Authenticating Guest Users Using External Database.

Similar Messages

• Form-based authentication in JBoss using a database and JAAS

  I am trying to set up simple authentication using a database. I am initially trying to secure all web resources, since my application accesses the EJBs via servlets (and is working fine without security). Later I will tighten things down so that the EJB's business methods will also have security in place.
  It seems that everything is in place but I am unable to authenticate a user when I use a valid login/password combination (I am being redirected to the login error page). No exceptions appear in the JBoss console, and the database tables are populated with proper values. I'm clueless as to why this isn't working -- hopefully someone reading this can give me a clue as to what is going wrong.
  Here is what I have done so far:
  1) I have two tables in my database, one for the username and password, and another for roles. The database tables look like this:
  table name: principals
  column: principal_id VARCHAR(64) primary key
  column: password VARCHAR(64)
  table name: roles
  column: principal_id VARCHAR(64)
  column: user_role VARCHAR(64)
  column: role_group VARCHAR(64)
  2) I have added an entry in $JBOSS/server/default/conf/login-config.xml to declare an application policy which uses a DatabaseServerLoginModule. In this entry I have specified the SQl to be used by the module for selecting the password and role, following the example in the JBoss Getting Started Guide (p. 57):
      <!-- added for HIM Server security -->
      <application-policy name="HIM-client-login">
          <authentication>
              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
                            flag="required">
                  <module-option name="dsJndiName">java:/OracleDS</module-option>
                  <module-option name="principalsQuery">select password from principals where principal_id=?</module-option>
                  <module-option name="principalsQuery">select user_role, role_group from roles where principal_id=?</module-option>
              </login-module>
          </authentication>
      </application-policy>
       ...3) I have added a security domain entry in the jboss-web.xml file:
      <!-- All secure web resources will use this security domain -->
      <security-domain>java:/jaas/HIM-client-login</security-domain>
      ... 4) I have declared a security constraint in the web.xml file:
      <!-- security configuration -->
      <security-constraint>
          <display-name>Server Configuration Security Constraint</display-name>
          <!-- the collection of resources to which the sucurity constraint applies -->
          <web-resource-collection>
              <web-resource-name>Secure Resources</web-resource-name>
              <description>Security constraint for all resources</description>
              <!-- the pattern that this constraint applies to -->
              <url-pattern>/*</url-pattern>
              <!-- the HTTP methods that this constraint applies to -->
              <http-method>POST</http-method>
              <http-method>GET</http-method>
          </web-resource-collection>
          <!-- the user roles that should be permitted access to this resource collection -->
          <auth-constraint>
              <description>Only allow those users that are in the following role</description>
              <role-name>user</role-name>
          </auth-constraint>
          <!-- declare a transport guarantee, if any -->
          <user-data-constraint>
              <transport-guarantee>NONE</transport-guarantee>
          </user-data-constraint>
      </security-constraint>
      ... 5) I have a simple login form (LoginForm.jsp) which encodes j_security_check:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <html>
      <head>
          <title>HIM Client Login</title>
      </head>
      <body>
          <form method="POST"
                action='<%= response.encodeURL( "j_security_check" ) %>'>
              Username: <input type="text"
                               name="j_username"><br/>
              Password: <input type="password"
                               name="j_password"><br/>
              <br/>
              <input type="submit"
                     value="Login">
              <input type="reset"
                     value="Reset">
          </form>
      </body>
  </html>
      Can anyone see from the above that I have missed something, or that I have done something wrong ?
  Is there a way to get more information ? All I see in the access log file are logs of the requests for the servlet, j_security_check, and the login and error pages, and it might be helpful to have a little more information as to what is going on.
  Thanks in advance for any insight.
  -James

  Hi,
  I have exactly followed your configurations. However, I dont have the same database tables in my database. I used the following:
  <module-option name="principalsQuery">select password from s_users where username=?</module-option>
  <module-option name="rolesQuery">select role from s_users where username=?</module-option>However, when I try to logon I get the following error message from jboss:
  "ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] Failed to load users/passwords/role files
  java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found" although I do not want to use property files as I want to use the oracle database.
  Any help appreciated!

• No cache while using external database authenication

  Hello,
  i was successful in setting up the external database authentication and apply filters to groups
  while i am creating reports in answers, i.e. querying data from database...those queries are not logged in the cache.
  how do i see this solve this...............
  while using RPD authentication system, i know that queries are stored cached in NQQUERY FILE.
  THANKS
  RAKE

  hi,
  can you check whether Cache is turned ON in nqsconfig file.
  [ CACHE ]
  ENABLE     =     YES;
  // A comma separated list of <directory maxSize> pair(s)
  // e.g. DATA_STORAGE_PATHS = "d:\OracleBIData\nQSCache" 500 MB;
  DATA_STORAGE_PATHS     =     "D:\OracleBIData\cache" 500 MB;
  MAX_ROWS_PER_CACHE_ENTRY = 100000; // 0 is unlimited size
  MAX_CACHE_ENTRY_SIZE = 1 MB;
  MAX_CACHE_ENTRIES = 1000;
  POPULATE_AGGREGATE_ROLLUP_HITS = NO;
  USE_ADVANCED_HIT_DETECTION = NO;
  MAX_SUBEXPR_SEARCH_DEPTH = 7;
  // Cluster-aware cache
  // GLOBAL_CACHE_STORAGE_PATH = "<directory name>" SIZE;
  // MAX_GLOBAL_CACHE_ENTRIES = 1000;
  // CACHE_POLL_SECONDS = 300;
  // CLUSTER_AWARE_CACHE_LOGGING = NO;
  Thanks

• Authenticating a user using JCO

  Hi,
  I was authenticating a user in SAP using the following code:
     System.out.println("\n\nVersion of the JCO-library:\n" + "----
  \n"
                      + JCO.getMiddlewareVersion());
              Properties props = new Properties();
              props.put("jco.client.client", "800");
              props.put("jco.client.user", "gk1");
              props.put("jco.client.passwd", "password");
              props.put("jco.client.lang", "EN");
              props.put("jco.client.sysnr", "01");
              props.put("jco.client.ashost", "172...*");
              client = JCO.createClient(props);
              // Open the connection
              client.connect();
  Here, the password for the "gk1" user is "password". Now if I update the password to be "password1" in the code - the user is still authenticated. No matter how many times I add digits towards the end of the password for this user, it still gets authenticated. Any ideas?
  Thanks

  Hi Gaurav,
  In SAP R/3 system, it takes only 8 digit password for any user. So, it checks upto 8 characters only. No metter how much digits or characters you have appended.
  Try to give some other password instead of just appending digits or characters behing "password".
  Regards,
  Bhavik

• How a user of external database can be connected to other database

  Hi
  I have two databases A and B. I have one user XYZ on database B.we want user XYZ to be connected to database A and also wants to create few tables on database A. Can you please tell me what are list of steps i need to perform.
  Regards,
  RJ.

  You can create a database link between database A and B to manipulate data in database A while connected to B. But you cannot create tables using database links. It does not allow DDLs in remote database. Tranparent gateway is a database link between oracle and some other database.
  Syntax is to create the link in B is
  create database link <name> connect to <user_in_A> identified by <password_in_A> using 'A';

• Unable to create new user using Oracle Database vault

  Hi,
  can somebody help me to autorize user other then SYS user (e.g. system) to CREATE new and ALTER users when my database is secured by Oracle database vault with default installation settings;
  Thanks

  Reading the DV docs would be a great place to start.
  Consider, for a moment, that if the normal privileges provided to SYS using DV worked the same as they do in a regular database you wouldn't have a data vault you'd have a regular database.
  After you read the docs log on and try the following:
  SELECT username
  FROM dba_users
  WHERE username LIKE 'DV%';Aha!

• Not able to connect database from another os user using externally?

  Hi,
  I want to connect database from another os user. i am able to connect database from oracle externally. but not able to connect different OS user.
  As ORACLE User:
  [oracle@test1 admin]$ sqlplus /
  SQL*Plus: Release 11.2.0.2.0 Production on Mon Jan 16 19:41:57 2012
  Copyright (c) 1982, 2010, Oracle. All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL>
  Non ORACLE user:
  [sample@test1 ~]$ export ORACLE_HOME=/u01/app/oracle/product/11.2.0.2/
  [sample@test1 ~]$ export ORACLE_SID=rman
  [sample@test1 ~]$ export PATH=$ORACLE_HOME/bin:$PATH
  [sample@test1 ~]$ sqlplus /
  SQL*Plus: Release 11.2.0.2.0 Production on Mon Jan 16 19:37:42 2012
  Copyright (c) 1982, 2010, Oracle. All rights reserved.
  ERROR:
  ORA-01034: ORACLE not available
  ORA-27101: shared memory realm does not exist
  Linux Error: 2: No such file or directory
  Process ID: 0
  Session ID: 0 Serial number: 0
  Enter user-name:
  Thanks

  You didn't install Oracle correctly, especially you didn't run the root.sh and rootpre.sh scripts.
  If you would have read the error message at all, and researched it, you would have known this.
  Regrettably however you decided to ignore Forums Etiquette and to abuse this forum with Yet Another Doc Question.
  Sybrand Bakker
  Senior Oracle DBA

• Authenticating a user using AJAX

  Hi,
  I'm building a login region and would like to build in the authentication process so that a new developer in a team can simply create on of our apps and just create a page that uses this region plugin.
  Is this possible to do in a single plugin? Am I right in thinking that to authenticate a user you have to define a Authentication function in the authentication scheme and then call something like apex_authentication.login(
  p_username => :P101_USERNAME,
  p_password => :P101_PASSWORD );
  Or should I rather create two plugins one Region and one Authentication Plugin.
  Does anyone know of any good examples of how to build an authentication plugin or how to use the AJAX function that you can define in the Authentication plugin?

  So if you need to use apex_plugin.get_ajax_identifier in the render function to hook into the ajax function from your javascript. How would you hook into the ajax function of a authentication plugin if the authentication plugin does render any content?
  Edited by: Alistair Laing on Oct 6, 2012 7:40 AM

• How to determine which user uses which database-object

  Hi,
  currently we are in the process of consolidating our databases. One of the neccessary steps is to figure out which user connects to the database at all. That's easy, we implemented a logon-trigger and log the collected information into a separate table.
  If a user with objects (e.g. tables, views, procedures) exists - but this user never connects to the database - does that automatically mean that these objects are not used at all? No need to say that this is not true. But how can we figure out if a connected user has selected an object of this user?
  Our porblem is that we have alot of schemas in our database - but the developers don't know if this schema is not used by an application or not (sad but true).
  To enable auditing would be one choice to figure out if an object was ever used or not.
  Are there any other possibilities?
  Any help will be appricated
  Rgds
  Jan

  VivaLaVida wrote:
  Hi,
  currently we are in the process of consolidating our databases. One of the neccessary steps is to figure out which user connects to the database at all. That's easy, we implemented a logon-trigger and log the collected information into a separate table.It could have been even easier by turning on the built-in audit feature.
  If a user with objects (e.g. tables, views, procedures) exists - but this user never connects to the database - does that automatically mean that these objects are not used at all? No need to say that this is not true. But how can we figure out if a connected user has selected an object of this user?audit would be a good choice.
  Our porblem is that we have alot of schemas in our database - but the developers don't know if this schema is not used by an application or not (sad but true).Not sure what developer will do with used/not used application.
  To enable auditing would be one choice to figure out if an object was ever used or not. What's wrong in auditing ?
  Even though audit may have a footprint on performance, that would probably be less costly than any custom solution.
  Nicolas.

• Problem using external database link.

  Help:
  Here is th problem I am having. I have a workflow that reads and writes to external datasource using HS services. The workflow reads and then writes to the HS datasource in a function. After the function completes it needs to close the database link. You cannot close the database link until the commit happens, which you cannot do in a function or you get an error. This is a catch 22. Do you have any suggestions?
  Thanks

  Hi,
  You could invoke your function as an autonomous transaction, and do a commit there. Not sure if that helps you close the database link or not.
  Alternatively, you could package the data to be transferred into a message on an AQ and propagate that data across the database link to the workflow system, and process it asynchronously.
  HTH,
  Matt
  WorkflowFAQ.com - the ONLY independent resource for Oracle Workflow development
  Alpha review chapters from my book "Developing With Oracle Workflow" are available via my website http://www.workflowfaq.com
  Have you read the blog at http://thoughts.workflowfaq.com ?
  WorkflowFAQ support forum: http://forum.workflowfaq.com

• Authentification using external database

  Hi !
  I wonder if it is possible to use logins and passwords stored in a MySQL database to authentificate Oracle Portal 's users ?
  Thanks,
  Estelle

  Like I said, ODSI does not drop or create tables. Are you perhaps asking about ODI?
  The ODI forum is Data Integrator

• Using external database as source for Quicktime annotation automator action

  Hi
  I have approximately 1500 quicktime files which require annotations added to them (title, author etc).
  I've been provided a spreadsheet with all the neccessary data. And I know there is an automator action that can add annotations to quicktime files but was wondering if either of the following was possible:
  1) Can I get the an automator script to use this spreadsheet as a source for the values it is to enter.
  OR
  2) If I can get automator to add the files name to the annotations section (under title)
  Greatly appreciate any help you can provide.
  Regards

  HI
  Make sure you select the Initialize or Run methods, depending on where you try to define the database connection it will not let you do it.
  Good practice would be to define the database and the connection in the initialize section, the SQL and execute in the Run section and the disconnect in the Finish section, however that could change depending on your needs.
  Regards
  Alex

• Using external database as source for automator

  Hi
  I have approximately 1500 quicktime files which require annotations added to them (title, author etc).
  I've been provided a spreadsheet with all the neccessary data. And I know there is an automator action that can add annotations to quicktime files but was wondering if either of the following was possible:
  1) Can I get the an automator script to use this spreadsheet as a source for the values it is to enter.
  OR
  2) If I can get automator to add the files name to the annotations section (under title)
  Greatly appreciate any help you can provide.
  Regards

  The thing to remember is that with the new Apple TV, all these things had to be written from scratch. The code that made these things work on the old Apple TV can't just be ported to the new one, but it had to be re-written.
  The situation you describe, which if I understand you would require the Apple TV playing some content on streamed from iTunes and also Airplayed to an Airport Express, whilst the iTunes library is also streaming another track to a different set of speakers sounds like an incidental benefit, rather than what it was originally designed to do (and, I would suggest a fairly niche use as well).
  I have to admit, it's the one thing that has been suggested as a use for the old ability to stream from the Apple TV to Airplay devices that can't now be easily recreated (although an iOS device could be used to set up the second stream). My initial feeling is that the demand for this ability would be too low for Apple to be convinced to add it, but I could be wrong.
  EDIT to say that, on reflection, this ability could be useful where a household relies on Airport Express to play music in different rooms and where people want to listen to different content from the same library.
  In this case, I think that the best solution if Apple wanted to make this easy would be to either allow iTunes to send more than one stream controlled from the computer, or to allow the remote app to get the Airport Express to pull the stream in the same way that Apple TV does.
  Using the Apple TV as a kind of bridge is a fairly inelegant work round.
  Message was edited by: KeithJenner

• NOT SEE BIP FOLDER ASSIGNED BY USING BIEE EXTERNAL DATABASE TABLE AUTHENTIC

  All users using BIEE external database table authentication cannot see the BI Publisher folders and data source assign to their roles.
  ### Steps to Reproduce ###
  1) I create one table in Oracle database to store user name, password, group name and etc as
  follows:
  CREATE TABLE "KPI_STAGE"."USER_INFO_TAB" (
  "USER_ID" VARCHAR2(30 byte) NOT NULL,
  "PASSWORD" VARCHAR2(50 byte),
  "DISPLAY_NAME" VARCHAR2(50 byte),
  "GROUP_ID" VARCHAR2(250 byte),
  "LOG_LEVEL" VARCHAR2(5 byte),
  CONSTRAINT "USER_INFO_PK_1" PRIMARY
  KEY("USER_ID")
  2) I create one session variable initialization block named "security_test" as follows:
  2.1)Data Source: select USER_ID,DISPLAY_NAME,LOG_LEVEL,GROUP_ID,GROUP_ID from USER_INFO_TAB where
  PASSWORD=':PASSWORD' and USER_ID=upper(':USER')
  2.2)Variable Target: USER, DISPLAYNAME,LOGLEVEL,GROUP and WEBGROUPS
  3) I can use user_id and password to login into BIEE and BIP then.
  4) According to [http://blogs.oracle.com/xmlpublisher/discuss/msgReader$223?mode=topic&y=2007&m=4&d=2]
  I use "Oracle BI Server" Security Model for BI Publisher.
  5)After I use 'Administrator' user to login into BIP, I create one BIP role "XML_USER"and assign some BIP folders and data source to this role.
  5) I update the role name "XML_USER" into table user_info_tab
  column GROUP_ID.
  update table user_info_tab set group_id = 'XML_USER'
  6) I think I can use some user in the table"user_info_tab" to login into BIP and see the folders which I have assigned to the role 'XML_USER'.
  But the result is that: I can login into BIP but can not see assigned folders.
  However
  If in the step 2.1 above for the initialization block, I don't include PASSWORD in the select language:
  2.1)Data Source: select USER_ID,DISPLAY_NAME,LOG_LEVEL,GROUP_ID,GROUP_ID from USER_INFO_TAB where USER_ID=upper(':USER')
  I can see the assigned BIP folders, but it is not security.
  Any one know how to solve this problem?

  Hi,
  I am also using external database authentication.
  The table contains user, group and password info which is passed on to BI application thru init_user_details init block in RPD. Follow is the query used.
  SELECT USERNAME, GRP FROM NXRP_MST_USR_TYPE WHERE USERNAME=':USER' AND PASSWORD=':PASSWORD'
  and the username and group is saved in Session variables USER and GROUP respectively.
  Also "Oracle BI Server" security model is used in the BI Publisher.
  I am able to login in to BI Answers but not into BIP.
  I have also set SA system subject Area.
  Could some one help?
  Thanks

• Using external radius with ise for guest authentication

  Hi Everyone,
  I am trying to migrate from NAC Guest Server to Cisco ISE Guest CWA on wireless, and can't figure out whether what i am trying is just unsupported or i just can't find out how to do this ?
  I am attempting to authenticate my existing guest users, using a radius lookup towards my existing NAC Guest server, which has many hundred guest users with long account duration, which i really don't want to recreate on ISE, and send new passwords to all those users. Problem is i can't export the user list from NAC guest server with the password intact, and ISE can't import guest users with a set password.
  Any ideas ?

  Setting up ISE as radius  proxy server will work because NAC guest user does not support exporting user information with passwords
  Step 1 Choose Administration > Network Resources > External RADIUS Servers.
  The External RADIUS Servers page appears.
  Step 2 Click Filter > Advanced Filter to perform your search. The Filter page appears.
  Step 3 You must define whether the search should match any or all of the rules that you define on this page.
  Step 4 Enter your search criteria based on the name or description of the RADIUS server, choose an operator, and enter the value.
  Step 5 You can do the following:
  •To add a filter condition, click the plus sign (+).
  •To remove a filter condition, click the minus sign (-).
  •To clear all filter conditions, click Clear Filter.
  Step 6 Click Go to perform your search.
  You can also save the filter criteria so that it can be used again. Click the Save icon to save the filter condition.