Unable to retrieve passwords from WebLogic configuration

0
votes

I have the following code in a web service deployed on WebLogic 12.2.1. It will retrieve the keystore file name and password from WebLogic configuration.

    InitialContext ic = new InitialContext();
    MBeanServer server = (MBeanServer) ic.lookup("java:comp/env/jmx/runtime");
    ObjectName runtime = new ObjectName("com.bea:Name=MLMAppSrv01,Type=Server");
    Object keyStoreFileName = server.getAttribute(runtime, "CustomIdentityKeyStoreFileName");
    Object keyStorePassPhrase = server.getAttribute(runtime, "CustomIdentityKeyStorePassPhrase");

It is able to retrieve the keystore file name, but when it tries to retrieve the password, the following exception is thrown.

[Management:141302]Access not allowed for Subject: principals=[], on resource Server, action: read, target CustomIdentityKeyStorePassPhrase.

Under the domain's security, I have already enabled "Clear Text Credential Access Enabled".

What else could be wrong?

Thanks in advance.

4
weblogicweblogic12c

4 Answers

0
votes

You are not passing any Username in your code. With weblogic user or some other admin user you should retrieve the password. Otherwise it will not allow you to access the password.

If you want to use some other user than weblogic then make sure that you add that user to Administrator group.

0
votes

You can pass the credentials as given in below sample code.

Hashtable properties = new Hashtable();
   properties.put(Context.INITIAL_CONTEXT_FACTORY,
                  "weblogic.jndi.WLInitialContextFactory");
   // NOTE: The port number of the server is provided in the next line,
   //       followed by the userid and password on the next two lines.
   properties.put(Context.PROVIDER_URL, "t3://localhost:9001");
   properties.put(Context.SECURITY_PRINCIPAL, "weblogic");
   properties.put(Context.SECURITY_CREDENTIALS, "welcome1");
   try {
       ctx = new InitialContext(properties);
   } catch (NamingException ne) {
       ne.printStackTrace(System.err);
       System.exit(0);
   }
0
votes

I think you are not authenticated and therefore get no access to restricted ressources. Add the annotation @RunAs("WEBLOGIC") to your class and configure it in the WEB-INF/weblogic-ejb-jar.xml

(Where WEBLOGIC is the name of a user with administrator rights in the Weblogic console, the default Admin Account is even named weblogic)

Your class should look like this:

@Stateless
@RunAs("WEBLOGIC")
public class SomeService {
// ...
}

Contents of the weblogic-ejb-jar.xml

<?xml version="1.0" encoding="UTF-8"?>
<weblogic-ejb-jar>
   <run-as-role-assignment>
     <role-name>WEBLOGIC</role-name>
     <run-as-principal-name>weblogic</run-as-principal-name>
   </run-as-role-assignment>
</weblogic-ejb-jar>
0
votes

I have a similar case, which my jersey code needs to get the keys from the keystore programmatically in WLS. No EJB settings are required. You just need to define the web.xml and weblogic.xml properly.

web.xml:

<servlet>
    <servlet-name>{jersey webservice class}</servlet-name>
    <run-as>
        <role-name>admRole</role-name>
    </run-as>        
</servlet>

<security-role>
    <role-name>admRole</role-name>
</security-role>

weblogic.xml:

<run-as-role-assignment>
    <role-name>admRole</role-name>
    <run-as-principal-name>wlsadm</run-as-principal-name>
</run-as-role-assignment>