Authorization with LCDS

Similar Messages

• How to handle and manage a multi Database access in runtime with LCDS?

  Hello there
  I got several customer working with the same application and I wonder how,  with LCDS,  to manage  in a runtime a multi dataBase access; without creating a configuration "mxl" file in
  the folder catalina for each database.
  Indeed, each customer have their own dataBase, and so far, I did not find out how to avoid creating a config xml file in catalina for every single database; which force me to create as well for each customer a  folder application, since the name of the config file in catalina require a folder application to be ran under tomcat....
  Thus, my question is :
  Is there anyway to create only one configuration mxl file in catalina (in the server side) and then from the client side (application) let the user select its environment (meaning its database) to run the application.... this technic can be also used for multi database environment such as : Dev / Test / Prod   environment (or database) where the same application can access to.
  Please if any one have an idea or already delt with; just let me know, because I'm entering in a bootle neck and the situation is getting serioulsy critical....
  Regards

  Hello Ulrich,
  with compact and repair I mean the MSAccess function "Compact and Repair".
  Please follow the link below for more details:
  http://office.microsoft.com/en-us/access-help/compact-and-repair-an-access-file-HP005187449.aspx
  Normally you can execute this function directly in Access or with the Windows ODBC Data Sources Administrator  => "Control Panel" => "Administrative Tools" => "Data Sources (ODBC)"...
   I want to execute this function via cvi code and not by hand ;-).
  Thank you for your support.
  Frank

• How to handle and Manage Multi DataBase access with LCDS in runtime ?

  Hello there
  I got several customer working with the same application and I wonder how,  with LCDS,  to manage  in a runtime a multi dataBase access; without creating a configuration "mxl" file in
  the folder catalina for each database.
  Indeed, each customer have their own dataBase, and so far, I did not find out how to avoid creating a config xml file in catalina for every single database; which force me to create as well for each customer a  folder application, since the name of the config file in catalina require a folder application to be ran under tomcat....
  Thus, my question is :
  Is there anyway to create only one configuration mxl file in catalina (in the server side) and then from the client side (application) let the user select its environment (meaning its database) to run the application.... this technic can be also used for multi database environment such as : Dev / Test / Prod   environment (or database) where the same application can access to.
  Please if any one have an idea or already delt with; just let me know, because I'm entering in a bootle neck and the situation is getting serioulsy critical....
  Regards

  Hello Ulrich,
  with compact and repair I mean the MSAccess function "Compact and Repair".
  Please follow the link below for more details:
  http://office.microsoft.com/en-us/access-help/compact-and-repair-an-access-file-HP005187449.aspx
  Normally you can execute this function directly in Access or with the Windows ODBC Data Sources Administrator  => "Control Panel" => "Administrative Tools" => "Data Sources (ODBC)"...
   I want to execute this function via cvi code and not by hand ;-).
  Thank you for your support.
  Frank

• Any one is using K8N Neo MS-7030 with 6600/6800 series with LCD monitor ?

  any one is using K8N Neo MS-7030 with 6600/6800 series with LCD monitor and his card is connected through the DVI cable without problems ?

  yup, no problems here! connected to a 19" AGNeovo F-419 TFT LCD, using DVI cable. nice picture!

• HT204074 If I have additional music on my second computer that I authorize with iTunes Match, How do I upload it to iCloud?

  If I have additional music on my second computer that I authorize with iTunes Match, How do I upload it to iCloud?

  check out this post by Zevoneer.

• Transport roles and analysis authorization with user assigned

  Hi expert,
  I face with this problem transport roles and analysis authorization with user assigned. When I have created a transport request to move the roles and analysis authorization from development system to test system. I couldnu2019t maintain the user assigned, after transport I have to assigned manually all of user or create a program to fill AGR_USER table or there are other way.
  Thanks for your time,
  Luis

  Hi,
  In role administration, you have the following options for transporting roles:
  You can download the roles from one system and upload them into another  
  You can import the role from a remote system using RFC  
  You can transport the roles with the transport function.
  Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
  Transporting Roles with the Role Transport Function
         1.      Start the role administration function by choosing Tools ® Administration ® User Maintenance ® Role Administration ® Roles (transaction PFCG).
         2.      Enter the role to be transported and choose Transport Role.
  The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
  You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
  For more information go thrpugh the below link
  http://help.sap.com/saphelp_nw70/helpdata/EN/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
  Regards,
  Marasa.

• How can I authenticate and authorize with Web Service on ESB ?

  Hello,
  I want to authenticate and authorize client with Web Service published
  by HTTP/SOAP BC.
  Simply if it is an Web Service as J2EE application, I will use
  Basic Authentication with JAX-RPC and Realm.
  But I think that Web Service published by HTTP/SOAP BC is not belong
  to J2EE Application. Threre is no place to describe security role mapping
  (like web.xml).
  JBI 1.0 the section "5.5.1.1.3 Normalized Message Properties" comments
  JAAS Subject is given in the NM Properties. Really in this package
  com.sun.jbi.internal.security.*
  implements JAAS autentication and authorization (at JaasAuthenticator).
  But I can't see how to configure my Service to use this.
  How can I authenticate and authorize with Web Service on ESB ?
  I referred to the resources.
  Mutual Authentication for Web Services: A Live Example
  http://developers.sun.com/prodtech/appserver/reference/techart/mutual_auth.html
  XML and Web Services Security
  http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security7.html
  JAAS Authentication Tutorial
  http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
  Thanks,
  Takurou
  - environment ---------------------------------------------
  OpenESB : Project Open ESB Starter Kit
  AppServer : Sun Java Systems Application Server 9.0 PE
  OS : Windows XP
  I don't assume to use SSL (if It's necessary I will try).
  User information is stored in a LDAP Server.
  -----------------------------------------------------------

  Hello,
  I read this resource.
  SecurityDesign
  http://www.glassfishwiki.org/jbiwiki/Wiki.jsp?page=SecurityDesign
  Then I think [non-ssl and ssl/tls and so on] securing by basic authentication is ongoing feature at this time.
  But I can't see well why this page comments 'HTTP over SSL, TLS'.
  HTTP/SOAP Binding Component Overview
  http://download.java.net/general/open-esb/docs/jbi-components/httpsoap-bc.html
  Does BC support only "SSL server authentication" ?
  Doesn't BC support "SSL client authentication" by username/password ?
  Thanks,
  Takurou

• Configuring Cisco ISE for Authorization with External Radius Server attribute

  Hi,
  I'm trying to integrate an external radius server with Cisco ISE.
  I created an External Identity Store>Radius Token Server.
  I created a Identity Store sequence with just one identity store just as creadted above.
  And I was able to authenticate successfully.
  But when it comes to authorization.
  I observed we just have one tab named Authorization while creating Radius Token server.
  And it always refers to ACS:attribute_name.
  If I want to define a IETF radius attribute, (lets say class with attribute id as 25), how could I do it.
  In Cisco ACS we have a direct entry option in authorization tab where we can define the radius (IETF) attribute within Radius token server creation (within radius token server>Directory attribute tab).
  How ever I try to define the IETF attribute here (class,IETF:Class) I am not able to authorize with this attribute value.
  I tried with just one single authorization rule where it could hit.But observed it to go the default(as none of the rules defined matches the condition).
  Can anyone guide me how can we define a IETF radius attribute for authorization within Cisco ISE and what policy could we set it to work as authorization.
  Thanks in advance
  Senthil K

  This is the step of Creating and Editing RADIUS Vendors
  To create and edit a RADIUS vendor, complete the following steps:
  Step 1 From the Administration mega menu, choose Resources > RADIUS  Vendors.
  The RADIUS Vendors page appears with a list of RADIUS vendors that ISE  supports.
  Step 2 Click Create to create a new RADIUS vendor or click the radio  button next to the RADIUS vendor that
  you want to edit and click Edit.
  Step 3 Enter the following information:
  • Name—(Required) Name of the RADIUS vendor.
  • Description—An optional description for the vendor.
  • Vendor ID—(Required) The Internet Assigned Numbers Authority  (IANA)-approved ID for the
  vendor.
  • Vendor Attribute Type Field Length—(Required) The number of bytes  taken from the attribute value
  to be used to specify the attribute type. Valid values are 1, 2, and 4.  The default value is 1.
  • Vendor Attribute Size Field Length—(Required) The number of bytes  taken from the attribute value
  to be used to specify the attribute length. Valid values are 0 and 1.  The default value is 1.
  Step 4 Click Submit to save the RADIUS vendor.

• LDAP (openldap) authorization with DAP (dymamic access policy)

  Hello,
  We have a asa 5520 and we try to make a ldap (openLdap) authorization with DAP (Dynamic Access Policy). We have problem with logical expression. We need more example of logical expression and we need to know how debug logical expression. We try to use de Debug dap trace and debug dap error but we need more debug informations.

  Hi
  I guess you are using an ldap attribute map, to map the ad group to a group policy. This does not work as you may expect when the user is part of multiple groups, I.e. the user will always be mapped to the same group (first or last in the list, not sure).
  Possible solution : remove the ldap attribute map, and configure dap rules that check the ldap.memberOf attribute instead
  Hth
  Herbert
  Sent from Cisco Technical Support iPad App - sorry for the brief explanation, if you need more details let me know.

• Setting up Abode Digital Editions, when I try to Authorize with my Abode id information I get the message "Activation Server Problem - check connection to the internet" when I clearly am connected to the internet ?

  Hi can anyone help me please this is driving me crazy ! I download and install Abode Digital Editions and when I try to Authorize with my Abode ID information I get the message " Activation Server Problem - check connection to the internet when I clearly am connected to the internet ?

  <moved from Downloading, Installing, Setting Up to Adobe Digital Editions>

• Structural Authorizations with Training & Event Management

  We have implemented TEM in R/3 4.72.  We also use structural authorizations with our decentralized HR functions.  Our problem is that if a user has one of the profiles assigned, they can get all the way to booking the class and then receive an error that they have no authorization to edit attendances.  If the user has NO profile, they are able to book a class with no problems.  If I add the P-E evaluation path in the profile, it fixes the problem with booking a class, but then gives the users global access (which is what we are trying to avoid).  I know there must be a key somewhere to making this work.  If anyone knows what it is, I would appreciate finding out.
  In the profile, I have given access to objects D, E, F, G, L, R and P with the P-E and P-S-O evaluation paths (using RH_GET_MANAGER_ASSIGNMENT) function.
  Thanks.

  Hello Michelle,
  I think you could solve this issue by using Context Sensitive Authorizations. It is available from 4.7 and above.
  Regards,
  Ahmad

• Hierarchy authorization with variables of type exit

  Hi all,
  I am trying to implement hierarchy based authorizations with variables. After collecting information from the SAP documentation and this forum, I think I know more or less how to do it, but it's not working and it has me very confused.
  These are the steps I have followed:
  - From RSSM, I have created a hierarchy authorization object including my characteristic and 0TCTAUTHH
  - From RSSM again, I have created a hierarchy authorization pointing to the node $ZG_V_008
  - From the Query designer, I have created a hierarchy node variable of processing type customer exit ZG_V_008 (are any special settings needed here?)
  - From the Query designer, I have created <b>another</b> hierarchy node variable of processing type authorization, and I have used this variable to restrict the hierarchy for my characteristic
  - I have edited the EXIT_SAPLRRS0_001 to watch for I_STEP = 0 and give values to ZG_V_008 (we'll get to my code later in case we solve this issue first
  It is my understanding that with this setup, the user exit will be called to process the value of ZG_V_008 in I_STEP = 0, however, when debugging, I don't see any calls for the function with I_STEP = 0.
  What have I done wrong?
  Thanks a lot in advance.
  Guillermo

  Thanks, Jimmy, but that does not help much: my problem is that my user exit is not evaluated with I_STEP=0, but there are no error messages or anything like that.
  I have created a test user <b>without</b> a developer role to see if that could have any impact, but it's still not working.
  Any ideas?

• Authorization with JAAS in JSF with facelets

  hi,
  can u please hint me where i did mistake.. i clearly mention what i did and what i getting ..i did this in jsf1.2,tomcat6.x
  i did JAAS authentication in jsf with facelets.but i am unable to do the authorization with JAAS in jsf
  after getting authentication i put the subject in session. if i print the values in suject i got the following out put
  Subject:
  Principal: TypedPrincipal: hari [USER] // user name
  Principal: TypedPrincipal: admin [GROUP] // user role.
  now i want to authorization based on the role.
  for this i wrote policy file --principal.policy like this
  grant Principal com.alw.reports.jaas.TypedPrincipal "admin" {
      permission com.alw.reports.jaas.ViewIdPermission "*";
  grant Principal com.alw.reports.jaas.TypedPrincipal "hari" {
      permission com.alw.reports.jaas.ViewIdPermission "*";
  grant Principal com.alw.reports.jaas.TypedPrincipal "user" {
      permission com.alw.reports.jaas.ViewIdPermission "/contents.jsp";
  };and i set the path for this policy file like
                System.setProperty("java.security.policy", "policy file location" );when i run my application i am getting login page after that i gave username and passwed. it is getting authentication .. but not able to displaying next page that is /pages/welcome.xhtml but directly it is showin /pages/error.xhtml
  i am getting following error
  java.security.AccessControlException: access denied (com.alw.reports.jaas.ViewIdPermission /pages/welcome.xhtml)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at com.alw.reports.jaas.JAASHelper$1.run(JAASHelper.java:87)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
       at com.alw.reports.jaas.JAASHelper.permitionToAccessViewId(JAASHelper.java:83)
       at com.alw.reports.jaas.JAASActionListener.processAction(JAASActionListener.java:65)
       at javax.faces.component.UICommand.broadcast(UICommand.java:106)
       at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:184)
       at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:162)
       at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:350)
       at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:316)
       at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:106)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141)
       at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Unknown Source)
  my faces-config.xml
  <navigation-rule>
            <display-name>pages/login</display-name>
            <from-view-id>/pages/login.xhtml</from-view-id>
            <navigation-case>
                 <from-outcome>loginSuccess</from-outcome>
                 <to-view-id>/pages/welcome.xhtml</to-view-id>
            </navigation-case>
       </navigation-rule>
  <navigation-case>
                 <from-outcome>errorpage</from-outcome>
                 <to-view-id>
                      /pages/error.xhtml
                 </to-view-id>
            </navigation-case>my command button in login.xhtml
                           <td align="center" colspan="2">
                                <h:commandButton value="Reset" type="reset"/>
                                <h:commandButton   action="loginSuccess"
                                     id="login" value="Login" />
                           </td>my actionlister
  package com.alw.reports.jaas;
  import javax.faces.component.UIOutput;
  import javax.faces.context.FacesContext;
  import javax.faces.event.AbortProcessingException;
  import javax.faces.event.ActionEvent;
  import javax.faces.event.ActionListener;
  import javax.security.auth.Subject;
  public class JAASActionListener implements ActionListener   {
       private ActionListener parent = null;
       public JAASActionListener(javax.faces.event.ActionListener parent) {
            System.out.println("-------------- in JAASActionListener ;");
         this.parent = parent;
       public void processAction(ActionEvent event)
         throws AbortProcessingException {
            System.out.println("-------------- in processAction ;");
         FacesContext context = FacesContext.getCurrentInstance();
         UIOutput comp = null;
         String userid = null, password = null;
         JAASHelper jaasHelper = new JAASHelper();
         // Check to see if they are on the login page.
         boolean onLoginPage = (-1 != context.getViewRoot().getViewId().lastIndexOf("login")) ? true : false;
         if (onLoginPage) {
           if (null != (comp = (UIOutput)
             context.getViewRoot().findComponent("helloForm:username"))) {
             userid = (String) comp.getValue();
           if (null != (comp = (UIOutput)
             context.getViewRoot().findComponent("helloForm:password"))) {
             password = (String) comp.getValue();
           // If JAAS authentication failed
           if (!jaasHelper.authenticate(userid, password)) {
             context.getApplication().getNavigationHandler().handleNavigation(context, null, "login");
             return;
           else {
             // Subject must not be null, since authentication succeeded
                System.out.println("----------- setting the subjects in context in  ActionListner ");
             assert(null != jaasHelper.getSubject());
             // Put the authenticated subject in the session.
             System.out.println("---- putting the authenicated subject in the seesion ");
             context.getExternalContext().getSessionMap().put("JAASSubject",jaasHelper.getSubject());
         parent.processAction(event);
         Subject subject=(Subject)context.getExternalContext().getSessionMap().get("JAASSubject");
        System.out.println("subject after parent process action>>>>>>>>>>>>>>>>>>>>>"+subject);
        assert(null != subject);
        if(!jaasHelper.permitionToAccessViewId(subject,context,context.getViewRoot().getViewId())){
            context.getApplication().getNavigationHandler().handleNavigation(context, null, "errorpage");
  }can u please hint me where i did mistake
  thanks in advance

  gbabu wrote:
  My doubt is based on that subject , how to write policy file and how to call doAsPrivileged() mehod on that Subject in order to navigate web pages.how to provide web pages permission for particular role in policy file..
  For example i have three pages login.xhtml,user.xhtml,admin.xhtml.
  1> if the logged in person is admin, then we want to display admin.xhtml
  2> if the loggend is person is user , then we want to display user.xhtml
  untill now i did and found who is logged in and what are his type( admin or user) .now i want configure the web.xml and faces-config.xml based on policy fileTo the best of my knowledge, there is nothing in the standard NavigationHandler which accounts for JAAS security. If you wanted, you could create a custom NavigationHandler to do this. If you think the idea is worthy enough, you could issue an enhancement request to the specification ([https://javaserverfaces-spec-public.dev.java.net/]).

• Cockpit - authorizations with hierarchy

  Hello,
  I have a problem in a cockpit, and it is relating to authorizations with hierarchy.
  I have an object of authorization already defined with certain criteria (bucket and node of the jerarquiaa that only I want that agrege deposit a user) this object in a rol, unitedly with a profile of visualizing the cockpit. When I enter with the user to visualize the cockpit I enter to all the nodes, my question is: Why not respecting my authorization for the node of the hierarchy that alone I want to show?
  thank you.
  Mike

  listo ya quedo

• Aaa authorization with Tacacs+

  Hello All,
  I am trying to figure out how aaa authorization with tacacs+ works.
  I am totally comfortable with aaa authentication..But am not able to understand how it works...How diff priv levels are assigned to diff users?..
  I am totally freaked out...

  The device side side setup is pretty simple. You just use the aaa authorization command set. A good bit of the setup is on the ACS server end.
  Cisco has a pretty thorough configuration example posted here.