WebLogic Server (WLS) 10.3.2 Custom Audit Provider Throws java.lang.ClassCastException: weblogic.security.service.internal.AuditAtnEventImpl (Doc ID 1320615.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle Weblogic Server - Version: 10.3.2 and later   [Release: and later ]
Information in this document applies to any platform.

Symptoms

With WebLogic Server (WLS) 10.3.2, and a custom security Audit Provider, implemented to write a record when a user logs in (success and failed), the error message below is seen after this user login sequence:

1. User attempts to login with correct name and incorrect password.
2. User again attempts to login with correct name and password.

<Mar 22, 2011 3:34:56 PM EDT> <Error> <Security> <BEA-090058> <A Security Provider Exception occurred in a non-default AuditProvider com.bea.common.security.internal.legacy.helper.AuditChannelConfigHelper_BDSRealm_BDCAuditor>

After enabling these debug flags in the start up script, the exception below is logged after restarting the server.

-Dweblogic.diagnostics.debug.DebugLogger.DISABLED=false
-Dweblogic.DebugSecurityAuditor=true
-Dweblogic.DebugSecurityAtn=true
-Dweblogic.DebugSecurityAtz=true
-Dweblogic.DebugSecurityAdjudicator=true
-Dweblogic.DebugSecurityRealm=true

Exception reported after user sequence to login after an unsuccessful attempt:

<Event Type = Authentication Audit Event>
java.lang.ClassCastException: weblogic.security.service.internal.AuditAtnEventImpl cannot be cast to com.bea.common.security.internal.service.AuditAtnEventImpl
at com.bea.common.security.internal.legacy.service.AuditChannelImpl$AuditAtnEventV1Impl.(AuditChannelImpl.java:145)
at com.bea.common.security.internal.legacy.service.AuditChannelImpl$V1Adapter.writeEvent(AuditChannelImpl.java:100)
at com.bea.common.security.internal.service.AuditServiceImpl.writeEvent(AuditServiceImpl.java:83)
at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy35.writeEvent(Unknown Source)
at weblogic.security.service.internal.UserLockoutServiceImpl$ServiceImpl.unlockLocal(UserLockoutServiceImpl.java:719)
at weblogic.security.service.internal.UserLockoutServiceImpl$ServiceImpl.logSuccess(UserLockoutServiceImpl.java:620)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.security.service.internal.Delegator$MyInvocationHandler.invoke(Delegator.java:49)
at $Proxy43.logSuccess(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:120)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy63.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:347)
at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:237)
at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:186)
at weblogic.servlet.security.internal.FormSecurityModule.processJSecurityCheck(FormSecurityModule.java:254)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:209)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:92)
at weblogic.servlet.security.internal.ChainedSecurityModule.checkAccess(ChainedSecurityModule.java:79)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2138)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms