Jaas Authorization in jboss without using policy file

HI,
i am working on j2ee application in which i am using jaas for authentication and authorization.
authentication is done but in authorization i dont want to use
policy file because roles can be added it is not predefined so jaas should refer database for roles names and permissin i.e action class(URL permission) that are accesible to the user.
how to implement this using jaas?
pl can u help me to solve this problem.

Has anyone ever implemented a simple web page authorization with Jaas?
Please do help me by posting a sample code
or suggest me a better security tool to use

Similar Messages

  • DIM: how to load metadata to Essbase without using rule files

    Hi,
    The Essbase adapter has been installed in the informatica PowerCenter (v8.1.1). We want to create a Essbase target definition to load metadata. In the Table Creation Wizard, we select Table Type: Dynamic dimension building (Type 3), but it needs to specify Rules file in the Column Creation Wizard.
    Any method to load metadata into Essbase without using Rules file?
    Thank you in advance.

    You could load the data into Essbase without Rule file by means of free form loading which the Datasource would be a file.

  • Using Policy Files

    I have made an applet that I want to be able to access all other web recources and the local hard drive. I heard this can be done with a policy file. How do I make and use policy files? Can somebody point me to a tutorial or something?

    expecting end-users to have to edit policy files (even with sun's
    policytool) is not something i'd want to get intoAs a matter of fact in our company the .policy files are maintained by our admins.
    the permission java.lang.RuntimePermission "usePolicy"; disables the popup that askes the user "do you trust" since anybody connected to the Internet can sign applets.
    There is allso the problem that some proxys change the applet before it reaches the client and disables the applet completely since the key is not valid anymore (on our network).
    So external providers that develop resourses used by us cannot sign the applet.
    If you are expecting other company's to use your applet I don't think signing is a sollution, when you are developing for users at home this would be a better sollution.

  • Jaas authorization in JBoss 4.2.3

    Hi,
    i need to use JAAS for authentication and authorization in JBoss. I've done the following.
    conf/login-config.xml ==>
    <application-policy name = "jaas3">
    <authentication>
    <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
    <module-option name="dsJndiName">java:jdbc/usm</module-option>
    <module-option name="principalsQuery">SELECT password FROM principals WHERE principalid=?</module-option>
    <module-option name="rolesQuery">SELECT principalid, 'Roles' FROM roles WHERE principalid=?</module-option>
    </login-module>
    </authentication>
    </application-policy>
    database tabes ==>
    principals --> principalid, password
    roles --> principalid, role, rolegroup
    realm in server.xml ==>
    <Realm className="org.apache.catalina.realm.JAASRealm" appName="jaas3"
    userClassNames="com.ttt.auth.Jaas3Users" roleClassNames="com.ttt.auth.Jaas3Role" useContextClassLoader="true"/>
    auth.conf ==>
    jaas3{
         com.ttt.auth.Jaas3LoginModule required;
    jboss-web.xml ==>
    <security-domain flushOnSessionInvalidation="true">java:/jaas/jaas3</security-domain>
    web.xml ==>
         <login-config>
              <auth-method>FORM</auth-method>
    <realm>jaas3</realm>
              <form-login-config>
                   <form-login-page>/login.jsp</form-login-page>
                   <form-error-page>/login-failure.jsp</form-error-page>
              </form-login-config>
         <security-role>
              <role-name>admin</role-name>
         </security-role>
         <security-constraint>
              <web-resource-collection>
                   <web-resource-name>Admin page</web-resource-name>
                   <url-pattern>/admin.jsp</url-pattern>
                   <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>HEAD</http-method>
              </web-resource-collection>
              <auth-constraint>
              <role-name>admin</role-name>
              </auth-constraint>
         </security-constraint>     
         </login-config>     
    login.jsp ==>
         <form action="j_security_check" method="post">
              <p>Username:<input type="text" name="j_username"/></p>
    <p>password:<input type="text" name="j_password"/></p>
    <input type="submit" name="btnSubmit" value="LOGIN"/>
         </form>
    I access the admin.jsp which is protected. I'm directed to the login page.
    The use is successfuly authenticated. but authorization fails always. I always get a 'Access denied' pge displayed, even for the admin user, who is grented access to the admin page.
    There are no logs in the server too.
    It's been a week since when i'm breaking my head over this issue. Please help me find what went wrong or what i've missed.
    Thanks,

    Has anyone ever implemented a simple web page authorization with Jaas?
    Please do help me by posting a sample code
    or suggest me a better security tool to use

  • Without using ID file to idoc scenario

    Hi People
                         I am trying one scenario(file to IDoc) that is without using configuration only using IR only is it possible to create? and how
    Thanks & regards
    shekar

    Hi,
    some scenarios could be done without IR:
    /people/william.li/blog/2006/09/08/how-to-send-any-data-even-binary-through-xi-without-using-the-integration-repository
    But I guess it's not possible to realize a scenario without ID.
    For example where do you want to configure you File Adapter?
    Regards
    Patrick
    Edited by: Patrick Koehnen on May 21, 2008 1:31 PM

  • Single user authorization ... without using profile..

    If we create a role ZFIAPP_TRANSACTIONS for the finance dept. and assign it to 8 user's. after that a user request for another t-code authorization w'll have to edit this role rather than creating a new one and assign the t-code into this role.. it w'll effect to all 8 user's which they already have the same role my  question is there any way to have changes only to one user's not other's. also I don't want to create a role and assign to a single user ....
    and is there any way to assign authorization without using profile.
    please clarify on this...

    Hi Mirza,
    If you will change the role then it will be applicable to all 8 users. to be effective for only one user you have the only option of creating a different role with the new t-code.
    Regards
    Ashok

  • Help! web.xml security without using WAR files

    I'm currently using the RDBMSRealm and URL ACL security for my app. I would like to use the web.xml descriptor for security so that I can specify login pages and such. We currently are not using WAR files. I've been having alot of trouble setting this up. Is there a way to use the RDBMS realm along with the web.xml security? It looks like it should work, but I can't seem to get it to function. How do I specify the regular document root as a webapp? I'm currently running WLS 5.1 with SP4. Thanks.

    The RDBMSRealm is just the authentication mechanism underneath WLS versus the
    web.xml of the WebApplication which describes all the access control for that WebApp.
    the later being scoped only to that WebApp.
    you don't need to deploy in a war file, you can expand the archive into an identical
    directory structure and then just point us towards the top level of that structure.
    see: http://www.weblogic.com/docs51/classdocs/webappguide.html
    .paul
    chris wrote:
    I'm currently using the RDBMSRealm and URL ACL security for my app. I would like to use the web.xml descriptor for security so that I can specify login pages and such. We currently are not using WAR files. I've been having alot of trouble setting this up. Is there a way to use the RDBMS realm along with the web.xml security? It looks like it should work, but I can't seem to get it to function. How do I specify the regular document root as a webapp? I'm currently running WLS 5.1 with SP4. Thanks.

  • How to create a inputstream without using the file operation

    Hi friends
    In my application, I have to create a Streamsource object using the below constructor:
    public StreamSource(InputStream inputStream)
        Construct a StreamSource from a byte stream. Normally, a stream should be used rather than a reader, so the XML parser can resolve character encoding specified by the XML declaration.
        If this constructor is used to process a stylesheet, normally setSystemId should also be called, so that relative URI references can be resolved.
    Parameters:
        inputStream - A valid InputStream reference to an XML stream.*[http://java.sun.com/j2se/1.4.2/docs/api/javax/xml/transform/stream/StreamSource.html#StreamSource(java.io.InputStream) |http://java.sun.com/j2se/1.4.2/docs/api/javax/xml/transform/stream/StreamSource.html#StreamSource(java.io.InputStream) ]*
    But for creating the inputstream, i am creating a tempory file, ie I am using fileinputstream.
    import java.io.File;
    import java.io.FileInputStream;
    import java.io.StringReader;
    import javax.xml.transform.Source;
    import javax.xml.transform.Transformer;
    import javax.xml.transform.TransformerFactory;
    import javax.xml.transform.stream.StreamResult;
    import javax.xml.transform.stream.StreamSource;
    public class SourceConvertor
        private static Source convertStaxToStream(Source request)
    // here the argument to this method is StaxSource and the return type is StreamSource
            TransformerFactory factory = TransformerFactory.newInstance();
            Transformer transformer = null;
            File fp = null;
            FileInputStream fInp = null;
            try
                transformer = factory.newTransformer();
                fp = new File("tempFile.txt");
                transformer.transform(request, new StreamResult(fp));
                fInp = new FileInputStream(fp);
            } catch (Exception e)
                e.printStackTrace();
            return new StreamSource(fInp);
        public static void main(String args[])
            try
                String message ="<author><name>Rai</name><book>GodOfSmallThings</book></author>";
                Source original = new StreamSource(new StringReader(message));
                Source converted = convertStaxToStream(original);
                TransformerFactory factory = TransformerFactory.newInstance();
                Transformer transformer = factory.newTransformer();
                transformer.transform(converted, new StreamResult(System.out));
            catch (Exception e)
                // TODO Auto-generated catch block
                e.printStackTrace();
    This is not at all a good aproach because evey time it is creating a new file.
    So can anyone suggest a better aproach or idea or a simple code snippet so that i can create the inputstream without creating a temporary file.
    Thanks in advance:
    *[http://www.javamilestone.blogspot.com/  |http://www.javamilestone.blogspot.com/  ] *

    Err, a StreamSource is a Source. Check the Javadoc. You can pass it directly to the transform.

  • Asigning a name to a host without using hosts file

    Hi, we have developed a rich client application that connects to a websphere Appserver in order of using ejb. This app is intended to work in different places, connecting to a different Appserver in each place. When the service locator of our client app connects to the appserver to obtain the references to the ejbs, the server returns some kind of URL that contains the name of the machine defined
    in the hosts file of the server. The problem is that if this name is not in the host file of the client machine the application crashes because it cannot communicate with the appserver. We have a large number of client machines and we would like to avoid having to modify the host file of every one of them.
    Is there a way to tell the application to assign an IP to a hostname at runtime?

    I think that you can directly use IP addresses instead of the host names.
    If your are in a lan you will be able to use the compulter name of the hosts too.
    Also if you get proper DNS setup in your network you will be able to allocate domain names to your hosts and reffer them by their domain name. And the clients will be able to find the hosts through DNS lookup

  • How do I copy an iMovie project from one computer to another (without using aliased files)?

    I followed the instructions at http://support.apple.com/kb/PH14745 to copy an event to one library to another.  The added library was accessed through a network share.  A new folder was created in the iMovie Library package, but the media files were all aliases to the media on the original computer.  Is there any way to actually copy the files and not have iMovie just create aliases?

    I think the trick is to 'Considate source media' on the new library.  See: 
    http://help.apple.com/imovie/mac/10.0/#mov882dee351
    Geoff.

  • Export table data in a flat file without using FL

    Hi,
    I am looking for options where I can export table data into a flat file without using FL(File Layout) i.e., by using App Engine only.
    Please share your experience if you did anything as this
    Thanks

    A simple way to export any record (table/view) to an csv fiel, is to create a rowset and loop through all record fields, like below example code
    Local Rowset &RS;
    Local Record &Rec;
    Local File &MYFILE;
    Local string &FileName, &strRecName, &Line, &Seperator, &Value;
    Local number &numRow, &numField;
    &FileName = "c:\temp\test.csv";
    &strRecName = "PSOPRDEFN";
    &Seperator = ";";
    &RS = CreateRowset(@("Record." | &strRecName));
    &RS.Fill();
    &MYFILE = GetFile(&FileName, "W", %FilePath_Absolute);
    If &MYFILE.IsOpen Then
       For &numRow = 1 To &RS.ActiveRowCount
          &Rec = &RS(&numRow).GetRecord(@("RECORD." | &strRecName));
          For &numField = 1 To &Rec.FieldCount
             &Value = String(&Rec.GetField(&numField).Value);
             If &numField = 1 Then
                &Line = &Value;
             Else
                &Line = &Line | &Seperator | &Value;
             End-If;
          End-For;
          &MYFILE.WriteLine(&Line);
       End-For;
    End-If;
    &MYFILE.Close(); You can of course create an application class for generic calling this piece of code.
    Hope it helps.
    Note:
    Do not come complaining to me on performance issues ;)

  • Invoking Web Services Without Using the WSDL File - RPC

    I would apprecite if someone can provide sample code
    for RPC client for WeatherEJB sample code without using wsdl file.
    Thanks ,
    ag

    Hi,
    Attached is a small program that calls a service CurrencyExchangeRate
    registered at www.xmethods.com.
    The program uses pure java to call the service.
    Hope that helps
    Thanks
    Amit Chauhan
    ag <[email protected]> wrote in message
    news:3c59734d$[email protected]..
    >
    I would apprecite if someone can provide sample code
    for RPC client for WeatherEJB sample code without using wsdl file.
    Thanks ,
    ag[webservice.java]

  • Problem fetching policy-file-request

    According to
    http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_print.html
    quote:
    * A SWF file may no longer make a socket connection to its
    own domain without a socket policy file. Prior to version
    9,0,115,0, a SWF file was permitted to make socket connections to
    ports 1024 or greater in its own domain without a policy file.
    * HTTP policy files may no longer be used to authorize
    socket connections. Prior to version 9,0,115,0, an HTTP policy
    file, served from the master location of /crossdomain.xml on port
    80, could be used to authorize a socket connection to any port 1024
    or greater on the same host.
    So with the tighter security measures, a policy file has to
    be fetched on port 843 or on the same port on which a connection is
    desired. That leads to another problem. The policy file request
    made by the player has a simple format: clear text
    <policy-file-request/> is sent as raw data bytes on
    the ports.
    As most firewalls block such raw data traffic (of unknown
    protocols) on all the ports, this means that the policy file fetch
    will fail almost always if the user is behind any firewall.
    This will render all SWFs, that do not use well known ports,
    unusable. Does anyone know what is the solution to this
    problem? Or am I missing something here?

    Common guys, someone has to know what to do here.
    I have read all that I can read and tried all that I could
    and the flash app is not accepting my policy file.

  • Signing Applets..Policy File

    Hi All,
    I have developed a Applet to read from local hard disk file. I have signed it. Regarding policy file i hv sm confusion.wihtout policy file also it is working. Isn't must to use policy files. If it is must how and where i will install it on other remote machines.
    Reg Certificates, whether we hv to manually give a link in our html. or anyother way is there to let IE automatically pop up that "Plugin Window" asking abt certficate(Grant,deny..\)
    Lemme me know the details..

    I have followed the instuction and signed all other libraries and I have encountered a runtime error in IE.
    The title of the message is Microsoft Visual C++ Runtime Library.
    The content is
    Runtime error!!
    Program: C:\program files\internet exploer\iexplorer.exe
    Abnormal program termination.
    I have tested serval version of IE and Java plug-in. It include:
    IE 6.0 sp1 with JRE 1.3.1_10
    IE 6.0 sp1 with JRE 1.3.1_06
    IE 5.5 sp2 with JRE 1.3.1_05
    Could someone can help me? Thanks!!

  • Clustered application without using EAR in WebLogic 6.0

              Hi,
              Is it possible to set-up a clustered application without using EAR files in WebLogic
              6.0.
              Please point me to instructions for the same.
              Thanks
              B.Srini
              

    Yep. Possible.
              refer bea docs
              "Srinivasan Bhoopathy" <[email protected]> wrote in message
              news:3c5e5815$[email protected]..
              >
              > Hi,
              >
              > Is it possible to set-up a clustered application without using EAR files
              in WebLogic
              > 6.0.
              >
              > Please point me to instructions for the same.
              >
              > Thanks
              > B.Srini
              

Maybe you are looking for