If you are seeing "Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals" error in weblogic server logs on RMI invocation of EJB(deployed on different Weblogic domain), this means the issue is in domain trust security settings.
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:352)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)
To solve the above issues, enable trust between multiple Weblogic Server Domains and specify same credential in both the weblogic server domains. It can be fixed by -
I fixed it by enabling global trust between the weblogic server domains. By default, domain credentials are randomly generated and no two domains will have the same Domain credential. So, replace the generated credential and specify the same domain credential for each of the domains. In this way, identity is passed between WLS domains over an RMI connection without requiring authentication in the second domain.
Note: Don't confuse Domain credential with the credential for login to WLS console
1. Log in to WLS console and click on Lock and Edit (top left pane)
2. In the left pane click on Domain name.
3. Select Security > General on the center pane. Click Advanced link.
4. Enter password in Credential and Confirm Credential fields.
5. Click on Activate Changes in the top left pane.
Stack trace
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:352)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)
To solve the above issues, enable trust between multiple Weblogic Server Domains and specify same credential in both the weblogic server domains. It can be fixed by -
- Enabling Cross Domain Security between Weblogic Server Domains
- Enabling Global Trust
I fixed it by enabling global trust between the weblogic server domains. By default, domain credentials are randomly generated and no two domains will have the same Domain credential. So, replace the generated credential and specify the same domain credential for each of the domains. In this way, identity is passed between WLS domains over an RMI connection without requiring authentication in the second domain.
Note: Don't confuse Domain credential with the credential for login to WLS console
Configuration Steps
2. In the left pane click on Domain name.
3. Select Security > General on the center pane. Click Advanced link.
4. Enter password in Credential and Confirm Credential fields.
5. Click on Activate Changes in the top left pane.
Oracle Weblogic Portal --- "
ReplyDeleteOracle Weblogic 11g Portal Administration Online Training
Send ur Enquiry to contact@21cssindia.com
Portals & Enterprise Portals
Advantages of Enterprise Portals
Oracle Weblogic Portal Installation" more… Online Training- Corporate Training- IT Support U Can Reach Us On +917386622889 - +919000444287 http://www.21cssindia.com/courses/oracleweblogicportal-online-training-3.html
This information you provided in the blog that was really unique I love it!!, Thanks for sharing such a great blog !!Network Analytics Market Report | Enterprise Social Software (ESS) Market Report
ReplyDeleteGreat post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledge.
ReplyDeleteJava Training in Chennai
I am really happy with your blog because your article is very unique and powerful for new reader.
ReplyDeleteselenium training in chennai
Hi ,
ReplyDeleteHome >myrealm >Users and Groups >OracleSystemUser >Summary of Security Realms >myrealm >Users and Groups >weblogic >Summary of Deployments >Summary of Security Realms >servicelayer_domain
Do i need to change the NodeManager credentials also , when i want to change the domain password .
Thank you very much. This is helpful!
ReplyDelete