Authentication against a database table

Similar Messages

• BASIC web authentication against Oracle database?

  Hello,
  Here's what I want in a nutshell. When someone goes to one of my webpages
  under WLS 8.1, I want them to be presented with a BASIC authentication
  dialog. That part is configured between web.xml and weblogic.xml and I
  think I'm OK with doing that. But the part I don't have quite figured out
  is how to get do authentication against a table in an Oracle (or any other,
  for that matter) database.
  Can someone point me (or do you have) any examples that accomplish this?
  I'm sure I'm not the only one who's tried to do this. As far as I can
  tell, I need to create a custom Authenticator (and possibly a custom
  Asserter) and my implementation of those would do the search against the
  database. Correct?

  Hi
  You probably need to develop a custom login module. WLS uses JAAS so do some JAAS
  research the go to
  http://dev2dev.bea.com/products/wlserver/security.jsp
  then click
  http://dev2dev.bea.com/codelibrary/code/security_prov.jsp and get and customize
  the sample code.
  The example code does NOT show how to use form based authentication with your
  custom LoginModule, I'm still working on that, but I assume the WLS servlet container
  creates and appropriate CallbackHandler so you can access the supplied username
  and pw which you can then use to authenticate against your RDBMS
  I need to create a custom LoginModule for Blockade and am going down this track,
  still working on it.
  "KissFan 1973" <[email protected]> wrote:
  Hello,
  Here's what I want in a nutshell. When someone goes to one of my webpages
  under WLS 8.1, I want them to be presented with a BASIC authentication
  dialog. That part is configured between web.xml and weblogic.xml and
  I
  think I'm OK with doing that. But the part I don't have quite figured
  out
  is how to get do authentication against a table in an Oracle (or any
  other,
  for that matter) database.
  Can someone point me (or do you have) any examples that accomplish this?
  I'm sure I'm not the only one who's tried to do this. As far as I
  can
  tell, I need to create a custom Authenticator (and possibly a custom
  Asserter) and my implementation of those would do the search against
  the
  database. Correct?

• Authentication against users in a table

  I am somewhat familiar with JAZN authentication but here is what I need to do and would GREATLY appreciate as much details as you can provide:
  Say, I have a table USERS(USER_ID, NAME, ...) and several other tables in the DB. Let's say I have another table ADDRESS(ID, USER_ID, ADDRESS, ...). Several things needs to be done:
  1. When user attempts to access a Input Form page to add new record in ADDRESS, a login screen should appear. I KNOW how to do this with either basic or form based authentication. However in this case user credentials will be stored using jazn tool.
  2. Since I need USER_ID to be passed to my Input Form page I believe that I cannot use jazn for this, but rather to authenticate against my USERS table. How?
  3. In this case (authentication against my USERS table) where the paswords are kept?
  4. Also in this case, is it possible to provide several levels of access, ie all to managers, some to data enter people etc.
  We are new to Oracle and JDev so any help is appreciated. The more the better...
  Cheers!
  Rade

  Here is what I did and it does not work:
  I have 'login.uix' page with username and password entries:
  <form name="form0" method="post">
    <contents>
     <pageLayout>
      <pageButtons>
       <pageButtonBar>
        <contents>
         <submitButton text="Sign In" event="verifySignin"/>
         <submitButton text="Login" event="login"/>
        </contents>
       </pageButtonBar>
      </pageButtons>
     <contents>
    <tableLayout>
     <contents>
      <rowLayout>
       <contents>
        <messageTextInput name="username" prompt="Enter Name"/>
       </contents>
      </rowLayout>
      <rowLayout>
       <contents>
        <messageTextInput name="password" prompt="Enter Password" secret="true"/>
       </contents>
      </rowLayout>
     </contents>
     </tableLayout>
    </contents>
    </pageLayout>
  </contents>
  </form>
  ...Then in its Action class I have:
  public void onLogin(DataActionContext ctx)
      //ctx.getBindingContainer();
      HttpServletRequest r = ctx.getHttpServletRequest();
      String userName = r.getParameter("username");
      String password = r.getParameter("password");
      // username and password required
      if (userName.length()==0 || password.length()==0)
        ctx.setActionForward("loginFailed");
        return;
  try
        // Get handle to Application Module that "carries" Staff View
        DCDataControl dc = ctx.getBindingContext().findDataControl("AppModuleDataControl");
        ApplicationModule am = dc.getApplicationModule();
        // find the Staff view object that holds username and password
        ViewObject vo = am.findViewObject("StaffView1");
        //find user
        Row[] userRow = vo.getRowSet().getFilteredRows("StaffId",userName.toUpperCase());
        System.out.println(" I never get here!?!?!!!!!");
    catch (Exception ex)
        //Set Main Error Page here
        System.out.println(ex.toString());
        ctx.setActionForward("loginFailed");
        return;
  }Seems like Row[] userRow = vo.getRowSet().getFilteredRows("StaffId",userName.toUpperCase());
  is not properly executed?!?
  Anybody know what the problem is??? This is based on Frank's code sample that I found on forum.

• External Authentication Against FND_USER Table

  About a month ago Paul Encarnation posted a question concerning external authentication. One to the methods being used was against the FND_USER table in Oracle Apps. I can see looking up the user account in FND_USER but what about the password? So if you are authenticating against the FND_USER table, please share how you are dealing with the password.
  Thanks.

  Hi,
  I have found the fnd_web_sec returns a boolean for a valid username / password combination but I'm still not sue how I can integrate this.
  Sorry for being thick but this is what I'm trying to do.
  I have an application built in htmldb that I want to be accessable from the e-business suite applications main menu. I've set this up and a user can select it how ever I have no authentication so even though its not assigned to you you can still goto the app by just entering the url. So when a user goes to that htmldb app I want to check that they have that resp assigned to them, this can be done with the following
  select 1 from apps.fnd_user_resp_groups ur, apps.fnd_user u
  where u.user_name = :APP_USER and u.user_id = ur.user_id
  and ur.responsibility_id = XXXX
  The two problems I have are:-
  If a user goings straight to the htmldb url I need to get them to log in and use the e-business suite login (we dont have SSO)
  Or if they are already in e-business suite and go to the htmldb app via the main menu page I need to pass that authentication across.
  I hope this makes sense.

• Login against database table,need help

  hi all:
  i need to develop a login page that authenticate users against a database table
  i made a login page with no bindings a submit button which submit the form to a struts data action ,i defined a custom method at the vo implementation expose it to the client interface and drag and drop this method into the struts action this is the method code
  public boolean findProjectOwnersByOwnerid (String Ownerid)
  setWhereClauseParam(0,Ownerid);
  executeQuery();
  boolean found = (first() != null );
  setWhereClause(null);
  setWhereClauseParams(null);
  setMaxFetchSize(0);
  return found;
  in the struts data action i override the data forword action this is the code:
  protected void findForward(DataActionContext actionContext) throws Exception
  // TODO: Override this oracle.adf.controller.struts.actions.DataAction method
  super.findForward(actionContext);
  String target="failed";
  JUCtrlActionBinding method = actionContext.getCustomMethod();
  String result = (String)method.getResult();
  System.out.println(result);
  if (result.equalsIgnoreCase("true"))
  target = "failed";
  if (result.equalsIgnoreCase("false"))
  target = "success";
  actionContext.setActionForward(target);
  now when i run this page i get this error java.lang.NullPointerException
  can anyone help please

  Hi,
  the nice thing with NullPointer exceptions is that it also tells you the source and line number where this occurs. It would be useful to follow up on this to see where the problem originates
  Frank

• Authentication & Authorization with SSO, JAAS and Database Tables mix

  Hi,
  I'm looking for how manage Authentication & Authorization in a J2EE ADF+Struts+JSP application.
  I'm interested in use SSO for authentication (I just did it programatically & dynamically already), and now I would like to could define authorization using database tables with users, groups, profiles, individual permissions, ..., (maitanined dynamically by web application admin) throught JAZN (JAAS or however is said) but not statically defining roles, groups, users, ... in jazn xml files.
  I saw that exists the possibility to create a custom DataSourceUserManager class to manage all this, and this gave me the idea that this could be possible to do (I was thinking in make a custom Authorization API over my application tables, without JAZN) but what is better that use and extended and consolidated aprox like JAZN.
  Anybody could tell me if my idea could be possible, and realizable, and maybe give me some orientation to build this approach.
  A lot of thanks in advanced.
  And sorry, excuse my so bad english.
  See you.

  Marcel,
  Originally the idea was to create a post to only explain how to do authentication using a Servlet filter. However,
  I have recently added code to the JHeadstart runtime and generators to enable both JAAS and 'Custom' authentication AND authorization in generated applications. Therefore, this post will be made after we have released the next patch release, as it will depend on these code changes.
  We currently plan to have the patch release available sometime in the second half of May.
  Kind regards,
  Peter Ebell
  JHeadstart Team

• Oracle Database Authentication against Microsoft Active Directory

  Hello
  Does anyone know if it is possible or can point me in the right direction of some documentation that discuss Oracle database user authentication against and Enterprise Directory Service, in my cases MS AD?
  My environment consists of Oracle RDBMS 10.2.0.3 on Linux Red Hat AS 4. Our users connect in from Window clients. I would like to know if there is a way to autheticate users from Windows to the database using LDAP based (AD) authentication. In oters words how do I configure authentication to be done for "identified globally accounts"? I know that the identified by globally accounts require the use of the CN which I have done, but it seems like there is some piece missing. Perhaps an Oracle schema or modification to Active Directory??
  So my questions are
  1. Is it possible to authenticate users against AD without the implementation of OID?
  2. Is there documentation someone has or can point me to that outlines the required steps?
  3. Anything I should know?
  I appreciate any help. The documentation I have found so far doesn't seem to be what I need... So I am looking for some advice.
  Thanks.

  Sure, two methods to auth from Oracle DB to MSAD:
  OID and OVD
  I am working on our own proof of concept configuring EUS connect to OVD with an MSAD as auth at the moment. OVD basically is presenting the database with OracleSchema and OracleContext info. And when you connect via netca (ldap.ora), you assign it as OID directory authentication type.
  Here's an OVD manual on Integrating with EUS (chapter 7 is for MSAD)http://www.oracle.com/technology/products/id_mgmt/ovds/pdf/e10286.pdf
  And this would be what the EUS config should look like:
  http://www.oracle.com/technology/deploy/security/database-security/howtos/eus-how-to.html
  If you've done everything in the first doc...
  Hope this answers your questions.

• Database Table and LDAP Authentication in the same repository?

  I'm wondering if it's possible to authenticate through database tables for some users and LDAP for other users. I can configure each one separately but I'm curious if anyone has ever successfully done both in the same repository.
  Thanks,
  -Matt

  Another thing to try is this. I don't have an LDAP server here but it worked for me without LDAP. I think it should also work with LDAP as it is the same idea. I don't think there is a way to have a conditional Init Blocks. Also you can't have two init blocks setting the same variable (USER in our case). But what you can do is to have two Init Blocks, one for LDAP authentication and the other one for table authentication. So you could have this scenario:
  1) LDAP "authentication" init block sets custom variable LDAP_USER
  2) Table "authentication" init block sets custom variable TABLE_USER
  3) Final authentication init block (the real one) sets USER variable using something like this:
  SELECT CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
  ELSE ':TABLE_USER'
  END
  FROM DUAL
  WHERE CASE WHEN ':USER' = 'SOME STRING' THEN ':LDAP_USER'
  ELSE ':TABLE_USER'
  END = ':USER'
  Note how I use the CASE statement both to return the user value I want the USER variable to be set and also in the WHERE clause to make sure no rows are returned in case authentication fails (which should return no rows to denote a failed authentication). Obviously you need to set the init block dependancies correctly. I did a quick test with users coming from two separate Oracle tables in 2 init biocks and it worked fine for me. Give it a try and let me know how it goes.

• NOT SEE BIP FOLDER ASSIGNED BY USING BIEE EXTERNAL DATABASE TABLE AUTHENTIC

  All users using BIEE external database table authentication cannot see the BI Publisher folders and data source assign to their roles.
  ### Steps to Reproduce ###
  1) I create one table in Oracle database to store user name, password, group name and etc as
  follows:
  CREATE TABLE "KPI_STAGE"."USER_INFO_TAB" (
  "USER_ID" VARCHAR2(30 byte) NOT NULL,
  "PASSWORD" VARCHAR2(50 byte),
  "DISPLAY_NAME" VARCHAR2(50 byte),
  "GROUP_ID" VARCHAR2(250 byte),
  "LOG_LEVEL" VARCHAR2(5 byte),
  CONSTRAINT "USER_INFO_PK_1" PRIMARY
  KEY("USER_ID")
  2) I create one session variable initialization block named "security_test" as follows:
  2.1)Data Source: select USER_ID,DISPLAY_NAME,LOG_LEVEL,GROUP_ID,GROUP_ID from USER_INFO_TAB where
  PASSWORD=':PASSWORD' and USER_ID=upper(':USER')
  2.2)Variable Target: USER, DISPLAYNAME,LOGLEVEL,GROUP and WEBGROUPS
  3) I can use user_id and password to login into BIEE and BIP then.
  4) According to [http://blogs.oracle.com/xmlpublisher/discuss/msgReader$223?mode=topic&y=2007&m=4&d=2]
  I use "Oracle BI Server" Security Model for BI Publisher.
  5)After I use 'Administrator' user to login into BIP, I create one BIP role "XML_USER"and assign some BIP folders and data source to this role.
  5) I update the role name "XML_USER" into table user_info_tab
  column GROUP_ID.
  update table user_info_tab set group_id = 'XML_USER'
  6) I think I can use some user in the table"user_info_tab" to login into BIP and see the folders which I have assigned to the role 'XML_USER'.
  But the result is that: I can login into BIP but can not see assigned folders.
  However
  If in the step 2.1 above for the initialization block, I don't include PASSWORD in the select language:
  2.1)Data Source: select USER_ID,DISPLAY_NAME,LOG_LEVEL,GROUP_ID,GROUP_ID from USER_INFO_TAB where USER_ID=upper(':USER')
  I can see the assigned BIP folders, but it is not security.
  Any one know how to solve this problem?

  Hi,
  I am also using external database authentication.
  The table contains user, group and password info which is passed on to BI application thru init_user_details init block in RPD. Follow is the query used.
  SELECT USERNAME, GRP FROM NXRP_MST_USR_TYPE WHERE USERNAME=':USER' AND PASSWORD=':PASSWORD'
  and the username and group is saved in Session variables USER and GROUP respectively.
  Also "Oracle BI Server" security model is used in the BI Publisher.
  I am able to login in to BI Answers but not into BIP.
  I have also set SA system subject Area.
  Could some one help?
  Thanks

• Authorization scheme for users stored in a database table?

  Hello!
  I'm trying to find out how to make an authorization scheme for database users.
  I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
  A word of explanation:_
  I have a table in my database, named "USERS". Inside this table, I have the following columns:
  - USERID (NUMBER)
  - USERNAME (VARCHAR2(50))
  - PASSWORD (VARCHAR2(50))
  - EMAIL (VARCHAR2(200))
  For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
  What I want:_
  When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
  So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
  I also want the UserID to be stored somewhere in the application (if possible, in an application item).
  How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
  Any help is greatly appreciated.

  I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
  From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
  function validate_login (
     p_username   in   varchar2
  , p_password   in   varchar2) return boolean
  is
  v_result varchar2(1);
  begin
  select null into v_result
  from USERS
  where userid = p_username
  and password = p_password;
  return true;
  when no_data_found then return false;
  end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
  And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
  Rod West

• Authentication against oracle

  Hi
  How does one configure an authenticator which uses oracle accounts and passwords? We have an existing database (and users), and would like to write jdeveloper + ADF applications. Is it necessary to write your own code for this or is there an existing provider which can authenticate against the existing user accounts?
  thanks

  Hi,
  How does one configure an authenticator which uses oracle accounts and passwords?
  if you want to authenticate against database user schema then you need to write a custom authentication provider. If the user is stored in a database table then you can use the default SQL authentication provider
  Frank

• Database Table cannot be found when Verify Database

  Post Author: brentlaw
  CA Forum: Other
  I have been using CRW 7 for many years.  I recently upgraded to XI (I have current version).  I can open existing reports and create new reports fine.  The problem is when I Verify Database I get an error message "The Database table <tablename here> cannot be found. Remove this table from the report". 
  This happens to all existing and new created reports.  The data fills correctly when previewing.  The problem only occurs when Verifying Database. 
  I thought it might be an ODBC driver problem so I upgraded my driver to v 3.525.1117.  At least I think I upgraded it I did not check the version before I installed SQL 2005 SP2.  After installing SP2 it seemed to be fine but a week later the problem came back.  Mysterious eh?
  I am trying to launch a report from VB6 using RDC and rpt file.  I get logged in correctly but at .viewreport I get a generic error message.  I am assuming the problem is related the the issue I raise in this forum post.

  Post Author: brentlaw
  CA Forum: Other
  I fixed the problem.  In CR XI Developer Designer window I opened up Database-SetDataSourceLocation.  I noticed that in "Properties" the last item "Use DSN Default Properties": was set to True.  I changed this value to False.  Now this problem is solved.
  I am Not using Windows Authentication I am using SQLServer authentication.  In my code I was passing SQLServer Authentication credentials. 
  I opened up all of my CR 7 reports in CR XI and changed this setting on both the Main and the Subreort property in the SetDataSourceLocation dialog box and now all my reports work.  I am a happy camper.
  I don't know if this is a CR 7 conversion to CR XI only situation or not.  Hope this information helps someone else.

• Ubuntu Karmic authentication against Snow leopard open directory server

  Hi,
  I'm looking for help. I've tried to configure an installation of Karmic to authenticate against our office's open directory server running on an osx snow leopard server. Currently `getent password` show all users including those from the open directory server when running the command as both root and normal users. However authentication against the open directry users fails with the following messages in the /var/log/auth.log:-
  Dec 7 22:42:05 [hostname] getent: nss_ldap: failed to bind to LDAP server ldap://server.domain.com: Invalid credentials
  Dec 7 22:42:05 [hostname] getent: nss_ldap: could not search LDAP server - Server is unavailable
  (I've changed the hostname and ldap url)
  /etc/ldap.conf has:-
  base dc=server,dc=domain,dc=com
  ldap_version 3
  rootbinddn cn=diradmin,dc=server,dc=domain,dc=com
  bind_policy soft
  pam_password md5
  /etc/ldap.secret is set to the password of the diradmin user and has a permission mask of 600
  /etc/pam.d/common-passwd :-
  password sufficient pam_ldap.so md5
  password required pam_unix.so nullok obscure md5
  password optional pam_smbpass.so nullok use_authtok tryfirstpass missingok
  /etc/pam.d/common-auth:-
  auth [success=2 default=ignore] pam_unix.so nullok_secure
  auth [success=1 default=ignore] pam_ldap.so usefirstpass
  auth requisite pam_deny.so
  auth required pam_permit.so
  /etc/pam.d/common-account:-
  account [success=2 newauthtokreqd=done default=ignore] pam_unix.so
  account [success=1 default=ignore] pam_ldap.so
  account requisite pam_deny.so
  account required pam_permit.so
  /etc/pam.d/common-session
  session [default=1] pam_permit.so
  session requisite pam_deny.so
  session required pam_permit.so
  session required pam_unix.so
  session optional pam_ldap.so
  session optional pamckconnector.so nox11
  Does anyone have any ideas where to go from here?
  Message was edited by: zebardy

  Hi
  It's easy enough to 'connect' any version of OS X Server to any other version of OS X Server. Use the Join button in the Users & Groups Preferences Pane. Alternatively use the Directory Utility itself.
  You seem to be misunderstanding what an Open Directory Master and Replica are? They are not what I think you think they are. They are not a 'back-up' of each other if you're providing more than the shared Directory Service.
  An OD Replica maintains a read-only copy of the LDAP Database (Usernames, Passwords and Policies etc) that's stored on the OD Master and nothing more. If the Master was to go offline for any reason the Replica can be quickly promoted to a Master Role and continue to provide information for the shared directory. This assumes it has easy and quick access to the Volume storing networked home folders? The LDAP Database in that case would then become writable. Later on and whenever you've fixed the problem with the old Master it can quickly be demoted and made a Replica of the now new Master.
  Although this is for 10.6 Server (it is nevertheless still applicable) everything you need to know about Master and Replica relationships is here:
  http://manuals.info.apple.com/en_US/OpenDirAdmin_v10.6.pdf
  Page 55 onwards.
  From Page 64:
  "The Open Directory master and its replicas must use the same version of Mac OS X Server. . ."
  If your OD Master is also providing Mail, Calendar and Contact Services then none of these will be replicated. You will have to maintain a backup of these databases yourself using whatever method you deem fit for your needs.
  HTH?
  Tony

• How to create a new field in predefined database table

  Hi friends,
  now i am working on scripts. In script form i have got a new field(vehicle number in goods receipt against purchase order) which is not available in any table.  i think we have to create a new field in database table.how to create  field in a pre defined data base table.

  Hi,
  To add new field to table, there are two option.
  1.Include structure and
  2. append struct..
  the best way is append structure.
  goto se11>give your table name>there is append structure button, when you will click on it, it will create a 'append  structure',
  after activating it, it will add fields to your table.

• Auto populate values in the the database table

  Hi All,
  I have a requirement where user enter values in one of the ZTransaction. This will update a Ztable. So the new requirement is to add two new columns in the fields, which is completed. Now this two new fields are supposed to auto populate values based upon the key field .
  The transaction code is defined with Transaction as SM30 and Default values as
  Name of the screen field     value
  Update                               X
  VIEWNAME                      "table name which the values are updated".
  Please let me know how to do this.
  Thank you!!

  Hi Swetha,
  I am unsure of what you are trying to accomplish so I will make a few assumption and perhaps you can find some benefit in it.
  I suppose you are trying to add new fields to a custom (Z) database table.
  If so then use SE11 to add the two new columns.
  After this is complete then rebuild the table maintenance by using the following path: SE11-> Utilities->Table Maintenance Generator.  (Remember to double check the Recording Routine Radio button.)
  If the user needs fields automatically populated then check the following link.  It describes how to use table maintenance events.  I suppose you need to use Event 01 and Event 05.
  http://help.sap.com/saphelp_nw04/helpdata/en/91/ca9f0ea9d111d1a5690000e82deaaa/frameset.htm
  Good luck and reward points if helpful,
  AK
  Moderator message -  Asking for points is against the Forum's RoE
  Message was edited by: Suhas Saha