Active server implementation using jaas
Active server implementation using jaas----------can someone suggest me how to go about it
help needed immediately
Have you programed your server? Can you communicate with me about the subject? My email is [email protected] QQ: 540028839
Similar Messages
-
VXI 11.3 server implementation using NI-VISA APIs
Hi,
Could some one please let me know :- "How to implement VXI 11.3 server using NI-VISA lib ?" Is there any code sample or Document available for the same?
Thanks in advance
RahulHave you programed your server? Can you communicate with me about the subject? My email is [email protected] QQ: 540028839
-
Question, in a client server implemention
Question, in a client server implemention using only basic sockets and datagrams, what happens if a method is being called at the server side while the same method is already being called/running for another client?
Example:
Client 1 calls Method 1 at Server Side. Method 1 runs.
Client 2 calls Method 1 at Server Side. Method 1 is still running for Client 1. Does it create another Thread and runs for Client 2? Or do I have to implement a seperate Thread for each Client myself?Thanks!
Don't want to start a new thread so might as well ask this here,
Is there a way to pass or at least update the value of a variable from the outside into a Thread that is running? And this value needs to be seen and be the same for all Threads.
I am thinking of creating new a class that to hold the value I want to update, and passing an object of the class in to the Threads before they runs. Since objects hold reference to the location of the actual object or something like that; people always get worked up over this if I phrase this incorrectly, but I think I got the point across, so that's okay. If I change the value of the object at runtime in the main method, like assign it with a new value according to user input. All the Threads will get the new value right?
Something like that.
public class valueToUpdate {
String value;
public valueToUpdate(String value) {
this.value = value;
public String getValue() {
return value;
public class Main {
public static void main(String[] args) {
String str = "abc";
valueToUpdate vTU = new valueToUpdate(str);
ThreadClass tc1 = new ThreadClass(vTU);
Thread thread1 = new Thread(tc1).start();
ThreadClass tc2 = new ThreadClass(vTU);
Thread thread2 = new Thread(tc2).start();
public class ThreadClass implements Runnable {
valueToUpdate vTU;
public ThreadClass(valueToUpdate vTU) {
this.valueToUpdate = valueToUpdate;
public void run() {
System.out.println(valueToUpdate.getValue());
}Okay, something like that. I know I need to add in a TimerTask for ThreadClass too for it to run for a certain period. But if I were to ask for user input at the main method while the TimerTask in running, and I change the value of vTU, will the output for both Threads be changed to the value of the user input?
Or is there a better way to do it? -
My iphone started to restore without asking me first, and after that I havent been able to restore it or use it, it says I cant activate it because the activation server is not available now. I havent been able to use it for more than 12 hours,
Someone knows what can I do?
ThanksIf you are developer (the only official way to get iOS5) then you are keenly aware of the non-disclosure agreement that states IOS5 issues cannot be discussed in open forums.
If you are not a developer, restore the device to the latest version of iOS 4 or try google for assistance.
No one here can assist you with Beta issues. -
I accedantly fomated my iphone using find my iphone app, now when i turned it on it keeps giving me the massage ( your iphone culdnot be acctivated coz the activation server is temporarily unavailable... ext)
HELP ME PLEASE!!!!If you don't have a SIM in it, insert a SIM. A SIM is REQUIRED to activate it.
If it was hacked to unlock it previously, go buy a phone you can use. -
i m using iphone 3gs & i m updating the OS from 4.1 to 6.1 ,,it is showing the message that ur iphone cannot be activated because the activation server is not temporarily unavailable
Contact your Carrier...
Also see this discussion.
https://discussions.apple.com/message/21189708 -
sir,
i upgraded my iphone 3gs to os 5.1 and since then i have not been able to register it in order to use it, anytime i try to activate it a notification that "the activation server is temporarily unavailable".if i connect it to itunes too, the system tells me to insert SIM card meanwhile, i already have inserted a SIM.
CAN ANYONE HELP ME OUT?Try,,,
I deleted EVERYTHING under
C:\Users\YourUserName\AppData\Roaming\Apple Computer\iTunes
or YourUserName\AppData\Roaming\Apple Computer\iTunes
Some people have had success only deleting everything in the cookies folder
C:\Users\YourUserName\AppData\Roaming\Apple Computer\iTunes\Cookies
Thank you LadyBytes -
i keep getting a message that my ipad could not be activated because activation server is unavailable and when i try to use itune its not working as well.Plssss help
Has this iPad ever been jailbroken, had the OS rolled back, or used a beta version?
-
iam using iphone 5s frequently problem is "your i phone couls not be activated because the activation server can not be reached. connect to wifi or i tunes to activate.
Hi HT201407,
Welcome to the Apple Support Communities!
I know it can be frustrating when your iPhone does not activate the way you would expect. In this situation there are some great troubleshooting steps I would recommend. Please use the attached article as a troubleshooting reference.
Get help activating your iPhone - Apple Support
Cheers,
Joe -
cannot use iphone because it is on factory setting with the message that activation server is temporarily unavailable, please help
That message usually indicates that your phone was hacked to unlock it from the original phone carrier and when you updated or restore your phone it locked back to that carrier.
-
Using Non-Oracle Implementations of JAAS in JDeveloper TP2
Hi,
We have developed an application using JDeveloper TP2. We need to secure the web application using JAAS. However, we are not using ADF as we met into some browser incompatibility problems and as such the project's Technology Scope are as follows:
HTML
JSP
JSP and Servlets
JAVA
XML
We are using a Native Datasource for handling database connections.
We would like to know how we can implement a CustomLoginModule without using oracle (ADF) implementation of JAAS and preferably without using the ADF Security Wizard as it does not work within our application ( i suppose this is because we are not using ADF)
Cheers,
Jankee YogeshDuplicate of Re: Using Non-Oracle Implementations of JAAS in JDeveloper TP2
-
Using Identity Server as a JAAS authentication provider
My client wants to use Identity Server to provide JAAS authentication for the Java application they're developing.
The JAAS tutorial shows how the name of the Java class that provides the authentication service is provided, then an instance of this class is instantiated and the .login method invoked to actually perform the authentication.
The stated principle behind the tutorial is one of using a pluggable authentication framework, and one should not care how authentication is performed. As long as the callbacks to allow the authentication framework to ask for the credentials required, it should not matter.
The example of how to do LDAP authentication using Identity server requires using some identity server classes. ie the com.sun.identity.authentication.AuthContext class. They specifically want to use pure JAAS authentication rather than creating a dependance in their application on Identity Server.
Is a Java class available which provides this functionality?
ThanksIn Apache you can specify the authentication parameters in the virtual host configuration
-
Using JAAS/JNDI with the Login Server
Is it possible to set up single sign-on through the Login Server
and OID for a Java portlet using JAAS and JNDI? What would be
required to set this up?I was facing same problem,
Here is I got an answer, I was doing same mistake.
You cannot authenticate with an outlook.com account when you use the management shell. You have to use a @yourtenant.onmicrosoft.com
account or an account where the domain has been associated with your O365 tenant like @contoso.com . Microsoft accounts cannot be used with the management shell.
http://community.office365.com/en-us/f/156/t/238053.aspx -
Has anyone used JAAS with WebLogic?
Has anyone used JAAS with Weblogic? I was looking at their example, and I have a bunch of questions about it. Here goes:
Basically the problem is this: the plug-in LoginModule model of JAAS used in WebLogic (with EJB Servers) seems to allow clients to falsely authenticate.
Let me give you a little background on what brought me to this. You can find the WebLogic JAAS example (to which I refer below) in the pdf: http://e-docs.bea.com/wls/docs61/pdf/security.pdf . (I believe you want pages 64-74) WebLogic, I believe goes about this all wrong. They allow the client to use their own LoginModules, as well as CallBackHandlers. This is dangerous, as it allows them to get a reference (in the module) to the LoginContext's Subject and authenticate themselves (i.e. associate a Principal with the subject). As we know from JAAS, the way AccessController checks permissions is by looking at the Principal in the Subject and seeing if that Principal is granted the permission in the "policy" file (or by checking with the Policy class). What it does NOT do, is see if that Subject
has the right to hold that Principal. Rather, it assumes the Subject is authenticated.
So a user who is allowed to use their own Module (as WebLogic's example shows) could do something like:
//THEIR LOGIN MODULE (SOME CODE CUT-OUT FOR BREVITY)
public class BasicModule implements LoginModule
private NameCallback strName;
private PasswordCallback strPass;
private CallbackHandler myCB;
private Subject subj;
//INITIALIZE THIS MODULE
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
try
//SET SUBJECT
subj = subject; //NOTE: THIS GIVES YOU REFERENCE
TO LOGIN CONTEXT'S SUBJECT
// AND ALLOWS YOU TO PASS
IT BACK TO THE LOGIN CONTEXT
//SET CALLBACKHANDLERS
strName = new NameCallback("Your Name: ");
strPass = new PasswordCallback("Password:", false);
Callback[] cb = { strName, strPass };
//HANDLE THE CALLBACKS
callbackHandler.handle(cb);
} catch (Exception e) { System.out.println(e); }
//LOG THE USER IN
public boolean login() throws LoginException
//TEST TO SEE IF SUBJECT HOLDS ANYTHING YET
System.out.println( "PRIOR TO AUTHENTICATION, SUBJECT HOLDS: " +
subj.getPrincipals().size() + " Principals");
//SUBJECT AUTHENTICATED - BECAUSE SUBJECT NOW HOLDS THE PRINCIPAL
MyPrincipal m = new MyPrincipal("Admin");
subj.getPrincipals().add(m);
return true;
public boolean commit() throws LoginException
return true;
}(Sorry for all that code)
I tested the above code, and it fully associates the Subject (and its principal) with the LoginContext. So my question is, where in the process (and code) can we put the LoginContext and Modules so that a client cannot
do this? With the above example, there is no Security. (a call to: myLoginContext.getSubject().doAs(...) will work)
I think the key here is to understand JAAS's plug-in security model to mean:
(Below are my words)
The point of JAAS is to allow an application to use different ways of authenticating without changing the application's code, but NOT to allow the user to authenticate however they want.
In WebLogic's example, they unfortunately seem to have used the latter understanding, i.e. "allow the user to authenticate however they want."
That, as I think I've shown, is not security. So how do we solve this? We need to put JAAS on the server side (with no direct JAAS client-side), and that includes the LoginModules as well as LoginContext. So for an EJB Server this means that the same internal permission
checking code can be used regardless of whether a client connects through
RMI/RMI-IIOP/JEREMIE (etc). It does NOT mean that the client gets to choose
how they authenticate (except by choosing YOUR set ways).
Before we even deal with a serialized subject, we need to see how JAAS can
even be used on the back-end of an RMI (RMI-IIOP/JEREMIE) application.
I think what needs to be done, is the client needs to have the stubs for our
LoginModule, LoginContext, CallBackHandler, CallBacks. Then they can put
their info into those, and everything is handled server-side. So they may
not even need to send a Subject across anyways (but they may want to as
well).
Please let me know if anyone sees this problem too, or if I am just completely
off track with this one. I think figuring out how to do JAAS as though
everything were local, and then putting RMI (or whatever) on top is the
first thing to tackle.Send this to:
newsgroups.bea.com / security-group. -
Client remote Authentication using JAAS and EJB Access
Hi,
I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:
I have implemented an EJB who's methods are protected through the deployment descriptor:
<assembly-descriptor>
<security-role>
<description>role for clients outside of the server </description>
<role-name>sedna</role-name>
</security-role>
<method-permission>
<role-name>sedna</role-name>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
</method-permission>
<method-permission>
<unchecked/>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-name>getVersion</method-name>
</method>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-name>create</method-name>
</method>
</method-permission>
</assembly-descriptor>I've deployed the EJB in a jar file which was packed into an ear file of a bigger application. The role has been mapped to the admin Principal in the sun-ejb-jar.xml descriptor.
I can find the EJB, create it, and call the unchecked method getVersion and that works fine, so far so good.
But then I try to access another method which is protected and then I get this exception
org.omg.CORBA.NO_PERMISSION: vmcid: 0x2000 minor code: 1806 completed: Maybe
at com.sun.enterprise.iiop.POAProtocolMgr.mapException(POAProtocolMgr.java:179)
at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:853)
at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:137)
...I have to mention that I do make a login via the LoginContext. My jaas.config File has a reference to the com.sun.enterprise.security.auth.login.ClientPasswordLoginModule module.
After login (which works perfectly) I lookup the context with a corbaname url which - if I understood it right - ignores the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS settings.
After that I make the calls to the EJB. And I am allways ANONYMOUS on the server side, which is definitely the problem. Because ANONYMOUS is not allowed to call the protected EJB Methods. But I made a jaas login in advance. So where am I making a mistake???
Am I doing something wrong?
Need help! Thx,
StephanHi.
I understand correctly that you call Subject.doAs on
the client to call the remote EJB. I guess It isn't
right way.I had also a bad feeling about this, so I forget it. But anyway it wasn't working with or without using that doAs().
>
>
Subject contextSubject =
Subject.getSubject(AccessController.getContext());
contextSubject.getPrincipals();This code throws exceptions in the Appserver. Unfortunately they are catched somewhere so I'm unable to find out what was going wrong. But I guess, that these exceptions where security exceptions. Never the less thanks for the hint!
But I don't think that doing the check on the server side is the way I want to go because that is programmatically security and I want to use the declarative security which can be used through the deployment descriptor. If used correctly - and supposed I do not completely misunderstand the specification - then it should be possible to create an EJB that is protected via it's deployment descriptor and access it through the client only if the client has been authenticated through JAAS mechanisms. After successful authentication the principal should be accessible through the EJB context but not for security check, that should allready been done at this time.
Unfortunately I don't find any resource on the internet describing the scenario in such a detail that I can reproduce it. There are only very high level documentations and hints in forums.
Again, thanks for your effort,
Stephan
Maybe you are looking for
-
Problem with ADF security and task flow calls
Hi. I am using JDeveloper 11.1.2.0.0. I encountered a problem when tried to apply ADF security to my application. The way to reproduce the problem: 1. Create new Fusion Web Application; 2. Import Business Components from Tables from any existing sche
-
Why is the top of my lap top screen purple?
The top of my lap top is turning purple. How do I fix this problem?
-
Why do my pictures sync horizontally to other devices
Is there a way to configure my ipad to sync pictures vertically instead of side ways?
-
How to install carelink on iMac 10.9.2?
i have a software that i have to install but now is not compatible with imac 10.9.2 how can I make it works is called carelink from medtronic pls help
-
Why does iTunes say "temporarily unavailable" when I try download my "available downloads"?
Why does iTunes say "temporarily unavailable" when I try download my "available downloads"? HELP!!