Check Authorization servlet problem
Hi,
This is what I'm getting in my IAS application log after trying to reach a
servlet.
I already checked the security parameters in the deploytooll to make sure
that I'm not using any restrictions.
Can someone help me solving this problem ?
Thank you
Ido
07/Aug/2001 15:24:49:9] error: APPLOGIC-caught_exception: Caught Exception:
[07/Aug/2001 15:24:55:8] error: Exception: SERVLET-execution_failed: Error
in executing servlet CellmazeEntranceServlet: java.lang.NullPointerException
Exception Stack Trace:
java.lang.NullPointerException
at
com.netscape.server.servlet.servletrunner.ServletInfo.checkAuthorization(Unk
nown Source)
at com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown
Source)
at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Compiled Code)
at java.lang.Thread.run(Compiled Code)
Hi,
please have a look at the configuration of J2EE authentication and authorization on OC4J, following the OC4J security documentation available in the OracleAs documentation. You don't provide much details on what you did to make it work so its hard to give you any helping hand
Frank
Similar Messages
-
Hi all,
Please check out this thread and send me all possible solutions asap
http://forum.java.sun.com/thread.jsp?forum=33&thread=253438
This is very urgent
ThanksThanks for u r reply
i have that driver class file i my mm.mysql ok
u mean to say that i have to copy this class file to
classes directory of
javawebserer or any thing else more ...
Please clarify me asap...b'cause we have to start the
project asapNo. I'm saying that:
1). mm.mysql.jdbc-1.2c must be a valid jar file. Presumably its full name is mm.mysql.jdbc-1.2c.jar. Can you unjar it successfully? When you do, is org.gjt.mm.mysql.Driver.class present? I'm not suggesting that you copy Driver.class anywhere, just that you validate the jar file.
2) mm.mysql.jdbc-1.2c.jar should be in your .../WEB-INF/lib directory.
3) This is an old version of the driver. If this is a new project as you imply, why not use the latest version (same point applies to the JDK). -
ERROR! CHECK AUTHORIZATION!
I keep getting a message that says Error! Check Authorization! when I try to transfer from My Digital Editions to my Nook Tablet. Any help would be appreciated.
This doesn't work for me (Win7, Digital Edition v. 4.0.3). I am trying to open epub files with the .acsm extention on a Nook Reader.. Under Help it says the computer is Authorized; when I erase the Authorization it says it's been erased and I close for program (in order to re-authorize). When I reopen the Digital Editions and try to Re-authorize, everything seems to work until I try to open a book and then I get the Error: Check Authorization message.
-
Possibility that a check/ authorization on Pricing Date - Sales Order
Is there any possibility that a check/ authorization on Pricing Date can be implemented at Sales Order Level.
Regards,Hi
You cant use authorizations in relation to the pricing date.
I dont know which kind of check you want to make but of course user-exits like mv45afzz is always an option.
Kind regards
Søren Nielsen -
How to Check authorizations (user profiles) using eCATT?
Hi All,
Please tell me how to Check authorizations (user profiles) using eCATT?
Thanks in advance.
Regards
KalyaniHello ,
Create a script for SU02 transaction in the SAPGUI mode, in the script move to the profiles tab and GETGUI the first profile and loop to all the profiles assigned to the user until you find your required profile.
Other way is to identify the table where the profiles are stored and then create script using GETTAB , pass the user name and retreive all the profiles assigned to tht particular user, loop through profiles untill you find your required profile.
Thanks & Best regards,
Ajay -
I have authorized the Adobe Digital Editions with both my PC and my eReader. I try to download a library book and I get the "Error! Check Authorization" message. My Digital Editions will then crash.
Hello,
Please download the latest ADE 4.0.3.114137
http://www.adobe.com/solutions/ebook/digital-editions/download.html
Some of the crashes have been fixed in this release.
Thanks for being the part of product improvement. -
RFC method to check authorizations?
Hi gurus,
anybody has experience of checking authorizations via RFC method? Is there any RFC enabled function module in standard system can do that?
Thanks & regards,
AlexHi,
Try this FM AUTHORITY_CHECK.
You can call in Remote and you can pass User ID.
You must pass also Authority check you would like test.
Example
CALL FUNCTION 'AUTHORITY_CHECK'
EXPORTING
* NEW_BUFFERING = 3
USER = 'SAP*' "SY-UNAME
OBJECT = S_TCODE " Objet name This check transaction code
FIELD1 = 'TCODE' " Field name of Object
VALUE1 = 'VA02' " Transaction to modify sales Order
* FIELD2 = ' '
* VALUE2 = ' '
* FIELD3 = ' '
* VALUE3 = ' '
* FIELD4 = ' '
* VALUE4 = ' '
* FIELD5 = ' '
* VALUE5 = ' '
* FIELD6 = ' '
* VALUE6 = ' '
* FIELD7 = ' '
* VALUE7 = ' '
* FIELD8 = ' '
* VALUE8 = ' '
* FIELD9 = ' '
* VALUE9 = ' '
* FIELD10 = ' '
* VALUE10 = ' '
EXCEPTIONS
USER_DONT_EXIST = 1
USER_IS_AUTHORIZED = 2
USER_NOT_AUTHORIZED = 3
USER_IS_LOCKED = 4
OTHERS = 5
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Rgds -
Before my warranty expires next month, I'd like to send in my laptop to check for any problems that I haven't detected so far. I've had it for almost three years and I'm worried that there are problems I haven't yet discovered?
Is bringing in my laptop for repair on account of wanting to ensure that there's nothing wrong with it allowed?
Also, is changing my laptop's battery for a new one covered under the warranty?AppleCare is for repairs, not for detecting any problems that havnen't surfaced as yet.
The might replace the battery if there's a problem.
Best thing to do would be to contact AppleCare > Apple - Support - AppleCare - FAQ -
Servlets - problem with session
Hi there ppl,
I have a login servlet which is called form a link in a static html page. The doGet() method is as below:
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, java.io.IOException
HttpSession session = public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, java.io.IOException
HttpSession session = request.getSession(false);
RequestDispatcher rd = request.getRequestDispatcher("/login.jsp");
response.setContentType("text/html");
//PrintWriter out = response.getWriter();
if(session != null){
//display members page(with users name as a welcome)
System.out.println("in login servletb");
else{
System.out.println("in login servlet");
request.setAttribute("membersName", "adom");
rd.forward(request, response);
//out.close();
RequestDispatcher rd = request.getRequestDispatcher("/login.jsp");
if(session != null){
//display members page(with users name as a welcome)
System.out.println("session exists");
else{
System.out.println("session not exisit");
request.setAttribute("membersName", "adom");
rd.forward(request, response);
Problem is when i click on the link in the html page it goes into tthe else statement and displays the login.jsp page fine. But when i click bak on the browser and then click the link agian it goes into the if statemtn..as if a session exists. But why does a session exisit???...if i use request.getSession(false) this shouldnt create a session if one doent already exists so where is this mysterious session being created??
any ideas would be greatly appreaciated
Mycallyer i do need the session because in my doPost() method of the servlet i create a session once the user logs on with there login/pass. The doGet() method is only to direct the person to the login page. But i want to check for the session in the doGet() incase they have already login in...if so direct them to the main page rather than to the login page agian.
I stuffed up the code in my previous post...everything compiles and works fine apart from the fact that a session is created when it shouldnt be. I did a test println with session.getCreationTime() and it was created the same time the servlet was initial called. However im not sure if it was created by my servlet or if the broswer somehow had something to do with it....hmm is a worry.
Heres the code again...hopefully a bit neater for u :D
public void doGet(HttpServletRequest request, HttpServletResponse reponse)throws ServletException, java.io.IOException{
HttpSession session = request.getSession(false);
RequestDispatcher rd = request.getRequestDispatcher("/login.jsp");
if(session != null){
//display members page(with users name as a welcome)
System.out.println("session exists");
else{
System.out.println("no session");
request.setAttribute("membersName", "adom");
rd.forward(request, response);
thanks agian :) -
Help! MM17 Authorization(M_MATE_STA) problem.
Hi, experts!
I have a problem of Mass change (T-code:MM17) authorization.
I want to control our user that only can change data through MM17 and not allow to create new data to prevent accident.
So, I set an authorization obj. M_MATE_STA(Material Master: Maintenance Statuses) as ACTVT:02 (Change)
with STATM:all view(*) into user role,but it doesn`t work during Mass change test. : -(
When I checked SU53, It shows that user doesn`t have authorization of
M_MATE_STA, ACTVT:01 (Create) STATM : G (costing view). However, I tested changing Pur.grp through MM17 and it was not creation and Pur.grp field is located at purchaing view.
What`s wrong with M_MATE_STA authorization setting at MM17 ?
I cannot understand why M_MATE_STA ACTVT:01 (Create) is neccesaary when I want to CHANGE(Not create) data at MM17.
Our system is ECC 6.0 ehp4 Support package : 05 and there is no decent SAP Note to apply. Plz, help~!Hi, jurgen.
I choosen MARC Table EKGRP(Pur.grp) Field and material master purchasing view was extended already.
I add MM02 to MM17 belogned role through PFCG and set further auth. obj from MM02 but still cannot change Pur.org
at MM17.
The weired thing is when I set M_MATE_STA ACTIV:01 (Create), then I can change pur.org
Is that SAP bug? Our system is ECC 6.0 Ehp4 SP level : 05 and could not find appropriate note yet. -
Check authorization after selection in navigation bar
Hi,
there is a standard entry in the navigation bar "Create service ticket" that calls the view set SrvTViewSet for creation of service tickets. The viewset contains of four standard view areas, SrvtHead, SrvtBus, SrvtPartner, SrvtSLA. We have not modified the views themselves, only the IMPL- class for the SrvtHead since we have modfied methods in the class. The problem occurs when the user do not have the right authorization to create service tickets at all (after she has selected Create service ticket in the navigation bar), then an error message is created saying "Wrong authorization" but the four screens also dumps with message cx_sf_ref_is initial or an exemption has occurred in cx_bsp_element_exception.
First I tried to take care of the authorization check myself in each view of the four but then I thougt that this would not be the correct solution. Instead the user would get an error message when she selects "Create service ticket" in the navigation bar and an error message would appear before showing the Create service ticket view at all. Is this possible? There is two authorization objects created but the standard does not seem to work regarding the authorization check.
Is there anyone having any ideas?
Thank you and goodbye,
LenaI think what you can do is , replace the Controller for the Navbar view CL_CRM_IC_NAVBARVIEW with your own Custom Class ( do a controller replacement in the Framework Profile )
Then Redefine the Method PROCESS_NAVIGATION_REQUEST
Inside this method , you can check what is the current Nav Link Clicked , if it is 'Create Service Ticket' , perform the Authorization check or whatever you want and if it not successful , raise a Error Message using below Code and have a RETURN statement .
data : lv_msgsrv type ref to cl_bsp_wd_message_service.
lv_msgsrv = cl_bsp_wd_message_service=>get_instance( ).
lv_msgsrv->add_message( ..... ) . -
LDB PNP authorization check authorization object
Hi,
I have used LDB PNP for HR reports.
We are using the authority check also, but the problem is all the records/data for all the people is being read by the report where some of the people data should not have been read as they belong to some other personal area that the role of the executer (user).
Hence it appears that authorization check is not working properly.
Following is how I am using it, Please suggest corrections or alternate way to correct this issue.
rp-provide-from-last p0002 space gwa_outlist-begda
gwa_outlist-begda.
IF pnp-sw-found NE '1' OR
pnp-sw-auth-skipped-record EQ '1'.
EXIT.
ELSE.
ls_tab-vorna = p0002-vorna.
ls_tab-nachn = p0002-nachn.
ENDIF.
Please reply with the corrections ore alterations,
Thanks in advance.
Akash.Hi,
(1)
Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
(2)
In some case you do not work with LDB report, then you need to do the authority check by yourself. General function AUTHORITY_CHECK is what you need. AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
P_ORGIN HR: Master Data
PLOG Personnel Planning
P_PCLX HR: Clusters
P_TCODE HR: Transaction codes
Sample of checking personal area:
CALL FUNCTION 'AUTHORITY_CHECK'
EXPORTING
FIELD1 = ' PERSA'
OBJECT = 'P_ORGIN'
USER = 'SAPSUPPORT1'
VALUE1 = 'Z001'
EXCEPTIONS
USER_DONT_EXIST = 1
USER_IS_AUTHORIZED = 2
USER_NOT_AUTHORIZED = 3
USER_IS_LOCKED = 4
OTHERS = 5.
IF SY-SUBRC NE 2.
MESSAGE E001(01) RAISING AUTH_FAILED.
ENDIF.
Reward if helpful pls! -
Hi,
I am trying to write a servlet to do a simple query against a database, however I am getting an "ERROR 405 - Resource not allowed".
I am getting nothing appearing in my webservers or the jdbc log, so I don't have a stack trace to show you all.
Any help would be appreaciated!!
Code Below (certain data removed for security):
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.sql.ResultSet.*;
import java.util.*;
import java.util.Arrays;
public class Mitch extends HttpServlet
private Connection connection;
private Statement statement;
public static ArrayList Array = new ArrayList();
public void init( ServletConfig config ) throws ServletException
try
String username = "xxxxxxx";
String password = "xxxxxxx";
Class.forName("com.ibm.db2.jcc.DB2Driver");
String dbURL = "jdbc:db2://IP ADDRESS AND PORT/DIR";
Properties conProps = new Properties();
conProps.setProperty( "user", username );
conProps.setProperty( "password", password );
connection = DriverManager.getConnection( dbURL, conProps );
statement = connection.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE );
catch( Exception exception )
exception.printStackTrace();
throw new UnavailableException( exception.getMessage() );
}//end init
protected void doPost( HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException
response.setContentType( "text/html" );
PrintWriter out = response.getWriter();
out.println( "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n" );
out.println( "<HTML>\n<HEAD>" );
String sqlQuery;
try
sqlQuery = "SELECT h5_cpu_usr FROM ps_h5_cpu_fs_ap1 WHERE h5_dttm_stamp BETWEEN '2005-2-20 00:00:00.00000' AND '2005-2-20 23:00:00.000000'";
ResultSet resultSet = statement.executeQuery( sqlQuery );
out.println( "<TITLE> Servlet DB Test by Mitch </TITLE>" );
out.println( "</HEAD>" );
out.println( "<BODY>" );
out.println( "<P>This is a test to connect to a database, execute a simple SELECT and display the results below." );
out.println( "<br>\n<br>" );
Integer intObject;
while ( resultSet.next() )
intObject = new Integer( resultSet.getInt( 1 ) );
Array.add( intObject );
resultSet.close();
for( int i = 0; i < Array.size(); i++)
out.println(Array.get(i));
out.close();
}//end try
catch ( SQLException sqlEx )
sqlEx.printStackTrace();
out.println( "<TITLE>ERROR</TITLE>" );
out.println( "<HEAD>" );
out.println( "<BODY><P>An error occurred.<br>Contact Mitch!" );
out.println( "</P></BODY></HTML>" );
out.close();
}//doPost end
public void destroy()
try
statement.close();
connection.close();
catch( SQLException sqlEx )
sqlEx.printStackTrace();
}//end destroy
}//end Class
Thank you both for your replies
1. Yes I did.
2 See below
I found some sample code that I adapted to my code. I removed the init( ) method and used a doGet ( ) to call my doPost ( ) method.
The servlet now works!
Except for one thing...
It doesn't seem to be threading!
I did a simple test where two different users attempted to use the servlet at the same time, the results simply added to each other. The current query I am doing is one that returns approximately 100 rows and 1 column of 2-digit integers.
For example:
User 1 runs the servlet, output is:
12 45 56 66 65 23 06 03 34 56 78
User 2 runs the servlet after User 1, output is:
12 45 56 66 65 23 06 03 34 56 78 12 45 56 66 65 23 06 03 34 56 78
User 1 runs servlet again, after User 2, output is:
12 45 56 66 65 23 06 03 34 56 78 12 45 56 66 65 23 06 03 34 56 78 12 45 56 66 65 23 06 03 34 56 78
I hope this illustrates my problem clearly.
Also, I checked the database to see how many connections were open -- the servlet opens a NEW connection for EVERY query. These connections do not die until I kill my WebApp (WebLogic). It truely is a messy situation.
Any help would be appreaciated for this servlet newbie.
Thanks in advance.
New Code:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.sql.ResultSet.*;
import java.util.*;
import java.util.Arrays;
public class Mitch extends HttpServlet
public static ArrayList Array = new ArrayList();
Connection connection;
Statement statement;
String username = "xxxxxxx";
String password = "xxxxxxx";
protected synchronized void doGet( HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException
doPost ( request, response );
protected void doPost( HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException
//HttpSession session = request.getSession(true);
response.setContentType( "text/html" );
PrintWriter out = response.getWriter();
out.println( "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n" );
out.println( "<HTML>\n<HEAD>" );
String sqlQuery;
//if(session.isNew())
try
Class.forName("com.ibm.db2.jcc.DB2Driver");
String dbURL = "jdbc:db2://xx.xx.xx.xx:yyyyy/zzzzzzz";
connection = DriverManager.getConnection( dbURL, username, password );
statement = connection.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE );
sqlQuery = "SELECT h5_cpu_usr FROM ps_h5_cpu_fs_ap1 WHERE h5_dttm_stamp BETWEEN '2005-2-20 00:00:00.00000' AND '2005-2-20 23:00:00.000000'";
ResultSet resultSet = statement.executeQuery( sqlQuery );
out.println( "<TITLE> Servlet DB Test by Mitch </TITLE>" );
out.println( "</HEAD>" );
out.println( "<BODY>" );
out.println( "<P>This is a test to connect to a database, execute a simple SELECT and display the results below." );
out.println( "<br>\n<br>" );
Integer intObject;
while ( resultSet.next() )
intObject = new Integer( resultSet.getInt( 1 ) );
Array.add( intObject );
resultSet.close();
for( int i = 0; i < Array.size(); i++)
out.println(Array.get(i));
out.close();
}//end try
catch ( SQLException sqlEx )
sqlEx.printStackTrace();
out.println( "<TITLE>ERROR</TITLE>" );
out.println( "<HEAD>" );
out.println( "<BODY><P>An error occurred.<br>Contact Mitch!" );
out.println( "</P></BODY></HTML>" );
out.close();
catch( Exception exception )
exception.printStackTrace();
throw new UnavailableException( exception.getMessage() );
//else
// out.println( "<h1>This indicates an old session</h1>" );
}//doPost end
public void destroy()
try
statement.close();
connection.close();
catch( SQLException sqlEx )
sqlEx.printStackTrace();
}//end destroy
}//end Class
-
Hi,
I had added a Authorization Object on basis of Plant in my report and it is giving the problem that instead of displaying the Plant it is displaying as IEQPlant 1. i had taken plant as a selection screen instead of parameter.
Please tell provide me guidelines how to display the Plant name only instead of IEQPlant Name.
AUTHORITY-CHECK OBJECT 'ZPLANT1'
ID 'WERKS' FIELD P_WERKS.
IF SY-SUBRC <> 0.
MESSAGE E045(ZMSG) WITH P_WERKS.
ENDIF.Hi,
Please see the sample code below that I used to have the same functionality in one of my programs.
*---Authorization for Company code entered by the users.
*---This code will restrict users to see data for company
*---codes which they are not authorized to.
*---Select all the company codes based upon selection entered by the
*---user
DATA: li_bukrs TYPE TABLE OF bukrs,
lwa_bukrs TYPE bukrs,
lv_flag TYPE c.
SELECT bukrs
FROM t001
INTO TABLE li_bukrs
WHERE bukrs IN bukrs.
IF sy-subrc EQ 0.
*---Clear Screen variable for Company code
CLEAR bukrs.
REFRESH bukrs.
*---Filter and prepare Select options for Company code table to be
*---passed to query. Table will only have values of company codes he is
*---authorized to for display.
LOOP AT li_bukrs INTO lwa_bukrs.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD lwa_bukrs
ID 'ACTVT' FIELD '03'.
IF sy-subrc = 0.
bukrs-sign = 'I'.
bukrs-option = 'EQ'.
bukrs-low = lwa_bukrs.
bukrs-high = space.
APPEND bukrs.
ELSE.
lv_flag = 'X'.
ENDIF.
ENDLOOP.
*---Give warning message to the user in case he is not authorized to see
*---data for all the company codes that he has entered.
IF lv_flag = 'X'.
MESSAGE ID 'ZF_MSS_FNG' TYPE 'W' NUMBER '015'.
ENDIF.
ENDIF.
KR Jaideep, -
Authorization message problem with variant transaction
Hello everybody, I have created a transaction variant ZMM01 from transaction MM01. In the role I specified this new transación (ZMM01) in S-TCODE.
I can create the material but at the end, instead of the message "material zzz created" I received the message "you are not authorised to MM01".
Does anybody know how to solve this problem?
Thanks in advance.
MariaThanks for your quick answer but if I run SU53 the result is the following:
Object class AAAB Cross-application Authorization Objects
Authorization Obj. S_TCODE Transaction Code Check at Transactio Start
Authorization Field TCD Codi de transacció MM01.
If I include this I allow the user to access transction MM01, but I don´t want to.
Maybe you are looking for
-
Hello I purchased Photoshop CS2 in 2006. for Macintosh. Now I changed the Maverick version 10.9. But now I do not know where to download the same version, so I use bought in 2006 key. When pulled CS2 can not install it because my version is higher.
-
Nokia Lumia 1520 - Where can I see it?
Hi, I'm really interested on Nokia Lumia 1520 but provided it's a pretty big device, I would like to hold it in my hand and feel it before buying it, just in case it's too big for me. The problem is I live in London and I cannot find any shop that ha
-
Frm-40112 forms 10g go_item to non enabled item error
Hi Is anybody know the solution for this error, on 9i you can set FORMS90_REJECT_GO_DISABLED_ITEM variable environment to FALSE. But what is the solution on 10g, because the 9i is not worrking and I am getting the same error again. Thanks Munir
-
How to embed a smartform into a component?
Hi All, i would like to embed a smartform into the component to display the relevant information of complaint in WEB UI. In complaints when i clicked on complaint ID it is not not displaying any details? So i would like to add a smart form to the com
-
I want to copy dvds, mostly my own which includes dvd copies of VHS movies I wrote as well as home dvds. I tested DVD-Cloner based on reviews but it seems to only copy dvds it wants to and others it won't. There's no pattern and their support said "s