Enabling JAAS Authorization in BC4J ,getUserPrincipalName()

Similar Messages

• 10.1.3r3 - Enabling JAAS authorization in ADF BC with embedded OC4J

  That's probably the most abstract subject line I've written in this forum yet.
  In JDev 10.1.3r3 I'm attempting to implement JAAS authorization on an entity object in the Entity Object Editor's Authorization page. Via the Tools -> Embedded OC4J Server Preferences -> Global Authentication options I created a new realm "test.com", user "testuser", and role "testrole" allocating "testuser" to this new role. I've not yet defined a Login Config.
  A search of the filesystem shows that these entries have been added to:
  <jdev_home>\jdev\system\oracle.j2ee.10.1.3.34.12\embedded-oc4j\config\jazn-data.xml
  Back in the EO Editor's Authorization page, selecting the New button with the EO name selected in the Define Updateable Permissions list, the Authorizations dialog displays showing the Realm "jazn.com", but not the new "test.com" role.
  A search of the filesystem shows that the jazn.com entries come from:
  <jdev_home>\jdev\system\oracle.j2ee.10.1.3.34.12\embedded-oc4j\config\system-jazn-data.xml
  What am I doing wrong? Why can't I see my new realm in the EO Authorization dialog? Have I got the wrong end of the JDeveloper stick again?
  I've been reading the white paper "J2EE Security in Oracle ADF Web Applications" for help, but as far as I can see it's more concerned with the configuration of security in the ViewController layer than the Model layer.
  JDev team, a couple of things I've noticed:
  1) The help page for the EO Editor's Authorization page has a number of links that aren't working at the bottom of the page and did in 10.1.2. Ditto the "Implementing Authorization in Oracle ADF Business Components" page.
  2) In 10.1.2 under the Tools -> Embedded OC4J Server Preferences -> Global Authentication options, the jazn.com realm is shown as an option, while in 10.1.3r3 it's not.
  Hope somebody can help.
  Cheers,
  CM.

  Chris,
  I filed seeral bugs on this behavior in JDeveloper 9.0.5. The information is needed in the Jdeveloper Home/j2ee/home/config/szstem-jazn-data.xml. I know this doesn't make it intuitive and I filed bugs as mentioned. For production this should be resolved to a more user friendly experience.
  You are correct that the existing security paper deals with view layer seurity and that it needs to be updated for model layer security. In Jdeveloper 10.1.3 we added security on the binding layer as well, which I think is a better place to put it than on individual business services, though there is nothing wrong with this. For production this will be documented in the online help.
  Frank

• HT1420 How do I enable or authorize my iPad and iPhone? Keeps telling me that my Apple ID has been disabled.

  How do I enable or authorize my iPad and iPhone? Keeps telling me that my Apple ID has been disabled.

  Depending upon why it's been disabled you might be able to re-enable it via this page : http://appleid.apple.com, then 'reset your password'
  You might then need to log out of your account on your phone by tapping on your id in Settings > iTunes & App Store and then log back in so as to 'refresh' the account on it.
  If that doesn't fix it then contact iTunes Support : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page

• How to implement JAAS authorization with the weblogic 8.1 server

  i wrote a code for both the authentication as well as authorization using jaas using the config file and the policy file.
  This code works fine stand alone for the authentication as well as authorization.
  But when i runs this code inside the server (Weblogic 8.1), authorization deos not works according to my policy file. i have given the policy file path in the startWeblogicServer.cmd script. even i have tried to work with my policies in the java.policy file by giving its path in the java.security file. but this is also useless.
  Now, i have doubt that either <b>jaas authorization doesn't work with the weblogic</b>(i am using 8.1) or there is some configuration setting is missing from my side.
  Is there anybody who can help me to come out of this problem. Or tell me authorization alternative in the weblogic. I will really appreciate if anyone can help with the some example code.

  read this
  http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.html
  http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html

• Jaas authorization

  Hello, friends.
  Help please.
  Is it possible to base jaas authorization and authentication on the database role.
  I use Frank Nimphius DBLoginModule for users authorization and authentication.
  This works fine.
  But all users names must be defined in the application web.xml file.
  But the number of my application users will be increased in the future and i don't know
  their logins. I know that all application users will have database role "app_users only.
  (And all suiccessful authenticated with DBLoginModule users must
  be authorized with my application).
  What can I do in this situation.
  Can I permit access to the application for all users authenticated with LoginModule or
  for all users have been granted with database role "app_users".
  Thank you.

  Thak you for reply, Peter.
  Sorry for my English.I'll try to explain better what i need.
  I use Frank Nimphius DBSystemLoginModule and
  I do not undarstand how to map one jaas role to all database users which have database role app_users for example.
  This works fine if i define individual jaas sequrity role in web.xml for each database user . But it is not the decision because i don't know all application users now.
  But i know that all application users will have database role app_users.
  Another way is to permit access to the application for all successful authenticated with Login Module users.
  Help please.

• ClassCircularityError in JAAS Authorization with Weblogic Server 10.3

  We are implementing JAAS authorization in which roles and policies are stored in a custom JAAS policy file and users are stored in the embedded LDAP server provided by Weblogic. We are facing problem is authorizing users using the custom policy created.
  We have implemented the JAAS authentication service with weblogic server 10g R3 and user's information stored in embedded LDAP server provided WLS. Given below are the details of implementation for JAAS Authorization:
  Following are the custom classes created:
  1. Custom Principal Class
  public class Principal implements java.security.Principal, java.io.Serializable {
  private String name;
  public Principal() {
  name = "";
  public Principal(String newName) {
  name = newName;
  public boolean equals(Object o) {
  if (o == null)
  return false;
  if (this == o)
  return true;
  if (o instanceof Principal) {
  if (((Principal) o).getName().equals(name))
  return true;
  else
  return false;
  else
  return false;
  public int hashCode() {
  return name.hashCode();
  public String toString() {
  return name;
  public String getName() {
  return name;
  2. Custom Permission Class
  public class ActionPermission extends Permission {
       public ActionPermission(String name) {
            super(name);
       @Override
       public boolean equals(Object obj) {
            if ((obj instanceof ActionPermission)
                      && ((ActionPermission) obj).getName().equals(this.getName())) {
                 return true;
            } else {
                 return false;
       @Override
       public String getActions() {
            return "";
       @Override
       public int hashCode() {
            return this.getName().hashCode();
       @Override
       public boolean implies(Permission permission) {
            if (!(permission instanceof ActionPermission)) {
                 return false;
            String thisName = this.getName();
            String permName = permission.getName();
            if (this.getName().equals("*")) {
                 return true;
            if (thisName.endsWith("*")
                      && permName.startsWith(thisName.substring(0, thisName
                                .lastIndexOf("*")))) {
                 return true;
            if (thisName.equals(permName)) {
                 return true;
            return false;
  Following are the configuration changes:
  1. Added custom policy to weblogic.policy.
  grant Principal com.scotia.security.authorization.Principal "test" <User defined in the embedded LDAP server of WLS>{
  permission com.scotia.security.authorization.permission.ActionPermission "viewScreen";
  2. Set the java security manager in startWeblogic.cmd file.
  %JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -Dweblogic.Name=%SERVER_NAME% -Djava.security.manager -Djava.security.policy=%WL_HOME%\server\lib\weblogic.policy %PROXY_SETTINGS% %SERVER_CLASS%
  3. Set Realm "Security Model" to "Custom Roles and Policies".
  Right now we are facing the given below exception:
  java.lang.ClassCircularityError: com/scotia/security/authorization/THORPrincipal
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Class.java:247)
       at sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1381)
       at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1268)
       at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1231)
       at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1167)
       at sun.security.provider.PolicyFile.implies(PolicyFile.java:1122)
       at weblogic.security.service.WLSPolicy.implies(Unknown Source)
       at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
       at java.security.AccessController.checkPermission(AccessController.java:546)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
       at java.io.File.exists(File.java:731)
       at weblogic.utils.classloaders.DirectoryClassFinder.getSource(DirectoryClassFinder.java:36)
  Please help if anyone has some clue regarding this exception. We tried checking the jdk version used by eclipse and weblogic and found it to be same.

  1. Custom Principal Class
  public class Principal implements java.security.Principal, java.io.Serializable {Rename it. You are asking for trouble naming a class after an interface it implements.
  java.lang.ClassCircularityError: com/scotia/security/authorization/THORPrincipalWhat's that class? You haven't shown us.

• JAAS AUthorization in JSF with facelets

  hello hi JSF and JAAS experts,
  I have web application implementing with jsf facelets and tomcat .Now i want to provide security in my application that is some web pages allow for admin and some web pages for user and..... that means based on role of user i want to give the access for web pages. so for that i am using JAAS for authentication and authorization . I am successfully implemented JAAS authentication for who is logged in. And i am getting subject and putting that subject in context session using following snippet.And also i am able to getting subject and its principals in that subject.
        context.getExternalContext().getSessionMap().put("JAASSubject",jaasHelper.getSubject());
         System.out.println("---------------- "+context.getExternalContext().getSessionMap().get("JAASSubject"));finally my doubt is how to navigate the pages(.xhtml) based on this principlas ,, with JAAS authorization. For that what is configuration snippet in web.xml and faces-config.xml.
  for this i gone through documents , but i didt get solution..
  can any body please hint me how to solve my requirement
  thanks in adv ans

  gbabu wrote:
  My doubt is based on that subject , how to write policy file and how to call doAsPrivileged() mehod on that Subject in order to navigate web pages.how to provide web pages permission for particular role in policy file..
  For example i have three pages login.xhtml,user.xhtml,admin.xhtml.
  1> if the logged in person is admin, then we want to display admin.xhtml
  2> if the loggend is person is user , then we want to display user.xhtml
  untill now i did and found who is logged in and what are his type( admin or user) .now i want configure the web.xml and faces-config.xml based on policy fileTo the best of my knowledge, there is nothing in the standard NavigationHandler which accounts for JAAS security. If you wanted, you could create a custom NavigationHandler to do this. If you think the idea is worthy enough, you could issue an enhancement request to the specification ([https://javaserverfaces-spec-public.dev.java.net/]).

• JAAS Authorization - aaaggh

  Hi
  I am struggling with authorization in WLS 8.1. My WL server is backed by an RDBMS
  Realm which is used for username/password authentication. I also have a remote
  JVM which uses JAAS to authenticate a user as required. This works fine. For
  the remote JVM I have created a custom permission and associated that with a principal
  via a policy file, shown below:-
  grant principal weblogic.security.principal.RealmAdapterUser "MyUser"
  permission com.package.security.jaas.MyPermission "logon", "true";
  grant
  permission java.io.FilePermission "<<ALL FILES>>", "read,write";
  permission java.net.SocketPermission "*", "accept,connect,listen,resolve";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.io.SerializablePermission "enableSubstitution";
  permission javax.security.auth.AuthPermission "*";
  I have a few questions:
  1) How do I associate the subject from the returned login context with my permission?
  2) I call Security.runAs(subject, myaction) to perform the authorized (or not)
  action. However, regardless of what user I use (authorized and unauthorized that
  belong to different groups) it always passes.
  I don't find the WL 81 docs on authorization particularly useful so does anyone
  know what am I doing wrong.
  TIA
  Matt

  "Matt" <[email protected]> wrote in message
  news:3f379042$[email protected]..
  >
  Hi
  I am struggling with authorization in WLS 8.1. My WL server is backed byan RDBMS
  Realm which is used for username/password authentication. I also have aremote
  JVM which uses JAAS to authenticate a user as required. This works fine.For
  the remote JVM I have created a custom permission and associated that witha principal
  via a policy file, shown below:-
  grant principal weblogic.security.principal.RealmAdapterUser "MyUser"
  permission com.package.security.jaas.MyPermission "logon", "true";
  grant
  permission java.io.FilePermission "<<ALL FILES>>", "read,write";
  permission java.net.SocketPermission "*","accept,connect,listen,resolve";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.io.SerializablePermission "enableSubstitution";
  permission javax.security.auth.AuthPermission "*";
  I have a few questions:
  1) How do I associate the subject from the returned login context with mypermission?
  2) I call Security.runAs(subject, myaction) to perform the authorized (ornot)
  action. However, regardless of what user I use (authorized andunauthorized that
  belong to different groups) it always passes.
  I don't find the WL 81 docs on authorization particularly useful so doesanyone
  know what am I doing wrong.
  WLS allows you to use JAAS authorization, but does not provide any support
  other
  than what is in the SDK. Therefore, the steps should be the same whether you
  are in
  a java program or whether running in WLS.
  http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/GeneralAcn
  AndAzn.html
  I think you need to use a doAs instead of a WLS runAs

• Enable mode authorization failed.

  Have a user that cannot get to en prompt. Here is my trace output:
  AAA/AUTHEN: update_user user='lduncan' ruser='(null)' port='telnet146' rem_addr=
  '10.128.20.110' authen_type=1 service=ENABLE priv=152007 Oct 16 10:57:07.360 EST
  -04:00
  AAA/AUTHEN/START (0): port='telnet146' list='(null)' action=LOGIN service=ENABLE
  TAC+: send AUTHEN/START packet ver=192 id=626074205
  TAC+: Opening TCP/IP connection to 10.129.12.196
  TAC+: ver=192 id=626074205 received AUTHEN status = GETPASS2007 Oct 16 10:57:08.
  440 EST -04:00
  AAA/AUTHEN (626074205): status = GETPASSPassword: 2007 Oct 16 10:57:11.200 EST -
  04:00 *62*2007 Oct 16 10:57:11.440 EST -04:00 *69*2007 Oct 16 10:57:11.800 EST -
  04:00 *67*2007 Oct 16 10:57:12.050 EST -04:00 *74*2007 Oct 16 10:57:12.300 EST -
  04:00 *6f*2007 Oct 16 10:57:12.530 EST -04:00 *65*
  2007 Oct 16 10:57:12.950 EST -04:00
  AAA/AUTHEN/CONT (626074205): continue_login2007 Oct 16 10:57:12.950 EST -04:00
  AAA/AUTHEN (626074205): status = GETPASS
  TAC+: send AUTHEN/CONT packet id=626074205
  TAC+: ver=192 id=626074205 received AUTHEN status = PASS2007 Oct 16 10:57:13.460
  EST -04:00
  AAA/AUTHEN (626074205): status = PASS2007 Oct 16 10:57:13.460 EST -04:00 return
  PASS
  2007 Oct 16 10:57:13.460 EST -04:00
  AAA/AUTHOR : ptr2=enable
  2007 Oct 16 10:57:13.470 EST -04:00
  AAA/AUTHOR : Add AV service=shell
  2007 Oct 16 10:57:13.470 EST -04:00
  AAA/AUTHOR : Add AV cmd=enable
  2007 Oct 16 10:57:13.470 EST -04:00
  AAA/AUTHOR/TACACS+ cmd author (413075467): Port='telnet146' list='(null)' servic
  e=CMD2007 Oct 16 10:57:13.480 EST -04:00
  AAA/AUTHOR/TACACS+ cmd author: (413075467) user='lduncan'2007 Oct 16 10:57:13.4
  80 EST -04:00
  AAA/AUTHOR/TACACS+ cmd author: (413075467) send AV service=shell2007 Oct 16 10:5
  7:13.480 EST -04:00
  AAA/AUTHOR/TACACS+ cmd author: (413075467) send AV cmd=enable
  AAA/AUTHOR/TACACS+ cmd author: (413075467) Method=TAC_PLUS2007 Oct 16 10:57:13.4
  90 EST -04:00
  AAA/AUTHOR/TAC+: (413075467): user=lduncan2007 Oct 16 10:57:13.490 EST -04:00
  AAA/AUTHOR/TAC+: (413075467): send AV service=shell2007 Oct 16 10:57:13.490 EST
  -04:00
  AAA/AUTHOR/TAC+: (413075467): send AV cmd=enable
  TAC+: Opening TCP/IP connection to 10.129.12.196
  TAC+: (413075467): received author response status = FAIL2007 Oct 16 10:57:14.50
  0 EST -04:00
  AAA/AUTHOR (413075467): Post authorization status = FAIL2007 Oct 16 10:57:14.500
  EST -04:00
  AAA/AUTHOR : do_author result=12007 Oct 16 10:57:14.500 EST -04:00 %AAA: author:
  tacacs_plus_author ret=1.
  Enable mode authorization faile
  I have checked his user info and group info in tacacs.

  It seems that you have command author configured that is why user in not able to issue it.
  What kind of user is it ? Admin or normal user.
  To make him login you need to make changes in the command author set.
  Make one command autho set in acs --->shared profile componenets.
  add-->give any name "Full access "---> Put radio button to permit and submit.
  Now go to that group-->Under Shell Command Authorization Set---> Choose--->Assign a Shell Command Authorization Set for any network device and select FULL ACCESS from list and submit apply.
  Now it should let you in.
  Caution : This is let that uses to issue all commands
  Also provide me more info if you want user to deny some commands. We need to set up command autho set accordingly.
  Regards,
  ~JG
  Please rate helpful posts

• JAAS + VPD with BC4J problem

  Following the instructions in http://otn.oracle.com/products/jdev/howtos/bc4j/bc4jvpdjaas.html, we set up an vpd+jazn-data.xml application according to which users see portions of the database.
  In development with only one JAAS user created, this appeared to work properly.
  In testing with several JAAS users created, we have discovered that the application username, as known to the Application Module, will drift in and out of sync with the setting in the database context. In other words
  ApplicationModuleImpl.getUserPrincipalName()
  remains correct, but
  "select context_pkg.get_ctx_appuser from dual" in BC4J/JSP
  varies.
  Or, an example, one login as user1 sees user2's data, but not the data he is supposed to see.
  Please help!!!!

  Hi,
  Is your client app a JSP? How do you start each session? Do you have settings on SessionCookie state? Could you create a small test case? A test case will greatly help me diagnose the problem. BTW, the application user context get set/reset only after new transaction since it is in afterConnect().
  Thanks,
  Yvonne

• Using JAAS in a BC4J Client

  Hello
  We are building a BC4J application.
  We would like to use JAAS on the client side (Swing Client), to do some authorization.
  I made a test, authentication a user trough JAAS on the client as follow:
  // Auhorization
  CallbackHandler handler = new InfoCallbackHandler();
  String s = "oracle.security.jazn.tools.Admintool";
  LoginContext loginContext = new LoginContext(s, handler);
  loginContext.login();
  Subject subject = loginContext.getSubject();
  // authenticated action
  Subject.doAs(subject, this);
  This works, as long as the client has access to the jazn.xml file.
  As far as I understand, this loads the RealmLoginModule.
  The RealmLoginModule uses either a jazn.xml file, or LDAP for authentication.
  Now I'm curios about where the RealmLoginModule gets its information from, when the client is running on an other machine than the OC4J Server.
  Where does the RealmLoginModule get the connection information for the OC4J or LDAP- server from?
  Do I have to deliver the security information (jazn.xml file) to the client (I dont want to expose all this information to the Hackers on the client side)?
  Is there a way to delegate the JAAS calls to the middle tier (a security provider , LoginModule, that does RMI-calls to an EJB-component)?
  Is there a way to do authorization with the BC4J interfaces on the client (something like boolean ApplikacitonModule.isUserInRole(Role) or javax.security.auth.Subject ApplikacitonModule.getSubject() or java.util.Set ApplikacitonModule.getPrincipalsForSubject())?
  I would like to get a javax.security.auth.Subject representing the user (and password)
  that is authenticated in the middle tier. This is the Subject (defined by username & password)),
  used for the JNDI lookup, and by the whole J2EE (EJB) security, when creating a root ApplicationModule.
  Is this possible?
  Regards
  Matthais Gerber

  Hi,
  In JDeveloper 9.0.3, BC4J has JAAS support in the middle-tier. You could set jbo.security.enforce to "Test" or "Must" on the application module using "Configuration...", "Edit" in JDev. If you are using the default Oracle 9iAS JAAS you will also need to include BC4J Security library in the project. The jdk\jre\lib\securtiy\java.security should have login.configuration.provider=oracle.security.jazn.spi.LoginConfigProvider.
  You do not need to create LoginContext, CallbackHandler, etc. in either your client app or business objects.
  If you are not using OC4J, you need to have another loginmodule that implement javax.security.auth.spi.LoginModule. You need to set the jbo.security.loginmodule with you loginmodule name, include the class or jar in your library, specify the jaas config file on the java runtime option.
  Please refer to 9.0.3 online help "Working with Security in BC4J" for more information.
  Thanks,
  Yvonn

• JAAS Authorization - Application Module

  I created a project based on the BC4J technology. The application module is configured for using the security : jbo.security.enforce=Must. This application module is also configured to deploy the user/password.
  When I used this application through a web application, I don't meet any problem.
  If I create a POJO class in the same project as BC4J in which I instantiate an instance in the application module pool, I receive the following message :
  oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.JboException, msg=JBO-33021: Failed authenticate user null.
  The java class in charge of instantiating the application module pool and get an instance of it works without any problem as soon as the security is not implemented.
  Hereafter you can find the method used :
  public ApplicationModule getApplicationModule()
  try{
  PoolMgr poolMgr = PoolMgr.getInstance();
  this.lg_ApplPool = poolMgr.findPool( this.lg_configPackage + "." + this.lg_configName, // name of the pool
  this.lg_configPackage, // name of the package
  this.lg_configName, // name of the configuration
  null);
  // SessionCookie Creation
  String timeStamp = (new java.util.Date()).toString();
  // for web application, replace timeStamp by ip address of the client
  this.lg_Cookie = lg_ApplPool.createSessionCookie(this.lg_applicationId,timeStamp,null);
  CordaEnvInfoProvider lEnvInfoProvider = new CordaEnvInfoProvider ("xxx","xxx");
  // this.lg_Cookie = lg_ApplPool.createSessionCookie(this.lg_applicationId,timeStamp,null);
  this.lg_Cookie.setEnvInfoProvider(lEnvInfoProvider);
  ApplicationModule lAM = this.lg_Cookie.useApplicationModule();
  return lAM;
  catch(Exception e)
  System.out.println("_CrdAppModulePoolMgr - exception : " + e.getMessage());
  e.printStackTrace();
  return null;
  After Having search quite a long time to find a solution, I have no more idea. The only thing I see now is to forget about Jaas if the application module has not to be used by a Java client not being a JClient (Swing) or a Web application.
  Could you let me know if
  1. jaas works with java client not being Swing or web application
  2. if so, could you give me more information about how to work with BC4J application module and security enforce to Must ?
  N.B.
  POJO Client :
  public class TestAppModulePoolMgr
  private ApplicationModule lg_Am = null;
  private CrdAppModulePoolMgr  lgCrdAppModulePoolMgr = null;
  private ApplicationPool lg_ApplPool = null;
  private SessionCookie lg_Cookie = null;
  public TestAppModulePoolMgr()
  this.lg_CrdAppModulePoolMgr = _CrdAppModulePoolMgr.getCrdAppModulePoolMgr();
  this.lg_CrdAppModulePoolMgr.setApplicationId("CrdGenerationAppModuleId");
  this.lg_CrdAppModulePoolMgr.setConfigName("_CrdGenerationAppModuleLocal");
  this.lg_CrdAppModulePoolMgr.setConfigPackage("CORDA_BSV");
  this.lg_Am = lg_CrdAppModulePoolMgr.getApplicationModule();
  this.lg_ApplPool = lg_CrdAppModulePoolMgr.getApplicationPool();
  this.lg_Cookie = lg_CrdAppModulePoolMgr.getApplicationSessionCookie();
  * @param args
  public static void main(String[] args)
  TestAppModulePoolMgr testAppModulePoolMgr = new TestAppModulePoolMgr();
  }

  Thank you.
  I use SSO authentication to test my application so have no users defined.
  Can I use the test-all user? If so, what is the password?

• Enabling aaa authorization on pix/asa

  I managed to get authentication on easy enough but now am having difficulty getting authorization to work properly. I have auth/author turned on for my IOS stuff so any techs logged in will have rights based on what I give them on secure ACS. However I can't get the same to work on PIX code. I can log in fine with aa authentication but it still prompts me for the enable password. End result is I want to be able to login just once (and enabled). Any white papers that can point me the right way?

  Thank you, Prem. here is my concern. When I enable AAA access on the firewalls, from what you said there is no way for me to govern what rights a tech has when accessing the device? I want to establish the same restrictions as the IOS gear I have where normal techs will only have certain commands and others have full command. The way it is now, anyone with an account on Secure ACS can access it via ASDM.
  EDIT:
  Also I'm a little confused about the various fields on the AAA Access (from Device Access) tab. In Authentication, there is an option to toggle to require auth to be able to use enable mode. I am not sure how this auth against our ACS server (i checked the various settings in ACS and enabled what I think are all PIX commands to permit enable) and it doesn't work. I entere the enable password when I telnet in and I get auth failed when running any commands.
  Also there is an Authorization tab which I am assuming allows to you to push down rights from an aaa server? Where on the ACS can I configure that?

• Jaas authorization in JBoss 4.2.3

  Hi,
  i need to use JAAS for authentication and authorization in JBoss. I've done the following.
  conf/login-config.xml ==>
  <application-policy name = "jaas3">
  <authentication>
  <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
  <module-option name="dsJndiName">java:jdbc/usm</module-option>
  <module-option name="principalsQuery">SELECT password FROM principals WHERE principalid=?</module-option>
  <module-option name="rolesQuery">SELECT principalid, 'Roles' FROM roles WHERE principalid=?</module-option>
  </login-module>
  </authentication>
  </application-policy>
  database tabes ==>
  principals --> principalid, password
  roles --> principalid, role, rolegroup
  realm in server.xml ==>
  <Realm className="org.apache.catalina.realm.JAASRealm" appName="jaas3"
  userClassNames="com.ttt.auth.Jaas3Users" roleClassNames="com.ttt.auth.Jaas3Role" useContextClassLoader="true"/>
  auth.conf ==>
  jaas3{
       com.ttt.auth.Jaas3LoginModule required;
  jboss-web.xml ==>
  <security-domain flushOnSessionInvalidation="true">java:/jaas/jaas3</security-domain>
  web.xml ==>
       <login-config>
            <auth-method>FORM</auth-method>
  <realm>jaas3</realm>
            <form-login-config>
                 <form-login-page>/login.jsp</form-login-page>
                 <form-error-page>/login-failure.jsp</form-error-page>
            </form-login-config>
       <security-role>
            <role-name>admin</role-name>
       </security-role>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Admin page</web-resource-name>
                 <url-pattern>/admin.jsp</url-pattern>
                 <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>HEAD</http-method>
            </web-resource-collection>
            <auth-constraint>
            <role-name>admin</role-name>
            </auth-constraint>
       </security-constraint>     
       </login-config>     
  login.jsp ==>
       <form action="j_security_check" method="post">
            <p>Username:<input type="text" name="j_username"/></p>
  <p>password:<input type="text" name="j_password"/></p>
  <input type="submit" name="btnSubmit" value="LOGIN"/>
       </form>
  I access the admin.jsp which is protected. I'm directed to the login page.
  The use is successfuly authenticated. but authorization fails always. I always get a 'Access denied' pge displayed, even for the admin user, who is grented access to the admin page.
  There are no logs in the server too.
  It's been a week since when i'm breaking my head over this issue. Please help me find what went wrong or what i've missed.
  Thanks,

  Has anyone ever implemented a simple web page authorization with Jaas?
  Please do help me by posting a sample code
  or suggest me a better security tool to use

• Jaas Authorization in jboss without using policy file

  HI,
  i am working on j2ee application in which i am using jaas for authentication and authorization.
  authentication is done but in authorization i dont want to use
  policy file because roles can be added it is not predefined so jaas should refer database for roles names and permissin i.e action class(URL permission) that are accesible to the user.
  how to implement this using jaas?
  pl can u help me to solve this problem.

  Has anyone ever implemented a simple web page authorization with Jaas?
  Please do help me by posting a sample code
  or suggest me a better security tool to use