Anyone have BlazeDS working with WebLogic Security (j_security_check) ??

Posted by Brian on Stack Overflow See other posts from Stack Overflow or by Brian
Published on 2010-05-19T20:02:01Z Indexed on 2010/05/19 20:10 UTC
Read the original article Hit count: 666

I'm working on a Flex implementation (currently using SDK 3.5) on WebLogic 10.3 (11G.) We originally used Glassfish v2.1.1 with zero issues (there was an active directory group lookup bug but it did not hinder our progress.) Since transitioning to WebLogic we have an issue where the flexsession is invalidated after logging in using j_security_check:

[BlazeDS]Unexpected error encountered in Message Broker servlet
flex.messaging.LocalizedException: The FlexSession is invalid.
        at flex.messaging.FlexSession.checkValid(FlexSession.java:943)
        at flex.messaging.FlexSession.getUserPrincipal(FlexSession.java:254)
        at flex.messaging.HttpFlexSession.getUserPrincipal(HttpFlexSession.java:286)
        at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:296)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

I've tried almost every option in services-config.xml:

[security>

    [login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/>
    [!-- Uncomment the correct app server
    [login-command class="flex.messaging.security.TomcatLoginCommand" server="JBoss">
    [login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/>        
    [login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
    [login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/>
    -->
[/security>

I've even completely removed this section with no luck. The login functions correctly from a non-BlazeDS perspective. It authenticates the user correctly. Without authentication, BlazeDS works fine (no errors for any remote calls.) Together its a big ball of fail (invalid flexsession every time.)

Has anyone got this working? Any tips?

© Stack Overflow or respective owner

Related posts about blazeds

Related posts about weblogic