环境:
操作系统:win 7 x64
BIEE版本: 11.1.1.7
RCU数据库:Oracle 11.2.0.1
现象:
BIEE启动正常运行一段时间后,出现无法登录analytics应用的情况。
重启BIEE之后,analytics可用,但运行一段时间后再次出现无法登录的错误。
此现象周期性发生。
检查domain日志,发现如下错误信息:
[2014-03-10T13:17:52.485+08:00] [AdminServer] [WARNING] [] [oracle.j2ee.ws.common.jaxws.JAXWSMessages] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: BISystemUser] [ecid: f0d8ab47e4303c3b:2d335df4:144a9f9a847:-8000-0000000000000b19,0:1:8:1] [APP: bisecurity#11.1.1] [J2EE_APP.name: bisecurity_11.1.1] [J2EE_MODULE.name: bisecurity] [WEBSERVICE.name: SecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] Exception while executing the business logic: SecurityService::executeAccess is denied for the specified credentials/identity.
[2014-03-10T13:18:14.864+08:00] [AdminServer] [ERROR] [] [oracle.bi.security.service] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: BISystemUser] [ecid: f0d8ab47e4303c3b:2d335df4:144a9f9a847:-8000-0000000000000b19,0:1:18:1] [APP: bisecurity#11.1.1] [J2EE_APP.name: bisecurity_11.1.1] [J2EE_MODULE.name: bisecurity] [WEBSERVICE.name: SecurityWebService] [WEBSERVICE_PORT.name: SecurityWebServicePort] Identity store provider error[[
oracle.bi.security.service.IdentityStoreProviderException: oracle.security.idm.OperationFailureException: javax.naming.CommunicationException:2001:0:9d38:90d7:4d9:e8cb:21d1:eb2c:7001 [Root exception is java.net.ConnectException: Connection timed out: connect]
at oracle.bi.security.service.URIdentityStoreProvider.getUserProfileHolder(URIdentityStoreProvider.java:375)
at oracle.bi.security.service.GetAuthenticatedUserAction.execute(GetAuthenticatedUserAction.java:76)
at oracle.bi.security.service.GetAuthenticatedUserAction.execute(GetAuthenticatedUserAction.java:15)
at oracle.bi.security.service.AbstractSecurityServiceAction.run(AbstractSecurityServiceAction.java:69)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.bi.security.service.GetAuthenticatedUserAction.invoke(GetAuthenticatedUserAction.java:57)
at oracle.bi.security.service.SecurityServiceBean.getAuthenticatedUserWithLanguageAndProperties(SecurityServiceBean.java:140)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:370)
at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:202)
at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:477)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1187)
at oracle.j2ee.ws.server.WebServiceProcessor$1.run(WebServiceProcessor.java:1131)
at oracle.j2ee.ws.server.WebServiceProcessor$1.run(WebServiceProcessor.java:1129)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:74)
at oracle.security.jps.internal.jaas.AbstractSubjectSecurity$ActionExecutorWrapper.execute(AbstractSubjectSecurity.java:242)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:83)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:51)
at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:56)
at oracle.security.jps.internal.jaas.AbstractSubjectSecurity$ActionExecutorWrapper.execute(AbstractSubjectSecurity.java:242)
at oracle.j2ee.ws.server.provider.GenericProviderPlatform.runAs(GenericProviderPlatform.java:458)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1149)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:581)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:235)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:195)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:487)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: oracle.security.idm.OperationFailureException: javax.naming.CommunicationException: 2001:0:9d38:90d7:4d9:e8cb:21d1:eb2c:7001 [Root exception is java.net.ConnectException: Connection timed out: connect]
at oracle.security.idm.providers.stdldap.JNDIPool.acquireConnection(JNDIPool.java:85)
at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.acquireConnection(LDIdentityStoreFactory.java:758)
at oracle.security.idm.providers.stdldap.LDIdentityStore.acquireConnection(LDIdentityStore.java:746)
at oracle.security.idm.providers.stdldap.LDIdentityStore.search(LDIdentityStore.java:295)
at oracle.bi.security.service.URIdentityStoreProvider.getUserProfile(URIdentityStoreProvider.java:403)
at oracle.bi.security.service.URIdentityStoreProvider.getUserProfileHolder(URIdentityStoreProvider.java:366)
... 67 more
Caused by: javax.naming.CommunicationException: 2001:0:9d38:90d7:4d9:e8cb:21d1:eb2c:7001 [Root exception is java.net.ConnectException: Connection timed out: connect]
at com.sun.jndi.ldap.Connection.(Connection.java:209)
at com.sun.jndi.ldap.LdapClient.(LdapClient.java:116)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
at com.sun.jndi.ldap.pool.Connections.getOrCreateConnection(Connections.java:185)
at com.sun.jndi.ldap.pool.Connections.get(Connections.java:126)
at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:129)
at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:310)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1572)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
at oracle.security.idm.providers.stdldap.JNDIPool.acquireConnection(JNDIPool.java:77)
... 72 more
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.(Socket.java:375)
at java.net.Socket.(Socket.java:189)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:351)
at com.sun.jndi.ldap.Connection.(Connection.java:186)
... 90 more]]
检查日志发现,运行一段时间后,发生登录认证错误,错误为Root exception is java.net.ConnectException: Connection timed out: connect,因为无法链接到2001:0:9d38:90d7:4d9:e8cb:21d1:eb2c:7001(如日志中红色斜体加粗部分),无法连接LDAP来为内部用户bisystemuser获取认证,因此也就无法获得正在登录的用户(如weblogic)的认证凭证。
错误的根本原因在于2001:0:9d38:90d7:4d9:e8cb:21d1:eb2c无法连接,由字符串可知其为ipv6的地址。
通过ipconfig /all命令,发现
此地址被设为了首选地址,而ping此2001:0:9d38:90d7:4d9:e8cb:21d1:eb2c地址时,可发现2001:0:9d38:90d7:4d9:e8cb:21d1:eb2c无法连接,一直返回超时错误。
解决方法:
解决方法有两种:
1.简单的在Windows下禁用IPV6 的方法。 使weblogic启动时选择ipv4地址,可避免BIEE此故障再次出现。
禁用方法:
首先把网络链接属性里面的IPV6去掉,如下图
然后以管理员身份打开CMD 运行以下命令 手动关闭IPV6的隧道()
netsh interface teredo set state disable
netsh interface 6to4 set state disabled
netsh interface isatap set state disabled
这样就可以把IPV6禁用掉。
再运行一下 ipconfig /all
可以看到IPV6 的地址和IPV6--IPV4的隧道不再出现。
如果想还原再运行下面命令就可以了
netsh interface teredo set state default
netsh interface 6to4 set state default
netsh interface isatap set state default
2.手动修改weblogic的启动选项,添加-Djava.net.preferIPv4Stack=true属性。
需要修改的文件位于base_domain的bin目录下的startweblogic.cmd,在此文件中
找到call "%DOMAIN_HOME%\bin\setDomainEnv.cmd" %*
再下面添加一行
set JAVA_OPTIONS="%JAVA_OPTIONS% -Djava.net.preferIPv4Stack=true"
保存此文件,重启BIEE即可。
