Urgent: JAAS authorization policy file

Hi.
I just decided to implement JAAS technology in my 3-tiered application. I did authentication, but can not beleive that the only way to specify authorization is to place all grants in one ore more text files and specify this(ose) file(s) in batch file running my application. I do not think that it is secure. The same for authentication. It is possible to redirect my application to pass through some other LoginModule and so on.
I gues there is some other way to store jaas config and policy files. Please help me to get that way.
Thanks in advance,
Kanan

the default file-based LoginContext configuration and Policy-based permission files are certainly rudimentary.
it is for this reason that the javax.security.auth.login.Configuration and java.security.Policy implementations are pluggable. instead of defining only one way of storing the data, it is possible to develop custom implementations to store data in any way a developer desires.
you can directly subclass either of these abstract classes and then programmatically set your subclass in the VM via the respective "setConfiguration" or "setPolicy" methods. or you can statically specify your custom implementation in the login.configuration.provider or policy.provider security property (set inside the java.security file inside the ~jre/lib/security directory of your installation).
both of these options should be documented in the Configuration and Policy javadocs.
in the Configuration case, J2SE 5.0 introduced a new constructor on the javax.security.auth.login.LoginContext class that can take a Configuration object as an input parameter. this gives you extra flexibility for managing login configuration entries per LoginContext.
your custom implementations would then need to manage the configuration and permission data as it so desires (perhaps in memory, perhaps on a server, or perhaps even in custom files).

Similar Messages

  • Dynamically change the JAAS auth policy file

    We want to honor the JAAS auth policy file change while the java process is still running. Currently, if you change the permissions in the JAAS auth policy file after the java process is launched, the changes are not picked up by the security manager. Is there a way to honor the permission changes without re-launch the java process?
    Thank you very much!
    JST

    Hey,
    No you do not call policy.refresh() at this time; you call it when the underlying policy file which supports the default implementation is changed - otherwise what are you refreshing.
    Perhaps consider implementing a database backed policy; I can't help feeling it would be a less troublesome method if you need a certain level of dynamism in you policy entries.
    Warm regards,
    D

  • Jaas Authorization in jboss without using policy file

    HI,
    i am working on j2ee application in which i am using jaas for authentication and authorization.
    authentication is done but in authorization i dont want to use
    policy file because roles can be added it is not predefined so jaas should refer database for roles names and permissin i.e action class(URL permission) that are accesible to the user.
    how to implement this using jaas?
    pl can u help me to solve this problem.

    Has anyone ever implemented a simple web page authorization with Jaas?
    Please do help me by posting a sample code
    or suggest me a better security tool to use

  • Policy files URGENT

    Hello
    I have a question regarding the local and global policy file. The union of these are used, but what will happend if
    - the global policy file allows to write to a file and the local denies this?
    - the local policy file allows to write to a file and the global denies this?
    -the global file allows grants permission to read to a file while the local policy file allows to write AND read this file
    I am a bit confused about the union thing. Seems like the last one will allow both read and writing to the file but the first one seems strange to me. What is the union of allowing something and denying the same?
    As I understand the global and local policy file are equal when it comes to what is beeing granted to code...
    Thanks alot!!! for help.. I have my exam tomorrow and need to know cos Im confused!!

    Well fist of all it is urgent since I have a exam
    tomorrow morning and replies after this doesnt hekp
    me to much.there may be some here that would sympathize with you.
    Also telling me to try my self while sitting on your
    "high horse looking down" mentality is crap. actually, jverds mentality may be quite different that what you percieve.
    I believe from past experience that a much different description would
    describe his mentality and response. I think what i am saying is that
    you jump to conclusions.
    I could
    but I would have to install Java and since Im having
    a teoretical exam this takes time Ill rather spend on
    other material.it would be time well served and MOST likely to be more
    productive than jumping to conclusions.
    I understand perfectly that you dont want to help,with an open mind, you may come to other conclusions
    but coming with statments that takes you longer time
    to write then the answer is plain stupid.not if you understand that suggestions may help you in the long
    run even if they aren't what you expect. graciously accepting help as
    it is given is much better than making demands and lashing out with
    a "help me the way i want to be helped" mentality.
    Just keep
    it to your self. more instructions and suggestions?
    I asked kindly a question that needs
    a yes/no and I cant see the big problem.re-reading this post with an open mind might lead you to a conclusion that
    you would have been better served with a response like.
    Thank you for your help jverd, but currently i have no access to a computer
    with java and since i have an exam tomorrow and did not study when i should
    have, i am in need of more suggestions. Thank you for your patience.
    walker

  • Jaas + custom policy

    I want to source my JAAS policy files from a database.
    I extended java.security.Policy and I can dynamically assign permissions to a codesource. I also have JAAS authorization running without any problems. What I can't figure out is how I can associate a dynamic principal with a protection domain so that getPermissions(ProtectionDomain) will magically work with Subject.doAs without re-writing half of sun.security. Has anyone accomplished something like this? I'm concentrating on 1.4, altho I'm not above using a 1.3 specific solution.

    I think I've worked it out (I don't think anyone cares anymore though). This post is just up here so people hit it when they search.
    If you subclass Policy and set it (e.g. using Policy.setPolicy or with properties files), then you implment the
    boolean implies(ProtectionDomain dom, Permission perm)Method, then it pretty much works!
    Whenever you do some action with Subject.doAsPrivileged, for example, an array or principals is given you your implies method available in the ProtectionDomain, i.e. with
    boolean implies(ProtectionDomain dom, Permission perm)
      Principal[] prins = dom.getPrincipals();
      for (int i = 0; i < prins.length; i++)
         if (prins[i] instanceof MyPrincipal) {
           MyPrincipal p = (MyPrincipal) prins;
    return UserPermissions.getPermissionSetFor(p).contains(perm); // or something. Havn't worked out exactly what happens here
    return false;
    I think that's how it works.
    Here's some code I wrote to test these ideas out. When you run it, you notice that none of the other Policy methods (getPermissions() in particular) are ever called.
    import javax.security.auth.Subject;
    import java.security.Policy;
    import java.security.PrivilegedAction;
    import java.io.FileInputStream;
    import java.io.File;
    import java.io.IOException;
    import java.util.Set;
    import java.util.HashSet;
    import java.util.logging.Logger;
    public class JaasExperiment {
        public static void main(String args[])
            Policy.setPolicy(new MyPolicy());
            Set pubcred = new HashSet();
            Set privcred = new HashSet();
            Set princips = new HashSet();
            princips.add(new MyPrincipal("keith"));
            Subject keith = new Subject(false, princips, pubcred, privcred);
            Subject.doAsPrivileged(keith, new MyAction(), null);
            Set mprincips = new HashSet();
            mprincips.add(new MyPrincipal("michelle"));
            Subject michelle = new Subject(false, mprincips, pubcred, privcred);
            Subject.doAsPrivileged(michelle, new MyAction(), null);
            Logger.global.info("Finished");
        private static class MyAction implements PrivilegedAction
            public Object run() {
                 try {
                    FileInputStream in = new FileInputStream(new File("src/JaasExperiment.java"));
                    int ch;
                    while ((ch = in.read()) != -1)
                        System.out.print((char)ch);
                    in.close();
                } catch (IOException e) {
                    e.printStackTrace();
                return null;
    import java.security.*;
    import java.util.logging.Logger;
    public class MyPolicy extends Policy
        boolean checking = true;
        private static Logger log = Logger.getLogger("MyPolicy");
        static {
            log.info("MyPolicy loaded");
        public PermissionCollection getPermissions(ProtectionDomain domain) {
            log.info("getPermissions domain:"+domain.toString());
            return null;
        public PermissionCollection getPermissions(CodeSource codesource)
            log.info("getPermissions codewsource:"+codesource);
            return null;
        public boolean implies(ProtectionDomain domain, Permission permission) {
            //log.entering("MyPolicy", "implies");
            log.finest("Domain codsource is:"+domain.getCodeSource().toString());
            log.fine("Permission "+ permission.getClass().getName() +":"+permission.getName() + " Requested");
            if (domain instanceof Object) {
                Object o = (Object) domain;
            Principal[] ppls= domain.getPrincipals();
            for (int i=0; i < ppls.length; i++)
                log.info("Principal "+i+" is " + ppls.getName());
    if (checking)
    checking = false;
    //log.info("Domain:"+domain.toString());
    //log.info("permission:"+permission.toString());
    //log.exiting("MyPolicy", "implies");
    return true;
    public void refresh()
    import java.security.Principal;
    public class MyPrincipal implements Principal{
    private final String name;
    public MyPrincipal(String name)
    this.name = name;
    public String getName() {
    return name;

  • How to implement JAAS authorization with the weblogic 8.1 server

    i wrote a code for both the authentication as well as authorization using jaas using the config file and the policy file.
    This code works fine stand alone for the authentication as well as authorization.
    But when i runs this code inside the server (Weblogic 8.1), authorization deos not works according to my policy file. i have given the policy file path in the startWeblogicServer.cmd script. even i have tried to work with my policies in the java.policy file by giving its path in the java.security file. but this is also useless.
    Now, i have doubt that either <b>jaas authorization doesn't work with the weblogic</b>(i am using 8.1) or there is some configuration setting is missing from my side.
    Is there anybody who can help me to come out of this problem. Or tell me authorization alternative in the weblogic. I will really appreciate if anyone can help with the some example code.

    read this
    http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index.html
    http://www.onjava.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html

  • ClassCircularityError in JAAS Authorization with Weblogic Server 10.3

    We are implementing JAAS authorization in which roles and policies are stored in a custom JAAS policy file and users are stored in the embedded LDAP server provided by Weblogic. We are facing problem is authorizing users using the custom policy created.
    We have implemented the JAAS authentication service with weblogic server 10g R3 and user's information stored in embedded LDAP server provided WLS. Given below are the details of implementation for JAAS Authorization:
    Following are the custom classes created:
    1. Custom Principal Class
    public class Principal implements java.security.Principal, java.io.Serializable {
    private String name;
    public Principal() {
    name = "";
    public Principal(String newName) {
    name = newName;
    public boolean equals(Object o) {
    if (o == null)
    return false;
    if (this == o)
    return true;
    if (o instanceof Principal) {
    if (((Principal) o).getName().equals(name))
    return true;
    else
    return false;
    else
    return false;
    public int hashCode() {
    return name.hashCode();
    public String toString() {
    return name;
    public String getName() {
    return name;
    2. Custom Permission Class
    public class ActionPermission extends Permission {
         public ActionPermission(String name) {
              super(name);
         @Override
         public boolean equals(Object obj) {
              if ((obj instanceof ActionPermission)
                        && ((ActionPermission) obj).getName().equals(this.getName())) {
                   return true;
              } else {
                   return false;
         @Override
         public String getActions() {
              return "";
         @Override
         public int hashCode() {
              return this.getName().hashCode();
         @Override
         public boolean implies(Permission permission) {
              if (!(permission instanceof ActionPermission)) {
                   return false;
              String thisName = this.getName();
              String permName = permission.getName();
              if (this.getName().equals("*")) {
                   return true;
              if (thisName.endsWith("*")
                        && permName.startsWith(thisName.substring(0, thisName
                                  .lastIndexOf("*")))) {
                   return true;
              if (thisName.equals(permName)) {
                   return true;
              return false;
    Following are the configuration changes:
    1. Added custom policy to weblogic.policy.
    grant Principal com.scotia.security.authorization.Principal "test" <User defined in the embedded LDAP server of WLS>{
    permission com.scotia.security.authorization.permission.ActionPermission "viewScreen";
    2. Set the java security manager in startWeblogic.cmd file.
    %JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -Dweblogic.Name=%SERVER_NAME% -Djava.security.manager -Djava.security.policy=%WL_HOME%\server\lib\weblogic.policy %PROXY_SETTINGS% %SERVER_CLASS%
    3. Set Realm "Security Model" to "Custom Roles and Policies".
    Right now we are facing the given below exception:
    java.lang.ClassCircularityError: com/scotia/security/authorization/THORPrincipal
         at java.lang.Class.forName0(Native Method)
         at java.lang.Class.forName(Class.java:247)
         at sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1381)
         at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1268)
         at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1231)
         at sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1167)
         at sun.security.provider.PolicyFile.implies(PolicyFile.java:1122)
         at weblogic.security.service.WLSPolicy.implies(Unknown Source)
         at java.security.ProtectionDomain.implies(ProtectionDomain.java:213)
         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:301)
         at java.security.AccessController.checkPermission(AccessController.java:546)
         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
         at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
         at java.io.File.exists(File.java:731)
         at weblogic.utils.classloaders.DirectoryClassFinder.getSource(DirectoryClassFinder.java:36)
    Please help if anyone has some clue regarding this exception. We tried checking the jdk version used by eclipse and weblogic and found it to be same.

    1. Custom Principal Class
    public class Principal implements java.security.Principal, java.io.Serializable {Rename it. You are asking for trouble naming a class after an interface it implements.
    java.lang.ClassCircularityError: com/scotia/security/authorization/THORPrincipalWhat's that class? You haven't shown us.

  • JAAS AUthorization in JSF with facelets

    hello hi JSF and JAAS experts,
    I have web application implementing with jsf facelets and tomcat .Now i want to provide security in my application that is some web pages allow for admin and some web pages for user and..... that means based on role of user i want to give the access for web pages. so for that i am using JAAS for authentication and authorization . I am successfully implemented JAAS authentication for who is logged in. And i am getting subject and putting that subject in context session using following snippet.And also i am able to getting subject and its principals in that subject.
          context.getExternalContext().getSessionMap().put("JAASSubject",jaasHelper.getSubject());
           System.out.println("---------------- "+context.getExternalContext().getSessionMap().get("JAASSubject"));finally my doubt is how to navigate the pages(.xhtml) based on this principlas ,, with JAAS authorization. For that what is configuration snippet in web.xml and faces-config.xml.
    for this i gone through documents , but i didt get solution..
    can any body please hint me how to solve my requirement
    thanks in adv ans

    gbabu wrote:
    My doubt is based on that subject , how to write policy file and how to call doAsPrivileged() mehod on that Subject in order to navigate web pages.how to provide web pages permission for particular role in policy file..
    For example i have three pages login.xhtml,user.xhtml,admin.xhtml.
    1> if the logged in person is admin, then we want to display admin.xhtml
    2> if the loggend is person is user , then we want to display user.xhtml
    untill now i did and found who is logged in and what are his type( admin or user) .now i want configure the web.xml and faces-config.xml based on policy fileTo the best of my knowledge, there is nothing in the standard NavigationHandler which accounts for JAAS security. If you wanted, you could create a custom NavigationHandler to do this. If you think the idea is worthy enough, you could issue an enhancement request to the specification ([https://javaserverfaces-spec-public.dev.java.net/]).

  • JAAS Authorization - aaaggh

    Hi
    I am struggling with authorization in WLS 8.1. My WL server is backed by an RDBMS
    Realm which is used for username/password authentication. I also have a remote
    JVM which uses JAAS to authenticate a user as required. This works fine. For
    the remote JVM I have created a custom permission and associated that with a principal
    via a policy file, shown below:-
    grant principal weblogic.security.principal.RealmAdapterUser "MyUser"
    permission com.package.security.jaas.MyPermission "logon", "true";
    grant
    permission java.io.FilePermission "<<ALL FILES>>", "read,write";
    permission java.net.SocketPermission "*", "accept,connect,listen,resolve";
    permission java.util.PropertyPermission "*", "read,write";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.io.SerializablePermission "enableSubstitution";
    permission javax.security.auth.AuthPermission "*";
    I have a few questions:
    1) How do I associate the subject from the returned login context with my permission?
    2) I call Security.runAs(subject, myaction) to perform the authorized (or not)
    action. However, regardless of what user I use (authorized and unauthorized that
    belong to different groups) it always passes.
    I don't find the WL 81 docs on authorization particularly useful so does anyone
    know what am I doing wrong.
    TIA
    Matt

    "Matt" <[email protected]> wrote in message
    news:3f379042$[email protected]..
    >
    Hi
    I am struggling with authorization in WLS 8.1. My WL server is backed byan RDBMS
    Realm which is used for username/password authentication. I also have aremote
    JVM which uses JAAS to authenticate a user as required. This works fine.For
    the remote JVM I have created a custom permission and associated that witha principal
    via a policy file, shown below:-
    grant principal weblogic.security.principal.RealmAdapterUser "MyUser"
    permission com.package.security.jaas.MyPermission "logon", "true";
    grant
    permission java.io.FilePermission "<<ALL FILES>>", "read,write";
    permission java.net.SocketPermission "*","accept,connect,listen,resolve";
    permission java.util.PropertyPermission "*", "read,write";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.io.SerializablePermission "enableSubstitution";
    permission javax.security.auth.AuthPermission "*";
    I have a few questions:
    1) How do I associate the subject from the returned login context with mypermission?
    2) I call Security.runAs(subject, myaction) to perform the authorized (ornot)
    action. However, regardless of what user I use (authorized andunauthorized that
    belong to different groups) it always passes.
    I don't find the WL 81 docs on authorization particularly useful so doesanyone
    know what am I doing wrong.
    WLS allows you to use JAAS authorization, but does not provide any support
    other
    than what is in the SDK. Therefore, the steps should be the same whether you
    are in
    a java program or whether running in WLS.
    http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/tutorials/GeneralAcn
    AndAzn.html
    I think you need to use a doAs instead of a WLS runAs

  • Problem fetching policy-file-request

    According to
    http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_print.html
    quote:
    * A SWF file may no longer make a socket connection to its
    own domain without a socket policy file. Prior to version
    9,0,115,0, a SWF file was permitted to make socket connections to
    ports 1024 or greater in its own domain without a policy file.
    * HTTP policy files may no longer be used to authorize
    socket connections. Prior to version 9,0,115,0, an HTTP policy
    file, served from the master location of /crossdomain.xml on port
    80, could be used to authorize a socket connection to any port 1024
    or greater on the same host.
    So with the tighter security measures, a policy file has to
    be fetched on port 843 or on the same port on which a connection is
    desired. That leads to another problem. The policy file request
    made by the player has a simple format: clear text
    <policy-file-request/> is sent as raw data bytes on
    the ports.
    As most firewalls block such raw data traffic (of unknown
    protocols) on all the ports, this means that the policy file fetch
    will fail almost always if the user is behind any firewall.
    This will render all SWFs, that do not use well known ports,
    unusable. Does anyone know what is the solution to this
    problem? Or am I missing something here?

    Common guys, someone has to know what to do here.
    I have read all that I can read and tried all that I could
    and the flash app is not accepting my policy file.

  • How to assign special FilePermission in a policy file

    Hi,
    I'm using jaas 1.0 with JDK1.3.
    I want a user to be able to specify a file (a password file : login-password) and to be able to access it before being authenticated. (and so without any permissions to access it)
    I'd like to assign FilePermission not for a file in particulary but for files with an extension in particular (*.pwd in my example). How can I do it in a policy file ?
    Check my code :
    I am in the e:/dvpl directory.
    if I specify that the file must be passwd2.pwd, that's ok, that works, but
    if I want to give read permissions for all the files in conf/ or just for *.pwd, that doesn't work.
    How can I do ?
      //permission java.io.FilePermission "e:/dvpl/conf/passwd2.pwd", "read";
      permission java.io.FilePermission "./conf/-", "read";
      permission java.io.FilePermission "e:/dvpl/conf/-", "read";
      permission java.io.FilePermission "e:/dvpl/conf/*.pwd", "read";Thanks for any help.
    Yann P.
    JOnAS The EJB Server
    http://www.objectweb.org/jonas/index.html

    if you want to give read permissions for all the files in conf:
    permission java.io.FilePermission "\\dvp\\conf\\-","read";
    Hope this help!

  • XMLSocket "Failed to load policy file" error

    I am trying to use an XMLSocket.swf file, and it is not connecting.  Do I need to open up a port on my server?  I am trying to run this on a dedicated remote Windows 2008 server.
    Here is the error from FlashFirebug:
         OK: Root-level SWF loaded: file:///C|/Users/vcaadmin/AppData/Roaming/Mozilla/Firefox/Profiles/70vbx4ys.default/exten sions/flashfirebug%40o%2Dminds.com/chrome/content/flashfirebug.swf
        OK: Root-level SWF loaded: http://speak-tome.com/flash/XMLSocket.swf
        OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at xmlsocket://speak-tome.com:9997 by requestor from http://speak-tome.com/flash/XMLSocket.swf
        Error: Failed to load policy file from xmlsocket://speak-tome.com:9997
        Error: Request for resource at xmlsocket://speak-tome.com:9997 by requestor from http://speak-tome.com/flash/XMLSocket.swf has failed because the server cannot be reached.
    My crossdomain.xml is saved to the root of the web directory and looks like:
        <?xml version="1.0"?>
        <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
        <cross-domain-policy>
        <site-control permitted-cross-domain-policies="master-only"/>
        <allow-access-from domain="*"/>
        <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
        </cross-domain-policy>
    I notice that both ports 843 and 9997 are closed for my domain (speak-tome.com - 72.167.253.16) when I check using a service such as yougetsignal.com/tools/open-ports.  Do I need to get these ports open to get the policy file to work?

    As a test, I uploaded my Flash/Gaia site into an existing site on my old host.  And although the site actually works in this setting, when I run things in the FlashPlayerDebugger, I'm still getting Security Sandbox Violations - so (as adninjastrator suggested in earlier post), this may have nothing to do with the DNS changes - but perhaps with my setting things up wrong somewhere so that the Flashplayer is trying to access my local computer - maybe??
    Debugger logs gives me this:
    Error: Failed to load policy file from xmlsocket://127.0.0.1:5800
    Error: Request for resource at xmlsocket://127.0.0.1:5800 by requestor from http://recreationofthegods.com/bin/main.swf has failed because the server cannot be reached.
    *** Security Sandbox Violation ***
    So, I've now uploaded the identical bin (which contains all the files for my site) - but I'm getting different behaviors on the two hosts.
    On the new holistic servers, the site won't go past the first page:  www.yourgods.com
    On the 1&1 servers, I still get runtime errors in FlashPlayerDebugger - but the site runs ok - http://www.RecreationOfTheGods.com/bin/index.html
    Posting those links in hopes someone with more experience in these sandbox issues can help steer me in the right direction.

  • Osb 10gR3 - Active Intermediary proxy with custom WS-Policy files

    I'm setting up an Active Intermediary proxy, and the Security option on the proxy to "Process WS-Security header" is only usable when Custom Policy Bindings are assigned to the proxy. But I don't want to use the default Oracle policies.
    The "Select WS-Policy" popup within OSB only shows entries under the Predefined Policy tab. Yet I have custom WS-Policy files which have been imported into OSB.
    So what's the trick?

    Hi,
    Below are the steps followed
    - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
    - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
    - I can invoke the osb proxy from bpel by passing credentials - No Issues.
    Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
    -I used Role=Admin as a policy condition restriction under security in Proxy service.
    -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
    -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
    All Iam trying to do is to protect my proxy by authrorization policy.
    Thanks
    Jagan.

  • Custom WS-Policy Files in Console Service Endpoint Polices List

    hi
    Not sure which WLS newsgroup for this so here goes.
    I want to assign custom WS-Policy files to a web service via the console (i.e. post-deployment).
    By default, the Service Endpoint Policies list only shows a small subset of default policy files within weblogic.jar and none of the Wssp1.2-* policy files. (i.e. only the proprietary WLS 9.0 WS-Policy files)
    Is this correct behaviour? I want to experiment with policies based on the current WS Security Policy Standard without hard-coding the names of files into the service.
    Is there a way to make these other supplied WSSecurityPolicy 1.2 policies appear in the list?
    Thanks
    Jim Nicolson

    Hi,
    Below are the steps followed
    - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
    - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
    - I can invoke the osb proxy from bpel by passing credentials - No Issues.
    Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
    -I used Role=Admin as a policy condition restriction under security in Proxy service.
    -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
    -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
    All Iam trying to do is to protect my proxy by authrorization policy.
    Thanks
    Jagan.

  • Jaas authorization

    Hello, friends.
    Help please.
    Is it possible to base jaas authorization and authentication on the database role.
    I use Frank Nimphius DBLoginModule for users authorization and authentication.
    This works fine.
    But all users names must be defined in the application web.xml file.
    But the number of my application users will be increased in the future and i don't know
    their logins. I know that all application users will have database role "app_users only.
    (And all suiccessful authenticated with DBLoginModule users must
    be authorized with my application).
    What can I do in this situation.
    Can I permit access to the application for all users authenticated with LoginModule or
    for all users have been granted with database role "app_users".
    Thank you.

    Thak you for reply, Peter.
    Sorry for my English.I'll try to explain better what i need.
    I use Frank Nimphius DBSystemLoginModule and
    I do not undarstand how to map one jaas role to all database users which have database role app_users for example.
    This works fine if i define individual jaas sequrity role in web.xml for each database user . But it is not the decision because i don't know all application users now.
    But i know that all application users will have database role app_users.
    Another way is to permit access to the application for all successful authenticated with Login Module users.
    Help please.

Maybe you are looking for

  • I found "update()" cannot be used in GameCanvas

    Hi all, I have developed a J2ME game with a midlet file and a GameCanvas. It works well in with any emulator. However, when I try to run it in a cell phone(I have tried Nokia 6260, N70, and Panasonic X800), they all quit immediately when I launch the

  • Web Browsers Not Loading Pages

    Yesterday, I noticed I had problems accessing a few web pages. I use Firefox and was getting pages of code, pages that loaded in weird ways, and some pages just wouldn't load at all, giving me a message saying: "Content Encoding Error: The page you a

  • Unable to add Chinese input to Google Keyboard

    I just bought an yoga tablet 10 B8000F. I tried Input Language/Active Input Methods to add Chinese, but it does not have Chinese on the list. Can anyone help? Thanks! Solved! Go to Solution.

  • ATP against planned independent requirements

    I have set up materials that are linked to planning materials using strategy group 63.  I have tested setting the planning material consumption to a 2 for forwards/backwards and 3 for forward only.  I have set up planned independent requirements by w

  • My Lightroom Preferences are missing, where can they be?

    In attempting to open LR5 beta, I had to reset preferences, but when I opened the Lightroom file the preferences were missing. The Windows search could not locate them, where have they gone?