Professional Documents
Culture Documents
Document 1488602
Document 1488602
In this Document
Symptoms
Changes
Cause
Solution
References
APPLIES TO:
SYMPTOMS
WebLogic Server log shows a SecurityException regarding an Invalid Subject as noted in the logs by [Security:090398]Invalid Subject:
principals=[{weblogic,system}]
The Exception Error message which will appear similarly in the Weblogic Log file will be similar to the following:
CHANGES
The Initial Context got closed before executing the code on the Object Reference.
CAUSE
This Error will happen when you try to perform an operation on a JNDI Resource from which you don't have the right permissions or you
haven't provided the security credentials.
When you create a JNDI context, the security scope is valid for the lifetime of the context. It is terminated when you invoke the close( )
method on the Context object.
The security context actually is associated with the thread running the code. This has important implications. Establishing a new context will
replace any previous security context associated with the thread as well as closing the context will remove security context associated with
the thread. Thus, you should not try to establish a nested context using differing security principals.
In that case, all code will run using the most recently created context. If you close the Initial Context, all code in the same thread will lost the
most recently created context and then will need to supply values for the SECURITY_PRINCIPAL and SECURITY_CREDENTIALS itself for
authentication.
So, if you are reading this note, it means you have already specified the credentials when created the Initial Context but you are seeing the
exception above, so let's try to understand what might have happened.
1 of 2 01/20/2022, 11:01 AM
Document 1488602.1 https://mosemp.us.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl...
The security context will be associated with the thread running the code until you close the Context if you close the Context before you
use/call the Object Reference/JNDI Resource. Example: you get a connection from a datasource then you must pass the security credentials
again since the security context has been removed from the thread when you closed the Context.
So, if you are seeing this error and don't understand why since you have provided the security credentials when you created the Initial
Context, you are probably closing the Initial Context before the JNDI/JMX transaction completes and not making sure the Object Reference
has the right permissions to execute.
SOLUTION
1. Supply values for the SECURITY_PRINCIPAL and SECURITY_CREDENTIALS environment properties when creating an initial context
and DO NOT close() the context until the Object Reference you got from JNDI tree completes the transaction.
2. If you need to close the InitialContext before using the Object Reference/JNDI Resource you will have to Supply values for the
SECURITY_PRINCIPAL and SECURITY_CREDENTIALS on the JNDI Resource Again, since it won't be able to get it from the thread
context because InitialContext was closed.
Example code:
ic = new InitialContext(ht);
DataSource dataSource = (DataSource) ic.lookup("jdbc/MyDS"); //Got the Datasource Object Reference
newConn = dataSource.getConnection(); //In this example This line will fail with
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[{weblogic,system}], if you don't
close ic then this line should not fail with SecurityException
newConn = dataSource.getConnection(<jmx_user>, <jmx_password>); //You need to pass credentials when you
closed the context, This will work in this example
If this solution does not apply to you, please visit Note 1450989.1 - JMX is Unable to update A User Stored On RDBMS Security Provider.
REFERENCES
Document Attributes
Author: JLOYOLA.CL; Status: PUBLISHED(EXTERNAL)
Owner: NIMYNENI.US Publisher: LGOLDSZT.US
Alias: Content Type: TEXT/X-HTML
Distribution: EXTERNAL Visibility: EXTERNAL
Created By: JLOYOLA.CL Created: Sep 4, 2012
Modified By: JHEKIMIA.US Modified: Sep 13, 2021
Reviewed By: ROAROKIA.IN Reviewed: Jan 20, 2022
Source: AWIZ 3-4868184641 Exception: No
Priority: 3
2 of 2 01/20/2022, 11:01 AM