JAAS AUthorization in JSF with facelets

Similar Messages

• Authorization with JAAS in JSF with facelets

  hi,
  can u please hint me where i did mistake.. i clearly mention what i did and what i getting ..i did this in jsf1.2,tomcat6.x
  i did JAAS authentication in jsf with facelets.but i am unable to do the authorization with JAAS in jsf
  after getting authentication i put the subject in session. if i print the values in suject i got the following out put
  Subject:
  Principal: TypedPrincipal: hari [USER] // user name
  Principal: TypedPrincipal: admin [GROUP] // user role.
  now i want to authorization based on the role.
  for this i wrote policy file --principal.policy like this
  grant Principal com.alw.reports.jaas.TypedPrincipal "admin" {
      permission com.alw.reports.jaas.ViewIdPermission "*";
  grant Principal com.alw.reports.jaas.TypedPrincipal "hari" {
      permission com.alw.reports.jaas.ViewIdPermission "*";
  grant Principal com.alw.reports.jaas.TypedPrincipal "user" {
      permission com.alw.reports.jaas.ViewIdPermission "/contents.jsp";
  };and i set the path for this policy file like
                System.setProperty("java.security.policy", "policy file location" );when i run my application i am getting login page after that i gave username and passwed. it is getting authentication .. but not able to displaying next page that is /pages/welcome.xhtml but directly it is showin /pages/error.xhtml
  i am getting following error
  java.security.AccessControlException: access denied (com.alw.reports.jaas.ViewIdPermission /pages/welcome.xhtml)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at com.alw.reports.jaas.JAASHelper$1.run(JAASHelper.java:87)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
       at com.alw.reports.jaas.JAASHelper.permitionToAccessViewId(JAASHelper.java:83)
       at com.alw.reports.jaas.JAASActionListener.processAction(JAASActionListener.java:65)
       at javax.faces.component.UICommand.broadcast(UICommand.java:106)
       at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:184)
       at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:162)
       at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:350)
       at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:316)
       at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:106)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141)
       at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Unknown Source)
  my faces-config.xml
  <navigation-rule>
            <display-name>pages/login</display-name>
            <from-view-id>/pages/login.xhtml</from-view-id>
            <navigation-case>
                 <from-outcome>loginSuccess</from-outcome>
                 <to-view-id>/pages/welcome.xhtml</to-view-id>
            </navigation-case>
       </navigation-rule>
  <navigation-case>
                 <from-outcome>errorpage</from-outcome>
                 <to-view-id>
                      /pages/error.xhtml
                 </to-view-id>
            </navigation-case>my command button in login.xhtml
                           <td align="center" colspan="2">
                                <h:commandButton value="Reset" type="reset"/>
                                <h:commandButton   action="loginSuccess"
                                     id="login" value="Login" />
                           </td>my actionlister
  package com.alw.reports.jaas;
  import javax.faces.component.UIOutput;
  import javax.faces.context.FacesContext;
  import javax.faces.event.AbortProcessingException;
  import javax.faces.event.ActionEvent;
  import javax.faces.event.ActionListener;
  import javax.security.auth.Subject;
  public class JAASActionListener implements ActionListener   {
       private ActionListener parent = null;
       public JAASActionListener(javax.faces.event.ActionListener parent) {
            System.out.println("-------------- in JAASActionListener ;");
         this.parent = parent;
       public void processAction(ActionEvent event)
         throws AbortProcessingException {
            System.out.println("-------------- in processAction ;");
         FacesContext context = FacesContext.getCurrentInstance();
         UIOutput comp = null;
         String userid = null, password = null;
         JAASHelper jaasHelper = new JAASHelper();
         // Check to see if they are on the login page.
         boolean onLoginPage = (-1 != context.getViewRoot().getViewId().lastIndexOf("login")) ? true : false;
         if (onLoginPage) {
           if (null != (comp = (UIOutput)
             context.getViewRoot().findComponent("helloForm:username"))) {
             userid = (String) comp.getValue();
           if (null != (comp = (UIOutput)
             context.getViewRoot().findComponent("helloForm:password"))) {
             password = (String) comp.getValue();
           // If JAAS authentication failed
           if (!jaasHelper.authenticate(userid, password)) {
             context.getApplication().getNavigationHandler().handleNavigation(context, null, "login");
             return;
           else {
             // Subject must not be null, since authentication succeeded
                System.out.println("----------- setting the subjects in context in  ActionListner ");
             assert(null != jaasHelper.getSubject());
             // Put the authenticated subject in the session.
             System.out.println("---- putting the authenicated subject in the seesion ");
             context.getExternalContext().getSessionMap().put("JAASSubject",jaasHelper.getSubject());
         parent.processAction(event);
         Subject subject=(Subject)context.getExternalContext().getSessionMap().get("JAASSubject");
        System.out.println("subject after parent process action>>>>>>>>>>>>>>>>>>>>>"+subject);
        assert(null != subject);
        if(!jaasHelper.permitionToAccessViewId(subject,context,context.getViewRoot().getViewId())){
            context.getApplication().getNavigationHandler().handleNavigation(context, null, "errorpage");
  }can u please hint me where i did mistake
  thanks in advance

  gbabu wrote:
  My doubt is based on that subject , how to write policy file and how to call doAsPrivileged() mehod on that Subject in order to navigate web pages.how to provide web pages permission for particular role in policy file..
  For example i have three pages login.xhtml,user.xhtml,admin.xhtml.
  1> if the logged in person is admin, then we want to display admin.xhtml
  2> if the loggend is person is user , then we want to display user.xhtml
  untill now i did and found who is logged in and what are his type( admin or user) .now i want configure the web.xml and faces-config.xml based on policy fileTo the best of my knowledge, there is nothing in the standard NavigationHandler which accounts for JAAS security. If you wanted, you could create a custom NavigationHandler to do this. If you think the idea is worthy enough, you could issue an enhancement request to the specification ([https://javaserverfaces-spec-public.dev.java.net/]).

• How to erase error message in jsf with facelets

  hi,
  I am using jsf 1.2 with facelets. we provided on required validation for menu in a page .if i click submit button with out giving required value, then corresponding message is showing.but after giving that required value that error message is not erasing from that page.
  but in my requirement when ever i gave that required value immedialty i want to erase that messge.
  In the following codec i click on submit button without selecting Bank , then it will display error message like Select Bank .after that i selected bank but that message is not removing.
  so could any body suggest me where i did mistake and how to do for that requirement..... please hint me
  mypage.xhtml
  <h:selectOneMenu  id="dropDownBanksName"  value="#{cardPrintBean.bankId}"
                                       required="true"  requiredMessage=" * Select Bank " title="select bank"
                                       valueChangeListener="#{cardPrintBean.valueChange}">
                                          <f:selectItems value="#{cardPrintBean.banks}" noSelectionLabel="Please select"/>
                                     </h:selectOneMenu>          
                                     <h:message for="dropDownBanksName" errorStyle="color:red" />can any one please help me........
  thanks in advance

  gbabu wrote:
  I think by using javascript with DOM we can put alert's boxes .Uh, think?
  I wasn't talking about alerts. Alerts also have nothing to do with DOM.
  but how to erase that error message of JSF in XHTML pageI already answered that. If you just want plain code, you're here at the wrong place.
  Better learn Javascript and HTML DOM. w3schools has nice tutorials about that.
  [http://www.w3schools.com/JS/default.asp]
  [http://www.w3schools.com/HTMLDOM/default.asp]

• How to implement JAAS authorization with the weblogic 8.1 server

  i wrote a code for both the authentication as well as authorization using jaas using the config file and the policy file.
  This code works fine stand alone for the authentication as well as authorization.
  But when i runs this code inside the server (Weblogic 8.1), authorization deos not works according to my policy file. i have given the policy file path in the startWeblogicServer.cmd script. even i have tried to work with my policies in the java.policy file by giving its path in the java.security file. but this is also useless.
  Now, i have doubt that either <b>jaas authorization doesn't work with the weblogic</b>(i am using 8.1) or there is some configuration setting is missing from my side.
  Is there anybody who can help me to come out of this problem. Or tell me authorization alternative in the weblogic. I will really appreciate if anyone can help with the some example code.

  read this
  http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.html
  http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html

• ClassCircularityError in JAAS Authorization with Weblogic Server 10.3

  We are implementing JAAS authorization in which roles and policies are stored in a custom JAAS policy file and users are stored in the embedded LDAP server provided by Weblogic. We are facing problem is authorizing users using the custom policy created.
  We have implemented the JAAS authentication service with weblogic server 10g R3 and user's information stored in embedded LDAP server provided WLS. Given below are the details of implementation for JAAS Authorization:
  Following are the custom classes created:
  1. Custom Principal Class
  public class Principal implements java.security.Principal, java.io.Serializable {
  private String name;
  public Principal() {
  name = "";
  public Principal(String newName) {
  name = newName;
  public boolean equals(Object o) {
  if (o == null)
  return false;
  if (this == o)
  return true;
  if (o instanceof Principal) {
  if (((Principal) o).getName().equals(name))
  return true;
  else
  return false;
  else
  return false;
  public int hashCode() {
  return name.hashCode();
  public String toString() {
  return name;
  public String getName() {
  return name;
  2. Custom Permission Class
  public class ActionPermission extends Permission {
       public ActionPermission(String name) {
            super(name);
       @Override
       public boolean equals(Object obj) {
            if ((obj instanceof ActionPermission)
                      && ((ActionPermission) obj).getName().equals(this.getName())) {
                 return true;
            } else {
                 return false;
       @Override
       public String getActions() {
            return "";
       @Override
       public int hashCode() {
            return this.getName().hashCode();
       @Override
       public boolean implies(Permission permission) {
            if (!(permission instanceof ActionPermission)) {
                 return false;
            String thisName = this.getName();
            String permName = permission.getName();
            if (this.getName().equals("*")) {
                 return true;
            if (thisName.endsWith("*")
                      && permName.startsWith(thisName.substring(0, thisName
                                .lastIndexOf("*")))) {
                 return true;
            if (thisName.equals(permName)) {
                 return true;
            return false;
  Following are the configuration changes:
  1. Added custom policy to weblogic.policy.
  grant Principal com.scotia.security.authorization.Principal "test" <User defined in the embedded LDAP server of WLS>{
  permission com.scotia.security.authorization.permission.ActionPermission "viewScreen";
  2. Set the java security manager in startWeblogic.cmd file.
  %JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -Dweblogic.Name=%SERVER_NAME% -Djava.security.manager -Djava.security.policy=%WL_HOME%\server\lib\weblogic.policy %PROXY_SETTINGS% %SERVER_CLASS%
  3. Set Realm "Security Model" to "Custom Roles and Policies".
  Right now we are facing the given below exception:
  java.lang.ClassCircularityError: com/scotia/security/authorization/THORPrincipal
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Class.java:247)
       at sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1381)
       at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1268)
       at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1231)
       at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1167)
       at sun.security.provider.PolicyFile.implies(PolicyFile.java:1122)
       at weblogic.security.service.WLSPolicy.implies(Unknown Source)
       at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
       at java.security.AccessController.checkPermission(AccessController.java:546)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
       at java.io.File.exists(File.java:731)
       at weblogic.utils.classloaders.DirectoryClassFinder.getSource(DirectoryClassFinder.java:36)
  Please help if anyone has some clue regarding this exception. We tried checking the jdk version used by eclipse and weblogic and found it to be same.

  1. Custom Principal Class
  public class Principal implements java.security.Principal, java.io.Serializable {Rename it. You are asking for trouble naming a class after an interface it implements.
  java.lang.ClassCircularityError: com/scotia/security/authorization/THORPrincipalWhat's that class? You haven't shown us.

• 10.1.3r3 - Enabling JAAS authorization in ADF BC with embedded OC4J

  That's probably the most abstract subject line I've written in this forum yet.
  In JDev 10.1.3r3 I'm attempting to implement JAAS authorization on an entity object in the Entity Object Editor's Authorization page. Via the Tools -> Embedded OC4J Server Preferences -> Global Authentication options I created a new realm "test.com", user "testuser", and role "testrole" allocating "testuser" to this new role. I've not yet defined a Login Config.
  A search of the filesystem shows that these entries have been added to:
  <jdev_home>\jdev\system\oracle.j2ee.10.1.3.34.12\embedded-oc4j\config\jazn-data.xml
  Back in the EO Editor's Authorization page, selecting the New button with the EO name selected in the Define Updateable Permissions list, the Authorizations dialog displays showing the Realm "jazn.com", but not the new "test.com" role.
  A search of the filesystem shows that the jazn.com entries come from:
  <jdev_home>\jdev\system\oracle.j2ee.10.1.3.34.12\embedded-oc4j\config\system-jazn-data.xml
  What am I doing wrong? Why can't I see my new realm in the EO Authorization dialog? Have I got the wrong end of the JDeveloper stick again?
  I've been reading the white paper "J2EE Security in Oracle ADF Web Applications" for help, but as far as I can see it's more concerned with the configuration of security in the ViewController layer than the Model layer.
  JDev team, a couple of things I've noticed:
  1) The help page for the EO Editor's Authorization page has a number of links that aren't working at the bottom of the page and did in 10.1.2. Ditto the "Implementing Authorization in Oracle ADF Business Components" page.
  2) In 10.1.2 under the Tools -> Embedded OC4J Server Preferences -> Global Authentication options, the jazn.com realm is shown as an option, while in 10.1.3r3 it's not.
  Hope somebody can help.
  Cheers,
  CM.

  Chris,
  I filed seeral bugs on this behavior in JDeveloper 9.0.5. The information is needed in the Jdeveloper Home/j2ee/home/config/szstem-jazn-data.xml. I know this doesn't make it intuitive and I filed bugs as mentioned. For production this should be resolved to a more user friendly experience.
  You are correct that the existing security paper deals with view layer seurity and that it needs to be updated for model layer security. In Jdeveloper 10.1.3 we added security on the binding layer as well, which I think is a better place to put it than on individual business services, though there is nothing wrong with this. For production this will be documented in the online help.
  Frank

• Has anyone successfully implemented the JSF Viewer with Facelets?

  We have recently started integrating Crystal into one of our web apps that is using JSF + Facelets + Seam.
  I've built a taglib for the jsf viewer and configured it in web.xml and faces-config. I'm pulling an IReportSource from a backing bean using com.crystaldecisions.reports.sdk.ReportClientDocument  and that is using a .rpt file stored on a directory. This all seems to be working, as I can step through the code and see the IReportSource being generated.
  However, when the page loads, I am seeing the crystal javascript being converted in the page source, but nothing is loading on the page. 
  Has anyone seen an issue similar to this tied to Facelets? I've seen numerous documentation on Crystal and JSP, but very little on JSF  or Facelets.
  Has anyone been able to get a setup like this or similar to work properly?
  I've also noticed an error when adding the viewer:
  java.io.IOException: Recover report client document state failed.
  at com.crystaldecisions.sdk.occa.report.application.ReportClientDocument.readExternal(SourceFile:1492)
  at com.crystaldecisions.sdk.occa.report.application.AdvancedReportSource.readExternal(SourceFile:131)
  at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1792)
  I believe this to be related to me switching over to the serializable ReportClientDocument: com.crystaldecisions.sdk.occa.report.application.ReportClientDocument  versus using the nonserializable version.
  When using the non-serializable version, I am seeing a constructor issue with the JPEReportSource
  Exception: java.io.InvalidClassException: com.crystaldecisions.reports.reportengineinterface.JPEReportSource; no valid constructor
  Has anyone seen this issue before or able to offer any suggestions?

  Well, according to the tutorials I have seen on the internet, I believe CrystalReport was successfully implemented and tested with jsp, to have it working with Facelets, we need to do a little bit of work around. We need to make a new JSF custom component and assign it to an external renderer. then we can use it to view the report
  please follow these and it should work after then,
  1- bring the following jars into your libs
  commons-configuration-1.2.jar
  Concurrent.jar
  CrystalCommon.jar
  CrystalContentModels.jar
  CrystalDatabaseConnectors.jar
  CrystalFormulas.jar
  CrystalQueryEngine.jar
  CrystalReportEngine.jar
  CrystalReportingCommon.jar
  icu4j.jar
  jrcadapter.jar
  jrcerom.jar
  keycodeDecoder.jar
  MetafileRenderer.jar
  rasapp.jar
  rascore.jar
  rpoifs.jar
  serialization.jar
  URIUtil.jar
  webreporting.jar
  webreporting-jsf.jar
  xercesImpl.jar
  xml-apis.jar
  2- bring the folder "crystalreportviewers115" right under the "WebContent".
  3- implement the custom FacesComponent and make it extend the "UIReportPageViewer" as follows;
  import packagename.CustomReportRenderer;
  @FacesComponent ("packagename.newReportViewer")
  public class UIReportViewer extends com.crystaldecisions.report.web.jsf.UIReportPageViewer implements Serializable{
      public UIReportViewer () {
          this.setRendererType("packagename.CustomReportRenderer");
  4- implement the renderer and make it extend the "ViewerHtmlRenderer" as follows;
  @FacesRenderer(componentFamily="CrystalReports.DHTMLViewer", rendererType="packagename.CustomReportRenderer")
  public class CustomReportRenderer extends com.crystaldecisions.report.web.jsf.ViewerHtmlRenderer implements Serializable {
  5- make a new tag library xml file next to the web.xml so the application can find the tag configurations. name it "taglib.xml" and add the following inside it;
  <facelet-taglib xmlns="http://java.sun.com/xml/ns/javaee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee"
      version="2.0">
      <namespace>http://new-jsf-custom-components/</namespace>
      <tag>
          <tag-name>ReportViewer</tag-name>
          <component>
              <component-type>packagename.newReportViewer</component-type>
              <renderer-type>packagename.CustomReportRenderer</renderer-type>
          </component>
      </tag>
  </facelet-taglib>
  6- configure the web.xml with the following
    <context-param>
          <description>
          State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
          <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
          <param-value>server</param-value>
      </context-param>
      <context-param>
            <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
          <param-value>/WEB-INF/taglib.xml</param-value>
      </context-param>
      <context-param>
          <param-name>crystal_image_uri</param-name>
          <param-value>../../crystalreportviewers115</param-value>
      </context-param>
  7- implement the reportViewer.xhtml and make sure you have the following;
  - in the tag libraries add the namespace schema xmlns:crystalnmcps="http://new-jsf-custom-components/"
  - add the new reportViewer component
  <crystalnmcps:ReportViewer reportSource="#{youController.reportSource}"  displayToolbarLogo="false" parameterFields="#{youController.parameterFields}"  allowParameterPrompting="false" />
  Now run your app.
  I hope this helps. good luck

• Jaas authorization

  Hello, friends.
  Help please.
  Is it possible to base jaas authorization and authentication on the database role.
  I use Frank Nimphius DBLoginModule for users authorization and authentication.
  This works fine.
  But all users names must be defined in the application web.xml file.
  But the number of my application users will be increased in the future and i don't know
  their logins. I know that all application users will have database role "app_users only.
  (And all suiccessful authenticated with DBLoginModule users must
  be authorized with my application).
  What can I do in this situation.
  Can I permit access to the application for all users authenticated with LoginModule or
  for all users have been granted with database role "app_users".
  Thank you.

  Thak you for reply, Peter.
  Sorry for my English.I'll try to explain better what i need.
  I use Frank Nimphius DBSystemLoginModule and
  I do not undarstand how to map one jaas role to all database users which have database role app_users for example.
  This works fine if i define individual jaas sequrity role in web.xml for each database user . But it is not the decision because i don't know all application users now.
  But i know that all application users will have database role app_users.
  Another way is to permit access to the application for all successful authenticated with Login Module users.
  Help please.

• Sun's JSF1.1 version with facelets not working

  Hi all
  I am trying to run my application using sun's JSF1.1 version with facelets. But not able to succeed in this.
  Can anyone tell me is JSF 1.1 is compatible with facelets?
  Any help would be really appreciated.
  Thanks.

  Hi all
  I am trying to run my application using sun's JSF1.1 version with facelets. But not able to succeed in this.
  Can anyone tell me is JSF 1.1 is compatible with facelets?
  Any help would be really appreciated.
  Thanks.

• JAAS Authorization - aaaggh

  Hi
  I am struggling with authorization in WLS 8.1. My WL server is backed by an RDBMS
  Realm which is used for username/password authentication. I also have a remote
  JVM which uses JAAS to authenticate a user as required. This works fine. For
  the remote JVM I have created a custom permission and associated that with a principal
  via a policy file, shown below:-
  grant principal weblogic.security.principal.RealmAdapterUser "MyUser"
  permission com.package.security.jaas.MyPermission "logon", "true";
  grant
  permission java.io.FilePermission "<<ALL FILES>>", "read,write";
  permission java.net.SocketPermission "*", "accept,connect,listen,resolve";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.io.SerializablePermission "enableSubstitution";
  permission javax.security.auth.AuthPermission "*";
  I have a few questions:
  1) How do I associate the subject from the returned login context with my permission?
  2) I call Security.runAs(subject, myaction) to perform the authorized (or not)
  action. However, regardless of what user I use (authorized and unauthorized that
  belong to different groups) it always passes.
  I don't find the WL 81 docs on authorization particularly useful so does anyone
  know what am I doing wrong.
  TIA
  Matt

  "Matt" <[email protected]> wrote in message
  news:3f379042$[email protected]..
  >
  Hi
  I am struggling with authorization in WLS 8.1. My WL server is backed byan RDBMS
  Realm which is used for username/password authentication. I also have aremote
  JVM which uses JAAS to authenticate a user as required. This works fine.For
  the remote JVM I have created a custom permission and associated that witha principal
  via a policy file, shown below:-
  grant principal weblogic.security.principal.RealmAdapterUser "MyUser"
  permission com.package.security.jaas.MyPermission "logon", "true";
  grant
  permission java.io.FilePermission "<<ALL FILES>>", "read,write";
  permission java.net.SocketPermission "*","accept,connect,listen,resolve";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.io.SerializablePermission "enableSubstitution";
  permission javax.security.auth.AuthPermission "*";
  I have a few questions:
  1) How do I associate the subject from the returned login context with mypermission?
  2) I call Security.runAs(subject, myaction) to perform the authorized (ornot)
  action. However, regardless of what user I use (authorized andunauthorized that
  belong to different groups) it always passes.
  I don't find the WL 81 docs on authorization particularly useful so doesanyone
  know what am I doing wrong.
  WLS allows you to use JAAS authorization, but does not provide any support
  other
  than what is in the SDK. Therefore, the steps should be the same whether you
  are in
  a java program or whether running in WLS.
  http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/GeneralAcn
  AndAzn.html
  I think you need to use a doAs instead of a WLS runAs

• I tried to play a song. But it says I need to authorize my computer with a very old apple id I dont use anymore and I cant play the song. How do I fix this?

  I am trying to play a song I bought and it is saying I need to authorize my computer to use it with a very old id that I no longer use for apple. How do I get all my music back?

  You need to authorize the computer with that specific Apple ID. If that account's inaccessible, delete the song and then purchase it from your current Apple ID, or click here and ask the iTunes Store staff for assistance.
  (110985)

• Can I authorize two computers withe the same iTunes

  Can I authorize two computers withe the same iTunes

  Yes, you can authorize two computers with the same Itunes Account.

• I got a new Kobe and i am unable to register it on Adobe, when I log in to my account I receive the following error message "you can only authorize this computer with an Adobe ID that hasn't been previously used to authorize any other computer or mobile d

  I got a new Kobo and tried to register it so that I can download books from the public library. When I tried to register my device I received the following message " You can only authorize this computer with an Adobe ID that hasn't been previously used to authorize any other computer or mobile devices. Please try again.

  Please refer to Can't authorize with a previously used Adobe ID

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• I have recently changed my apple id and password, but when i try to access music on an external hard drive that i bought on iTunes it asks me to authorize my computer with my old apple id? can anyone help?

  I have recently changed my apple id and password.  When i try to access music that i bought on itunes on an external hard drive,  it asks me to authorize my computer with my old apple id? can anyone help?

  Please try to sign in at https://appleid.apple.com
  Check if your new username/email address is verfied
  If this works, delete your account on your iPhone (Settings > iCloud)
  Sign back in