Authorization with JAAS in JSF with facelets

Similar Messages

• JAAS AUthorization in JSF with facelets

  hello hi JSF and JAAS experts,
  I have web application implementing with jsf facelets and tomcat .Now i want to provide security in my application that is some web pages allow for admin and some web pages for user and..... that means based on role of user i want to give the access for web pages. so for that i am using JAAS for authentication and authorization . I am successfully implemented JAAS authentication for who is logged in. And i am getting subject and putting that subject in context session using following snippet.And also i am able to getting subject and its principals in that subject.
        context.getExternalContext().getSessionMap().put("JAASSubject",jaasHelper.getSubject());
         System.out.println("---------------- "+context.getExternalContext().getSessionMap().get("JAASSubject"));finally my doubt is how to navigate the pages(.xhtml) based on this principlas ,, with JAAS authorization. For that what is configuration snippet in web.xml and faces-config.xml.
  for this i gone through documents , but i didt get solution..
  can any body please hint me how to solve my requirement
  thanks in adv ans

  gbabu wrote:
  My doubt is based on that subject , how to write policy file and how to call doAsPrivileged() mehod on that Subject in order to navigate web pages.how to provide web pages permission for particular role in policy file..
  For example i have three pages login.xhtml,user.xhtml,admin.xhtml.
  1> if the logged in person is admin, then we want to display admin.xhtml
  2> if the loggend is person is user , then we want to display user.xhtml
  untill now i did and found who is logged in and what are his type( admin or user) .now i want configure the web.xml and faces-config.xml based on policy fileTo the best of my knowledge, there is nothing in the standard NavigationHandler which accounts for JAAS security. If you wanted, you could create a custom NavigationHandler to do this. If you think the idea is worthy enough, you could issue an enhancement request to the specification ([https://javaserverfaces-spec-public.dev.java.net/]).

• Problem with JAAS example in WLS6.0sp1

  Hi,
  I tried to run the SampleClient from the JAAS example in WLS6.0sp1 and got an
  exception
  when a valid username/password combination is entered. Has anyone experienced
  that in WLS6.0sp1?
  Thanx
  Ralf
  SampleLoginModule.initialize(), debug enabled
  SampleLoginModule.initialize(), URL t3://localhost:7001
  SampleLoginModule.login(), username guest
  SampleLoginModule.login(), password guest
  Authentication Failed: Unexpected Exception, java.lang.NoSuchMethodError
       at weblogic.security.auth.Authenticate.authenticate(Authenticate.java:124)
       at examples.security.jaas.SampleLoginModule.login(SampleLoginModule.java:157)
       at java.lang.reflect.Method.invoke(Native Method)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
       at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:449)
       at examples.security.jaas.SampleClient.main(SampleClient.java:92)

  Weblogic comes with its own implementation of JAAS, unfortunately
  conflicting with Sun's. Contact customer support, they will tell you the
  exact differences and incompatibilities. Or reverse engineer the two
  versions, you'll find quite a few differences (apart from the BEA version
  not implementing JAAS authorization, which is documented).
  "Narinder Gaheer" <[email protected]> wrote in message
  news:[email protected]..
  I am happy someone came up with this problem. I also bent backwardssolving
  this problem
  in my application.
  I figured out that as soon as I remove the standard jaas.jar from my
  classpath , I can run the example successfully. Weblogic.jar does contain
  necessary jaas library , so don't need to include jaas.jar.
  I am not sure, but I get the feeling that there is a jaas library conflict
  here. May be weblogic
  guys are the best to put some light on this issue.
  "Ralf Fritsche" <[email protected]> wrote in message
  news:3b15188e$[email protected]..
  I found out, that the example runs with the JDK delivered by BEA,
  but not with a JDK I downloaded from SUN.
  Wheras with the first the provided way to set the user defined
  configuration class with the system property'weblogic.security.jaas.Configuration'
  works, this is not possible with another JDK. According to the
  JAAS standard, this class could only be defined in the properties
  file 'java.security' of the Java runtime.
  How is BEA doing this?
  Thanx
  Ralf

• Analysis Authorization based on Hier node with multiple display hierarchies

  Hi guys - I've got a problem where s.o. might have an idea of how to switch on the light at the end of the tunnel, I am currently standing in:
  Requirement:
  Cost Center Authorization should be given through RSECADMIN, reporting should be possible for any hierarchy that exists for the authorization relevant info object.
  Preferred solution:
  The Cost Center Analysis Authorization should be given through RSECADMIN - Hierarchy node assignment.
  u2022     A dedicated Authorization Cost Center Hierarchy will be maintained in ECC6 as an alternative cost center hierarchy and extracted into BW.
  u2022     The RSECADMIN Hierarchy node assignment should be based on a particular node (Type 2).
  u2022     The display level will be specified as required (here: Level 7)
  u2022     The Authorization granted should be independent of hierarchy name and version (validity 3).
  Reporting Scenario and technical impact:
  As mentioned above, when designing and running a query the user should be able to freely select other (i.e. than the authorization) display hierarchies for the authorization relevant reporting object 'Cost Center' as well. The technical names of the semantically relevant hierarchy nodes could therefore vary. E.g. cost centers 1, 2 and 3, being assigned under hierarchy node u2018Au2019 of the RSECADMIN relevant authorization hierarchy, could be subsumed by hierarchy node u2018Bu2019 in another display hierarchy, which the user may want to display in accordance to his reporting needs. Ideally, the alternative display hierarchy should therefore display node u2018Bu2019.
  My findings so far (based on prototyping) turn out that this is not possible as long u2018Bu2019 (and its hierarchy) is not authorized in RSECADMIN. Can these findings be confirmed? And if not, would anyone have an idea of how to facilitate the reporting scenario?
  Would there be any other way to grant access, possibly based on RSECADMIN single values, and also enable the user to flexibly display hierarchies with only those hierarchy nodes whose single cost center values the user has been given access to?
  Thanks everyone for your input...
  Claus
  Edited by: Claus64 on Jul 13, 2009 4:10 AM

  HI CLause,
  On Jul 14 2009, you wrote in SDN and said:
  FYI: Found a solution...
  The hierarchy analysis authorization will be based on a navigational attribute of cost center.
  With analysis authorizations it is possible to declare the Auth object (e.g. 0COSTCENTER__RACCAUT0) as authorization relevant and leave the superior object 0COSTCENTER auth irrelevant.
  The auth will be given for 0COSTCENTER__RACCAUT0. This object will be placed as a filter of the query, being restricted by an Authorization variable for hierarchy nodes.
  Due to the concept of Analysis Authorizations, this variable will automatically pick up the nodes granted as part of RSECADMIN Hierarchy based Authorization.
  As mentioned above, 0COSTCENTER as the regular reporting characteristic remains auth irrelevant and can therefore take any hierarchy thatu2019s available. Reporting on single values will be possible, too. Only those nodes show up that hold the authorized cost centers in accordance to the authorization.
  If the auth relevant 0COSTCENTER__RACCAUT0 is not used in the query definition by either not taking it in as a filter or skipping the Auth variable, the query will launch the message that the authorization is missing. No data show up at all.
  Claus
  See this thread:
  Analysis Authorization based on Hier node with multiple display hierarchies
  I am also in the same situation as you and need to understadn your solution. I understand that you created a Nav Attr on 0COSTCENTER and made this auth relevant whilst ensuring that 0COSTCENTER is NOT auth relevant. This is all fine. The issue was you have multiple hierachies for 0COSTCENTER, how did the new Nav Attr help you solve your issue. When loading 0COSTCENTER what values did you load ino the new Nav Attribute and how did that link to the hierachies? Also, in RSECADMIN you created hiearchy nodes based on the Nav Attribute but I am confused as to what values you have in the Nav Attr.
  I appreciate if you can share your solution from the past in more details.
  many thanks

• HT202213 How can I authorize more than 5 computers with the same Apple ID?

  Somebody knows how to authorize more than 5 computers with the same Apple ID? I have One Apple IMac, Apple TV, I-PAD, 2 HP PC's, One I-Phone and one I-Pod Touch. I would like to have the possibility to use as I wish the same Apple ID on one of those without deauthorizing another one.

  "Somebody knows how to authorize more than 5 computers with the same Apple ID? "
  You cannot.
  Authorization applies ONLY to computers.  Ipods/ipads/iphones/Apple TVS are NOT authorized at all.

• How do I authorize a computer to sync with my phone.

  how do I authorize a computer to sync with my phone? Had 5 computer authorized at one time and they all went down or upgraded to new ones at work. Deleted all 5 and now can not figure out how to authorize one. please help.

  If it's running Windows, press the Alt and S keys.
  If it's running Mac OS X, move the cursor to the very top of the screen and click on Store.
  (77861)

• How do I authorize iTunes on a macbook with iTunes 2013 not 2011

  I cant find out how to authorize iTunes on my macbook with iTunes 2013

  iTunes -> Store menu -> Authorize This Computer
  Regards.

• What is the usual way of accessing Oracle by JSF with connection pooling?

  I am writing to access Oracle by JSF with connection pooling.
  EJB is too difficult for me.
  What is the simple way of doing it?
  thanks

  Leung,
  I believe there should be some sample code available via the JavaServer Pages Samples Web page.
  Good Luck,
  Avi.

• HT201363 I forgot I made an apple id years ago. I dont know the password nor can I remember the password for the email address I used years ago. Can anyone help me authorize my music I bought with my super old id?

  I dont know the password nor can I remember the password for the email address I used years ago. Can anyone help me authorize my music I bought with my super old id?

  See this -> Find My iPhone Activation Lock: Removing a device from a previous owner’s account
  i just asked if someone knows the support mail, i don`t know how to someone from apple support
  -> AppleID Support - Contact Support
  Condolences to you and your family.

• Does anybody know to authorize a windows vista computer with the new itunes?

  does anybody know to authorize a windows vista computer with the new itunes?

  Authorization and Deauthorization
  Macs:  iTunes Store- About authorization and deauthorization.
  Windows: How to Authorize or Deauthorize iTunes | PCWorld.
  In iTunes you use the Authorize This Computer or De-authorize This Computer option under the Store menu in iTunes' menubar. For Windows use the ALT-S keys to access it.
  More On De-authorizing Computers (contributed by user John Galt)
  You can de-authorize individual computers, but only by using those computers. The only other option is to "de-authorize all" from your iTunes account.
    1. Open iTunes on a computer
    2. From the Store menu, select "View my Account..."
    3. Sign in with your Apple ID and password.
    4. Under "Computer Authorizations" select "De-authorize All".
    5. Authorize each computer you still have, as you may require.
  You may only do this once per year.
  After you "de-authorize all" your authorized computers, re-authorize each one as required.
  If you have de-authorized all computers and need to do it again, but your year has not elapsed, then contact: Apple - Support - iTunes - Contact Us.

• Authorizations to restrict Query Designer with Only Display option

  Hello,
  I have looked all most all possible ways in internet to find out a suggestion/solution for the below. But Invain.
  I would like to know the Transactions, authorization objects and profiles  that are responsible to restrict users not to change and copy queries from QD.
  I need only display option for queries.
  Also,please confirm shall we restrict the same from Transaction SCC4.
  Thanks In Advance.

  Hi there,
  Since you're talking about a QD system, you should lock it in transaction SCC4.
  In case you need to change things in QD without opening the system in SCC4, you can go to transaction rsa1->transport connection and click on Object Changeability. In there you can define what paricular options are "opened for changes" even with SCC4 in close mode.
  Also, for roles having that objects, you should use the authorization object S_RS_COMP and S_RS_COMP1 with Activity with value 02 - Display
  Diogo.

• HELP!! Authorization in the same laptop with different operation systems

  My BF installed Win 7 operation system on his laptop yesterday and re-authorized it when he used iTunes. However, when he finished authorization, a dialog block showing that "*Including this one, you have authorised two computers out of your available 5*" appeared; what's worse, when he connected his iPhone to the laptop, it deleted all the bought apps in the iPhone, instead of synchronizating.
  I also want to install Win 7 operation system, but I'm afraid that the same thing would happen again (to my iTouch).
  We're quite confused that why the authorization in the same laptop with different operation systems is counted as two times. Friends who know please tell us whether this is the case.. If not, please tell us how to deal with it as we frequently re-install operation system for quicker operation.
  Message was edited by: Shiwen
  Message was edited by: Shiwen

  It's the *operating system* that is authorised, not the particular user profile or the hardware. Before upgrading/reinstalling deauthorise and you won't run out...
  tt2

• Tiles / JSF with single tiles-defs.xml file, no templating JSPs?

  All the examples I've seen for using JSF with Tiles use many JSP files for the templating information, resulting in twice as many JSP files as you would have in, say, a typical Struts project.
  When coding in Struts you can forward to a tiles definition, meaning that if all your page layouts are defined in tiles-defs.xml, then you only need to provide the JSPs for the non-standard parts of each page.
  With JSF it seems that you need to provide a JSP for the template for each file (which might end up being a single <tiles:insert... />, and the JSP for the non-standard bits for that page.
  Is there a way to either a) combine those two JSP files into one (by maby using a <tiles:put ... type="string"/> - tried this, couldn't get it to work), or b) get something similar to the way Struts + Tiles works?

  It does not work by default. It is a fact.
  Source for Struts, Tiles and even JSF are open now. I.e. everybody who has interest can research this question.
  I got this reply from another forum for this question and I am currently working on it. Lets see if we get somewhere.

• Jsf with weblogic server 6.1

  Hi, Any help would be appreciated. I am trying to use jsf with weblogic server 6.1 and wlintegration 2.1 I tried to deploy the samples provided with jwsdp-1.2 When I start the guess number sample I get the following error message:
  Duke's number: 3
  <25-Jun-03 16:03:40 BST> <Error> <HTTP> <[WebAppServletConte
  xt(57758238,examplesWebApp,/examplesWebApp)] Root cause of S
  ervletException
  javax.servlet.jsp.JspException: Cannot find FacesContext
  at javax.faces.webapp.UIComponentTag.doStartTag(UICo
  mponentTag.java:269)
  at jsp_servlet._jsf_45_guessnumber._faces.__greeting
  ._jspService(__greeting.java:123)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java
  :27), etc.
  I updated the web.xml file, created the faces directory under my examplesWebApp active domain with the jsp files, it finds the UserNumberBean class but it still crashes with the above.
  One problem I was having while deploying it that Weblogic Server did not allow me to copy jsf-api.jar, jstl.jar,etc under web-inf/lib.
  So I added all required jar files under bea root/config/samples/lib and updated startWeblogic.cmd
  Please help with how to deploy correctly the samples:
  Botond

  Thanks bill.
  I checked my weblogic server 6.1,it limited to j2ee1.2 features only.So I changed it supporting j2ee1.3 features.Now my JSF example is working normally.
  But I found a new question soon.
  I writed some letter in Chinese in jsp page .And I got some errors in weblogic.
  <2003-10-14 01:47:57> <Error> <HTTP> <101019> <[ServletContext(id=6480502,name=jaction,conte
  xt-path=/jaction)] Servlet failed with IOException
  java.io.IOException: javax.servlet.jsp.JspException: The taglib validator rejected the page: "org.xm
  l.sax.SAXParseException: An invalid XML character (Unicode: 0xb8) was found in the CDATA section., "
  at weblogic.servlet.jsp.Jsp2Java.outputs(Jsp2Java.java:124)
  at weblogic.utils.compiler.CodeGenerator.generate(CodeGenerator.java:258)
  at weblogic.servlet.jsp.JspStub.compilePage(JspStub.java:356)
  at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:214)
  at weblogic.servlet.jsp.JspStub.checkForReload(JspStub.java:149)
  at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:538)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:364)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
  at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:312)
  at com.sun.faces.context.ExternalContextImpl.dispatchMessage(ExternalContextImpl.java:298)
  at com.sun.faces.lifecycle.ViewHandlerImpl.renderView(ViewHandlerImpl.java:53)
  at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:89)
  at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:169)
  at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1075)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:418)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
  ontext.java:5517)
  at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:685)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:31
  56)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2506)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:234)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:210)
  I donnot know what is the matter.And how to correct?
  thanks again.
  Yanger

• Working on JSF with Frames

  Hi All,
  I am currently working on JSF with Frames. I was able to have the frames implemented in JSF. I have 4 frames with the following layout
  Frame1
  Frame2 | Frame3
  ------------------------------------------

  Sorry, the question is
  I have a commandNavigationItem (list) in frame2 and when I click on one of the component of the navigation list, I want to the JSF page loaded in Frame3.
  Currently it is getting loaded in Frame2 itself. i did set the targetFrame parameter of commandNavigationItem but still it loads in Frame2 itself.
  Please help
  KVDY