role to the group.
    3) The next is that we chose this role and gave it permission of view.
    We are using the DefaultAuthenticator and DefaultIdentityAsserter provider.
    When we try to access to the page which contain the portlet we got the next=
    error:

    java.lang.SecurityException: [Security:090398]Invalid Subject: 46035
    =09at weblogic.security.service.SecurityServiceManager.seal(SecurityService=
    Manager.java:697)
    =09at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
    =09at com.bea.p13n.entitlements.Authorization.getRoles(Authorization.java:2=
    09)
    =09at com.bea.p13n.entitlements.Authorization.isAccessAllowed(Authorization=
    ..java:786)
    =09at com.bea.p13n.entitlements.Authorization.isAccessAllowed(Authorization=
    ..java:270)
    =09at com.bea.netuix.servlets.controls.EntitledUIControl.isCapable(Entitled=
    UIControl.java:166)
    =09at com.bea.netuix.servlets.controls.window.WindowList.getEntitledWindows=
    (WindowList.java:315)
    =09at com.bea.netuix.servlets.controls.page.Page.notifyChildPortletsOfActiv=
    ation(Page.java:510)
    =09at com.bea.netuix.servlets.controls.page.Book.notifyChildPortletsOfActiv=
    ation(Book.java:742)
    =09at com.bea.netuix.servlets.controls.page.Book.fireActivationDeactivation=
    Events(Book.java:681)
    =09at com.bea.netuix.servlets.controls.page.Page.handleEvent(Page.java:373)
    =09at com.bea.netuix.servlets.controls.page.events.PageChangeEvent$Manager.=
    fireEvent(PageChangeEvent.java:244)
    =09at com.bea.netuix.servlets.controls.page.Page.raiseChangeEvents(Page.jav=
    a:344)
    =09at com.bea.netuix.nf.ControlLifecycle$4.postVisitRoot(ControlLifecycle.j=
    ava:298)
    =09at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.j=
    ava:372)
    =09at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:126)
    =09at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:105)
    =09at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:173)
    =09at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:137)
    =09at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java=
    :333)
    =09at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:196)
    =09at com.bea.netuix.servlets.manager.PortalServlet.doPost(PortalServlet.ja=
    va:772)
    =09at com.bea.netuix.servlets.manager.PortalServlet.doGet(PortalServlet.jav=
    a:671)
    =09at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:147)
    =09at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    =09at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run=
    (ServletStubImpl.java:1072)
    =09at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubIm=
    pl.java:465)
    =09at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:28)
    =09at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja=
    va:27)
    =09at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilte=
    r.java:293)
    =09at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja=
    va:27)
    =09at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio=
    n.run(WebAppServletContext.java:6987)
    =09at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate=
    dSubject.java:321)
    =09at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:=
    121)
    =09at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe=
    rvletContext.java:3892)
    =09at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm=
    pl.java:2766)
    =09at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    =09at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)


    Any help?

    Thank you in advanced.

  2. Default Re: java.lang.SecurityException: [Security:090398]Invalid Subject

    Hi we are facing a similar issue. Let me know if any one knows how to fix i=
    t.
    <Jan 22, 2007 10:14:06 PM EST> <Warning> <RMI> <BEA-080003> <RuntimeExcepti=
    on thrown by rmi serv
    er: weblogic.rmi.internal.BasicServerRef@108 - hostID: '96771727322796585S:=
    reiunx49:[25120,25120,-1,-1,25120,-1,-1,0,0]:al
    lstarsit1Domain:allstarMServer1', oid: '264', implementation: 'weblogic.jms=
    ..dispatcher.DispatcherImpl@666a53'
    java.lang.SecurityException: [Security:090398]Invalid Subject: ALLSTAR_LOO=
    KUP.
    java.lang.SecurityException: [Security:090398]Invalid Subject: ALLSTAR_LOOK=
    UP
    at weblogic.security.service.SecurityServiceManager.seal(SecuritySe=
    rviceManager.java:697)
    at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStre=
    am.java:191)
    at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRe=
    f.java:842)
    at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.jav=
    a:308)
    at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1113)
    at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1031)
    at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManag=
    erServer.java:225)
    at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:=
    805)
    at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:7=
    82)
    at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java=
    :705)
    at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:651=
    )
    at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer=
    ..java:123)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.=
    java:32)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

  3. Default Re: java.lang.SecurityException: [Security:090398]Invalid Subject

    Hi sreekvaj,=20
    to solve this, we tried to implement a new Authenticator Provider, but it d=
    idn't work for us, so we implemented new hard code.

    We created a new principal (WLSUserImpl) with the user name. All the other =
    information we needed to get, we stored in others principals, also WLSUserI=
    mpl.

    we needed to sign these principals, but the user must be Administrator, so =
    we added to the user the group Administrator only to sign the principals, a=
    nd after that, we removed that group .

    So we have our information in these principals, and all of them are signed.=
    Now we can get all this information in the principals.

    if you know another way to do this, let me know, please.

+ Reply to Thread