Faisal Archive

When we try to start the managed server from nodemanager, we get the following error.

<BEA-090064> <The DeployableAuthorizer “myrealm_weblogic.security.providers.xacml.authorization.XACMLAuthorizationProviderImpl” returned an error: weblogic.security.spi.ResourceCreationException: [Security:090310]Failed to create resource.>

This errror comes because the managed server ldap server (slave) is not in sync with the Admin Server ldap server ( master).

To overcome this issue we can use two very important configurations.

Refresh Replica at Startup and Master First.

Master First ensures managed server always connect to the ldap server of the admin server.

Refresh Replica at startup ensures that whenever managed server is restarted, it takes the latest ldap data from the admin server.

Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files.

<BEA-000000> <A request has been denied as a potential CSRF attack.>

This issues arises due to the fact that WLS is not able to set the jsession id in the request made to the other server.

To address this issue we need to add the following in weblogic.xml

<session-descriptor>
<cookie-http-only>false</cookie-http-only>
</session-descriptor>

If the issue still persists, we need to add the following in the web.xml

<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>