Authentication & Authorization with SSO, JAAS and Database Tables mix
Hi,
I'm looking for how manage Authentication & Authorization in a J2EE ADF+Struts+JSP application.
I'm interested in use SSO for authentication (I just did it programatically & dynamically already), and now I would like to could define authorization using database tables with users, groups, profiles, individual permissions, ..., (maitanined dynamically by web application admin) throught JAZN (JAAS or however is said) but not statically defining roles, groups, users, ... in jazn xml files.
I saw that exists the possibility to create a custom DataSourceUserManager class to manage all this, and this gave me the idea that this could be possible to do (I was thinking in make a custom Authorization API over my application tables, without JAZN) but what is better that use and extended and consolidated aprox like JAZN.
Anybody could tell me if my idea could be possible, and realizable, and maybe give me some orientation to build this approach.
A lot of thanks in advanced.
And sorry, excuse my so bad english.
See you.
Marcel,
Originally the idea was to create a post to only explain how to do authentication using a Servlet filter. However,
I have recently added code to the JHeadstart runtime and generators to enable both JAAS and 'Custom' authentication AND authorization in generated applications. Therefore, this post will be made after we have released the next patch release, as it will depend on these code changes.
We currently plan to have the patch release available sometime in the second half of May.
Kind regards,
Peter Ebell
JHeadstart Team
Similar Messages
-
Simple authentication and authorization with a servlet and a filter
Could somebody point me to code example that do simple authentication/authorization using one servlet and one filter? (without Spring, Struts, JSF or any framework)
I’m having a lot of problems with that, apparently, easy task.
These are the rules:
- A simple login page
- Two roles (admin, registered).
- If the user loged is an admin, redirect to his entry page (private/admin/index.jsp).
- If the user loged is of role registered, redirect him to his entry page (private/registered/index.jsp).
- If it’s not a valid user, redirect again to login page.
- Admin’s users cannot go to private/registered/ area.
- Registered users cannot go to private/admin/ area.
- Non authenticated user cannot go to private/ area
Thanks a lot in advance!
Edited by: JLuis on 25-ago-2010 15:27AccessControl.java:
package com.tlsformacion.security;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.tlsformacion.utils.Log;
public final class AccessControl extends HttpServlet {
private static final long serialVersionUID = 5741058615983779764L;
private static final String USERNAME_ATTR = "username";
private static final String PWD_ATTR = "password";
private static final String LOGIN_PAGE_ATTR = "login_page";
private static final String ROL_ATTR = "role";
private boolean isAuthentic = false;
private String role = null;
private String loginPage = null;
public AccessControl() {
super();
public void init(ServletConfig config) throws ServletException {
loginPage = config.getInitParameter(LOGIN_PAGE_ATTR);
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doGet");
doAccessControl(request, response);
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doPost");
doAccessControl(request, response);
private void doAccessControl (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doAccessControl");
doAuthentication(request, response);
if (isAuthentic) { //Authentic user
doAuthorization(request, response);
} else { //User NOT authentic
doRejection(request, response);
private void doAuthentication(HttpServletRequest request, HttpServletResponse response) {
debug("Inside doAuthentication");
String requestedURI = request.getRequestURI();
if (requestedURI.contains("/AccessControl")) { //Comes from login page
debug("Comes from login page");
String username = request.getParameter(USERNAME_ATTR);
String pwd = request.getParameter(PWD_ATTR);
role = getRole(username, pwd);
if (role != null) {
isAuthentic = true;
request.getSession().setAttribute(ROL_ATTR, role);
} else { //Doesn't comes from login page
debug("Doesn't comes from login page");
if (isInSession(request)) {
debug("Rol is in session");
isAuthentic = true;
} else {
debug("Rol is NOT in session");
private void doAuthorization(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doAuthorization");
String requestedURI = request.getRequestURI();
debug("requestedURI: " + requestedURI);
if (requestedURI.contains("/AccessControl")) { //Comes from login page
goHomePage(request, response);
} else if (requestedURI.contains("/private/" + role)) { //Trying to access his private area
goRequestedPage(request, response);
} else { //Trying to access other roles private area
goLoginPage(request, response);
private void doRejection(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goRejection");
role = null;
goLoginPage(request, response);
private void goHomePage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goHomePage");
String homePage = "private/" + role + "/index.jsp";
goPage(request, response, homePage);
private void goLoginPage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goLoginPage");
goPage(request, response, loginPage);
private void goRequestedPage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goRequestedPage");
String contextPath = request.getContextPath();
debug("contextPath: " + contextPath);
String requestedPage = request.getRequestURI().replace(contextPath + "/", "");
goPage(request, response, requestedPage);
private void goPage(HttpServletRequest request, HttpServletResponse response, String page) throws IOException, ServletException {
debug("Inside goPage ...trying to go to: " + page);
//Option A
response.sendRedirect(page);
//Option B
//RequestDispatcher requestDispatcher = request.getRequestDispatcher(page);
//requestDispatcher.forward(request, response);
private boolean isInSession(HttpServletRequest httpRequest) {
boolean inSession = false;
role = (String)httpRequest.getSession().getAttribute(ROL_ATTR);
if (role != null && !role.equals("")) {
inSession = true;
return inSession;
//PENDIENTE: mock method!
private String getRole(String username, String pwd) {
String role = null;
if (username.equals("admin") && pwd.equals("admin")) {
role = "administrator";
} else if (username.equals("regis") && pwd.equals("regis")) {
role = "registered";
return role;
private void debug(String msg) {
Log.debug(msg);
}Proyect Folder Structure:
WebContent
login.html
private
administrator
index.jsp
registered
index.jspBasically, the problem is that if you try to log as admin/admin (for example) the servlet AccessControl executes infinitely
Edited by: JLuis on 26-ago-2010 8:04 -
Create a data source and database tables using WSAD
Hi, guys:
the following is from a tutorial:
http://www-106.ibm.com/developerworks/websphere/techjournal/0306_wosnick/wosnick.html
"To create the data source and Cloudscape database tables automatically, right click on the HelloWorldServer in the Servers view, and select the Create tables and data sources menu item. A dialog will then display showing that the data source and database tables were created successfully (Figure 5)."
I am using WSAD 5.0 trial version. I cannot find Create tables and data sources menu item if I right click on the HelloWorldServer in the Servers view. I am wondering if this is because trial version does not have this feature?
regardsThis question is a little off topic but you may get a reply. Please note this forum is about Sun's J2EE SDK and its related technologies. You may have better luck posting your question to an IBM specific resource.
-
Search static pages AND database tables
Hi,
I'm working on a project in which I have static content
pages, plus I'm creating a set of dynamic pages that display jobs
and events listings etc. The dynamic pages are going to run off an
access database.
I'm need to create a search facility on the site. At present
I'm planning to use a drop down box (or radio buttons ?) to allow
the user to select which part of the site to search (main site,
jobs or events), the selection will determine which search page the
form query is passed to (site text search or database query search
page).
Am I approaching this correctly.
Can anyone comment on possibly a better or alternative way of
providing such a search option ? (searching both static pages and
database tables)
Thanks in advance.I guess something like <cffile action="read"
file="C:\docs\shopping.html" variable="shoppingList">. Is there
a way to do multiple files at once? -
I HAVE A SOURCE TABLE WITH 10 RECORDS AND TARGET TABLE 15 RECORDS. MY QUESTION IS USING WITH THE TABLE COMPARISON TRANSFORM .I WANT TO DELETE UNMATCHED RECORDS FROM THE TARGET TABLE ?? HOW IT IS ??
Hi Kishore,
First identify deleted records by selecting "Detect deleted rows from comparison table" feature in Table Comparison
Then Use Map Operation with Input row type as "delete" and output row type as "delete" to delete records from target table. -
JSF and Database tables in the pages...
Hi guys,
I am following this excellent tutorial http://www.oracle.com/technology/oramag/oracle/06-jan/o16jsf.html as I am learning JSF using JDeveloper. Unfortunately since my knowledge of JDeveloper and JSF being rather limited, there is one section in the tutorial that I am unable to understand. If you do a search on that web page and type in 'column1' without the quotes, I am unable to understand where the author got that object from.
Barring that I also had another question. I just saw a demo video of Netbeans taking the Entity beans generated from the database tables and creating JSF pages based on the tables with one click that showed the data very nicely in a table format in the jsp page. Is there some sort of functionality like that? Or is that JEE 5 specific? Also is JDeveloper JEE 5 compliant as of yet?
Sorry for the laundry list of questions.
SuryaBefore I make an even bigger fool of myself in this forum, the tutorial has 2 parts. Does part 2 depend on part 1 to get it working right because I feel as if I am missing something.
Also it seems that for however many columns we are able to retrieve from our ResultSet we should know beforehand so we can code up the DataTable. This might not be the case all the time I guess, so is that where the JSF support in the ADF framework comes in and makes life a lot easier for the developer?
Thanks for answering all my questions.
Surya -
Difference between Infotype and Database table
Hi all,
in SAP ABAP-HR we have the concept of INFOTYPE. will anybpdy please tell me , in simple word, what exactly is it? and what are the difference of INFOTYPE with DATABASE TABLE.
Anirban Bhattacharjeehi,
infotypes contains group of logically related fields on a single screen (just like TABLE) and which is bounded by TIME CONSTRIANT (no time constrint for table).
main diffarence is TIME CONSTRAINT, means validity period of data records in infotypes based on time constrint only.
for more information on time constrint follow this link.........
http://help.sap.com/saphelp_erp2005/helpdata/en/48/35c9f24abf11d18a0f0000e816ae6e/content.htm
each infotype contains, its corresponding database table.
ex: 0002---> personal information.
its database table: pa0002.
the table pa0002 contains four strctures pakey, pshd1, ps0002 and ci_p0002.
pakey-->contains key fields information.
psdh1--->contains last logon detils (usename....)
ps0002--->contains infotype specific fields.
ci_p0002--> for furthur addinf an any extra fields
Edited by: Ashok Reddy on Jun 25, 2008 2:12 PM -
REG:Internal table and Database table
Hi Xperts,
Can you tell me /give me a sample code so as to
Compare the data present in the database table and internal table.i.e
Wheher the data in the db table matches with the data in the internal table
Thanks.Hello,
First make sure that data is there in the internal table
TABLES : Declare your table example MARA, VBAK etc
TYPES: BEGIN OF ITAB1,
Declare your fields here
example
v_mat(10) type c,
v_code(5) type I,
END OF ITAB1.
IF NOT ITAB[] is INITIAL.
LOOP AT
END IF.
To compare the data with DB tables, read the database table and copy into the internal table ITAB2
Then compare the ITAB and ITAB1
IF ITAB1[] = ITAB2[]
END IF
See these links for [Creating Internal Tables|http://help.sap.com/saphelp_nw04/helpdata/en/fc/eb3660358411d1829f0000e829fbfe/content.htm]
[Comparing Internal Tables|http://help.sap.com/saphelp_nw04/helpdata/en/fc/eb3841358411d1829f0000e829fbfe/content.htm]
See this for more about [Processing Internal Tables|http://help.sap.com/saphelp_nw04/helpdata/en/fc/eb36ae358411d1829f0000e829fbfe/content.htm]
Declaring the internal table in ABAP objects
[Thanks|http://chandranonline.blogspot.com/]
[Chandran|http://chandranonline.blogspot.com/] -
Hello, Identity manager fail to add entries in the LDAP and database table
Hello,
Well I installed identity manager 7 in a windows 2003 advanced server.
I I appended an NT server resource, a Mysql table, a solaris server resource and an ldap server resource.
I created the roles for these resources and then I assigned them to an account that I created for testing purposes.
After the aprooval, in the solaris machine, the user has been added in the user database but no home directory has been created as I didn't set the apropriate flag to true.
I the windows resource everything worked very smooth and with no problem.
In the ldap and mysql table resources I recieved a failure having error message null. and from a sniffing that I did for investigation I never saw a sigle packed arrive to the mysql server or to the directory server from the idm server.
Any ideas or suggestions on what to do ?Well the problem with the directory server just solved.
But the problem with mysql remains.
The first thing that I do when I add a resource is to test the connection.
The problem with the LDAP is that the dn was not present in the directory server. They gave me an ou that didn't exist. -
How i get user info from ldap using java after authenticating user with SSO
Hi
I have one jsp/bean application as a partner application with SSO.
It works fine.
Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
using SSO java APIs i only get username, userDN, subscriber info.
To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
so here i my question, how do i get user password after he has logged in thro SSO.
regards..
and thanking u in advance
samirValentina,
there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
--Olaf -
Issue with fields of a database table
Hi All,
While browsing through database table T2515, i have observed that in 'fields' tab, there are only 2 fields visible ie MANDT and WWSSN.
When we see the contents of table, there will be one more additional field called BEZTEK.
Now my requirement is to retrieve data from both WWSSN and BEZTEK fields.
How to define internal table and how to write select statement in such cases?
Moreover, from where this BEZTEK will get populate, when we see the contents of table in se11?
Regards
PavanHi,
BEZTEK may be coming from the Text table related to T2515. See the text table of T2515 (SE11 -> Menu option Goto -> Text Table).
Regards
Vinod -
Error with view link and ADF table Tree
Hello
( Note: View objects are created based on static data but not from database tables)
I created two view objects "SuiteViewObject" and "FamilyViewObject" which are based on static data( stored in collection) but not on database entity. A veiw link "SuiteFamilyViewLink" is created from the above two view objects. An ADFTreeTable is created from the above view objects and view link. When run the jspx page containing ADFTreeTable, following error is occured in the browser.
JBO-30003: The application pool (staticviewobjects.staticappLocal) failed to checkout an application module due to the following exception:
oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.InvalidOperException, msg=JBO-26016: Cannot set user query to view "FamilyViewObj2" because it is a destination in a view link
Any help on the above error message.?
Thanks in Advance
Kristi
Bangalore
Message was edited by:
user576892Hello
The above error is coming becuase view link's SQL query expects tables. But in my case I dont have tables, view objects are created from static data source(collection).
How to create a view link from view objects which are created based on static data source(collection)? -
Data source and Database table
Hi All,
I am working on BW and i am trying to figure out the linkages between Database table and the data sources in our source system. I need to figure out which database table is linked to a particular datasource. Please guide me on the process.
Thanks and regards,
AnkurHi Ankur,
In your source system look in table ROOSOURCE using SE16 and fill in your DataSource.
The field EXTRACTOR will contain:
- Table/DB-view name (if DS is based on a table -> EXMETHOD = V)
- Function module (EXMETHOD = F1, F2 or FS)
- Domain - fixed values (EXMETHOD = D)
- ABAP Query (EXMETHOD = Q)
When a Function Module is used to extract the data (EXMETHOD F1/F2/FS) you need some ABAP skills to understand the code (SE37). From there you can derive from which table(s) it is getting the data.
Hope this helps...
Grtx
Marco -
How to keep EJBs and Database Tables in sync ?
Hello dear fellow JDeveloper 11 users,
after i created some EJB 3 entity beans and some offline database table definitions
i would like to get them linked to each other, and to keep them in sync.
where do i do that? cant find it, have i missed it?
thanks for any tips,
thomas
thomas.nagel (at) materna.deBoth questions are not JDev 11 specific and work in JDev 10.1.3.x also.
To keep entities in sync you have tell the underlying orm layer when to refresh its cache. One way for doing this is to use hints in the NamedQueries like this one
hints =
{ @QueryHint(name = TopLinkQueryHints.REFRESH, value = HintValues.TRUE)Linking EJBs could be easily done (ie automagically during EJB from Tables creation) if the underlying datamodel uses foreign keys relationships.
--olaf -
Help with drop create and update table
Sir/Madam,
I have joined 5 tables and selected some columns ,then I need to update some columns in that. After updating I need to create a report with the new column values.
To do this my method is to create temp table with the select statement then update the temp table , use this temp table for the report and then drop the temp table.
Is there anyother way to do this ??
Can I create a cursor and update the cursor column ??
Does dynamic sql always be created as procedure ??Hi,
you need to understand how eventing works in BSP and MVC architecture. Pls refer to the below link for a basic understanding of how BSP works - View, Controller and Model class concepts.
http://www.sapdev.co.uk/webapps/bsp/washome.htm
For your requirement -
1. you need a view on which you will create a drop down list UI element and a table view element
2. you will need to create a contoller class - this will be used to handle the event that will be triggered when user selects an entry from drop down list
3. you will need a model class in which you will write the business logic to retrieve employees of selected department.
Pls search this forum or blogs for - data binding with BSPs, Table View. Pls read these concepts and try to develop your requirement. You can come back to this forum if you face any issues during development.
hope this helps.
Maybe you are looking for
-
OraRRP Error with "Unable to copy data file;Error code 2, check disk space"
Hi, Some users get this message -"Unable to copy data file;Error code 2, check disk space" when run report with orarrp, but most users do not get it. I check free space at both server and client side, they are very sufficient. I also checked director
-
I have Struts 1.1 working in the portal
Hello all, I was having the same problem you have all seen. The long: com.bea.netuix.nf.UIControlException: No ActionResult returned for action [/Home] in Struts module []. Please ensure that both module and action are correct in portlet StrutsConten
-
Issue regarding currency conversion
Hi Experts, I'm having issue with currency conversion. Default report output values are displaying in 'EURO' and I had created a toolabar with currency conversion buttons. When this button is selected, values has to be changed into user select curren
-
Hi Guys, I have always been annoyed by not finding the right brightness on my display. It or either to bright or too dark.. BUT I came to the conclusion it is the whites on the display that makes it too bright and my eyes get tired. I think an excele
-
PXI 6602 and encoder reading with two counters
I'm reading three encoders with 2000 pulses for each revolution with a PXI 6602. As the loads are connected to the motors through a transmission ratio of 200 I need to count both the encoder pulses in each revolution and the number of revolutions. I