Saturday, April 7, 2018

A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift


Error:

<Mar 14, 2018 9:13:36 AM IST> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift. at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:466)at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1032) at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift. at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155)
 Truncated. see log file for complete stacktrace
Caused By: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadFullLDIFTemplate(BootStrapServiceImpl.java:910) at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFTemplate(BootStrapServiceImpl.java:688) at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:176)  at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:160)at com.bea.common.security.internal.service.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:106)Truncated. see log file for complete stacktraceCaused By: <openjpa-1.1.1-SNAPSHOT-r422266:1172209 fatal store error> kodo.jdo.FatalDataStoreException: The transaction has been rolled back.  See the nested exceptions for details on the errors that occurred at org.apache.openjpa.kernel.BrokerImpl.newFlushException (BrokerImpl.java:2170)
        at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2017
        at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:1915)
        at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:1833) at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
        Truncated. see log file for complete stacktrace Caused By: <openjpa-1.1.1-SNAPSHOT-r422266:1172209 fatal store error> kodo.jdo.FatalDataStoreException: error result
        at com.bea.common.ldap.LDAPStoreManager.flush(LDAPStoreManager.java:341)
        at org.apache.openjpa.abstractstore.AbstractStoreManager.flush(AbstractStoreManager.java:277)
        at org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:130)
        at org.apache.openjpa.datacache.DataCacheStoreManager.flush(DataCacheStoreManager.java:571)
        at org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:130)
        Truncated. see log file for complete stacktrace
Caused By: netscape.ldap.LDAPException: error result (49); Invalid credentials
        at netscape.ldap.LDAPConnection.checkMsg(Unknown Source)
        at netscape.ldap.LDAPConnection.simpleBind(Unknown Source)
        at netscape.ldap.LDAPConnection.authenticate(Unknown Source)
        at netscape.ldap.LDAPConnection.authenticate(Unknown Source)
        at netscape.ldap.LDAPConnection.bind(Unknown Source)
        Truncated. see log file for complete stacktrace
> 
<Mar 14, 2018 9:13:36 AM IST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Mar 14, 2018 9:13:36 AM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:917)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> 
<Mar 14, 2018 9:13:36 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Mar 14, 2018 9:13:36 AM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Mar 14, 2018 9:13:36 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

CAUSE

The root cause is that the RDBMS Tables are not created in the Security Datastore.

SOLUTION 1

Check the following two points as they may be the cause of the reported issue:

1) OPSS Schema

BEAXACMLAP table that is causing the ORA-00092 is the table in the OPSS schema.
Please check whether the BEAXACMLAP table exists in the OPSS schema. 
If this table not exist, perhaps you may not have run the 'rdbms_security_store_oracle.sql'.

Related Information: Note:1327167.1 - WebLogic Server Cannot Start Up with RDBMS Security StoreDelete Reference

2) Database user

Please check the correct database user.

SOLUTION 2

Before booting the domain, the RDBMS tables need to be created in the database:
Specify the same connection properties, including the credentials of the user who has access, the database URL, etc., as specified for that RDBMS during domain creation.
Run the appropriate script to create RDBMS tables. There are a set of SQL scripts for creating/removing RDBMS tables under WL_HOME/server/lib: e.g., for Oracle DB, rdbms_security_store_oracle.sql is to create RRDBMS tables and rdbms_security_store_oracle_remove.sql is to remove these tables.

For details, please refer to "Create RDBMS Tables in theSecurity Datastore" in

http://www.oracle.com/pls/as1111/lookup?id=SECMG346

Thanks,
Aditya.



Friday, April 6, 2018

API's for GeoLocation based on IP Address

"You need to think out loud concerning the security of your enterprise application". I say and hear this line every day as a security professional.
As it's growing the importance of application security it became one of the minimum requirements to know the location of the user to avoid any possible fraud. As the saying goes "prevention is better than cure".
There are scenarios that applications need to know the location of the user as it drives the relevant content to be presented to the user once authorized. I would rather park that line of study/discussion as my intent to focus on the web security in this post.
I come across such requirement quiet often and so thought to put together some of the GeoLocation providers out there on the web to serve the job of locating the user before giving access to mission-critical applications without any overhead to the application.
Listing some of the GeoLocation API providers based on the IP Address that is available in the market.
Note: Do your due diligence before implementing any of these API's for your application security as each provider has their advantages and limitations.
  1. https://www.snoopi.io
  2. https://www.ipify.org
  3. http://geobytes.com
  4. https://ipstack.com
  5. http://ipapi.co
  6. https://ipdata.co


Hope this will be helpful.