Security:090398 Invalid Subject - Spring and weblogic

R

2

6

I am writing a new application using spring and JMS. Myintent is to use Spring's Asynchronous Reception - Message-Driven POJOs. I get the following error.

org.springframework.jms.listener.DefaultMessageListenerContainer.refreshConnectionUntilSuccessful[904] - 
Could not refresh JMS Connection for destination     
'xyz_Module!xyz_Queue' - retrying in 5000 ms. Cause: 
[Security:090398]Invalid Subject: principals=[user, groupa, groupb]
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[user, groupa, groupb]

I have the following spring definition

<bean id="jmsContainer" class="org.springframework.jms.listener.DefaultMessageListenerContainer">
    <property name="connectionFactory" ref="connectionFactory" />
    <property name="destination" ref="destination" />
    <property name="messageListener" ref="messageAdapter" />
</bean>
<bean id="connectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
    <property name="jndiName" value="jms/xxxxx" />
    <property name="resourceRef" value="true"></property>
</bean>
<bean id="destination" class="org.springframework.jndi.JndiObjectFactoryBean">
    <property name="jndiName" value="jms/yyyyy" />
</bean>
<bean id="messageAdapter" class="org.springframework.jms.listener.adapter.MessageListenerAdapter">
    <property name="delegate" ref="messageReceiverDelegate" />
    <property name="defaultListenerMethod" value="receive" />
</bean>

I read in several posts that we have to enable cross domain security. I was not convinced that we need to enable Cross Domain Security because several other applications in my company that are MDBs are working just fine by reading from a remote queue. These applications do not have cross domain security enabled in their weblogic servers.

I spent some time digging and by some fortune I discovered that if I restarted the weblogic servers after I deployed my application, I don't see the security error anymore. I am able to get notified of the message in the remote queue.

Although my problem is solved, I am curious to know why I get the error if I just deploy the app and not restart the JVM.

Adding more log information

12/15/2014 08:58:15,079PM ERROR  org.springframework.jms.listener.DefaultMessageListenerContainer.refreshConnectionUntilSuccessful[904] - 
Could not refresh JMS Connection for destination 'XXXXXXXXXXXXXXXXXXXXX' - retrying in 5000 ms. Cause: [Security:090398]Invalid Subject: principals=[weblogic, Administrators, super_users]
java.lang.SecurityException: **[Security:090398]**Invalid Subject: principals=[weblogic, Administrators, super_users]
    at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
    at weblogic.jms.frontend.FEConnectionFactoryImpl_1034_WLStub.connectionCreateRequest(Unknown Source)
    at weblogic.jms.client.JMSConnectionFactory.setupJMSConnection(JMSConnectionFactory.java:224)
    at weblogic.jms.client.JMSConnectionFactory.createConnectionInternal(JMSConnectionFactory.java:285)
    at weblogic.jms.client.JMSConnectionFactory.createConnection(JMSConnectionFactory.java:191)
    at org.springframework.jms.support.JmsAccessor.createConnection(JmsAccessor.java:184)
    at org.springframework.jms.listener.AbstractJmsListeningContainer.createSharedConnection(AbstractJmsListeningContainer.java:405)
    at org.springframework.jms.listener.AbstractJmsListeningContainer.refreshSharedConnection(AbstractJmsListeningContainer.java:390)
    at org.springframework.jms.listener.DefaultMessageListenerContainer.refreshConnectionUntilSuccessful(DefaultMessageListenerContainer.java:885)
    at org.springframework.jms.listener.DefaultMessageListenerContainer.recoverAfterListenerSetupFailure(DefaultMessageListenerContainer.java:861)
    at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:1012)
    at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators, super_users]
    at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
    at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
    at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:349)
    at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
    at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)
    at weblogic.rmi.cluster.ClusterableServerRef.dispatch(ClusterableServerRef.java:243)
    at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1141)
    at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1023)
    at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
    at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:888)
    at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:512)
    at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:330)
    at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
    at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:950)
    at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:898)
    at weblogic.socket.EPollSocketMuxer.dataReceived(EPollSocketMuxer.java:215)
    at weblogic.socket.EPollSocketMuxer.processSockets(EPollSocketMuxer.java:177)
    at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
    at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:43)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
12/15/2014 08:58:20,095PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.shutdown[211] - Shutting down JMS listener container
12/15/2014 08:58:20,095PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.doShutdown[534] - Waiting for shutdown of message listener invokers
12/15/2014 08:58:20,111PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.shutdown[211] - Shutting down JMS listener container
12/15/2014 08:58:20,111PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.doShutdown[534] - Waiting for shutdown of message listener invokers
12/15/2014 08:58:55,595PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.establishSharedConnection[374] - Established shared JMS Connection
12/15/2014 08:58:55,611PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.resumePausedTasks[541] - Resumed paused task: org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker@189f205
12/15/2014 08:58:55,642PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.establishSharedConnection[374] - Established shared JMS Connection
12/15/2014 08:58:55,642PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.resumePausedTasks[541] - Resumed paused task: org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker@18fd51b
12/15/2014 08:59:52,740PM DEBUG  org.springframework.jms.listener.DefaultMessageListenerContainer.doReceiveAndExecute[313] - Received message of type [class weblogic.jms.common.TextMessageImpl] from consumer [weblogic.jms.client.WLConsumerImpl@2506f03] of session [weblogic.jms.client.WLSessionImpl@2506efd]

if you look at the logs you will see that I restarted the server and when the server came up it consumed the message @ 08:58:55

Resigned answered 13/12, 2014 at 7:28 Comment(3)

Interesting - was the error from your app or the weblogic server log itself? Is there any more to that stack trace? – Jeaninejeanlouis 15/12, 2014 at 21:39

Thank you for looking at this. The error was from my app because the error is thrown when spring tries to refresh its connection – Resigned 16/12, 2014 at 17:28

I have added more log information if that helps. – Resigned 16/12, 2014 at 17:50

R

5

Either we will have to enable cross domain security or you will have to restart the JVM

Resigned answered 20/3, 2015 at 4:10 Comment(1)

for Enable cross domain security docs.oracle.com/cd/E13222_01/wls/docs100/ConsoleHelp/taskhelp/… – Sweaty 20/4, 2022 at 9:49

F

0

You can authenticate a subject for each weblogic services. More information https://github.com/dmacdonald2013/weblogic-jms-spring

import weblogic.jndi.Environment;
import weblogic.security.auth.Authenticate;
import javax.security.auth.Subject;

for(JmsComponentConfig config : this.config.jmsComponents()){
Environment environment = new Environment();
environment.setProviderUrl(config.url());
environment.setSecurityPrincipal(config.username());
environment.setSecurityCredentials(config.password());
Subject subject = new Subject();
Authenticate.authenticate(environment, subject);
}

Frustrated answered 29/10, 2015 at 3:36 Comment(0)

Recommended topics

Hot tags