Authentication using database accounts (EJB)
Hi.
I'm developing a web app(struts, jsp). Users should log-in using their Oracle
database accounts (created with CREATE USER ...). Is it possible to accomplish that using EJB? How?
I've read that i can somehow map application server's users with database users
using sql authentication providers: Wouldn't then sql queries made by ejbs
still be executed with the same user every time?
Normally application servers use a shared login to allow using a shared connection pool, and avoid the cost of logging in and out.
Are you using JPA or the native TopLink API? Are you using JTA?
TopLink / EclipseLink have several features for user logins.
You can use Oracle proxy connections, these allow a shared connection pool to be used, but allow setting a proxy user on the connection.
See, org.eclipse.persistence.config.PersistenceUnitProperties.ORACLE_PROXY_TYPE
You can also use real database logins with JPA (or ServerSession) through using a JPA EntityManager properties or a ConnectionPolicy.
See, org.eclipse.persistence.config.EntityManagerProperties, org.eclipse.persistence.sessions.server.ConnectionPolicy.
You also have the option of using a shared login for reads, and a user login for writes.
If you are using the native API, you can also use DatabaseSessions.
James : http://www.eclipselink.org
Similar Messages
-
Authentication Scheme - Database Account with login user exists in table
Hi all,
I m new to APEX. Could anyone tell me how can i modify the authentication scheme to validate the user by Database Account DB user & password, also the username must exist in a table
As the DB is not only designed for one application, so DB account may incl. DB users more than the users who can access the APEX application. So I must check the user name exists in a table also.
Thx.Scott,
I try to save the msg in application item and set the message by application item in process before header, it works perfect. The message display as what i want :)
One more question is i would like to give this link to user will go let the user go to the target page and can edit the page without doing any searching b4.
http://XXX/apex/f?p=115:3::NO:::P3_ID:82
If the user hvnt login, system will prompt login page, after the user login it, it will direct go to the target page. I have try if the user type in a wrong username / password it still work after i retype a correct one. The page can redirect to the target page.
However, if i type in a user name & password is correct but not exist in my define table like what i stated b4. Then i type in a correct one I can just go to page 1 instead of the target one.
How can i do the same thing?
Sorry for non-stop questioning, but pls help. Thanks a lot. -
Client remote Authentication using JAAS and EJB Access
Hi,
I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:
I have implemented an EJB who's methods are protected through the deployment descriptor:
<assembly-descriptor>
<security-role>
<description>role for clients outside of the server </description>
<role-name>sedna</role-name>
</security-role>
<method-permission>
<role-name>sedna</role-name>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
</method-permission>
<method-permission>
<unchecked/>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-name>getVersion</method-name>
</method>
<method>
<ejb-name>ServerInfoBean</ejb-name>
<method-name>create</method-name>
</method>
</method-permission>
</assembly-descriptor>I've deployed the EJB in a jar file which was packed into an ear file of a bigger application. The role has been mapped to the admin Principal in the sun-ejb-jar.xml descriptor.
I can find the EJB, create it, and call the unchecked method getVersion and that works fine, so far so good.
But then I try to access another method which is protected and then I get this exception
org.omg.CORBA.NO_PERMISSION: vmcid: 0x2000 minor code: 1806 completed: Maybe
at com.sun.enterprise.iiop.POAProtocolMgr.mapException(POAProtocolMgr.java:179)
at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:853)
at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:137)
...I have to mention that I do make a login via the LoginContext. My jaas.config File has a reference to the com.sun.enterprise.security.auth.login.ClientPasswordLoginModule module.
After login (which works perfectly) I lookup the context with a corbaname url which - if I understood it right - ignores the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS settings.
After that I make the calls to the EJB. And I am allways ANONYMOUS on the server side, which is definitely the problem. Because ANONYMOUS is not allowed to call the protected EJB Methods. But I made a jaas login in advance. So where am I making a mistake???
Am I doing something wrong?
Need help! Thx,
StephanHi.
I understand correctly that you call Subject.doAs on
the client to call the remote EJB. I guess It isn't
right way.I had also a bad feeling about this, so I forget it. But anyway it wasn't working with or without using that doAs().
>
>
Subject contextSubject =
Subject.getSubject(AccessController.getContext());
contextSubject.getPrincipals();This code throws exceptions in the Appserver. Unfortunately they are catched somewhere so I'm unable to find out what was going wrong. But I guess, that these exceptions where security exceptions. Never the less thanks for the hint!
But I don't think that doing the check on the server side is the way I want to go because that is programmatically security and I want to use the declarative security which can be used through the deployment descriptor. If used correctly - and supposed I do not completely misunderstand the specification - then it should be possible to create an EJB that is protected via it's deployment descriptor and access it through the client only if the client has been authenticated through JAAS mechanisms. After successful authentication the principal should be accessible through the EJB context but not for security check, that should allready been done at this time.
Unfortunately I don't find any resource on the internet describing the scenario in such a detail that I can reproduce it. There are only very high level documentations and hints in forums.
Again, thanks for your effort,
Stephan -
Authentication using database in j2ee ri server? URGENT!!
Hello I have installed j2sdkee1.3.1 and I use the web and ejb server that it includes. I start it with j2ee.bat and I create a application with jsp and ejb, and I use deploytool to deploy it. I don't have problem, but now I would like to use a form-based autentication. I config it in deploytool but I want that the j2ee server access to a database to check if a user have the role that he need to access. I do this with the option of deploytool in which you can add users and roles, but I don't know how to config it for a database.
In tomcat4.1 you can do this adding the next lines to server.xml:
<Realm className="org.apache.catalina.realm.MemoryRealm" />
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.jnetdirect.jsql.JSQLDriver"
connectionURL="jdbc:JSQLConnect://localhost/database=name"
connectionName="user" connectionPassword="pass"
userTable="user" userNameCol="usuario" userCredCol="clave"
userRoleTable="userRol" roleNameCol="rol" />
I want to use only the j2ee server. I config it in j2sdkee1.3.1\conf\server.xml adding the next lines, as I do with Tomcat but here in j2ee it isn't.
I don't know why j2ee server doesn't use this file, or how I have to config it to use a database to autenticate.
It's very urgent.
Thanks for all and sorry for my english I'm spanish.Hi Moi,
j2ee1.3.1 is not supported any more. Please try j2ee1.4beta2.
Regards,
-- markus. -
Database Account and User Groups
Hello,
Currently, I am using DATABASE ACCOUNT for an authentication scheme for all of my applications but, I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users. I have read that, in order to apply user groups in an application, you must use APPLICATON EXPRESS ACCOUNT credentials.
Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.
Is there a way to create user groups while using DATABASE ACCOUNT for authentication? What is the best practice in a case like this?
Can anyone please shed some light on this? Thanks.
- DeeDee,
I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users.I'm not clear on what your purpose is, just runtime authorization, or something more?
Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.Those tables belong to your application's parsing schema and they are accessed only by code in applications you develop. The Application Express machinery knows nothing about them.
Is there a way to create user groups while using DATABASE ACCOUNT for authentication?You can create your own tables to define groups and to keep track of which named accounts belong to which groups. And you can write an API for applications to use to query this information and to maintain it from custom applications built for that purpose.
All -
I have the following questions:
1. I currently have APEX 2.0 in 3 databases. How can I upgrade them to APEX 2.2? APEX 2.0 uses the tablespaces called HTMLDB and FILES.
2. How can I use database account credentials in APEX 2.2? Is there any detailed instruction on the Website?
Thanks.
AndyDownload 2.2 and use the upgrade installation option. I don't understand the part about tablespaces.
About the authentication scheme, just create an authentication scheme and select the new method and try it out.
Detailed instructions on the website? What website or URL?
Scott -
Accessing several applications after logging into database account once
I have several applications with authentication against database accounts. I would like to create a situation in which users only have to log in once and are able to use all the applications they are allowed to use afterwards without having to log in again.
Has anyone already got a solution for this problem?
Your suggestions are very welcome,
Greets, DikI understand that it is possible for applictions within one workspace. These applications share the same session.
What applications share the same session? Applications belonging to the same workspace that might operate at the same time? As a generic rule? No, this is not the case. Those applications share the same session only if you intend them to, but they need not.
Applications that do not belong to the same workspace cannot share the same session.
Single Sign-On (without a login server) is something you'd have to cook up yourself. That would have nothing to do with session-sharing but rather the ability of multiple applications to reference some artifact outside the application (a session cookie, an HTTP header value, a combination of those, ...) that would help it identify that authentication (by some trusted authority) had occurred. Each application could then do its own session management independent of that finding.
Scott -
How to create an database account authentication scheme in apex
Dear
I have an apex installation (embeded) on oracle 11g.
I want to create a database account authentication scheme in apex. I have seen the page with different tab like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and the effects. I have gone thru the documentation 'Application Builder User’s Guide Release 4.1' , but the functionalities of these tabs are not mentioned.
Please help.
Dennis
Edited by: Dennis John on Feb 28, 2012 10:57 PMThanks to dear Jit
I am new to apex.
I have gone thru that documents but I couldn't find any detailed documentation about the database account authentication scheme configuration
The database account authentication scheme creation interface will show tabs like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and how it will reflect in the login. The specified documentation is not giving any detail about the above mentioned tabs of authentication scheme creation iwizard.
And also I want to know how the applciation user will be mapped to the database account?
As per my understanding a database user (for each run time user) is required for to authenticate the apex run time login other than the applciation schema user (holds the objects of applicaiton)
run time user means - end user who uses the applcaition, not the developer.
Please help.
Dennis -
APEX Database Account Authentication Problem
Hi There
I'm developing an application in APEX 3.1 on top of an Oracle 10g database. The schema account ABC has full control of all objects but additional users have been added USER1 for example. When I set the authentication of the APEX application to Database Account I am able to login as ABC but not when I use USER1. The errors I receive are:
ORA-28007: the password cannot be reused ORA-06512: at "APEX_030200.WWV_FLOW_SECURITY", line 248 ORA-06512: at "SYS.WWV_FLOW_VAL", line 55 ORA-06521: PL/SQL: Error mapping function
ERR-10480 Unable to run authentication credential check function.
I haven't used any custom funtions, pages or procedures, even tried starting a new app from scratch and still am not able to login.
Thanks
DanielThanks Varad, but I was able to log in to PL/SQL Developer using the USER1 credentials. I have found the problem though, the Oracle database was an older version than this APEX functionality could work with. We upgraded the database and now I can log in fine.
-
Database authentication & database account profiles
Hi,
Is anyone aware of any sample applications that uses database acccount profiles for password policies like ageing, length, reuse and so on.
I've searched the forums but havn't found any links
Has anyone experience in this field
Many thanks
PeteRoger,
The authentication code and the general steps to hook it up are posted in this thread: Re: Custom Authentication
As far as checking profile settings and account status, I would run these checks in processes on your after-login page. If there are exceptions, the user can respond to them on that page. If there are no exceptions, the page should branch to the start-of-application page of your choice. How you access this profile/account information for the authenticated user is up to you to figure out. Keep in mind that you will not be connected as the database account you authenticated against, so there is really no "active" profile involved. Your application's parsing schema will need to be granted access to whatever dictionary views it needs for this purpose.
Good luck,
Scott -
Database Account Authentication to a few users.
Good Morning, apex teachers.
I have one more doubt about apex.
This time is related to Database Account Authentication.
I was wondering if it would be possible to filter which database users
can logon to my application?
For instance I have this users on my database: John, Paul, Ringo and George.
But I only want to John and Paul be able to logon, if Ringo or George try to
do the same, they would have their access denied.
Thanks for all the help you guys have been giving to me.
Regards, Leandro Freitas."Database Account Credentials
Database Account Credentials utilizes database schema accounts. This authentication scheme requires that a database user (schema) exist in the local database. When using this method, the user name and password of the database account is used to authenticate the user.
Database Account Credentials is a good choice if having one database account for each named user of your application is feasible and account maintenance using database tools meets your needs"
You are trying to use schemas or do you have a table with the beatles users and passwords? Don't let Ringo out man... ;) -
Authenticating to Socks proxy using different accounts in a given JVM
I have a J2EE application that runs some background jobs. Each of these background jobs need to connect to an external FTP server. However, all connections must go through a central SOCKS proxy server. The SOCKS proxy server is set up to require authentication using user names and passwords. Everything works fine if I've to use this SOCKS proxy with "a set" of credentials across all background jobs. However, if I want Job1 to use "user1" for SOCKS login, and Job2 to use "user2" for SOCKS login, I can't seem to find a way to do this. I need this functionality for accounting purposes. Any help on how this can be accomplished is greatly appreciated.
Regards,
Sai PullabhotlaI tried implementing the ThreadLocal idea and I think the code is working as expected, but my proxy logs are not matching up with what the code says. Below is the code I've including a test class. See below the code for my additional comments.
import java.net.Authenticator;
import java.net.PasswordAuthentication;
* A customer authenticator for authenticating with SOCKS Proxy servers.
public class ProxyAuthenticator extends Authenticator {
* A thread local for storing the credentials to the SOCKS proxy. The Javadoc
* for ThreadLocal says they are typically used for static fields, but
* here I've a singleton instance. Hope this is not an issue.
private ThreadLocal<PasswordAuthentication> credentials = null;
* Singleton instance.
private static ProxyAuthenticator instance = null;
* Creates a new instance of <code>ProxyAuthenticator</code>. Each thread
* will have its own copy of credentials, which would be <code>null</code>
* initially. Each thread must call the <code>setCredentials</code> method
* to set the proxy credentials if needed.
private ProxyAuthenticator() {
credentials = new ThreadLocal<PasswordAuthentication>() {
@Override
protected PasswordAuthentication initialValue() {
System.out.println("ThreadLocal initialized for "
+ Thread.currentThread().getName());
return null;
@Override
public void set(PasswordAuthentication value) {
System.out.println(Thread.currentThread().getName() + " SET");
super.set(value);
@Override
public PasswordAuthentication get() {
System.out.println(Thread.currentThread().getName() + " GET");
return super.get();
* Returns the singleton instance of this class.
* @return the singleton instance of this class.
public static synchronized ProxyAuthenticator getInstance() {
if (instance == null) {
instance = new ProxyAuthenticator();
return instance;
* Sets the proxy creditials. This method updates the ThreadLocal variable.
* @param user
* the user name
* @param password
* the password
public void setCredentials(String user, String password) {
credentials.set(new PasswordAuthentication(user, password.toCharArray()));
@Override
public PasswordAuthentication getPasswordAuthentication() {
System.out.println("Requesting host: " + this.getRequestingHost());
System.out.println("Requesting port: " + this.getRequestingPort());
System.out.println("Requesting protocol: "
+ this.getRequestingProtocol());
System.out.println("Requesting prompt: " + this.getRequestingPrompt());
System.out.println("Requesting scheme: " + this.getRequestingScheme());
System.out.println("Requesting site: " + this.getRequestingSite());
System.out.println("Requesting URL: " + this.getRequestingURL());
System.out.println("Requestor type: " + this.getRequestorType());
System.out.println(Thread.currentThread().getName()
+ " Authenitcator returning credentials "
+ credentials.get().getUserName() + ":"
+ new String(credentials.get().getPassword()));
return credentials.get();
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.Socket;
import java.net.Proxy.Type;
* A test class for testing the {@link ProxyAuthenticator}.
public class SocksProxyTest implements Runnable {
* Socks proxy host, used by the FakeFtpClient
private static final String SOCKS_PROXY_HOST = "192.168.1.240";
* Target FTP host to connect to
private String host = null;
* Proxy user
private String proxyUser = null;
* Proxy password
private String proxyPassword = null;
* Creates a new instance of <code>SocksProxyTest</code>
* @param host
* the target FTP host
* @param proxyUser
* proxy user
* @param proxyPassword
* proxy password
public SocksProxyTest(String host, String proxyUser, String proxyPassword) {
this.host = host;
this.proxyUser = proxyUser;
this.proxyPassword = proxyPassword;
public void run() {
// Create the FakeFtpClient
FakeFtpClient test = new FakeFtpClient(host, 21, proxyUser,
proxyPassword);
for (int j = 0; j < 5; j++) {
try {
test.connect();
test.disconnect();
// Thread.sleep(10000);
catch (Throwable t) {
t.printStackTrace();
* Test run.
* @param args
* command line arguments
* @throws IOException
* propagated
public static void main(String[] args) throws IOException {
// Get the singleton instance of the ProxyAuthenticator.
ProxyAuthenticator authenticator = ProxyAuthenticator.getInstance();
// Update the default authenticator to our ProxyAuthenticator
Authenticator.setDefault(authenticator);
// Array of FTP hosts we want to connect to
final String[] ftpHosts = { "192.168.1.53", "192.168.1.54",
"192.168.1.55" };
// Proxy login/user names to connect to each of the above hosts
final String[] users = { "User-001", "User-002", "User-003" };
// Proxy passwords for each of the above user names (in this case
// password == username).
final String[] passwords = users;
// For each target FTP host
for (int i = 0; i < 3; i++) {
// Create the SocksProxyTest instance with the target host, proxy
// user and proxy password
SocksProxyTest spt = new SocksProxyTest(ftpHosts, users[i],
passwords[i]);
// Create a new thread and start it
Thread t = new Thread(spt);
t.setName("T" + (i + 1));
try {
t.join();
catch (InterruptedException e) {
e.printStackTrace();
t.start();
* A fake FTP client. The connect method connects to the given host, reads
* the first line the server sends. Does nothing else. The disconnect method
* closes the socket.
private static class FakeFtpClient {
* The FTP host
private String host = null;
* The FTP port
private int port = 0;
* Proxy login/user name
private String proxyUser = null;
* Proxy password
private String proxyPassword = null;
* Socket to the target host
private Socket s = null;
* Creates a new instance of <code>FakeFtpClient</code>
* @param host
* the FTP host
* @param port
* the FTP port
* @param proxyUser
* Proxy user
* @param proxyPassword
* Proxy password
public FakeFtpClient(String host, int port, String proxyUser,
String proxyPassword) {
this.host = host;
this.port = port;
this.proxyUser = proxyUser;
this.proxyPassword = proxyPassword;
* Connects to the target FTP host through the specified Socks proxy and
* proxy authentication. Reads the first line of the welcome message.
* @throws IOException
* propagated
public void connect() throws IOException {
System.out.println(Thread.currentThread().getName()
+ " Connecting to " + host + " ...");
// Update the ProxyAuthenticator with the correct credentials for
// this thread
ProxyAuthenticator.getInstance().setCredentials(proxyUser,
proxyPassword);
s = new Socket(new Proxy(Type.SOCKS, new InetSocketAddress(
SOCKS_PROXY_HOST, 1080)));
s.setSoTimeout(10000);
s.connect(new InetSocketAddress(host, port), 10000);
System.out.println(Thread.currentThread().getName() + " Connected");
BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
s.getOutputStream()));
BufferedReader reader = new BufferedReader(new InputStreamReader(
s.getInputStream()));
System.out.println(reader.readLine());
* Closes the socket.
public void disconnect() {
System.out.println(Thread.currentThread().getName()
+ " Disconnecting...");
if (s != null) {
try {
s.close();
System.out.println(Thread.currentThread().getName()
+ " Disconnected");
catch (IOException e) {
e.printStackTrace();
Looking at the test class, it creates 3 threads T1, T2 and T3. T1 is setup to connect to 192.168.1.53 using a proxy user User-001 and T2 is setup to connect to 192.168.1.54 using proxy user User-002 and T3 connects to 192.168.1.55 using proxy user User-003.
Each thread then loops 5 times to connect to their target servers and disconnect each time. All the debug (System.out) statements indicate that the getPasswordAuthentication is returning the correct credentials for each thread. However, when I look at the logs on the proxy server, the results are different and arbitrary.
Below is the proxy log:
[2011-01-24 11:10:11] 192.168.1.240 User-001 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:11] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
[2011-01-24 11:10:11] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:11] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
[2011-01-24 11:10:12] 192.168.1.240 User-001 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:12] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
[2011-01-24 11:10:12] 192.168.1.240 User-001 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:12] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
[2011-01-24 11:10:12] 192.168.1.240 User-001 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:13] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
As you can see from the first line in the log, the proxy says User-001 connected to 192.168.1.54, but the code should always connect to 192.168.1.53 with user User-001.
Any idea on what might be going on? -
Database Account Credentials Authentical Failure
Hello All,
I've set my Authentication Scheme in APEX to Database Account credentials (I have Oracle 10+ installed). However, when I login I get the following errors. Can someone please advise?
ORA-28007: the password cannot be reused
ORA-06512: [b]at "FLOWS_020200.WWV_FLOW_SECURITY", line 221
ORA-06512: at "SYS.WWV_FLOW_VAL", line 49
ORA-06521: PL/SQL: Error mapping function
Error ERR-10480 Unable to run authentication credential check function.
ThanksHi Scott:
Thanks for the clarification with Default User profile.
In my database, the authetication works for all the profiles that have DEFAULT PROFILE. However, doesn't work for DB accounts that don't belong to DEFAULT profile(these users have profile called ENDUSER_PROFILE).
So, how and where can I define multiple profiles as VALID for the Database Account authentication?
Thanks for your help!
Muni -
ACS 4.2 authentication using multiple external databases
Hi there.
We currently use ACS 4.2 for authentication of corporate users who are accessing the network in 2 different ways:
1) VPN client (via ASA5510)
2) Wireless (EAP-PEAP)
For all users who currently access the network via either of the above 2 methods, the Password Authentication under User Account settings in ACS is set to query an RSA SecurID Token Server.
We would like to try achieve the following in ACS:
IF an access request comes from the ASA (VPN clients), THEN we would like the user's password authentication to be handled by the RSA SecurID Token Server as it currently is.
IF an access request comes from the Wireless LAN controllers THEN we would like to use EAP-TLS authentication. (We are aware that we would obviously need to configure the WLC, clients, PKI infrastructure etc accordingly for eap-tls).
Does anyone have any best practice guidance, configuration guides or previous experience in differentiating the request sources and how they are handled by ACS?
Many thanksHello Malcom,
If you have ACS 4.2 you might want to implement Network Access Profiles:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NAPs.html#wp1128143
or
http://tools.cisco.com/squish/5F591
This should be the best approach for you if using ACS 4.x.
If this was helpful please rate.
Regards. -
When we use jsf can we also use hibernate or ejb for database visting.
when we use jsf can we also use hibernate or ejb for database visting.
http://blog.exadel.com/?p=8
http://java.sys-con.com/read/46977.htm
http://www.javaworld.com/javaworld/jw-07-2004/jw-0719-jsf.html
http://www.jroller.com/page/ksevindik/?anchor=lookup_tables_with_hibernate_and
Sergey : http://jsfTutorials.net
Maybe you are looking for
-
Is the only way to use Encore to have full creative Cloud?
I want to start using Encore, because I need a BluRay Authoring Software, I do have CS6 but only Creative suite without Premiere, is there another was to buy Encore instead of have fully access to Creative Cloud?
-
When I connect my MacBook via Mini-Display and HDMI adapter to my TV set, the image on the TV is much darker than on the MacBook. I tried several resolutions. I tried to adjust the TV, but only got unnatural colors. What can be done to get a brighter
-
Nba 2k14 on windows 7 using bootcamp
Been using nba 2k14 last night and it went so well to the graphics and its game flow. Until now it became so lag. Macbook pro 2.5ghz 500gb hard drive intel hd4000 4gb of memory. What is the problem? Been uninstalling it for a few times and it doesnt
-
hi pals, i've got some problem with creating gui again. I have scrollpane and a canvas in it. The thing is that the stuff drawn by paint(Graphics g) method in canvas has no effect on size of the canvas itself, so the scrollpane wouldn't show the scro
-
How to Avoid Pop up for Expand Mode Options
Dear Experts In our Input schedules, we have two EVDRE Sheets. 1) Master Data EVDRE Sheet 2) The actual transaction data sheet. On BEFORE_EXPAND event of the Second sheet we trigger the Expansion of First Master Data Sheet to get the exact EVDRE filt