javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: j

saptarshi · #1 (**permalink**) October 10th, 2007, 12:45

Hi,

We've completed our first installation of OTM 5.5. The complete installation (including database, upgradation & weblogic) & upgraded to CU#3 is successful. But after installation when we're trying to access it from IE, insted of the login page we're getting the following :

javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: User: GUEST.ADMIN, failed to be authenticated.

javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: User: GUEST.ADMIN, failed to be authenticated.
at glog.database.security.jaas.ClientLoginModuleImpl. login(ClientLoginModuleImpl.java:50)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(Logi nContext.java:675)
at javax.security.auth.login.LoginContext.access$000( LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(Login Context.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModul e(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(Login Context.java:534)
at glog.database.security.jaas.AuthenticationContext. login(AuthenticationContext.java:95)
at glog.util.remote.NamingDirectory.(NamingDirectory. java:783)
at glog.util.remote.NamingDirectory.get(NamingDirecto ry.java:199)
at glog.util.remote.NamingDirectory.getForGuest(Namin gDirectory.java:307)
at glog.util.remote.NamingDirectory.get(NamingDirecto ry.java:115)
at glog.util.remote.NamingDirectory.get(NamingDirecto ry.java:126)
at glog.util.remote.SessionBeanHomeInvoker.(SessionBe anHomeInvoker.java:26)
at glog.util.remote.NamingDirectory.get(NamingDirecto ry.java:170)
at glog.util.remote.NamingDirectory.get(NamingDirecto ry.java:225)
at glog.util.remote.NamingDirectory.getForSystem(Nami ngDirectory.java:283)
at glog.util.remote.NamingDirectory.getForSystem(Nami ngDirectory.java:316)
at glog.util.remote.NamingDirectory.getForSystem(Nami ngDirectory.java:320)
at glog.util.uom.UOMLoader.loadFromServer(UOMLoader.j ava:92)
at glog.webserver.util.BaseServlet.service(BaseServle t.java:585)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at glog.webserver.screenlayout.ClientSessionTracker.d oFilter(ClientSessionTracker.java:54)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at glog.webserver.util.SetCharacterEncodingFilter.doF ilter(SetCharacterEncodingFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyo teHandler.java:199)
at org.apache.jk.common.HandlerRequest.invoke(Handler Request.java:282)
at org.apache.jk.common.ChannelSocket.invoke(ChannelS ocket.java:754)
at org.apache.jk.common.ChannelSocket.processConnecti on(ChannelSocket.java:684)
at org.apache.jk.common.ChannelSocket$SocketConnectio n.runIt(ChannelSocket.java:876)
at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:534)

The weblogic that is installed with OTM is shutting down automatically after we're starting it using otmapp55.sh script from etc/init.d.

We've checked the gl_user table to ensure whether the user actually exists or not & the password is CHANGEME(base64 encrypted ). We've also gone through metalink doc no. 392713.1 & 422201.1 & tried to implement the solutions provided in these docs but nothing seems to work & the problem still persists.Please suggest if there is any other related document or some other solution to this problem.

We've installed on Solaris server with database version 10.2.0.3 & weblogic 8.1 SP4

chrisplough · #2 (**permalink**) October 10th, 2007, 15:21

Hello,

This is a fairly generic error (unfortunately) and can be caused by many issues. Please ensure that you're reviewed the following related posts. If none of these resolves your issue, please let us know and we can delve into the log files further. I've included some that you may have tried, in order to help people who reference this post in the future.

Some initial thoughts:
1) Did you run the insert_security_roles.sql script?
2) Have you installed the required 3rd party jar files that must be downloaded and installed separately?
http://www.otmfaq.com/forums/f23/otm...tallation-415/ (OTM v5.5 Extra Jars Required for Installation)
3) Did you ensure that WebLogic had fully started up (takes several minutes) before starting up Tomcat?

Checking your installation logs for errors:
http://www.otmfaq.com/forums/f23/how...d-no-errors-9/ (How do you verify your install had no errors?)

GUEST.ADMIN errors when
http://www.otmfaq.com/forums/f7/clos...-error-otm-87/
http://www.otmfaq.com/forums/f29/sol...tart-fail-293/ ([SOLVED] Issue: Changing GUEST.ADMIN Password Causes OTM Restart to Fail)
http://www.otmfaq.com/forums/f23/jav...exception-376/ (javax.security.auth.login.LoginException...)

Thanks,
Chris

saptarshi · #3 (**permalink**) October 11th, 2007, 11:57

Hi Chris,

Thanks Much for your reply. We have reviewed the following posts, but the error is still coming.
Looks like "GUEST.ADMIN" account is getting locked ....
INFO | jvm 1 | 2007/10/11 15:27:12 | <Oct 11, 2007 3:27:11 PM IST> <Notice> <Security> <BEA-090078> <User GUEST.ADMIN in security realm gc3realm has had 5 invalid login attempts, locking account for 30 minutes.>
INFO | jvm 1 | 2007/10/11 15:28:02 | <Oct 11, 2007 3:28:02 PM IST> <Critical> <Security> <BEA-090403> <Authentication for user GUEST.ADMIN denied>

Please find attached the log files (console.log and weblogic.log)

Thanks,
Saptarshi

chrisplough · #4 (**permalink**) October 11th, 2007, 15:16

Saptarshi,

You're right - it definitely appears to be a password miss-match issue with the GUEST.ADMIN user account. WebLogic startup is clean and the problem doesn't appear to occur until Tomcat is started up.

Can you verify that your GUEST.ADMIN password is the same as below?

Code:

SQL> select gl_password from gl_user where gl_user_gid like 'GUEST.ADMIN';

GL_PASSWORD
--------------------------------------------------------------------------------
VAU9uZtJtMwEb3tIVKgN49bfrnE=

If it is, then you shouldn't need to set the -DGuestEncodedPassword setting in the tomcat.conf file.

Also - could you verify what patch level you're at. The latest is CU03 RU02. I'm not aware of any bugs related to this after CU02, but it's always worth a try.

Thanks!
--Chris

Abhijit · #5 (**permalink**) October 12th, 2007, 12:09

Hi Chris,

Thanks for your valuable guidance. We are able to login to OTM now using GUEST.ADMIN user.

The password in gl_user was "CHANGEME" but -DGuestEncodedPassword was set in tomcat.conf. So, we deleted that entry and it started working fine.

I would like to thank you again for helping us.

Best Regards,
Abhijit