博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
occas resources security初探
阅读量:2431 次
发布时间:2019-05-10

本文共 13140 字,大约阅读时间需要 43 分钟。

有天有同事说他们的应用在install/uninstall的循环测试过程中报了exception,让我帮忙看看,我看了下weblogic的log,发现系统报了空指针异常。

看stack是sipSecurityStart的时候试图去embedded ldap 删除过期的role,似乎系统中使用了weblogic自带的ldap,印象中LDAP只是在security里面使用。

登录weblogic,查看了下系统的role配置,在default Security Realms myrealm中使用的是DDonly model,查看weblogic.xml, sip.xml和web.xml,role相关的配置都是在xml文件中,myrealm里面Roles and Policies页面也没有看到任何role。似乎所有的配置都很正常,不应该出现这种异常。尝试去掉xml中的role配置,一切都恢复正常。

百思不得其解,只好去查看weblogic的文档,检查security的配置问题。从weblogic的文档来看,在security Realms里面对应的default realm,我们使用embedded ldap来储存user/roles/policy相关的信息,当然用户可以手动配置信息存储到其他的数据库,也可以通过配置符合规范的Security Provider,取代weblogic默认的security策略。

通常我们把某种角色可以访问什么资源定义为policy,然后把某些user或者group map到对应的role,应用中所有的部署都是用role,这样分离了user/group

这种经常变动的元素,使用较为稳定不变的role元素。

使用weblogic默认的default realm,有多种模式:

1. DDonly model,用户的security role和policy都定义在xml文件中,role在weblogic.xml,role和user的mapping也在weblogic.xml,policy在web.xml和sip.xml
weblogic.xml:

   
       
    
     PayrollAdmin
        
        
    
     Tanya
        
    
     Fred
        
    
     system
    
   
   
       
    
     RunAsRoleName
        
    
     joe
2. custom roles,把每种role可以访问什么资源的policy放到配置文件ejb-jar.xml/web.xml/sip.xml,policy对应的role在weblogic.xml里定义成<externally-defined/>。Weblogic的security控制台里面配置role和user/group的mapping。user/group/policy默认存在ldap中。
weblogic.xml: 
       
    
     roleadmin
3. custom roles and policies,role, policy都放到weblogic的security控制台里面配置,user/group/role/policy默认存在ldap中。
4. Advanced,启动时使用xml中的初始值配置,之后由weblogic控制台接管,user/group/role/policy默认存在ldap中。这种配置需要选择all web and ejb for check roles and policies, init roles/polices from dd in when deploying web or ejb,部署应用之后,选择ignore roles/policies from dd in when deploying web or ejb。

从weblogic的文档中没有看出应用配置错误的地方,只看到新版本需要用javaee的namespace,由于没有weblogic的代码,最后只能去掉了weblogic关于sip部分的security,没有更进一步的调查。

a) OCCAS 4.0 example of WEB-INF/sip.xml is using http://java.sun.com/xml/ns/j2ee name spaces: $ cat /path/to/samples/sipserver/examples/src/findme/WEB-INF/sip.xml 
    
   
     ... 
       
         
     
      1
        
       
         
     
      DEMO
          
            
      
       Demo constraint
             
      
       This is a sample constraint
             
      
       findme
             
      
       INVITE
           
          
            
      
       system-user
           
        
       
         
     
      DIGEST
          
     
      myrealm
        
       
         
     
      system-user
        
     
    b) WLSS3.1 example of WEB-INF/sip.xml:$ cat /path/to/samples/sipserver/examples/src/findme/WEB-INF/sip.xml 
     
   
     ... 
       
         
     
      1
        
       
         
     
      DEMO
          
            
      
       Demo constraint
             
      
       This is a sample constraint
             
      
       findme
             
      
       INVITE
           
          
            
      
       system-user
           
        
       
         
     
      DIGEST
          
     
      myrealm
        
       
       
         
     
      system-user

更多信息:

http://docs.oracle.com/cd/E24329_01/web.1211/e24421/toc.htm

异常具体信息:

<AdminServer> <[ACTIVE] ExecuteThread: '47' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1384264755084> <BEA-149078> <Stack trace for message 149004 
weblogic.application.ModuleException:    at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1514)    at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:486)    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)    at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:201)    at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:249)    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:427)    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)    at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:28)    at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:1269)    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)    at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:409)    at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58)    at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)    at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)    at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:569)    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:150)    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:116)    at weblogic.deploy.internal.targetserver.operations.StartOperation.doCommit(StartOperation.java:143)    at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:323)    at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:844)    at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1253)    at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:440)    at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:164)    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:195)    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:13)    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:69)    at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)Caused By: java.lang.NullPointerException    at com.octetstring.vde.backend.standard.BackendStandard.delete(BackendStandard.java:525)    at com.octetstring.vde.backend.BackendHandler.delete(BackendHandler.java:517)    at weblogic.ldap.EmbeddedLDAPConnection.delete(EmbeddedLDAPConnection.java:1546)    at com.bea.common.ldap.LDAPStoreManager.flush(LDAPStoreManager.java:388)    at org.apache.openjpa.abstractstore.AbstractStoreManager.flush(AbstractStoreManager.java:277)    at org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:130)    at org.apache.openjpa.datacache.DataCacheStoreManager.flush(DataCacheStoreManager.java:571)    at org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:130)    at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2017)    at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:1915)    at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:1833)    at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)    at org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1357)    at kodo.kernel.KodoBroker.commit(KodoBroker.java:103)    at org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:877)    at kodo.jdo.PersistenceManagerImpl.commit(PersistenceManagerImpl.java:409)    at com.bea.security.providers.xacml.store.BasePolicyStore.deletePolicy(BasePolicyStore.java:1045)    at com.bea.security.providers.xacml.entitlement.RoleManager.removeRole(RoleManager.java:468)    at weblogic.security.providers.xacml.DeployableRoleProviderV2Helper$DeployRoleHandleImpl.cleanStaledRoles(DeployableRoleProviderV2Helper.java:312)    at weblogic.security.providers.xacml.DeployableRoleProviderV2Helper.endDeployRoles(DeployableRoleProviderV2Helper.java:195)    at weblogic.security.providers.xacml.authorization.XACMLRoleMapperProviderImpl.endDeployRoles(XACMLRoleMapperProviderImpl.java:250)    at com.bea.common.security.internal.legacy.service.RoleDeployerProviderImpl$V2AdapterExt$DeploymentHandlerImpl.endDeployRoles(RoleDeployerProviderImpl.java:308)    at com.bea.common.security.internal.service.RoleDeploymentServiceImpl$DeploymentHandlerImpl.endDeployRoles(RoleDeploymentServiceImpl.java:184)    at weblogic.security.service.WLSRoleDeploymentServiceWrapper$DeploymentHandlerImpl.endDeployRoles(WLSRoleDeploymentServiceWrapper.java:99)    at weblogic.security.service.RoleManager$HandlerAdaptor.endDeployRoles(RoleManager.java:348)    at weblogic.security.service.RoleManager.endDeployRoles(RoleManager.java:246)    at com.bea.wcp.sip.security.internal.SipSecurityManager.start(SipSecurityManager.java:700)    at com.bea.wcp.sip.engine.server.CanaryContext.activate(CanaryContext.java:580)    at com.bea.wcp.sip.engine.SipContainerServletContextListener.contextInitialized(SipContainerServletContextListener.java:42)    at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)    at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)    at weblogic.servlet.internal.WebAppServletContext.preloadResources(Unknown Source)    at weblogic.servlet.internal.WebAppServletContext.start(Unknown Source)    at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1512)    at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:486)    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)    at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)    at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)    at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)    at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:1267)    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)    at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:409)    at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58)    at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)    at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)    at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:569)    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:150)    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:116)    at weblogic.deploy.internal.targetserver.operations.StartOperation.doCommit(StartOperation.java:143)    at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:323)    at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:844)    at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1253)    at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:440)    at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:163)    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:195)    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:13)    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:68)    at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

转载地址:http://gytmb.baihongyu.com/

你可能感兴趣的文章
RPC实践(三)Hessian实践
查看>>
Zookeeper实践(四)zookeeper的WEB客户端zkui使用
查看>>
RPC实践(五)Dubbo实践-服务集群
查看>>
java单元测试Junit实践(一) Junit基础
查看>>
Webservice实践(二)Webservice 客户端开发
查看>>
Webservice实践(三)基于JDK的jax ws进行服务端开发
查看>>
Webservice实践(四)基于AXIS2的服务端开发
查看>>
Ubuntu12.04下安装eclipse C/C++开发环境
查看>>
Eclipse中10个最有用的快捷键组合
查看>>
Routing
查看>>
json相关学习
查看>>
linux下access函数的应用
查看>>
linux系统调用之文件:递归删除非空目录
查看>>
linux下获取系统时间的方法
查看>>
ubuntu12.04安装openCV2.4.6.1
查看>>
jsp与servlet的作用以及区别--为什么说JSP底层就是一个Servlet
查看>>
看HashMap源码前的必备冷知识,白话文式教学,适合刚开始了解源码的新手观看
查看>>
Oracle安装指南
查看>>
Redis面试必备(一)
查看>>
Cookie对象入门详解
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-07-07 12:46:12   当前IP: 3.15.188.239   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我