Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

SQLAuthetication Issue on Weblogic 10.3  RSS feed

Prakash Pethe
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I have configured the data-source(MySql) and SQLAuthentication (TestSQL) provider using admin console. Below is config.xml file

<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:role-mapper xmlns:xac="" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>

Below is weblogic,xml

<?xml version="1.0"?>
<weblogic-web-app xmlns="" xmlns:xsi="">

Below is web,xml file

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi=""
xmlns="" xmlns:web=""
id="WebApp_ID" version="2.5">
<display-name>Security Constraint</display-name>
<web-resource-name>Protected Area</web-resource-name>


<description> SQLAuthenticator Servlet Test </description>
<display-name>SQLAuthenticator </display-name>
<servlet-name>SQLAuthenticator </servlet-name>
<servlet-class>test.SQLAuthenticator </servlet-class>
<servlet-name>SQLAuthenticator </servlet-name>
<url-pattern>/SQLAuthenticator </url-pattern>


I am able to see the Users and groups correctly under myrealm-->user and group tab.

when I tried to send request on servlet with URL http://localhost:7001/WebLogicSQL/SQLAuthenticator the BASIC login pop appears. After entering correct ID (TestUsr1) and Password in pop it gives error

Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

Below is log

#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =SUCCESS> <<<Event Type = Authentication Audit Event><TestUsr1><AUTHENTICATE>>> Audit Record End ####

#### Audit Record Begin <Jan 31, 2012 5:28:21 PM> <Severity =[b]FAILURE
> <<<Event Type = Authorization Audit Event V2 ><Subject: 2
Principal = class"TestUsr1")
Principal = class"dbuser")[/b][/b]
anandraj tadkal
Ranch Hand
Posts: 98
Oracle Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Prakash,

Error code 403 represents Forbidden error. That means the user is not having sufficient privileges to access the application.

Check the web.xml for the </security-role> specified
and make sure that you have the corresponding entry in the weblogic.xml

For a working sample of SQL Authenticator you can refer the below link.

  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!