JAAS-authentication to external secure system within EJB?

Similar Messages

• Images in the folders of an external file system KM

  Hello,
  We are facing a problem in our KM, the thing is We have created a external file system in our KM, it is green and almost everythings is working fine... In the CM repository we have assigned the "properties" as a repository services, but in the setting of our folders we can not see the tab of rendering within the properties.
  This is our problem without this tab of rendering We can not assign a image for this folder .. And We need to assign imaged to the folders.
  Does anyone know whether we need to add new repository sevices to our file system ? or it is impossible to assign an image to a folder in a external file system within the knowledge management.
  Thanks in advance.
  OLAF

  We have found the reason why we did not have the rendering option for assign images to the folder in a external repository.
  Our guess was good, We should have added a new "repository services" called "layout service".
  Thanks for reading this.

• To contact 3rd party application from within EJB container

  What are the possible options to communicate with an external application from within EJB container? Options that I can think of are
  - RMI
  - JMS
  - Socket communication
  - HTTP
  - any other option???
  And if anyone can give the pros & cons of the different approaches, based on their experiences it will be great.

  Hi,
  There is one more.
  Web Services which is much powerful than any other.
  Ofcourse for this also u have to use socket communication and http protocol.
  SOAP(Simple Object Access Protocol).. I think u got it..
  I prefer SOAP as it has many adavantages over RMI and other.
  Thanks,
  All the best.
  What are the possible options to communicate with an
  external application from within EJB container?
  Options that I can think of are
  - RMI
  - JMS
  - Socket communication
  - HTTP
  - any other option???
  And if anyone can give the pros & cons of the
  different approaches, based on their experiences it
  will be great.

• How to call Operating System commands / external programs from within APEX

  Hi,
  Can someone please suggest how to call Operating Systems commands / external programs from within APEX?
  E.g. say I need to run a SQL script on a particular database. SQL script, database name, userid & password everything is available in a table in Oracle. I want to build a utility in APEX where by when I click a button APEX should run the following
  c:\oracle\bin\sqlplusw.exe userud/password@database @script_name.sql
  Any pointers will be greatly appreciated.
  Thanks & Regards,

  Hi Guys,
  I have reviewed the option of using scheduler and javascript and they do satisfy my requirements PARTIALLY. Any calls to operating system commands through these features will be made on the server where APEX is installed.
  However, here what I am looking at is to call operating systems programs on client machine. For example in my APEX application I have constructed the following strings of commands that needs to be run to execute a change request.
  sqlplusw.exe user/password@database @script1.sql
  sqlplusw.exe user/password@database @script2.sql
  sqlplusw.exe user/password@database @script3.sql
  sqlplusw.exe user/password@database @script4.sql
  What I want is to have a button/link on the APEX screen along with these lines so that when I click that link/button this entire line of command gets executed in the same way it would get executed if I copy and paste this command in the command window of windows.
  Believe me, if I am able to achieve what I intend to do, it is going to save a lot of our DBAs time and effort.
  Any help will be greatly appreciated.
  Thanks & Regards,

• Error in external tax system: Line: 1 - Security key may be invalid o

  Hi all,
  Whenever I am creatting order getting error message Error in external tax system: Line: 1 - Security key may be invalid o
  expired d

  No. This is only required if you want Billing to prorate tax changes. Check your jurisdiction code structure. usually this error is caused by inconsistent jurisdiction code.

• JAAS, authentication only, in WLS 6

  I've poured over the newsgroups and the sample client, and nothing matches what I'd
  like to accomplish. What I want to do seems simple enough, but I haven't been able
  to get it to work:
  1. Configure WLS 6 SP1 to use its realms/authentication processes
  2. From within an EJB's method, using JAAS, ask Weblogic if this is a valid user
  (i.e., does this user/psw combination exist in the weblogic-managed realm(s)?).
  That's all I want to do, nothing more, nothing less. I'm getting nowhere and I've
  been at this for 2 days now. My latest incarnation was to specify the ServerPolicy
  in my call to create a login context. This authenticates, all right, but it authenticates
  everyone! My previous incarnation was to grit my teeth and write a login module
  just like in the (client) sample, but then this didn't work either. It replaced
  weblogic's authentication with mine (which I DON'T want) and I couldn't get it to
  "call back" into WLS for it to authenticate for me.
  This doesn't seem too difficult a task to me, but yet, none of the samples are clear,
  none of the environment settings are clear, and none of the books I have (I've looked
  at 2 WLS-specific books and the Sun JAAS site) are clear.
  How might I go about accomplishing this task?
  The current (within EJB) code I'm attempting is:
  // Create a login context and an associated handler for the password...
  LoginContext // Need a (JAAS) login context...
  Ctx = new LoginContext(strJAAS,
  new JAASAuthenticateCallback(strUsername,
  strPassword));
  Ctx.login(); // Perform the login
  // If we get here, the user/password is authenticated.
  Ctx.logout(); // Since we're just authenticating, log out!
  This snippet of code ALWAYS authenticates successfully (no exceptions thrown) regardless
  of what value is used for strJAAS, user ID and password!

  You can copy the JAAS example, implementing your own version of all the
  classes they give, and it will (eventually) work.
  Alternatively, if this is on the server, you can just grab the realm and
  call the appropriate authentication method:
  CachingRealm realm = (CachingRealm)Security.getRealm();
  UserInfo info = new DefaultUserInfoImpl(name, password);
  User user = realm.authenticate(info);
  if (null != user) ...
  (I'm using a caching realm, obviously).
  Two days is pretty optimistic. It's taken me two weeks to get qn SQL-based
  realm and login working (about a week each for the realm and the login)
  (although I'm not programming full time as I have to manage a couple of
  other prgrammers too).
  Good luck,
  Andrew
  "Al Cilcius" <[email protected]> escribió en el mensaje
  news:[email protected]...
  >
  I've poured over the newsgroups and the sample client, and nothing matcheswhat I'd
  like to accomplish. What I want to do seems simple enough, but I haven'tbeen able
  to get it to work:
  1. Configure WLS 6 SP1 to use its realms/authentication processes
  2. From within an EJB's method, using JAAS, ask Weblogic if this is avalid user
  (i.e., does this user/psw combination exist in the weblogic-managedrealm(s)?).
  >
  That's all I want to do, nothing more, nothing less. I'm getting nowhereand I've
  been at this for 2 days now. My latest incarnation was to specify theServerPolicy
  in my call to create a login context. This authenticates, all right, butit authenticates
  everyone! My previous incarnation was to grit my teeth and write a loginmodule
  just like in the (client) sample, but then this didn't work either. Itreplaced
  weblogic's authentication with mine (which I DON'T want) and I couldn'tget it to
  "call back" into WLS for it to authenticate for me.
  This doesn't seem too difficult a task to me, but yet, none of the samplesare clear,
  none of the environment settings are clear, and none of the books I have(I've looked
  at 2 WLS-specific books and the Sun JAAS site) are clear.
  How might I go about accomplishing this task?
  The current (within EJB) code I'm attempting is:
  // Create a login context and an associated handler for the password...
  LoginContext // Need a (JAAS) login context...
  Ctx = new LoginContext(strJAAS,
  new JAASAuthenticateCallback(strUsername,
  strPassword));
  Ctx.login(); // Perform the login
  // If we get here, the user/password is authenticated.
  Ctx.logout(); // Since we're just authenticating, logout!
  >
  This snippet of code ALWAYS authenticates successfully (no exceptionsthrown) regardless
  of what value is used for strJAAS, user ID and password!

• JAAS authentication with WebLogic 6 - "Invalid Configuration Class Name"

  For starters, I took the sample file examples.security.jaas.SampleConfig, changed the name and
  package, compiled, and copied it to the right place in the classes directory of the webapp project.
  The class is specified as a parameter in startWebLogic.cmd:
  -Dweblogic.security.jaas.Configuration="com.ww.opd.auth.JAASConfiguration"
  When a servlet attempts to get LoginContext, I get this error:
  "Invalid Configuration Class Name: com.ww.opd.auth.JAASConfiguration"
  The class file is definitely in the right place. What's the deal?
  Thanks,
  Rob

  Seems to be a ClassLoader problem. The sample is a client app, so no problem. But if you create
  a Configuration class to run on the server (to set up a LoginModule for authenticating clients)...
  I think what's happening is that the System class loader, using the CLASSPATH in the environment
  of the WebLogic server when it starts, attempts to load the Configuration class and can't (because it
  is in the CLASSPATH of the web app, not of the System class loader). If you add the Configuration
  class to the CLASSPATH of the WebLogic server, then it gets loaded but the LoginModule can't be
  found. If you add the LoginModule to the WebLogic server CLASSPATH, then any classes that it calls
  must also be in the WebLogic server CLASSPATH.
  Could someone from BEA please comment: is that the intention, that any classes used for JAAS
  authentication be part of the server's CLASSPATH, not part of the web application?
  Thanks,
  Rob
  "Rob Weltman" <[email protected]> wrote:
  >
  For starters, I took the sample file examples.security.jaas.SampleConfig, changed the name and
  package, compiled, and copied it to the right place in the classes directory of the webapp project.
  The class is specified as a parameter in startWebLogic.cmd:
  -Dweblogic.security.jaas.Configuration="com.ww.opd.auth.JAASConfiguration"
  When a servlet attempts to get LoginContext, I get this error:
  "Invalid Configuration Class Name: com.ww.opd.auth.JAASConfiguration"
  The class file is definitely in the right place. What's the deal?
  Thanks,
  Rob

• Itunes won't play anymore through external sound system

  My mac functions as a Protools recording studio. The hardware (a Digi002 system) attaches to my G5 by firewire. Until recently, itunes worked just fine playing through this external system. I'd simply go to system preferences, change the sound inputs and outputs to Digi002.
  These days I can still get all of my pro music software to play through this external Digi002 system. But something has gone amiss with itunes. It doesn't matter if itunes is already open, or not yet open. If I go to sound preferences and switch it to DIGI002, itunes ONLY plays through my internal compouter speaker. And if i go back to the sound preferences, i find that the external audio choice had been unchecked, as if by some function within itunes itself.
  i have asked this same question on the Protools forum. Respondees give mixed answers, but basically say, yes it used to work, and no, it no longer works. Some say it WILL work, but you have to fire up your sound system BEFORE you turn on your computer. That is a totally disfunctional "solution" for my situation. Who wants to keep a sound system on all day long, when I may not use it for several hours at a time?
  So what's going on here? And what did I install that made itunes suddenly not function with my external system? I strongly suspect it may be some newer version of itunes itself. If so, is there some workaround utility that will let me re-connect itunes to the Digi system? any help is appreciated.

  Hate to do this, but we've gotta start with the simple **** first, and work our way up. The volume control in iTunes isn't turned down, is it?
  Aside from that, you should launch Quicktime Player, go to File - Open, and open one of your iTunes songs in that, and see if you can hear sound there.

• Clone a Mac Partition to an External Drive from within Windows 7 Bootcamp?

  Anyone know if it is possible to clone the mac os x partition to an external drive from within Windows 7 bootcamp? I (like a few others) had a problem with the latest 10.6.3 update and I cannot boot into the mac partition but I can access it via bootcamp so I was thinking about trying to clone it to an external drive and then boot from the new clone and see if that works.
  Appreciate your comments.

  setup a 30GB partition on an external drive, along with a partition of 150% the size of your Mac OS X volume -- or larger.
  Install OS X to 30GB.
  While booted from DVD, before you install, you'll need to go to Utility Menu => Disk Utility to do the partitoning. While there, in DU see if you can repair your system.
  And where is your TimeMachine or clone backup? The "Step #1: Backup before beginning your Boot Camp project."?
  No way to backup or clone from within Windows, though you may be able to write to NTFS backup volume, UNLESS you bought MacDrive8 which allows read AND write to HFS+ from within Windows.

• Help networking a Security System DVR for remote viewing

  Hey,
  I am trying to network my Security System DVR for remote viewing but cannot seem to get it working. I have read some post on this site as well as many others and followed instructions to the T but to no avail.
  Here's what I've got:
  Linksys WRT54G2 V1 connected to a modem.
  My DVR has 3 settings for networking:
  -PPPOE
  -Static
  -DHCP 
  On DHCP, The DVR automatically sets these settings:
  IP Address: 192.168.1.100
  Subnet:  255.255.255.0
  Gateway: 192.168.1.1
  and then the DNS is the same as the one on the "status" area of the router settings...
  Port: 10000-10020
  I set up port forwarding for 192.168.1.100 for port 10000-10020 selecting "both"
  If I pull up the "DHCP Clients Table" it shows the above IP Address but with no name....and the MAC address is something like ee:ee:ee:d4:03:5f.
  I have tried to change the DVR to Static and do everything manually but thats not working either.
  I created a Dynamic DNS with goddns.org but the DVR seems to have its own one built in that you cannot change. (at the bottom of the network settings it says something like "URL: 123484984.goddns.org----Status:  OK."  But when I try to type that in the address bar of IE it goes no where.)
  I hope someone can tell me why its not working.... It was working when we first got everything set up...then it stopped. then I messed with it and got it working but didn't know what I did.  Now its broken again and I don't know what to do.  
  -Ian
  PS.  When I am connected to the router via LAN cable and I type the internal IP Address assigned to the DVR by the DHCP (192.168.1.100:10000) it brings up the DVR menu perfectly.  But when I try to log into it from a different location...with the external IP address...thats when I have trouble.  I do not think my external IP has changed since I got this router set up.
   Any help would be awesome. 

  Hmmm... Did that and I can't seem to get it working still. Whats weird is that as long as I am connected to the router...I can access it through the internal IP address.... (if using DHCP its 192.168.1.100:10000 and if using static its 192.168.1.99:10000)
  Those both work when set up on DHCP for the first and Static for the second.  But as soon as I type the external IP address with the port it doesn't work.  Its like there is a firewall OR the port forwarding is not working.  But everything on the port forwarding page looks good... Its enabled, set on Both, correct port range... 10000-10020...
  Any Ideas?
  -Ian 

• Authentication via weblogic security realm

            My servlet needs to access a session bean. The action in the session bean requires
            that a user has been authorized, i.e. at some point the session been calls
            String name = d_ctx.getCallerPrincipal().getName()
            This name may not be null at this time.
            What I would like to have is that the user executing the URL gets authenticated
            by my server realm 'myrealm' and that the associated prinicpal gets passed to
            the session bean. Is this possible. If so, how can the user pass along the username
            and password as this query is executed programmatically?
            markus
            

  http://www.weblogic.com/docs51/classdocs/API_acl.html
  Michael Girdley
  BEA Systems Inc
  "gennot" <[email protected]> wrote in message
  news:[email protected]..
  Could you send me the complete URL of these example, please?
  Thanks
  Enrico
  Michael Girdley <[email protected]> wrote in message
  39b87078$[email protected]..
  The passing of the client's certificate should be automatic to WebLogic.We
  have an example of getting the client side certificate from inside of
  WebLogic in our documentation.
  This does not require for SSL to be used from the Web server to
  WebLogic.
  >>
  Thanks,
  Michael
  Michael Girdley
  BEA Systems Inc
  "Bob Simonoff" <[email protected]> wrote in message
  news:[email protected]..
  I have read through the docs and haven't found anything that would
  address
  the following confusion:
  Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
  the back end application server (obviously). I have the need to use 2way
  SSL authentication. As I understand it the following applies:
  Client (browser) has a certificate as does the web server. Theyauthenticate
  each other.
  Now, the web server and weblogic need to communicate. WebLogic, in our
  environment does authentication via the security realm.
  What do I have to do to get the the web server (Apache or IPlanet) to
  communicate the client's certificate to WebLogic so the WebLogic canperform
  the authentication?
  Does the communication between the web server and WebLogic also need
  to
  be
  SSL?
  Thanks
  Bob Simonoff

• Mexico Digital invoice - SSF without an External security product

  Hi All,
  We are in the process of implementing Digital Invoice for Mexico. I have few queries regarding this.
  1. Can the digital signature be achieved with out any external security product ?
  2. If it is possible, then will it comply with the legal requirements for Mexico.
  I came across a SAP document wherein it was mentioned that "If you are using the user signature as the signature method, you require an external security product that is connected to your SAP system through SSF." Does  it mean that SAP standard SAPSECULIB supports only system signature  and not user signature ?
  Any pointers regarding the digital Signature implementation steps will be appreciated.

  Hi Sri,
  Would you pls check the installation of the security toolkit on your application server?
  Which security product do you use?
  The standard security product is SAPSECULIB (library sapsecu.dll).
  Please check the SSF initialization messages which are contained in each dev_w## developer trace (transaction ST11). When successful, the initializaion messages look like this:
  N  =================================================
  N  === SSF INITIALIZATION:
  N  ===...SSF Security Toolkit name SAPSECULIB .
  N  ===...SSF trace level is 0 .
  N  ===...SSF library is /usr/sap/<SID>/SYS/exe/run/sapsecu.dll .
  N  ===...SSF hash algorithm is SHA1 .
  N  ===...SSF symmetric encryption algorithm is DES-CBC .
  N  ===...sucessfully completed.
  N  =================================================
  General information for SAPSECULIB can be found in SAP note 354819.
  Best regards,
  Christoph
  P.S.: Please reward points for useful information.

• ISE admin access, authentication against external radius

  Please don't ask me why,
  the customer insists and wants to be authenticated on ise (as admin) against an external (microsoft) radius server
  is it possible while retaining internal admin users database in a sequence Internal>external_radius or internal>AD ?
  thank you in advance for whatever may help

  According to Cisco:
  External Authentication AND external Authorisation for Admin acces son the ISE can only be done by using LDAP or AD.
  For Radius Servers there are a solution for external Authentication and internal Authorisation on the ise:
  External Authentication + Internal Authorization
  When configuring Cisco ISE to provide administrator authentication using an external RSA SecurID identity store, administrator credential authentication is performed by the RSA identity store. However, authorization (policy application) is still done according to the Cisco ISE internal database. In addition, there are two important factors to remember that are different from External Authentication + External Authorization:
  You do not need to specify any particular external administrator groups for the administrator.
  You must configure the same username in both the external identity store and the local Cisco ISE database.
  To create a new Cisco ISE administrator that authenticates via the external identity store, complete the following steps:
  Step 1 Choose Administration > System > Admin Access > Administrators > Local Administrators.
  The Administrators window appears, listing all existing locally defined administrators.
  Step 2 Follow the guidelines at Creating a New Cisco ISE Administrator to ensure that the administrator username on the external RSA identity store is also present in Cisco ISE. Be sure to click the External option under Password.
  Note Remember: you do not need to specify a password for this external administrator user ID, nor are you required to apply any specially configured external administrator group to the associated RBAC policy.
  Step 3 Click Save .

• Reg: IDoc is u0091pushedu0092 into SAP from the external EDI system

  Iam facing one issue in our system for message type DESADV (inbound). please read through .
  "When an IDoc is pushed in from the external EDI system & even though the inbound Partner Profile is set to immediate processing mode:
  The IDoc stays in status 64 - 'IDoc ready to be transferred to application'. This assumes that the IDoc has not been processed yet and still needs to be processed with program RBDAPP01 (or via the “process” button in BD87).
  We don't want to again run this program "RBDAPP01". What was the problem.
  I appreciate ur help.

  Hi Krishna,
  In some other scenarios if an IDocs remains in status 64, it means that the processing within the IDoc engines did not reach its end, where the new status could be set. There are two principal reasons:
  1. In the matching partner profile the processing is not set to "Trigger immediately"
  2. The application that processes the IDoc abnormally ends with a fatal error (crashes). If this happened you will see a trace in the system log (ST22). In this case have the satellite system write the file to disk but you trigger the EDI_DATA_INCOMING. Then start EDI_DATA_INCOMING from SE37 manually and debug yourself through the individual steps. A good start would be to set a break-point in the application handling function (in your case: IDOC_INPUT_DESADV ).
  If useful do reward.
  Regards,
  Adarsh Srivastava

• Is it possible to bypass JAAS authentication and use Authorisation alone?

  I have to implement jsp level security (by checking roles) for my JSF application.
  Authentications in my appln are done by a different servers. I don't want to disturb that.
  I have to implement authorisation alone using JAAS.
  Is it possible to bypass JAAS authentication and use Authorisation alone?
  I am using custom login module( implements DatabaseLoginModule) for authorisation.
  Moreover, after logging in, when a user tries to access a secured jsp page, he should NOT be redirected to login page again. Rather the role checks should be done using existing user credentials stored somewhere. How to invoke the custom DataBaseLoginModule without taking user to login screen?
  Any help would be great.
  Thanks,
  Adhil.J

  I have to implement jsp level security (by checking roles) for my JSF application.
  Authentications in my appln are done by a different servers. I don't want to disturb that.
  I have to implement authorisation alone using JAAS.
  Is it possible to bypass JAAS authentication and use Authorisation alone?
  I am using custom login module( implements DatabaseLoginModule) for authorisation.
  Moreover, after logging in, when a user tries to access a secured jsp page, he should NOT be redirected to login page again. Rather the role checks should be done using existing user credentials stored somewhere. How to invoke the custom DataBaseLoginModule without taking user to login screen?
  Any help would be great.
  Thanks,
  Adhil.J