Authenticator and logon

Hi everybody:
I have a java problem and i think this forum is better than others so i post it here.
here is my senario:
I have a jsp based web applicaition. It will communicate will mainframe cics program through a cics class. Because cics ports are protected so end users need to input their own username and password. I use HttpUrlConnection to communicate with mainframe program and use Authenticator to logon. I use jsp to pass parameters(username and password) to the cics class.
But it seems only when system starts up, setDefault method will be called once. So system will use only one username to get access.
Am i working in the right direction? I've searched this forum but didn't find any solutions.
Any help is appreciated. Here is part of my code.
package com.lombard.Cics;
import java.net.*;
import java.io.*;
import java.security.*;
* CICS communication servlet.
* Send data to CICS, recieve data from CICS
public class CicsComm extends Thread
public void run()
communicate();
* Talk to cics
public void communicate()
data = new StringBuffer();
try
Authenticator.setDefault(new MyAuthenticator()); //set authenticator
System.out.println("http://" + CICS_ADDRESS + cics_port + CICS_PATH + cics_program + key);
URL u = new URL("http://" + CICS_ADDRESS + cics_port + CICS_PATH + cics_program + key);
HttpURLConnection quoteEngine = (HttpURLConnection) u.openConnection();
System.out.println(quoteEngine.getResponseMessage());
BufferedReader cicsResponse = new BufferedReader(new InputStreamReader(quoteEngine.getInputStream()));
String thisLine;
while ((thisLine = cicsResponse.readLine()) != null)
data.append(thisLine);
catch (Exception e)
data = null;
e.printStackTrace();
return;
class MyAuthenticator extends Authenticator {
protected PasswordAuthentication getPasswordAuthentication() {
System.out.println(username);
return new PasswordAuthentication (username, password.toCharArray());

I've received a couple emails on this, so I'll post the code:
URL url = new URL(myUrl);
URLConnection conn = url.openConnection();
// use the Encode class to base64 encode the username and password
// you can also us the sun.misc.BASE64Encode class if you haven't written your own
conn.setRequestProperty( "Authorization", "Basic " +
  Encode.base64Encode(username + ":" + password));This should get you past BASIC authentication on a URLConnection. I'm pretty sure you need to do this with every request you make.

Similar Messages

  • ACS 4.2 authentication and Privelged exec mode on Test Router.

    The goal is to have ACS authenticate my username via ssh and allow me to get into privileged exec mode once authenticated. Details below.
    I have ACS 4.2 Solution Engine and I have a test router with the following commands setup:
    aaa new-model
    aaa authentication login default group tacacs+ local
    aaa session-id common
    tacacs-server host 10.4.4.21 single-connection
    tacacs-server key $#$&$*#
    The problem is this. I can SSH and logon to the router which uses a user in the ACS database but the router will not allow me to use the enable command to get to exec mode. The error it gives me is:
    AAA_ROUTER_CLIENT>enable
    % Error in authentication.
    AAA_ROUTER_CLIENT>
    I must be missing something in the ACS. Any help would be appreciated.

    You are missing this command
    aaa authorization exec default group tacacs+ if-authenticated
    This is what you need on router
    Router(config)# username [username] password [password]
    tacacs-server host [ip]
    tacacs-server key [key]
    aaa new-model
    aaa authentication login default group tacacs+ local
    aaa authorization exec default group tacacs+ if-authenticated
    On ACS
    Bring users/groups in at level 15
    1. Go to user or group setup in ACS
    2. Drop down to "TACACS+ Settings"
    3. Place a check in "Shell (Exec)"
    4. Place a check in "Privilege level" and enter "15" in the adjacent field
    Regards,
    ~JG
    Do rate helpful posts

  • Please guide me for user authentication and authorization in WebDynPro App

    Hi,
        I just study the WebDynPro to develop the SAP Portal. I've ever developed the Web-based App using J2EE. So when i developed the Web-based App i have to develop the control of the user authentication and authorization on each page for example ,checking the session of the user whether they can access this page or whether session is expired or not,. So i have no idea with the WebDynPro and the SAP Portal because i never had experience for both WebDynPro and Portal.
    I need to ask you some question to clarify my doubt :
    1. SAP Portal  is web page that include every enterprise application with in one page and user log-in to them just on time, isn't it?
    2. If i integrate WebDynPro with SAP Portal, which one will do the authentication and authorization?. I mean that, Do i have to develop the code to check authentication and authorization in the WebDynPro App or Let the SAP Portal manage them?
    3.Could you please suggest the best practice for authentication and authorization in webDynPro.
    Many Thanks
    Noppong J

    in most case you don't have to write code to deal with session, authentication and authorization.
    1. yes,
    2. no, no code needed. you just set an attribute to your application, which make the the authentication required. when user access this page, portal will display the logon page
    3 you can put some authorization related code in web dynpro for specific requirement, search this doc "Protecting Access to the Web Dynpro Car Rental Application Using UME Permissions"

  • SAP authentication and SSO into BI4 with multiple SAP systems

    We have already setup SAP authentication and SSO between ECC6 and BI4, e.g. to run CR 2011 reports with data based on ECC infosets, or BEx (operational BI on ECC). ECC is the main point of entry for users, so ECC user accounts and role imports are used in BI4.
    Now if we add BW to this, with Crystal or WebI or Analysis OLAP sourcing data from BW, can we still leverage detailed authorizations in BW on the corresponding BW user - with user accounts and role imports in BI4 still being ECC-based?

    Hi,
    Let's say the trust relationship is setup between those systems. Then the simple example is to use Enterprise authentication in BI4, and assertion tickets are issued when making requests to ECC or BW. I assume LDAP/AD authentication would work as well.
    >> You also have to setup trust between the BI 4 and ECC & between BI4 and BW. Thats part of the setup for the SSO Token Service.
    But does this scenario rule out SAP authentication or not? I was hoping that I can still logon to BI4 with an ECC-issued logon ticket, and then BI4 would nevertheless issue assertion tickets for my BW alias.
    >> And that is still possible. Setup the SSO Token Service, setup the aliases for the users. then you could logon with ECC credentials and run a BW report because the token service would then generate the token towards the BW system.
    ingo

  • EP Authenticated user logon

    Hi EP Expert,
        on EP 6.0, I have to do authenticated user logon client 200 (or other client but now the system do on client 001). Any idea or configuration that I should do?.
    Thanks in advance,
    Suvatchai K.

    Hi Harini,
        On your suggestion that the system ready to configuration before and I used user mapping to the backed system. it can working but I have to do authenticate user login portal and authorization on the same client (Not user login on Client 001 and mapping user to client 200). Any idea to configuration for solve this problem.
    Best Regards,
    Suvatchai K.

  • Windows Integrated Authentication & SAP Logon tickets

    1) We have configured windows authentication and the IISproxy on a SPS frontend server to our SAP portal environment.
    2)We have configured SAP logon tickets on the SAP portal (running on hp-ux).
    3) Both the IIS server and the sap portal server exist on the same domain inside our firewall (iis_server.lsv.internal_company_name.com and sap_portal_server.lsv.internal_company_name.com)
    4) A virtual URL has been created on the IIS server, http://sap_portal.external_company_name.com, using a domain alias.
    5) When an authenticated user is passed from the IIS server to the SAP portal the SAP logon ticket that is created is for external_company_name.com alias rather than lsv.internal_company_name.com. This logon ticket is not accepted by any of the backend SAP systems that have been configured to except logon tickets because they all exist in the lsv.internal_company_name.com domain.
    6) The portal security guide says:
    "The Portal Server issues a SAP logon ticket for the Internet domain or a sub-domain of the
    Portal Server only."
    Given this scenario, is there some configuration that can be added to allow the use of this alias or is there a bug in the SAP portal code that needs to be addressed?

    Hi,
    You cannot use the external alias. You can however set SSO on the portal not to look to the total url. For example it would work if you use:
    sap_portal_server.lsv.internal.company_name.com
    and
    sap_portal.external.company_name.com
    The prerequisite here is that at least the domain name should be the same i.e. the last two parts.
    Greetings,
    Vincent

  • COM+ Event System failed to fire the StartShell and Logon method after installation of PM 1.43

    Hi Guys,
    After installation of Power Manager 1.43, the following errors were immediate shown at event viewer: COM+ Event System failed to fire the StartShell and Logon method on subscription {F6FE5592-FCBC-44AD-A836-D37F5085ED5B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The subscriber returned HRESULT 80004001.
    Please advice if this is a known issue? Thanks!

    Hello,
    this is a known problem. See this thread
    Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
    Please insert your type, model (not S/N) number and used OS in your posts.
    I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
    TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
     English Community       Deutsche Community       Comunidad en Español

  • An issue with authentication and authorization on ISE 1.2

    Hi, I'm new to ISE.
    I have an issue with authentication and authorization.
    I have ISE 1.2 plus patch 6 installed on VMware.
    I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
    On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
    I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
    I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
    I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
    What  should I do to resolve this issue?
    Switch configuration:
     testISE#sh runn
    Building configuration...
    Current configuration : 7103 bytes
    ! Last configuration change at 12:20:15Tue Apr 15 2014
    ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
    version 15.0
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname testISE
    boot-start-marker
    boot-end-marker
    no logging console
    logging monitor informational
    enable secret 5 ************
    enable password ********
    username radius-test password 0 ********
    username admin privilege 15 secret 5 ******************
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    aaa authorization auth-proxy default group radius
    aaa accounting update periodic 5
    aaa accounting dot1x default start-stop group radius
    aaa server radius dynamic-author
     client 172.16.0.90 server-key ********
    aaa session-id common
    clock timezone 4 0
    system mtu routing 1500
    authentication mac-move permit
    ip dhcp snooping vlan 1,22
    ip dhcp snooping
    ip domain-name elauloks
    ip device tracking probe use-svi
    ip device tracking
    epm logging
    crypto pki trustpoint TP-self-signed-1888913408
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-1888913408
     revocation-check none
     rsakeypair TP-self-signed-1888913408
    crypto pki certificate chain TP-self-signed-1888913408
    dot1x system-auth-control
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    ip ssh version 2
    interface FastEthernet0/5
     switchport mode access
     ip access-group ACL-ALLOW in
     authentication event fail action next-method
     authentication event server dead action reinitialize vlan 1
     authentication event server alive action reinitialize
     authentication host-mode multi-auth
     authentication open
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     authentication violation restrict
     mab
     dot1x pae authenticator
     dot1x timeout tx-period 10
     spanning-tree portfast
    interface FastEthernet0/6
     switchport mode access
     ip access-group ACL-ALLOW in
     authentication event fail action next-method
     authentication event server dead action reinitialize vlan 1
     authentication event server alive action reinitialize
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     authentication violation restrict
     mab
     dot1x pae authenticator
     dot1x timeout tx-period 10
     spanning-tree portfast
    interface FastEthernet0/7
    interface Vlan1
     ip address 172.16.0.204 255.255.240.0
     no ip route-cache
    ip default-gateway 172.16.0.1
    ip http server
    ip http secure-server
    ip access-list extended ACL-ALLOW
     deny   icmp any host 172.16.0.1
     permit ip any any
    ip radius source-interface Vlan1
    logging origin-id ip
    logging source-interface Vlan1
    logging host 172.16.0.90 transport udp port 20514
    snmp-server community public RO
    snmp-server community ciscoro RO
    snmp-server trap-source Vlan1
    snmp-server source-interface informs Vlan1
    snmp-server enable traps snmp linkdown linkup
    snmp-server enable traps mac-notification change move
    snmp-server host 172.16.0.90 ciscoro
    radius-server attribute 6 on-for-login-auth
    radius-server attribute 6 support-multiple
    radius-server attribute 8 include-in-access-req
    radius-server attribute 25 access-request include
    radius-server dead-criteria time 5 tries 3
    radius-server vsa send accounting
    radius-server vsa send authentication
    radius server ISE-Alex
     address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
     automate-tester username radius-test idle-time 15
     key ******
    ntp server 172.16.0.1
    ntp server 172.16.0.5
    end

    Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

  • Open Directory: user authentication and logining takes a lot of time

    We have Mac OS X Server Snow Leopard 10.6.8 with OpenDirectory and some iMacs with Mac OS X Snow Leopard 10.6.8. After adding Network Account Server in iMacs (System Preferences->Accounts->Login Options->Network Account Server Edit) OD works normally and users authenticate and login their accounts rather fast (5-10 seconds). But some days or weeks later the time for authentication and logining takes for about 5 minutes. If I re-add Network Account Server, then all works greatly again. What's the matter? How to avoid this re-adding?

    Hello,
    can you tell us what is the size of this Universe in terms of:
    number of tables, number of objects, size of the .unv file?
    Also, is this behaviour specific to this universe or you have other universes having the same problem?
    Last, are you 'opening it' as in File/Open or importing it as in 'File/Import...' ?
    Thanks
    PPaolo

  • Key-based SSH Authentication and AFP Home Directories

    I'm setting up some users with AFP home directories (hosted on an Xserve, with a couple of G5 towers as Open Directory clients). When logging in on the console on a G5 tower, the home directories work fine. The users can SSH into the Xserve using SSH key authentication. However, the users can not SSH into the G5 towers using SSH key authentication, and are instead asked for passwords - presumably because the AFP home directory is mounted with guest access (and thus the keys are unreadable) before the password is entered.
    Is there a known workaround for this? A different way of setting up the home directory mounting? I don't particularly want to go the mobile home directory route, because (among other things), as far as I know, mobile home directories only sync when a user logs into the GUI. If that's not the case (that is, if they will sync when a user logs into the machine with SSH), then I guess that would be a reasonable solution.
    Thanks in advance for any suggestions!

    That was just speculation on my part; I'm not sure exactly what's happening. I do know that until the user authenticates, the entire automount is mounted with guest access... and that the user can't authenticate until the key file can be read. It may be the case that I was just encountering some transient failure or the like, however.

  • Unable to connect to Wi-Fi connection using WPA2 PSK authentication and encryption type TKIP

    I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
    My issue is copy/pasted below:
    Original Title: TKIP selection in WiFi network settings
    I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
    On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
    Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
    7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
    When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
    if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
    the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.

    I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
    My issue is copy/pasted below:
    Original Title: TKIP selection in WiFi network settings
    I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
    On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
    Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
    7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
    When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
    if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
    the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.

  • How to get ADF authentication and authorization working on server

    I am having an issue with deployment & ADF authentication and authorization.
    From the below testing results, you can see that I am unable to log in when I have deployed my app to my standalone server with both ADF security authentication and authorization turned on. I have included web.xml, jazn-data.xml and the page/server error I am receiving.
    When making an attempt to log in I get the following results:
    Running Locally with ADF Authentication:                                           Works Fine
    Running Locally with ADF Authentication & Authorization:         Works Fine
    Deployed to server with ADF Authentication:                                    Works Fine
    Deployed to server with ADF Authentication & Authorization:  Doesn’t Work
    What I have already tried: Removed all anonymous grants, using the same database credentials as the app user, deploying app twice (on the redeploy not including the login credentials & app policies at the application properties). Various modifications to web.xml e.g. welcomefilelist etc
    JDeveloper Version: 11.1.2.4
    Server Web Logic: 10.3.6
    Server ADF: 11.1.1.16
    Page Error when trying to log in:
    Error 401--Unauthorized
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.
    Server error when trying to log in:
    Servlet failed with Exception oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'wpd.mobility.view.pageDefs.homePagePageDef' 'VIEW'.
    at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:182)
            at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:162)
            at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:116)
            at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:663)
            at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:700)
            at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:531)
            at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:59)
            at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:530)
            at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
            at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
            at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:131)
            at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:74)
            at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
            at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:447)
            at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:202)
            at javax.faces.webapp.FacesServlet.service(FacesServlet.java:508)
            at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
            at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
            at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
            at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:125)
            at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
            at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
            at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
            at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:293)
            at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:199)
            at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
            at java.security.AccessController.doPrivileged(Native Method)
            at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
            at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
            at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
            at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
            at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
            at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
            at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
            at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
            at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
            at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
            at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Web.xml
    <?xml version = '1.0' encoding = 'windows-1252'?>
    <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
             version="2.5">
      <context-param>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>client</param-value>
      </context-param>
      <context-param>
        <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
        <param-value>false</param-value>
      </context-param>
      <context-param>
        <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
        <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
        <param-value>false</param-value>
      </context-param>
      <context-param>
        <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
        <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
        <param-value>false</param-value>
      </context-param>
      <context-param>
        <description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
        <param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
        <param-value>differentOrigin</param-value>
      </context-param>
      <context-param>
        <param-name>javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS</param-name>
        <param-value>true</param-value>
      </context-param>
      <context-param>
        <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
        <param-value>true</param-value>
      </context-param>
      <context-param>
        <param-name>javax.faces.FACELETS_DECORATORS</param-name>
        <param-value>oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator</param-value>
      </context-param>
      <context-param>
        <param-name>javax.faces.FACELETS_RESOURCE_RESOLVER</param-name>
        <param-value>oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver</param-value>
      </context-param>
      <filter>
        <filter-name>JpsFilter</filter-name>
        <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
      </filter>
      <filter>
        <filter-name>trinidad</filter-name>
        <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
      </filter>
      <filter>
        <filter-name>adfBindings</filter-name>
        <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
      </filter>
      <filter-mapping>
        <filter-name>JpsFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
      </filter-mapping>
      <filter-mapping>
        <filter-name>trinidad</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>ERROR</dispatcher>
      </filter-mapping>
      <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
      </filter-mapping>
      <filter-mapping>
        <filter-name>adfBindings</filter-name>
        <servlet-name>adfAuthentication</servlet-name>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
      </filter-mapping>
      <listener>
        <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
      </listener>
      <listener>
        <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
      </listener>
      <listener>
        <listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
      </listener>
      <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
      <servlet>
        <servlet-name>resources</servlet-name>
        <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
      </servlet>
      <servlet>
        <servlet-name>BIGRAPHSERVLET</servlet-name>
        <servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
      </servlet>
      <servlet>
        <servlet-name>BIGAUGESERVLET</servlet-name>
        <servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
      </servlet>
      <servlet>
        <servlet-name>MapProxyServlet</servlet-name>
        <servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
      </servlet>
      <servlet>
        <servlet-name>adfAuthentication</servlet-name>
        <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
        <init-param>
          <param-name>success_url</param-name>
          <param-value>/faces/Pages/homePage.jspx</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
      </servlet>
      <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
        <servlet-name>resources</servlet-name>
        <url-pattern>/adf/*</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
        <servlet-name>resources</servlet-name>
        <url-pattern>/afr/*</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
        <servlet-name>BIGRAPHSERVLET</servlet-name>
        <url-pattern>/servlet/GraphServlet/*</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
        <servlet-name>BIGAUGESERVLET</servlet-name>
        <url-pattern>/servlet/GaugeServlet/*</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
        <servlet-name>MapProxyServlet</servlet-name>
        <url-pattern>/mapproxy/*</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
        <servlet-name>resources</servlet-name>
        <url-pattern>/bi/*</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
        <servlet-name>adfAuthentication</servlet-name>
        <url-pattern>/adfAuthentication</url-pattern>
      </servlet-mapping>
      <mime-mapping>
        <extension>swf</extension>
        <mime-type>application/x-shockwave-flash</mime-type>
      </mime-mapping>
      <mime-mapping>
        <extension>amf</extension>
        <mime-type>application/x-amf</mime-type>
      </mime-mapping>
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>test</web-resource-name>
          <url-pattern>/faces/pages/*.</url-pattern>
          <url-pattern>/faces/*.</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>valid-users</role-name>
        </auth-constraint>
      </security-constraint>
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>adfAuthentication</web-resource-name>
          <url-pattern>/adfAuthentication</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>valid-users</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
          <form-login-page>/login.html</form-login-page>
          <form-error-page>/error.html</form-error-page>
        </form-login-config>
      </login-config>
      <security-role>
        <role-name>valid-users</role-name>
      </security-role>
    </web-app>
    Jazn-data.xml
    <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
    <jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data.xsd">
      <jazn-realm default="jazn.com">
        <realm>
          <name>jazn.com</name>
          <users>
            <user>
              <name>*****</name>
              <display-name>*******</display-name>
              <description>******</description>
              <credentials>********<credentials>
            </user>
          </users>
          <roles>
            <role>
              <name>support</name>
              <display-name>support</display-name>
              <members>
                <member>
                  <type>user</type>
                  <name>mobile</name>
                </member>
              </members>
            </role>
          </roles>
        </realm>
      </jazn-realm>
      <policy-store>
        <applications>
          <application>
            <name> myapp </name>
            <app-roles>
              <app-role>
                <name>mob_mobile_support</name>
                <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                <display-name>mob_mobile_support</display-name>
                <description>support role</description>
                <members>
                  <member>
                    <name>mobile</name>
                    <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
                  </member>
                </members>
              </app-role>
            </app-roles>
            <jazn-policy>
              <grant>
                <grantee>
                  <principals>
                    <principal>
                      <name>SUPPORT</name>
                      <class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
                    </principal>
                  </principals>
                </grantee>
                <permissions>
                  <permission>
                    <class>oracle.adf.share.security.authorization.RegionPermission</class>
                    <name> myapp.view.pageDefs.*</name>
                    <actions>view</actions>
                  </permission>
                </permissions>
              </grant>
              <grant>
                <grantee>
                  <principals>
                    <principal>
                      <name>mob_mobile_support</name>
                      <class>oracle.security.jps.service.policystore.ApplicationRole</class>
                    </principal>
                  </principals>
                </grantee>
                <permissions>
                  <permission>
                    <class>oracle.adf.share.security.authorization.RegionPermission</class>
                    <name> myapp.view.pageDefs.addapplicationPageDef</name>
                    <actions>view</actions>
                  </permission>
                  <permission>
                    <class>oracle.adf.share.security.authorization.RegionPermission</class>
                    <name>Pages.addappmsgtypPageDef</name>
                    <actions>view</actions>
                  </permission>
                  <permission>
                    <class>oracle.adf.share.security.authorization.RegionPermission</class>
                    <name>Pages.addoperationPageDef</name>
                    <actions>view</actions>
                  </permission>
                  <permission>
                    <class>oracle.adf.share.security.authorization.RegionPermission</class>
                    <name> myapp.view.pageDefs.homePagePageDef</name>
                    <actions>view</actions>
                  </permission>
                  <permission>
                    <class>oracle.adf.share.security.authorization.RegionPermission</class>
                    <name> myapp.view.pageDefs.loggingSearchPageDef</name>
                    <actions>view</actions>
                  </permission>
                  <permission>
                    <class>oracle.adf.share.security.authorization.RegionPermission</class>
                    <name>myapp.view.pageDefs.workHistoryPageDef</name>
                    <actions>view</actions>
                  </permission>
                </permissions>
              </grant>
            </jazn-policy>
          </application>
        </applications>
      </policy-store>
    </jazn-data>

    Read Frank's article http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html
    Then you have to check if the user use use to login are defined in the stand alone server. If you server is running in production mode there is no automatic user or role migration. You have to to this by yourself.
    Once you have check that the users are present, you have to check if the enterprise roles are mapped to the corresponding application roles.
    Timo

  • Advice needed for provider hosted web application - authentication and access to SharePoint document library

    I haven't done SharePoint 2013 development with claims so I apologize in advance if my assumptions and questions are way out in left field.
    I'm trying to understand SharePoint 2013 claims authentication for a scenario that involves:
    A SharePoint provided hosted (web forms) app that will pull information and assets (e.g. PDFs) from SharePoint into the web page.
    It will be a VS 2012 solution with asp.net.identity feature.
    Security will be set for internal users, federated external users and forms-based external users.  Based on their security and (claim type) role it will define what information and assets that can be retrieved from SharePoint
    I have looked through MSDN and other sources to understand.
    This one helped with my understanding 
    Federated Identity for Web Applications and assumed that the general concept could be applied to forms-based identity for non-Federated external users .
    What I have now:
    VS 2012 solution web forms application set to Provider Host with asp.net.identity feature and its required membership tables.
    I can create new users and associate claims to the new user.
    I can log in with a user from the membership tables and it will take me to a default.aspx page.  I have added code to it that displays the claims associated to a user.
    For POC purposes I'd like to retrieve documents that are associated to this user from the default.aspx page.
    This is where I am having trouble understanding:  Is my understand correct?
    Internal users
    since they are internal on the network i am assuming that they would already have access to SharePoint and they would already be configured to what documents that they have available to them.
    Federated external users & Forms authentication external users
    it seems to me that the authentication for external users are separate from SharePoint authentication process.
    changes to the configuration settings are necessary in SharePoint, IIS, web application.
    I believe this is what i read.
    claims processes (e.g. mappings) need to be set up in SharePoint
    as long as external users are authenticated then things are ok b/c they would have claims associated to the user and the configuration in SharePoint takes are of the rest.
    This statement bothers me because I think it's wrong.
    So basically i'm stuck with if my understanding is correct: once a user is authenticated either by federated identity or asp.net.identity authentication that it should go to the provider hosted default.aspx page because the claim is authenticated and means
    that it should have access to it and the SharePoint document library based on some claim property.  I could then write the calls to retrieve from a document library and SharePoint will know based on some claim property that the logged in user can only
    access certain documents.
    It just sounds too good to be true and that i'm missing something in the thought process.
    Thanks in advance for taking the time to read.
    greenwasabi

    Hi GreenWasabi,
    i agree this is an interesting topic to discuss,
    as you can check from the article, you may check this example from the codeplex:http://claimsid.codeplex.com/
    when i thinking regarding this topic, its looks like an environment with multiple of realms,
    from what you understand, its correct that all the authentication is based from the provider, so for example i have a windows live ID and internal ID, then when i login windows live ID, it will be authenticated using windows live ID server.
    here is the example for the webservice:
    http://claimsid.codeplex.com/wikipage?title=Federated%20Identity%20for%20Web%20Services&referringTitle=Home
    as i know, if you using this federated, i am not quite sure that you will need to go to the provider page literally, perhaps you can check this example if we are using azure:
    http://social.technet.microsoft.com/wiki/contents/articles/22309.integrating-windows-live-id-google-and-facebook-accounts-with-sharepoint-2013-white-paper.aspx
    Regards,
    Aries
    Microsoft Online Community Support
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • I'm trying to log into my site that requires authentication but I get a popup that says it doesn't require authentication and then I get a 403

    I have a site that requires authentication. In the past i have logged in using firefox with the following format
    http://username:password@sitename:siteport/specificsiteurlinfo
    and gotten in just fine. I just set up a new computer with a new instance of firefox and try the same thing but I now get the following popup-
    "You are about to log in to the site "sitename" with the username "username", but the website does not require authentication. This may be an attempt to trick you.
    Is "sitename" the site you want to visit?"
    When I click "yes" Firefox appears to try to go to the site without any authentication and I of course get a 403 Forbidden error.
    I have tried reverting back to old versions of Firefox with no luck.
    Any advice would be greatly appreciated.
    Thank you.

    The purpose of that warning is to alert you to the possibility of being fooled by a link with login credentials at the beginning. On your old computer you might have tweaked this setting to limit when the warning appears:
    http://kb.mozillazine.org/Network.http.phishy-userpass-length
    This article discusses the steps to adjust that setting to fit your needs: [http://fix.lazyjeff.com/2011/04/disable-firefox-login-prompt.html].

  • HT4623 I have updated my Iphone 3 but unable to start it. It takes too much time on Authentication and than message appears that Authentication failed

    I have updated my Iphone 3 but unable to start it. It takes too much time on Authentication and than message appears that Authentication failed

    I don't know either its jailbroken or hacked otherwise.
    It was working properly before I have updated it through Itunes to update the OS. After the updation, this message occurs
    Authentication failed, please try after few minutes
    Please help

Maybe you are looking for

  • ABAP Subroutines in SAP Script forms

    Hi Friends, Can any give an example on using ABAP Subroutines in SAP Scripts how to call ABAP  subroutine IN FORM  and how to define form statement in abap program thanks in advance Points for sure Regards Vijaya

  • Form Builder-- URL.

    Hi folks,    I need to create a form in which our user can enter a url. Then when somebody open this xml-document created by form builder, access to this url.    We are using EP 6.0 SP11, in EP 5.0 was possible to do that.    Any idea ? Thanks a lot,

  • ME32K: update scaling thru ABAP

    Hi Friends, In Tcode ME32K, in pricing condition type, scale(check box) is there. i want to update the scale through enhancement. Is there any FM or Bapi. Thanks in advance, vallamuthu.M Moderator message: please do some research before asking. Edite

  • Obj.conf.template ignored?

    Using SJSWS 6.1sp2... I have made some customizations to obj.conf.template file in $SERVER_ROOT/bin/https/install/misc, but the instance creation process in the admin server seems to ignore this. I confirmed that this occurs on SJSWS 6.1sp1 as well.

  • Saveing the OBJECT GROUP

    Hi Experts, I've created Object Group which consists of (alert, parameters, visual attribute and property class). Now I want to save this Object Group. Please help me to save it.