Jaas Authorization in jboss without using policy file
HI,
i am working on j2ee application in which i am using jaas for authentication and authorization.
authentication is done but in authorization i dont want to use
policy file because roles can be added it is not predefined so jaas should refer database for roles names and permissin i.e action class(URL permission) that are accesible to the user.
how to implement this using jaas?
pl can u help me to solve this problem.
Has anyone ever implemented a simple web page authorization with Jaas?
Please do help me by posting a sample code
or suggest me a better security tool to use
Similar Messages
-
DIM: how to load metadata to Essbase without using rule files
Hi,
The Essbase adapter has been installed in the informatica PowerCenter (v8.1.1). We want to create a Essbase target definition to load metadata. In the Table Creation Wizard, we select Table Type: Dynamic dimension building (Type 3), but it needs to specify Rules file in the Column Creation Wizard.
Any method to load metadata into Essbase without using Rules file?
Thank you in advance.You could load the data into Essbase without Rule file by means of free form loading which the Datasource would be a file.
-
I have made an applet that I want to be able to access all other web recources and the local hard drive. I heard this can be done with a policy file. How do I make and use policy files? Can somebody point me to a tutorial or something?
expecting end-users to have to edit policy files (even with sun's
policytool) is not something i'd want to get intoAs a matter of fact in our company the .policy files are maintained by our admins.
the permission java.lang.RuntimePermission "usePolicy"; disables the popup that askes the user "do you trust" since anybody connected to the Internet can sign applets.
There is allso the problem that some proxys change the applet before it reaches the client and disables the applet completely since the key is not valid anymore (on our network).
So external providers that develop resourses used by us cannot sign the applet.
If you are expecting other company's to use your applet I don't think signing is a sollution, when you are developing for users at home this would be a better sollution. -
Jaas authorization in JBoss 4.2.3
Hi,
i need to use JAAS for authentication and authorization in JBoss. I've done the following.
conf/login-config.xml ==>
<application-policy name = "jaas3">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="dsJndiName">java:jdbc/usm</module-option>
<module-option name="principalsQuery">SELECT password FROM principals WHERE principalid=?</module-option>
<module-option name="rolesQuery">SELECT principalid, 'Roles' FROM roles WHERE principalid=?</module-option>
</login-module>
</authentication>
</application-policy>
database tabes ==>
principals --> principalid, password
roles --> principalid, role, rolegroup
realm in server.xml ==>
<Realm className="org.apache.catalina.realm.JAASRealm" appName="jaas3"
userClassNames="com.ttt.auth.Jaas3Users" roleClassNames="com.ttt.auth.Jaas3Role" useContextClassLoader="true"/>
auth.conf ==>
jaas3{
com.ttt.auth.Jaas3LoginModule required;
jboss-web.xml ==>
<security-domain flushOnSessionInvalidation="true">java:/jaas/jaas3</security-domain>
web.xml ==>
<login-config>
<auth-method>FORM</auth-method>
<realm>jaas3</realm>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-failure.jsp</form-error-page>
</form-login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin page</web-resource-name>
<url-pattern>/admin.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
</login-config>
login.jsp ==>
<form action="j_security_check" method="post">
<p>Username:<input type="text" name="j_username"/></p>
<p>password:<input type="text" name="j_password"/></p>
<input type="submit" name="btnSubmit" value="LOGIN"/>
</form>
I access the admin.jsp which is protected. I'm directed to the login page.
The use is successfuly authenticated. but authorization fails always. I always get a 'Access denied' pge displayed, even for the admin user, who is grented access to the admin page.
There are no logs in the server too.
It's been a week since when i'm breaking my head over this issue. Please help me find what went wrong or what i've missed.
Thanks,Has anyone ever implemented a simple web page authorization with Jaas?
Please do help me by posting a sample code
or suggest me a better security tool to use -
Without using ID file to idoc scenario
Hi People
I am trying one scenario(file to IDoc) that is without using configuration only using IR only is it possible to create? and how
Thanks & regards
shekarHi,
some scenarios could be done without IR:
/people/william.li/blog/2006/09/08/how-to-send-any-data-even-binary-through-xi-without-using-the-integration-repository
But I guess it's not possible to realize a scenario without ID.
For example where do you want to configure you File Adapter?
Regards
Patrick
Edited by: Patrick Koehnen on May 21, 2008 1:31 PM -
Single user authorization ... without using profile..
If we create a role ZFIAPP_TRANSACTIONS for the finance dept. and assign it to 8 user's. after that a user request for another t-code authorization w'll have to edit this role rather than creating a new one and assign the t-code into this role.. it w'll effect to all 8 user's which they already have the same role my question is there any way to have changes only to one user's not other's. also I don't want to create a role and assign to a single user ....
and is there any way to assign authorization without using profile.
please clarify on this...Hi Mirza,
If you will change the role then it will be applicable to all 8 users. to be effective for only one user you have the only option of creating a different role with the new t-code.
Regards
Ashok -
Help! web.xml security without using WAR files
I'm currently using the RDBMSRealm and URL ACL security for my app. I would like to use the web.xml descriptor for security so that I can specify login pages and such. We currently are not using WAR files. I've been having alot of trouble setting this up. Is there a way to use the RDBMS realm along with the web.xml security? It looks like it should work, but I can't seem to get it to function. How do I specify the regular document root as a webapp? I'm currently running WLS 5.1 with SP4. Thanks.
The RDBMSRealm is just the authentication mechanism underneath WLS versus the
web.xml of the WebApplication which describes all the access control for that WebApp.
the later being scoped only to that WebApp.
you don't need to deploy in a war file, you can expand the archive into an identical
directory structure and then just point us towards the top level of that structure.
see: http://www.weblogic.com/docs51/classdocs/webappguide.html
.paul
chris wrote:
I'm currently using the RDBMSRealm and URL ACL security for my app. I would like to use the web.xml descriptor for security so that I can specify login pages and such. We currently are not using WAR files. I've been having alot of trouble setting this up. Is there a way to use the RDBMS realm along with the web.xml security? It looks like it should work, but I can't seem to get it to function. How do I specify the regular document root as a webapp? I'm currently running WLS 5.1 with SP4. Thanks. -
How to create a inputstream without using the file operation
Hi friends
In my application, I have to create a Streamsource object using the below constructor:
public StreamSource(InputStream inputStream)
Construct a StreamSource from a byte stream. Normally, a stream should be used rather than a reader, so the XML parser can resolve character encoding specified by the XML declaration.
If this constructor is used to process a stylesheet, normally setSystemId should also be called, so that relative URI references can be resolved.
Parameters:
inputStream - A valid InputStream reference to an XML stream.*[http://java.sun.com/j2se/1.4.2/docs/api/javax/xml/transform/stream/StreamSource.html#StreamSource(java.io.InputStream) |http://java.sun.com/j2se/1.4.2/docs/api/javax/xml/transform/stream/StreamSource.html#StreamSource(java.io.InputStream) ]*
But for creating the inputstream, i am creating a tempory file, ie I am using fileinputstream.
import java.io.File;
import java.io.FileInputStream;
import java.io.StringReader;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
public class SourceConvertor
private static Source convertStaxToStream(Source request)
// here the argument to this method is StaxSource and the return type is StreamSource
TransformerFactory factory = TransformerFactory.newInstance();
Transformer transformer = null;
File fp = null;
FileInputStream fInp = null;
try
transformer = factory.newTransformer();
fp = new File("tempFile.txt");
transformer.transform(request, new StreamResult(fp));
fInp = new FileInputStream(fp);
} catch (Exception e)
e.printStackTrace();
return new StreamSource(fInp);
public static void main(String args[])
try
String message ="<author><name>Rai</name><book>GodOfSmallThings</book></author>";
Source original = new StreamSource(new StringReader(message));
Source converted = convertStaxToStream(original);
TransformerFactory factory = TransformerFactory.newInstance();
Transformer transformer = factory.newTransformer();
transformer.transform(converted, new StreamResult(System.out));
catch (Exception e)
// TODO Auto-generated catch block
e.printStackTrace();
This is not at all a good aproach because evey time it is creating a new file.
So can anyone suggest a better aproach or idea or a simple code snippet so that i can create the inputstream without creating a temporary file.
Thanks in advance:
*[http://www.javamilestone.blogspot.com/ |http://www.javamilestone.blogspot.com/ ] *Err, a StreamSource is a Source. Check the Javadoc. You can pass it directly to the transform.
-
Asigning a name to a host without using hosts file
Hi, we have developed a rich client application that connects to a websphere Appserver in order of using ejb. This app is intended to work in different places, connecting to a different Appserver in each place. When the service locator of our client app connects to the appserver to obtain the references to the ejbs, the server returns some kind of URL that contains the name of the machine defined
in the hosts file of the server. The problem is that if this name is not in the host file of the client machine the application crashes because it cannot communicate with the appserver. We have a large number of client machines and we would like to avoid having to modify the host file of every one of them.
Is there a way to tell the application to assign an IP to a hostname at runtime?I think that you can directly use IP addresses instead of the host names.
If your are in a lan you will be able to use the compulter name of the hosts too.
Also if you get proper DNS setup in your network you will be able to allocate domain names to your hosts and reffer them by their domain name. And the clients will be able to find the hosts through DNS lookup -
I followed the instructions at http://support.apple.com/kb/PH14745 to copy an event to one library to another. The added library was accessed through a network share. A new folder was created in the iMovie Library package, but the media files were all aliases to the media on the original computer. Is there any way to actually copy the files and not have iMovie just create aliases?
I think the trick is to 'Considate source media' on the new library. See:
http://help.apple.com/imovie/mac/10.0/#mov882dee351
Geoff. -
Export table data in a flat file without using FL
Hi,
I am looking for options where I can export table data into a flat file without using FL(File Layout) i.e., by using App Engine only.
Please share your experience if you did anything as this
ThanksA simple way to export any record (table/view) to an csv fiel, is to create a rowset and loop through all record fields, like below example code
Local Rowset &RS;
Local Record &Rec;
Local File &MYFILE;
Local string &FileName, &strRecName, &Line, &Seperator, &Value;
Local number &numRow, &numField;
&FileName = "c:\temp\test.csv";
&strRecName = "PSOPRDEFN";
&Seperator = ";";
&RS = CreateRowset(@("Record." | &strRecName));
&RS.Fill();
&MYFILE = GetFile(&FileName, "W", %FilePath_Absolute);
If &MYFILE.IsOpen Then
For &numRow = 1 To &RS.ActiveRowCount
&Rec = &RS(&numRow).GetRecord(@("RECORD." | &strRecName));
For &numField = 1 To &Rec.FieldCount
&Value = String(&Rec.GetField(&numField).Value);
If &numField = 1 Then
&Line = &Value;
Else
&Line = &Line | &Seperator | &Value;
End-If;
End-For;
&MYFILE.WriteLine(&Line);
End-For;
End-If;
&MYFILE.Close(); You can of course create an application class for generic calling this piece of code.
Hope it helps.
Note:
Do not come complaining to me on performance issues ;) -
Invoking Web Services Without Using the WSDL File - RPC
I would apprecite if someone can provide sample code
for RPC client for WeatherEJB sample code without using wsdl file.
Thanks ,
agHi,
Attached is a small program that calls a service CurrencyExchangeRate
registered at www.xmethods.com.
The program uses pure java to call the service.
Hope that helps
Thanks
Amit Chauhan
ag <[email protected]> wrote in message
news:3c59734d$[email protected]..
>
I would apprecite if someone can provide sample code
for RPC client for WeatherEJB sample code without using wsdl file.
Thanks ,
ag[webservice.java] -
Problem fetching policy-file-request
According to
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_print.html
quote:
* A SWF file may no longer make a socket connection to its
own domain without a socket policy file. Prior to version
9,0,115,0, a SWF file was permitted to make socket connections to
ports 1024 or greater in its own domain without a policy file.
* HTTP policy files may no longer be used to authorize
socket connections. Prior to version 9,0,115,0, an HTTP policy
file, served from the master location of /crossdomain.xml on port
80, could be used to authorize a socket connection to any port 1024
or greater on the same host.
So with the tighter security measures, a policy file has to
be fetched on port 843 or on the same port on which a connection is
desired. That leads to another problem. The policy file request
made by the player has a simple format: clear text
<policy-file-request/> is sent as raw data bytes on
the ports.
As most firewalls block such raw data traffic (of unknown
protocols) on all the ports, this means that the policy file fetch
will fail almost always if the user is behind any firewall.
This will render all SWFs, that do not use well known ports,
unusable. Does anyone know what is the solution to this
problem? Or am I missing something here?Common guys, someone has to know what to do here.
I have read all that I can read and tried all that I could
and the flash app is not accepting my policy file. -
Signing Applets..Policy File
Hi All,
I have developed a Applet to read from local hard disk file. I have signed it. Regarding policy file i hv sm confusion.wihtout policy file also it is working. Isn't must to use policy files. If it is must how and where i will install it on other remote machines.
Reg Certificates, whether we hv to manually give a link in our html. or anyother way is there to let IE automatically pop up that "Plugin Window" asking abt certficate(Grant,deny..\)
Lemme me know the details..I have followed the instuction and signed all other libraries and I have encountered a runtime error in IE.
The title of the message is Microsoft Visual C++ Runtime Library.
The content is
Runtime error!!
Program: C:\program files\internet exploer\iexplorer.exe
Abnormal program termination.
I have tested serval version of IE and Java plug-in. It include:
IE 6.0 sp1 with JRE 1.3.1_10
IE 6.0 sp1 with JRE 1.3.1_06
IE 5.5 sp2 with JRE 1.3.1_05
Could someone can help me? Thanks!! -
Clustered application without using EAR in WebLogic 6.0
Hi,
Is it possible to set-up a clustered application without using EAR files in WebLogic
6.0.
Please point me to instructions for the same.
Thanks
B.Srini
Yep. Possible.
refer bea docs
"Srinivasan Bhoopathy" <[email protected]> wrote in message
news:3c5e5815$[email protected]..
>
> Hi,
>
> Is it possible to set-up a clustered application without using EAR files
in WebLogic
> 6.0.
>
> Please point me to instructions for the same.
>
> Thanks
> B.Srini
Maybe you are looking for
-
After completely redoing my page and uploading, my blog doesn't show up any more. Instead it just says "Blog Summary Widget" where the blog would be. I did a search, and the only things that was suggested was upgrading to iWeb09 (the version I'm usin
-
In Flash Professional CS6 I made a motion tween. As I scroll along the timeline I right click to Free Transform the object so it hits specif locations as the timeline goes along. After a few points have been adjusted, the program crashes without warn
-
Sending PDF thru email with password protection in our SAP system
Need solution for sending PDF thru email with password protection in our SAP ecc 6
-
I downloaded 4.o8beta, won't work. Please help. Thanks, Don.
Dear Sirs, I like 4.0 very much. Downloaded 4.08beta, doesn't seem to be working. Thanks, Don.
-
ODI Variable using SYSDATE - Issues comparing against EBS last_update_date
Hello All, I followed the directions in the Oracle blog "Using Variables in ODI: The Timestamp Example". I created the variables and the package. My interface is trying to load incremental data from the source GL_JE_BATCHES table to my target table.