Using JAAS in a BC4J Client

Hello
We are building a BC4J application.
We would like to use JAAS on the client side (Swing Client), to do some authorization.
I made a test, authentication a user trough JAAS on the client as follow:
// Auhorization
CallbackHandler handler = new InfoCallbackHandler();
String s = "oracle.security.jazn.tools.Admintool";
LoginContext loginContext = new LoginContext(s, handler);
loginContext.login();
Subject subject = loginContext.getSubject();
// authenticated action
Subject.doAs(subject, this);
This works, as long as the client has access to the jazn.xml file.
As far as I understand, this loads the RealmLoginModule.
The RealmLoginModule uses either a jazn.xml file, or LDAP for authentication.
Now I'm curios about where the RealmLoginModule gets its information from, when the client is running on an other machine than the OC4J Server.
Where does the RealmLoginModule get the connection information for the OC4J or LDAP- server from?
Do I have to deliver the security information (jazn.xml file) to the client (I dont want to expose all this information to the Hackers on the client side)?
Is there a way to delegate the JAAS calls to the middle tier (a security provider , LoginModule, that does RMI-calls to an EJB-component)?
Is there a way to do authorization with the BC4J interfaces on the client (something like boolean ApplikacitonModule.isUserInRole(Role) or javax.security.auth.Subject ApplikacitonModule.getSubject() or java.util.Set ApplikacitonModule.getPrincipalsForSubject())?
I would like to get a javax.security.auth.Subject representing the user (and password)
that is authenticated in the middle tier. This is the Subject (defined by username & password)),
used for the JNDI lookup, and by the whole J2EE (EJB) security, when creating a root ApplicationModule.
Is this possible?
Regards
Matthais Gerber

Hi,
In JDeveloper 9.0.3, BC4J has JAAS support in the middle-tier. You could set jbo.security.enforce to "Test" or "Must" on the application module using "Configuration...", "Edit" in JDev. If you are using the default Oracle 9iAS JAAS you will also need to include BC4J Security library in the project. The jdk\jre\lib\securtiy\java.security should have login.configuration.provider=oracle.security.jazn.spi.LoginConfigProvider.
You do not need to create LoginContext, CallbackHandler, etc. in either your client app or business objects.
If you are not using OC4J, you need to have another loginmodule that implement javax.security.auth.spi.LoginModule. You need to set the jbo.security.loginmodule with you loginmodule name, include the class or jar in your library, specify the jaas config file on the java runtime option.
Please refer to 9.0.3 online help "Working with Security in BC4J" for more information.
Thanks,
Yvonn

Similar Messages

  • Using JAAS on an Application Client Container

    I am trying to authenticate users who are going to be accessing
    EJBs from an Application Client Container developed using AWT/Swing.
    I am able to authenticate users accessing these EJBs via the Web Client.
    But some how I get the following error when I run the ACC client:
    Nov 11, 2004 3:47:30 PM com.sun.enterprise.security.auth.login.PasswordLoginModule login
    SEVERE: SEC1105: A PasswordCredential was required but not provided.
    I have tried lc.login with/without the subject and/or principal with the same result.
    Here is the login code
    // Obtain a LoginContext, needed for authentication. Tell
    // it to use the LoginModule implementation specified by
    // the entry named "jdbcRealm" in the JAAS login
    // configuration file and to also use the specified
    // CallbackHandler.
    LoginContext lc = null;
    NameCallback namecb = new NameCallback( "Enter User name: " );
    PasswordCallback passwdcb = new PasswordCallback( "Enter password: ", true );
    Callback[] callbackparm = new Callback[2];
    callbackparm[0] = namecb;
    callbackparm[1] = passwdcb;
    try {
    System.out.println( "entering atUser: login()" );
    //TextCallbackHandler callback = new TextCallbackHandler();
    DialogCallbackHandler callback = new DialogCallbackHandler();
    callback.handle( callbackparm );
    //lc = new LoginContext( "jdbcRealm", callback );
    System.out.println( "entering atUser: login() namecb.getName() = " + namecb.getName() );
    System.out.println( "entering atUser: login() passwdcb.getPassword() = " +
    passwdcb.getPassword() );
    PasswordCredential pwd = new PasswordCredential (namecb.getName(), passwdcb.getPassword() );
    System.out.println( "entering atUser: login() PasswordCredential pwd = " + pwd );
    Subject subject = new Subject();
    //subject.getPrincipals().addAll(tempPrincipals);
    if (!subject.getPrincipals().contains(pwd)) {
    Principal principal = new X500Principal( "CN=JdbcRealm,OU=AkanTech,O=Akan Technology, C=US" );
    subject.getPrincipals().add( principal );
    System.out.println( "entering atUser: login() subject.getPrincipals().add(pwd) = " +
    subject.getPrincipals() );
    if (!subject.getPrivateCredentials().contains(pwd)) {
    subject.getPrivateCredentials().add( pwd );
    subject.getPublicCredentials().add( pwd );
    System.out.println( "entering atUser: login() subject.getPrivateCredentials().add(pwd) = " +
    subject.getPrivateCredentials() );
    System.out.println( "entering atUser: login() subject.getPrivateCredentials().add(pwd) = " +
    subject.getPrivateCredentials() );
    lc = new LoginContext( "jdbcRealm", subject, callback );
    System.out.println( "entering atUser: login() loginContext = " + lc );
    System.out.println( "entering atUser: login() lc.getSubject() = " + lc.getSubject() );
    } catch (LoginException le) {
    System.err.println("atUser login() LoginException: Cannot create LoginContext: " +
    le.getMessage());
    System.exit( -1 );
    } catch (SecurityException se) {
    System.err.println("atUser login() SecurityException: Cannot create LoginContext: " +
    se.getMessage());
    System.exit( -1 );
    //} catch (UnsupportedCallbackException se) {
    //System.err.println("atUser login() UnsupportedCallbackException: Cannot create LoginContext: " +
    se.getMessage());
    //System.exit( -1 );
    } catch (Exception se) {
    System.err.println("atUser login() Exception: Cannot create LoginContext: " + se.getMessage());
    System.exit( -1 );
    try {
    // attempt authentication
    lc.login();
    } catch (LoginException le) {
    System.err.println( "atUser login() LoginException Authentication failed: " + le.getMessage() );
    System.exit( -1 );
    System.out.println( "atUser login() Authentication succeeded!" );
    Here is the content of: appclientlogin.conf
    /* Copyright 2004 Sun Microsystems, Inc. All rights reserved. */
    /* SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */
    default {
         com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=false;
    certificate {
         com.sun.enterprise.security.auth.login.ClientCertificateLoginModule required debug=false;
    jdbcRealm {
         com.akantech.security.jdbcrealm.JDBCLoginModule required debug=false;
    Here is the content of sun-acc.xml.
    I have tried with/without the client-credential entry with the same result.
    <?xml version="1.0" encoding="UTF-8"?>
    <!--
    Copyright 2004 Sun Microsystems, Inc. All rights reserved.
    SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
    -->
    <!DOCTYPE client-container PUBLIC "-//Sun Microsystems Inc.//DTD Application Server 8.0 Application Client Container//EN" "http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_0.dtd">
    <client-container>
    <target-server name="winxppro" address="winxppro" port="3700"/>
    <log-service file="C:/Sun/AppServer/lib/appclient/logs/client.log" level="WARNING"/>
    <auth-realm classname="com.akantech.security.jdbcrealm.JDBCRealm" name="jdbc">
    <property name="dbdrivername" value="com.ibm.db2.jcc.DB2Driver"/>
    <property name="auth-type" value="jdbccustomrealm"/>
    <property name="dburl" value="jdbc:db2://localhost:50000/authuser"/>
    <property name="jaas-context" value="jdbcRealm"/>
    </auth-realm>
    <client-credential user-name="admin" password="akantech" realm="jdbc"/>
    </client-container>
    What am I missing?
    I have read the following documentation but cant seem to figure out what I am missing.
    http://docs.sun.com/source/819-0079/dgdesc.html#wp130029
    http://docs.sun.com/source/819-0079/dgsecure.html
    http://docs.sun.com/source/819-0079/dgsecure.html#wp32713
    http://java.sun.com/security/jaas/doc/api.html
    http://java.sun.com/security/jaas/doc/module.html
    http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/index.html
    I added a lot of log info in the JDBCLoginModule : authenticate() method.
    It seems to me like the authenticate() method is never called. Because nothing is
    logged from this method.
    Thanks a million
    Stephen

    I have not been able to figure this one out yet so put it on the
    back burner.
    I am still waiting for an answer.
    Did you find the answer?

  • Client remote Authentication using JAAS and EJB Access

    Hi,
    I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:
    I have implemented an EJB who's methods are protected through the deployment descriptor:
            <assembly-descriptor>
                 <security-role>
                    <description>role for clients outside of the server </description>
                    <role-name>sedna</role-name>
                  </security-role>
                <method-permission>
                  <role-name>sedna</role-name>
                  <method>
                    <ejb-name>ServerInfoBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>*</method-name>
                  </method>
                </method-permission>
                <method-permission>
                  <unchecked/>
                  <method>
                    <ejb-name>ServerInfoBean</ejb-name>
                    <method-name>getVersion</method-name>
                  </method>
                  <method>
                    <ejb-name>ServerInfoBean</ejb-name>
                    <method-name>create</method-name>
                  </method>
                </method-permission>
            </assembly-descriptor>I've deployed the EJB in a jar file which was packed into an ear file of a bigger application. The role has been mapped to the admin Principal in the sun-ejb-jar.xml descriptor.
    I can find the EJB, create it, and call the unchecked method getVersion and that works fine, so far so good.
    But then I try to access another method which is protected and then I get this exception
    org.omg.CORBA.NO_PERMISSION:   vmcid: 0x2000  minor code: 1806 completed: Maybe
            at com.sun.enterprise.iiop.POAProtocolMgr.mapException(POAProtocolMgr.java:179)
            at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:853)
            at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:137)
    ...I have to mention that I do make a login via the LoginContext. My jaas.config File has a reference to the com.sun.enterprise.security.auth.login.ClientPasswordLoginModule module.
    After login (which works perfectly) I lookup the context with a corbaname url which - if I understood it right - ignores the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS settings.
    After that I make the calls to the EJB. And I am allways ANONYMOUS on the server side, which is definitely the problem. Because ANONYMOUS is not allowed to call the protected EJB Methods. But I made a jaas login in advance. So where am I making a mistake???
    Am I doing something wrong?
    Need help! Thx,
    Stephan

    Hi.
    I understand correctly that you call Subject.doAs on
    the client to call the remote EJB. I guess It isn't
    right way.I had also a bad feeling about this, so I forget it. But anyway it wasn't working with or without using that doAs().
    >
    >
    Subject contextSubject =
    Subject.getSubject(AccessController.getContext());
    contextSubject.getPrincipals();This code throws exceptions in the Appserver. Unfortunately they are catched somewhere so I'm unable to find out what was going wrong. But I guess, that these exceptions where security exceptions. Never the less thanks for the hint!
    But I don't think that doing the check on the server side is the way I want to go because that is programmatically security and I want to use the declarative security which can be used through the deployment descriptor. If used correctly - and supposed I do not completely misunderstand the specification - then it should be possible to create an EJB that is protected via it's deployment descriptor and access it through the client only if the client has been authenticated through JAAS mechanisms. After successful authentication the principal should be accessible through the EJB context but not for security check, that should allready been done at this time.
    Unfortunately I don't find any resource on the internet describing the scenario in such a detail that I can reproduce it. There are only very high level documentations and hints in forums.
    Again, thanks for your effort,
    Stephan

  • Enabling JAAS Authorization in BC4J ,getUserPrincipalName()

    The Jdeveloper Help states the following:-
    Currently, BC4J does not have an authorization framework. However, if your application uses JAAS for authentication, >>you can implement your own authorization. To pass JAAS user information to your authorization code: Obtain the JAAS->>authenticated username from your application module by calling the method.
    :- ApplicationModule.getUserPrincipalName()I have successfully implemented JAAS and just want to show the username in a JSP page.
    I have imported oracle.jbo in to my JSP and tried to access the method getUserPrincipalName but I get the following error
    Error(12,40): class getUserPrincipalName not found in interface oracle.jbo.ApplicationModule
    I have also checked the oracle,jbo documentation and can not find any reference to this method.
    Where am I going wrong?
    JSP :-
    <%@ page import="oracle.jbo.*" language="java" errorPage="errorpage.jsp" contentType="text/html;charset=windows-1252" %>
    <%@ taglib uri="/webapp/DataTags.tld" prefix="jbo" %>
    <html>
    <head>
    <META NAME="GENERATOR" CONTENT="Oracle JDeveloper">
    <LINK REL=STYLESHEET TYPE="text/css" HREF="bc4j.css">
    <TITLE>User Info</TITLE>
    </head>
    <body>
    <jbo:ApplicationModule id="Mypackage1Module" definition="Project2.Mypackage1Module" releasemode="Stateful" />
    <p>
    <%= new ApplicationModule.getUserPrincipalName() %></p>
    <jbo:ReleasePageResources />
    </body>
    </html>

    Colin,
    You need to create a custom method on your application module that returns the user principal name, then make your custom method remotable. If your application module is called BizModule, and your BC4J package is called biz, this is how you do it.
    1. Create a custom method in BizModuleImpl.java, something like:
        public String returnUserName()
           return getUserPrincipalName();
        2. Edit your application module. In the app module editor, go to the Client Methods tab and move returnUserName into the selected list. This creates an interface, BizModule.java.
    3. Add code to your JSP to call your custom method. First add the correct import statements to the page tag:
        <%@ page contentType="text/html;charset=windows-1252" import="oracle.jbo.*, biz.common.*"%>
        Then add the code to return an application module instance and call your custom method. In this example the id parameter in the ApplicationModule tag is "am" (<jbo:ApplicationModule id="am"...).
        <%
           BizModule bizAm = (BizModule)am.useApplicationModule();
           String userName = bizAm.returnUserName();
        %>
        I hope this helps
    Blaise
    4. Now the Java variable userName contains the user principal name and you can use it in your JSP code.

  • Has anyone used JAAS with WebLogic?

    Has anyone used JAAS with Weblogic? I was looking at their example, and I have a bunch of questions about it. Here goes:
    Basically the problem is this: the plug-in LoginModule model of JAAS used in WebLogic (with EJB Servers) seems to allow clients to falsely authenticate.
    Let me give you a little background on what brought me to this. You can find the WebLogic JAAS example (to which I refer below) in the pdf: http://e-docs.bea.com/wls/docs61/pdf/security.pdf . (I believe you want pages 64-74) WebLogic, I believe goes about this all wrong. They allow the client to use their own LoginModules, as well as CallBackHandlers. This is dangerous, as it allows them to get a reference (in the module) to the LoginContext's Subject and authenticate themselves (i.e. associate a Principal with the subject). As we know from JAAS, the way AccessController checks permissions is by looking at the Principal in the Subject and seeing if that Principal is granted the permission in the "policy" file (or by checking with the Policy class). What it does NOT do, is see if that Subject
    has the right to hold that Principal. Rather, it assumes the Subject is authenticated.
    So a user who is allowed to use their own Module (as WebLogic's example shows) could do something like:
    //THEIR LOGIN MODULE (SOME CODE CUT-OUT FOR BREVITY)
    public class BasicModule implements LoginModule
    private NameCallback strName;
    private PasswordCallback strPass;
    private CallbackHandler myCB;
    private Subject subj;
             //INITIALIZE THIS MODULE
               public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
                      try
                           //SET SUBJECT
                             subj = subject;  //NOTE: THIS GIVES YOU REFERENCE
    TO LOGIN CONTEXT'S SUBJECT
                                                     // AND ALLOWS YOU TO PASS
    IT BACK TO THE LOGIN CONTEXT
                           //SET CALLBACKHANDLERS
                             strName = new NameCallback("Your Name: ");
                             strPass = new PasswordCallback("Password:", false);
                             Callback[] cb = { strName, strPass };
                           //HANDLE THE CALLBACKS
                             callbackHandler.handle(cb);
                      } catch (Exception e) { System.out.println(e); }
         //LOG THE USER IN
           public boolean login() throws LoginException
              //TEST TO SEE IF SUBJECT HOLDS ANYTHING YET
              System.out.println( "PRIOR TO AUTHENTICATION, SUBJECT HOLDS: " +
    subj.getPrincipals().size() + " Principals");
              //SUBJECT AUTHENTICATED - BECAUSE SUBJECT NOW HOLDS THE PRINCIPAL
               MyPrincipal m = new MyPrincipal("Admin");
               subj.getPrincipals().add(m);
               return true;
             public boolean commit() throws LoginException
                   return true;
        }(Sorry for all that code)
    I tested the above code, and it fully associates the Subject (and its principal) with the LoginContext. So my question is, where in the process (and code) can we put the LoginContext and Modules so that a client cannot
    do this? With the above example, there is no Security. (a call to: myLoginContext.getSubject().doAs(...) will work)
    I think the key here is to understand JAAS's plug-in security model to mean:
    (Below are my words)
    The point of JAAS is to allow an application to use different ways of authenticating without changing the application's code, but NOT to allow the user to authenticate however they want.
    In WebLogic's example, they unfortunately seem to have used the latter understanding, i.e. "allow the user to authenticate however they want."
    That, as I think I've shown, is not security. So how do we solve this? We need to put JAAS on the server side (with no direct JAAS client-side), and that includes the LoginModules as well as LoginContext. So for an EJB Server this means that the same internal permission
    checking code can be used regardless of whether a client connects through
    RMI/RMI-IIOP/JEREMIE (etc). It does NOT mean that the client gets to choose
    how they authenticate (except by choosing YOUR set ways).
    Before we even deal with a serialized subject, we need to see how JAAS can
    even be used on the back-end of an RMI (RMI-IIOP/JEREMIE) application.
    I think what needs to be done, is the client needs to have the stubs for our
    LoginModule, LoginContext, CallBackHandler, CallBacks. Then they can put
    their info into those, and everything is handled server-side. So they may
    not even need to send a Subject across anyways (but they may want to as
    well).
    Please let me know if anyone sees this problem too, or if I am just completely
    off track with this one. I think figuring out how to do JAAS as though
    everything were local, and then putting RMI (or whatever) on top is the
    first thing to tackle.

    Send this to:
    newsgroups.bea.com / security-group.

  • Problems using detaildisclosure on UIXML BC4J

    Hi there.
    I have try to build a litle aplication with UIXML/BC4J and i need to use a table with DetailDisclosure but i can't show the hide detail of a row.
    Source Code :
    �UIXML Page�
    <?xml version="1.0" encoding="windows-1252" ?>
    <page xmlns="http://xmlns.oracle.com/uix/controller"
    xmlns:ctrl="http://xmlns.oracle.com/uix/controller"
    xmlns:ui="http://xmlns.oracle.com/uix/ui"
    xmlns:bc4j="http://xmlns.oracle.com/uix/bc4j">
    <bc4j:registryDef>
    <bc4j:rootAppModuleDef name="CustomerToCustomerAppModule"
    definition="OE_UIX_v1.OeModule"
    releaseMode="stateful">
    <bc4j:viewObjectDef name="CustomerMasterVO" rangeSize="10"/>
    <bc4j:viewObjectDef name="CustomerDetailVO" rangeSize="1"/>
    </bc4j:rootAppModuleDef>
    </bc4j:registryDef>
    <content>
    <try xmlns="http://xmlns.oracle.com/uix/ui"
    xmlns:data="http://xmlns.oracle.com/uix/ui">
    <catch>
    <displayException/>
    </catch>
    <contents>
    <pageLayout xmlns="http://xmlns.oracle.com/uix/ui"
    xmlns:data="http://xmlns.oracle.com/uix/ui"
    title="Visualizar Clientes">
    <!-- Start of common pageLayout section. If you plan to expand this
    example application, consider using a UIT template to specify the common
    portions of your pageLayout -->
    <productBranding>
    <image source="tools_collage.gif"
    shortDesc="JDeveloper Product Logo"/>
    </productBranding>
    <corporateBranding>
    <image source="oraclelogo.gif" shortDesc="Oracle Logo"/>
    </corporateBranding>
    <globalButtons>
    <globalButtonBar>
    <contents>
    <globalButton source="www_home.gif" text="Home"
    destination="Main.uix"/>
    <globalButton source="www_contact.gif" text="Contact Us"
    destination="http://www.oracle.com"/>
    <globalButton source="www_help.gif" text="Help"
    destination="http://otn.oracle.com/products/jdev/content.html"/>
    </contents>
    </globalButtonBar>
    </globalButtons>
    <copyright>Copyright 2003 Meitner. All Rights Reserved.</copyright>
    <privacy>
    <link text="Privacy Statement" destination="http://www.meitner.com"/>
    </privacy>
    <!-- End of common pageLayout section -->
    <contents>
    <!-- this will contain any validation errors after form
    submission -->
    <messageBox automatic="true"/>
    <bc4j:rootAppModuleScope name="CustomerToCustomerAppModule">
    <contents>
    <header text="Pesquisar">
    <contents>
    <form name="procurar" method="POST">
    <contents>
    <inlineMessage prompt="Condi��o de Pesquisa"
    vAlign="middle">
    <contents>
    <flowLayout>
    <contents>
    <textInput name="attrPesquisa"
    data:text="ctrl:page@attrPesquisa"
    shortDesc="Pesquisar"/>
    </contents>
    </flowLayout>
    </contents>
    <end>
    <submitButton text="Pesquisar" ctrl:event="search"/>
    </end>
    </inlineMessage>
    </contents>
    </form>
    </contents>
    </header>
    <header text="Resultados">
    <contents>
    <form name="viewForm" method="POST">
    <contents>
    <tableLayout hAlign="center">
    <contents>
    <bc4j:viewObjectScope name="CustomerMasterVO">
    <contents>
    <bc4j:table name="viewTable" width="80%"
    alternateText="N�o foram encontrados clientes"
    formSubmitted="true">
    <detail>
    <labeledFieldLayout rendered="true">
    <contents>
    <tableLayout>
    <contents>
    <bc4j:rootAppModuleScope
    name="CustomerToCustomerAppModule">
    <contents>
    <bc4j:viewObjectScope
    name="CustomerDetailVO">
    <contents>
    <bc4j:rowScope
    name="detailCustomerDetailVO">
    <contents>
    <bc4j:messageList attrName="CustAddress"
    readOnly="true"/>
    <bc4j:messageInput attrName="PhoneNumbers"
    readOnly="true"/>
    <bc4j:messageInput attrName="NlsLanguage"
    readOnly="true"/>
    <bc4j:messageInput attrName="NlsTerritory"
    readOnly="true"/>
    <bc4j:messageInput attrName="CreditLimit"
    readOnly="true"/>
    <bc4j:messageInput attrName="CustEmail"
    readOnly="true"/>
    <bc4j:messageInput attrName="AccountMgrId"
    readOnly="true"/>
    <bc4j:messageInput attrName="CustGeoLocation"
    readOnly="true"/>
    <bc4j:messageInput attrName="CustomerId"
    readOnly="true"/>
    </contents>
    </bc4j:rowScope>
    </contents>
    </bc4j:viewObjectScope>
    </contents>
    </bc4j:rootAppModuleScope>
    </contents>
    </tableLayout>
    <formValue name="disclosed" value="1"/>
    </contents>
    </labeledFieldLayout>
    </detail>
    <tableSelection>
    <!-- single selection for each row in the table -->
    <singleSelection selectedIndex="0"
    shortDesc="Cliente Selecionado">
    <contents>
    <!-- the update button causes the currently selected
    row to be sent to the update page -->
    <submitButton text="Update"
    ctrl:event="update"/>
    <!-- the delete button causes the currently selected
    row to be removed -->
    <submitButton text="Delete"
    ctrl:event="delete"/>
    <submitButton text="Create"
    ctrl:event="create"/>
    </contents>
    </singleSelection>
    </tableSelection>
    <!-- the key identifying the current row in the table -->
    <bc4j:keyStamp>
    <bc4j:rowKey name="key"/>
    </bc4j:keyStamp>
    <contents>
    <!-- A bc4j:column element is added for each attribute
    in the ViewObject. -->
    <bc4j:column attrName="CustomerId">
    <columnHeader>
    <bc4j:sortableHeader/>
    </columnHeader>
    <contents>
    <bc4j:input readOnly="true"/>
    </contents>
    </bc4j:column>
    <bc4j:column attrName="CustFirstName">
    <columnHeader>
    <bc4j:sortableHeader/>
    </columnHeader>
    <contents>
    <bc4j:input readOnly="true"/>
    </contents>
    </bc4j:column>
    <bc4j:column attrName="CustLastName">
    <columnHeader>
    <bc4j:sortableHeader/>
    </columnHeader>
    <contents>
    <bc4j:input readOnly="true"/>
    </contents>
    </bc4j:column>
    </contents>
    <detailDisclosure>
    <disclosed data:disclosed="disclosed@detailData@ctrl:eventResult"/>
    </detailDisclosure>
    </bc4j:table>
    </contents>
    </bc4j:viewObjectScope>
    </contents>
    </tableLayout>
    </contents>
    </form>
    </contents>
    </header>
    </contents>
    </bc4j:rootAppModuleScope>
    </contents>
    <contentFooter>
    <!-- the create button redirects to the create page -->
    <button text="Create" ctrl:event="create"/>
    </contentFooter>
    </pageLayout>
    </contents>
    </try>
    </content>
    <handlers>
    <event name="show">
    <method class="pt.meitner.oe.GlobalEvents" method="doHideShowEvent"/>
    </event>
    <event name="hide">
    <method class="pt.meitner.oe.GlobalEvents" method="doHideShowEvent"/>
    </event>
    <event name="search">
    <!-- using the ApplicationModule causes it to be checked out from the
    ApplicationPool. It is released using stateful mode. -->
    <bc4j:findRootAppModule name="CustomerToCustomerAppModule">
    <!-- establish the ViewObject scope -->
    <bc4j:findViewObject name="CustomerMasterVO">
    <!-- search for the view criteria -->
    <bc4j:findByExample>
    <bc4j:exampleRow ignoreCase="true">
    <bc4j:exampleAttribute>
    <bc4j:nameBinding>
    <bc4j:parameter name="attrName"/>
    </bc4j:nameBinding>
    <bc4j:valueBinding>
    <bc4j:parameter name="attrValue"/>
    </bc4j:valueBinding>
    </bc4j:exampleAttribute>
    </bc4j:exampleRow>
    </bc4j:findByExample>
    <bc4j:executeQuery/>
    <!-- store the current search criteria as page properties -->
    <bc4j:setPageProperty name="attrName">
    <bc4j:parameter name="attrName"/>
    </bc4j:setPageProperty>
    <bc4j:setPageProperty name="attrValue">
    <bc4j:parameter name="attrValue"/>
    </bc4j:setPageProperty>
    </bc4j:findViewObject>
    </bc4j:findRootAppModule>
    </event>
    <event name="sort" source="viewTable">
    <!-- using the ApplicationModule causes it to be checked out from the
    ApplicationPool. It is released using stateful mode. -->
    <bc4j:findRootAppModule name="CustomerToCustomerAppModule">
    <!-- establish the ViewObject scope -->
    <bc4j:findViewObject name="CustomerMasterVO">
    <!-- sort by the submitted attribute name -->
    <bc4j:sort/>
    </bc4j:findViewObject>
    </bc4j:findRootAppModule>
    </event>
    <event name="goto" source="viewTable">
    <!-- using the ApplicationModule causes it to be checked out from the
    ApplicationPool. It is released using stateful mode. -->
    <bc4j:findRootAppModule name="CustomerToCustomerAppModule">
    <!-- establish the ViewObject scope -->
    <bc4j:findViewObject name="CustomerMasterVO">
    <!-- navigate to the submitted range -->
    <bc4j:goto/>
    </bc4j:findViewObject>
    </bc4j:findRootAppModule>
    </event>
    <event name="create">
    <!-- forward to the create page -->
    <ctrl:go name="CustomerVO_Create" redirect="true"/>
    </event>
    <event name="update">
    <!-- forward to the update page, passing the selected key
    as a page property -->
    <ctrl:go name="CustomerVO_Update" redirect="true">
    <ctrl:property name="key">
    <ctrl:selection name="viewTable" key="key"/>
    </ctrl:property>
    </ctrl:go>
    </event>
    <event name="delete">
    <!-- using the ApplicationModule causes it to be checked out from the
    ApplicationPool. It is released using stateful mode. -->
    <bc4j:findRootAppModule name="CustomerToCustomerAppModule">
    <!-- establish the ViewObject scope -->
    <bc4j:findViewObject name="CustomerMasterVO">
    <!-- find the selected Row -->
    <bc4j:findRowByKey>
    <bc4j:keyBinding>
    <bc4j:selectionKey name="viewTable" key="key"/>
    </bc4j:keyBinding>
    <bc4j:handlers>
    <!-- remove the selected ViewObject row -->
    <bc4j:removeRow/>
    <!-- execute the query to eliminate dead row access -->
    <bc4j:executeQuery/>
    </bc4j:handlers>
    </bc4j:findRowByKey>
    </bc4j:findViewObject>
    <!-- commit the transaction, forwards to self automatically -->
    <bc4j:commit/>
    </bc4j:findRootAppModule>
    </event>
    </handlers>
    </page>
    �Java Class�
    package pt.meitner.oe;
    import oracle.cabo.servlet.BajaContext;
    import oracle.cabo.servlet.Page;
    import oracle.cabo.servlet.event.EventResult;
    import oracle.cabo.servlet.event.PageEvent;
    import oracle.cabo.servlet.ui.data.PageEventFlattenedDataSet;
    import oracle.cabo.ui.UIConstants;
    import oracle.cabo.ui.data.DataObject;
    import oracle.cabo.ui.data.DataObjectList;
    import oracle.cabo.ui.RenderingContext;
    public class GlobalEvents
    public GlobalEvents()
    public static EventResult doHideShowEvent(BajaContext bc, Page page,
    PageEvent event)
    PageEventFlattenedDataSet tableRows =
    new PageEventFlattenedDataSet(event, event.getParameter(UIConstants.SOURCE_PARAM));
    // this is the row that must be (un)disclosed:
    int row = Integer.parseInt(event.getParameter(UIConstants.VALUE_PARAM));
    // decide whether we want to disclose or undisclose depending on the name
    // of the event
    System.out.println("r -> " + row + " table " + event.getParameter(UIConstants.SOURCE_PARAM));
    boolean disclose = UIConstants.SHOW_EVENT.equals(event.getName());
    System.out.println("disclose =" + disclose);
    DataObjectList detailData = new DetailData(tableRows, row, disclose);
    EventResult result = new EventResult(page);
    result.setProperty("detailData", detailData);
    return result;
    private static final class DetailData implements DataObjectList
    * @param pageEvent contains the current disclosure state of the table
    * @param index the index of the row that must have its disclosure state
    * changed
    * @param disclosure the new disclosure state for the row
    public DetailData(DataObjectList pageEvent, int index, boolean disclose)
    _pageEvent = pageEvent;
    // initially, none of the table rows will be disclosed, so there will be
    // no pageEvent data and this length would be zero:
    _length = pageEvent.getLength();
    _index = index;
    _disclose = disclose;
    public int getLength()
    // make sure that the length we return is sufficiently large enough that
    // we reach the index we want to change
    return (_index >= length) ? index+1 : _length;
    public DataObject getItem(int index)
    boolean disclose;
    if (index==_index)
    // this is the index that we want to change.
    disclose = _disclose;
    else if (index < _length)
    // this index can safely be pulled from the pageEvent
    DataObject row = _pageEvent.getItem(index);
    // if there was a "disclosed" form element on this row then we
    // consider the row disclosed:
    disclose = (row.selectValue(null, "disclosed") != null);
    else
    disclose = false;
    return disclose ? DISCLOSETRUE : DISCLOSEFALSE;
    private final DataObjectList _pageEvent;
    private final int index, length;
    private final boolean _disclose;
    private static final DataObject DISCLOSETRUE = new DataObject() {
    public Object selectValue(RenderingContext rc, Object key)
    return Boolean.TRUE;
    private static final DataObject DISCLOSEFALSE = new DataObject() {
    public Object selectValue(RenderingContext rc, Object key)
    return Boolean.FALSE;

    Eliseu -
    Unfortunately with the forum software not escaping any XML content, I'm having a real hard time figuring out what kind of problem you are having with detail disclosure. I did post a response to your message in the UIX forum:
    Problems with details disclosure
    You might want to check out my response and post any follow-ups there...
    Andy

  • BC4J: client object reference in app module

    We know that the BC4J clients can call the server using the remote app module reference. Just wondering if the server can have references to the clients as well (so that the server could call all the clients if something on the server gets updated)? If so, is there any example for client callbacks from the app modules? Has anyone done something like this before?

    We know that the BC4J clients can call the server using the remote app module reference. Just wondering if the server can have references to the clients as well (so that the server could call all the clients if something on the server gets updated)? If so, is there any example for client callbacks from the app modules? Has anyone done something like this before?

  • Access resource from other application using JAAS

    i use JAAS for autenticate and autorizate in my web application, but i need access a resource from the other application , but this application don�t use JAAS.
    How can i acces this resource from other application?
    i know need send the parameters JSESSIONID, but , always redirecto the login page.
    thank you for your help

    your signon url is consists of the following url http://server.domain.com:port/site/signon.html
    Can you ping server.domain.com from your client?
    If you can ping it, then make sure your port is added as a rule in the firewall of the server.
    Also make sure that the proxy setting of the client have an exception to server.domain.com.
    If you cannot ping it, make sure the server and the client are conneted to the same network and make sure the hosts file on the client reflects the ipaddress and the hostname of the server.
    Hakan

  • AccessControlException using JAAS under 1.4. But it works under 1.3

    We're building a client/server Java application using Java 1.3.1_02. Client authentication is done by JAAS. When running client and server under 1.3 everything works fine. Now we want to run our application using 1.4.2_02 (still doing the build with 1.3.1_02). Accoding to Java's backwards compatibility this should be no problem. But there is a problem.
    The client logs in via JAAS on the server and gets a javax.security.auth.Subject instance, which is then passed again to the server to get the associated permissions (this is done by an Authenticator class):
            Subject subject = login(startupFrame);
            Authenticator authenticator
                    = ProxyFactory.getInstance().getAuthenticator();
            Identity.setPermissions(authenticator.getPermissions());The login itself works, the problem is the call of getPermissions. There's an AuthenticatorImpl class on the server whose getPermissions method is to be called. This class is wrapped by an RMIObjectWrapperImpl class which has an invokeMethod method. This method is called via rmi (client->server) by the client and looks like this:
        public final Serializable invokeMethod(final String name,
                                               final String[] typeNames,
                                               final Serializable[] params,
                                               final Authentication authentication) throws ... {
                final Subject subject = new Subject();
                final Set principals = subject.getPrincipals();
                principals.clear();
                principals.addAll(Arrays.asList(new AuthenticatorImpl()
                        .authenticate(authentication)));
                Policy.getPolicy().refresh();
                return (Serializable) Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() {
                    public Object run() throws Exception {
                        try {
                            Object result = theMethod.invoke(delegate, params);
                            return result;
                        } catch (Exception e) {
                }, null);The line ... theMethod.invoke(...) calls the following AuthenticatorImpl.getPermissions() via rmi (server->server).
        public PermissionCollection getPermissions() throws ... {
            AccessControlContext acc = AccessController.getContext();
            Subject s = Subject.getSubject(acc);
            Policy p = Policy.getPolicy();
            return p.getPermissions(s, null);
        }When reaching the method's second line (Subject.getSubject) we obtain a java.security.AccessControlException.
    Do you have any ideas what's wrong?
    We're using a policy file for client and server, but even if we grant all permissions the problem still exists.
    If there's an error why doesn't it occur running under 1.3?
    Maybe the reason is that in 1.4 JAAS is a part of the JRE and some methods have become deprecated? (Under 1.3 we are using an external jar file containing an older JAAS version, under 1.4 the built-in JAAS classes are used).
    Thanks in advance

    It now works using 1.4.
    What I did is using Subject.doAs instead of Subject.doAsPrivileged.
    I'm a beginner in JAAS: Is it in consideration of security aspects ok to use doAs instead of doAsPrivileged here?
    And besides this: Isn't it a bug that the behaviour is different in 1.3 and 1.4?
    Thanks

  • How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS

    Hi
    I have read the article on SDN called "How to Set Up SSO Between IBM WebSphere and SAP EP Using JAAS", which is also the name of my posting.
    The reason why I post this is that I've tried to follow the links in the PDF to get the file WebsphereEpSsoLib.zip but I get an error 403, which tells me that the file is not there.
    Does anybody know where this file went or can somebody tell me an alternative place to get this file?
    Jacob

    Please open the associated whitepaper, and you can find the download link to the .ZIP file on page 4.
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ibm/how to set up single sign-on between an ibm websphere portal and the sap enterprise portal using jaas.pdf
    Hope that works!
    Elise

  • Using JarSettings to generate EJB client jar, but supported classes missed

    Appreciated for any comments in advance.
    I am using @jarSetting to generate EJB client jar file from workshop 9.2. The remote method of EJB has one input parameter that is defined as an interface. The interface is included in client jar, but the implementation of this interface is not.
    Please advise how I can add the implementation of this interface to client jar?
    Best Regards,
    James

    Hi James,
    I believe the algorithm for creating the client jar is to simply inspect the EJB interfaces using reflection and to include all user defined classes and exceptions that are referenced by the interfaces. In your case, it sounds like a class is not being included because it is not directly referenced by one of the EJB interfaces.
    I think the client jar creation algorithm can be described as "best effort" and unfortunately, it does not always end up including all classes needed by the client. I would recommend you add the additional classes manually using the jar tool.
    - Matt

  • Can't sign in using any 3rd party email client with my iCloud account on any Mac. Tried every settings, My iCloud only works with Mail.app

    Can't sign in using any 3rd party email client with my iCloud account on any Mac or any other Mac. My iCloud will only work with Mail.app. All the clients I tried work perfectly well as long as I sign in with somebody else's iCloud account. But mine won't work no matter the client (Postbox, Unibox, Airmail...) and no matter the computer.
    I can access my account on iCloud.com, but I can't use email clients without getting error messages prompting me to check my password or login.
    I was able to use those clients in the past but a couple of months ago I got logged out of Airmail and the issue started just like that!
    I tried every possible mail server settings including the following:
    IMAP information for the incoming mail server
    Server name: imap.mail.me.com
    SSL Required: Yes
    If you receive errors when using SSL, try using TLS instead.
    Port: 993
    Username: The name part of your iCloud email address (for example, emilyparker, not [email protected])
    Password: Your iCloud password
    SMTP information for the outgoing mail server
    Server name: smtp.mail.me.com
    SSL Required: Yes
    If you receive errors when using SSL, try using TLS instead.
    Port: 587
    SMTP Authentication Required: Yes
    Username: Your full iCloud email address (for example, [email protected], not emilyparker)
    Password: Your iCloud password

    Those are the correct settings, and they work with any email client that supports Imap.
    Try again.

  • NoClassdefFound Problem using EJB as web service client

    Hello there, I am trying to use a MDB as a web service client. The architecture,
    briefly is in the form of a java program communicating with a MDB via JMS, the
    MDB gets the data from some external server via SOAP. I am using JBuilder to generate
    the client side classes choosing the Axis framework. When my MDB is trying to
    bind using locator.getPort() it throws an error as follows:
    java.lang.NoClassDefFoundError: org.apache.axis.client.AxisClient. java.lang.NoClassDefFoundError:
    org.apache.axis.client.AxisClient at org.apache.axis.client.Service.getAxisClient()Lorg.apache.axis.client
    AxisClient;(Service.java:143) at org.apache.axis.client.Service.<init>()V(Service.java:152)
    Note that it works fine if I use the web services client as a standalone java
    program(no weblogic ). I tried putting the Axis.jar file as well as the relevant
    files from this jar file(JBuilder's feature) in the EJB module that is deployed,
    of no avail. Following is the classloader printed from the EJB's onMessage method
    if needed for better understanding
    weblogic.utils.classloaders.GenericClassLoader@afdd3a finder: weblogic.utils.cla
    ssloaders.MultiClassFinder@20d7479 annotation: SecurityEJBModule@
    Any help will be appreciated

    Slava, I did exactly that and it worked! I wish I had seen your reply before.
    Thanks
    "Slava Imeshev" <[email protected]> wrote:
    >
    "Santosh" <[email protected]> wrote in message news:405074c7$[email protected]..
    Hello there, I am trying to use a MDB as a web service client. Thearchitecture,
    briefly is in the form of a java program communicating with a MDB viaJMS, the
    MDB gets the data from some external server via SOAP. I am using JBuilderto generate
    the client side classes choosing the Axis framework. When my MDB istrying to
    bind using locator.getPort() it throws an error as follows:
    java.lang.NoClassDefFoundError: org.apache.axis.client.AxisClient.java.lang.NoClassDefFoundError:
    org.apache.axis.client.AxisClient at org.apache.axis.client.Service.getAxisClient()Lorg.apache.axis.client
    AxisClient;(Service.java:143) at org.apache.axis.client.Service.<init>()V(Service.java:152)
    Note that it works fine if I use the web services client as a standalonejava
    program(no weblogic ). I tried putting the Axis.jar file as well asthe relevant
    files from this jar file(JBuilder's feature) in the EJB module thatis deployed,
    of no avail. Following is the classloader printed from the EJB's onMessagemethod
    if needed for better understandingYou need to package all Axis jars and dependancoes into the EAR and
    refer tham
    in your ejb-jar MANIFEST.MF. If you are running weblogic 8.1, you may
    just put them
    into APP-INF/lib. Than you won't need to modify manifest.
    Hope this helps.
    Regards,
    Slava Imeshev

  • Role based menu using JAAS

    Is it possible to implement role based menu using JAAS in web application ? My requirment is to enable or disable menu items on the screen based on the roles of the logged in user .
    Can some one help me on this ?

    Is it possible to implement role based menu using JAAS in web application ? My requirment is to enable or disable menu items on the screen based on the roles of the logged in user .
    Can some one help me on this ?

  • Using JAAS without config text files

    Hi everybody,
    I'm trying to develop an application using JAAS for authentication and authorization, but I don't want to depend on the text files for configuration.
    This application is going to be distributed using Webstart, so I don't know which configuration the user will have.
    Is there anyway to bypass these files?
    Thanks a lot,
    Luis Javier

    For the LoginModule part, you could try to set your own Configuration object.
    Ses javax.security.auth.login.Configuration.setConfiguration
    You should be able to inherit from Configuration and provide your own method to
    provide AppConfigEntries.

Maybe you are looking for

  • Locating source file NAME from the executable file?

    Hi all,  I wrote a vi a couple of year ago (call it file.vi), and created an executable out of it using the Application Builder (call it newfile.exe). I know I renamed the file when I created the executable and now I cannot remember what I called the

  • SD Sales Condition Types

    We are maintaining one tax condition ZADD for Additional Tax in Kanpur Region. As the % of Tax has been changed from 0.5% to 1 we have maintained the same in VK11 condition records. For the new orders it is picking up the present tax % and invoice an

  • BER Error

    I have acrobat XI with the last updates installed in a machine with Windows 7 Home Premium 64 Bits, and when i am triying to sign with a digital certificate, from a CardReader (REF: CSR3310 V2), the adobe gets this error: "Error encountered while BER

  • Windows 7 Ultimate install locks up

    I am attempting a Boot Camp install of Windows 7 Ultimate 32 bit on my mid-2010 13" Macbook Pro running Lion 10.7.3. Everything goes fine until after the first restart and Windows is finalizing install. Everything locks up. I have tried 7 times with

  • Time Machine does not complete backup to Time Capsule

    Within the past few days my iMac will not complete a backup to my Time Capsule.   The two other computers connected to the Time Capsule appear to be backing up but they size of the backup is smaller.   The Time Machine starts but then stops after 10