Bug in JAAS Kerberos module on Windows XP?

Similar Messages

• JAAS - Kerberos - windows 2000 domain - groups

  I need to find out if a user is in 2 different groups. If they are in group a, I display results a.m. If they are in group b, I display results b.n. If they are in a and b, then I display a.m union b.n. Any ideas?
  I am validating the user through kerberos already. Windows NT domain says they are valid if correct username/domain/password are enterted. Now I need to find out if they are part of a group on a domain. Any ideas? Am I making sense. Mail me at perry2of5 at yahoo.com if you need clarification or have ideas and don't want to post here.
  I suspect i need to use the subject from the original login and ask for access to the group, but I don't know how to do this. Help!

  I've a very simular problem (maybe even simpler).
  My webapp (Struts) is running on a Tomcat and the user login has to be proofen against a Win2000 active directory server. If login is successfull I'll need the users roles from the W2k ADS. That's it.
  What I know till know:
  - authentication uses Kerberos
  - communication with ADS uses LDAP
  Has anybody an easy solution (example). I've already read all the JAAS stuff from Sun, but I'm still not sure how to implement it.
  Thx, Chrise

• Strange bug in Flashplayer for Firefox on Windows

  Hello All,
  First, I'm not sure that it's the right forum, as suspect the
  bug to be in the flash player implementation more than in my code,
  but here goes:
  I have a simple .flv movie player. On mouse move (Over the
  stage), an interface appears on top of the FLV playback component,
  allowing the user to pause the movie. After a short while of no
  movement, the interface disappears again.
  This works well. The interface is not in the way and only
  there when needed. The only problem is that I'm experiencing some
  trouble with flashplayer for firefox on Windows. It works as
  advertised in IE, 6+7 and Firefox/safari on Mac. The error
  reproduces over several computers, so it's not a buggy
  installation.
  What happens, is that the FLVPlayback component pauses when
  the mouse doesn't move. This is of course a problem because of the
  40% black overlay that is part of the interface. So you can only
  see the movie if you keep you mouse moving within the player, and
  is able to distract from the interface overlay.
  I implement the mouse handling as shown.
  That's all there is to it. The show and hide functions do
  just that. Make a _root.onEnterFrame and uses that to show or hide
  the interface like shown.
  Nothing in there has anything to do with stopping the
  playback. I'm showing a button, that's all. Not clicking it.
  The error only occurs in Firefox on Windows.
  I suspect it's something to with Event handling, when leaving
  the Stage area.
  Is done in Flash 8 on MacOSX
  Any ideas?
  Best regards,
  Michael

  Firstly there appears to be a bug in the Kerberos libraries where it does not look at the local cache on XP. Try with -Dos.name="Windows 2000". This should trick the java libraries into thinking it's on W2K and look at the LSA cache. There appears to be other issues here but still trying to investigate further.
  Secondly you haven't specified a CallBackHandler yet you have DoNotPrompt =false. Thus Kerberos will try to ask for the username and password (since it doesn't talk to LSA) yes none is defined in your call to LoginContext.

• Opinions on implementing a JAAS login module to achieve SSO

  We are looking at implementing SSO from a sharepoint website to the portal.  The users who are accessing the Sharepoint site are using their own computers and are not members of the AD Domain, so they could theoretically be using any computer in the world to access Sharepoint.
  the desired user experience looks something like this.
  user--login> sharepoint site -no login--
  >portal
  One of the methods we are looking at to achieve this is to implement a custom JAAS login module that would authenticate the user if they are coming from the Sharepoint site.
  I would like to get your opinions on how viable you think this method is.  One of the goals of this method is ease of implementation, so if you can think of an easier way to implement this please let us know.
  the method is basically this.
  1. User logs into sharepoint using their AD username and password and establish an active session with sharepoint
  2. user navigates to a link in sharepoint that points to a resource in the SAP Portal
  3. we don't want the user to have to login to access the resource when they click on the link
  4. to facilitate this, sharepoint has constructed the link in the following way
  5. the link is an https link
  6. the link has two additional parameters in addition to whatever is necessary to navigate to the resource
  7. the parameters are
  8. un = the users AD username
  9. uh = sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + "username")
  10. the user clicks the link and is directed to the SAP portal
  11. the sap portal has a custom JAAS login module which performs it's checks before the other login modules
  12. the custom module computes ( sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + un)) and then compares the result with uh, if they are equal, the custom login module authenticates the user bypassing any further need for authentication, otherwise authentication passes to the original authentication modules as normal.
  If you think there is an easier way, please let us know.  We are essentially looking for the easiest/fastest way to implement this functionality that is still secure.

  Hey Gary,
    I'm currently using Apache running on RedHat that leverage Apache's mod_rewrite module. I've got a bank of 6 reverse proxies sitting in front of an SAP Portal and each proxy runs on a host with dual 3.33GHz processors and 8Gb or RAM. I know... they're waaay over-sized and they pretty much snooze all day.
    This is the sole entry point for all SAP users and we sized them to accommodate the "worst case" of about 5000 (potential) named users, concurrently. Realistically, we've only ever had about 1500 unique users hitting the systems in a day (following an upgrade go-live, everybody is curious and wants to log on) and a typical load of about 500 to 750 users in a day.
    Never had a real performance problem to speak of. As long as the proxies are tuned properly (ssl cache, sessions, etc.), you should be fine.
    Setting header variables and some other "custom stuff" is handled in Perl (need Apache's mod_perl active). We've got a script that's called by all users before being passed to the Portal.
    We used IISProxy.dll with an IIS web server a long time ago (5 years maybe?) but opted to can it in favor of the approach described above.
    If you ask SAP, they'll recommend you use a WebDispatcher... and that's certainly an option as well.
  -Kevin

• 1080p download and playback bugs in iTunes 10.6 for Windows

  There seems to be some bugs in iTunes 10.6 for Windows related to 1080p video.  According to Apple, the minimum specs for viewing 1080p video on a PC is:
  To play 1080p HD video on a PC, you need a 2.4GHz Intel Core 2 Duo or faster processor, 2GB of RAM, and an Intel GMA X4500HD, ATI Radeon HD, or NVIDIA GeForce 8300 GS or better graphics processor.
  My PC exceeds these specs (Intel i5-2500K 3.3GHz CPU, 8GB of RAM, AMD Radeon 7970 video card, 30" Apple Cinema Display).  The first bug appears when I go into the preferences setting and switch the download preference fom 720p to 1080p, which triggers a warning box that says:
  This computer may not be able to play 1080p videos.  You can still download these videos for use on other devices.
  That's odd but I press "OK" and downloaded the 1080p copy of a TV episode.  When I press play, another warning box popped up:
  Video is too large.  The 1080p version of [show] is too large to play on this computer.  You can choose to play a smaller 720p version of this movie below.  This message will be dismissed in XX seconds.
  The message gives you three options: PLAY SMALLER VERSION / OK / CANCEL.  If I select OK or simply let the timer run down, the 1080p video starts playing without any problems.  Anyone else seeing this?

  Oh that clarifies things, I see what you mean.  The error message still confuses me because even your smaller Acer monitor matches the pixel resolution of the 1080p video - the video doesn't exceed the monitor's pixel ratio so it's not technically "too large" as the error message says.  The 1080p video should fill your Acer monitor edge to edge while leaving black borders on the top and bottom of your Samsung.  I think this is clearly a bug in iTunes.
  I know what you mean about the movie opening up so that a portion of the image is off the screen but that sounds like an issue related to the default position of the window when you start a video.  The default position is such that a smaller size like the SD copy probably isn't cut off but that a larger video does get chopped until you change where videos open by default.  I can change the position simply closing the video while it's playing.  iTunes remembers the place on the screen where I closed the video and opens all videos at the spot afterwards.  Does that not work for you?

• Use of portal service in JAAS Login Module

  Is it possible to use an portal service in an JAAS Login Module?
  I've tried to use the IUserMappingService and always run in an Null Pointer Exception.
  All needed Used DC references are set and the build and the deployment of the
  login module is possible without any errors.
  Best regards,
  Thomas

  I've debuged my JAAS login modul.
  The following objects are in accessable over my context object
  {broker=broker, com.sap.portal.pcm.collaborative.ipartstemplates={}, UME=UME, com.sap.workflow.es.portal.IKMCRoomService=com.sap.workflow.es.room.KMCRoomHelper@44c944c9, comp.sap.portal.fpn.marshallersrepository={com.sapportals.portal.workset=com.sap.portal.fpn.marshal.WorksetMarshaller@7cf07cf0, com.sapportals.portal.rolefolder=com.sap.portal.fpn.marshal.RoleFolderMarshaller@489b489b, com.sapportals.portal.operationmodifier=com.sap.portal.unification.semanticlayer.marshalling.OperationModifierMarshaller@1a1b1a1b, com.sapportals.portal.businessobject=com.sap.portal.unification.semanticlayer.marshalling.BusinessObjectMarshaller@1fc71fc7, com.sapportals.portal.layout=com.sap.portal.fpn.marshal.LayoutMarshaller@454f454f, com.sapportals.portal.role=com.sap.portal.fpn.marshal.RoleMarshaller@590e590e, com.sap.portal.obn.semanticlayer.businessobject.BusinessObject=com.sap.portal.unification.semanticlayer.marshalling.BusinessObjectNYMarshaller@68af68af, com.sap.portal.obn.semanticlayer.operation.IOperation=com.sap.portal.unification.semanticlayer.marshalling.OperationNYMarshaller@4f4a4f4a, com.sap.portal.pcm.admin.PlainFolderConverter=com.sap.portal.fpn.marshal.FolderMarshaller@284a284a, com.sapportals.portal.iview=com.sap.portal.fpn.marshal.IViewMarshaller@7ba37ba3, com.sapportals.portal.page=com.sap.portal.fpn.marshal.PageMarshaller@a100a10, com.sapportals.portal.operation=com.sap.portal.unification.semanticlayer.marshalling.OperationMarshaller@ece0ece}, WP=com.sapportals.portal.prt.core.resource.MultiPropertiesResource@3b213b21, ContentCatalog=ContentCatalog, Navigation=Navigation, PCD=PCD, com.sap.portal.obn=com.sap.portal.obn, com.sap.portal.usermanagement.usermanagement=com.sapportals.portal.prt.service.usermanagement.UserManagementService@60cc60cc, ProductionMode=true, AdHocWorkflowConnector=com.sap.workflow.es.portal.WFEWorkitemProvider@30d630d6, com.sap.ip.bi=com.sap.ip.bi, com.sapportals.portal.pcm.registeredServies=com.sapportals.portal.pcm.registeredServies, UniversalWorklistService=com.sap.netweaver.bc.uwl.core.portal.UWLPortalService@57e957e9, com.sap.portal.appintegrator=com.sap.portal.appintegrator, rtmf_messaging=com.sap.ip.collaboration.core.api.rtmf.core.RTMFMessaging@41af41af, com.sap.workflow.es.portal.IKMNotificationService=com.sap.workflow.es.portal.KMNotificationService@1daa1daa, com.sap.portal.pcm.collaborative.pagestemplates={}, runtime=runtime, Authenticator=com.sapportals.portal.prt.service.authenticationservice.AuthenticationService@756f756f, com.sap.workflow.es.portal.IKMAttachmentService=com.sap.workflow.es.portal.KMAttachmentService@9750975, unification=unification}
  The IUserMappingService is missing.  Any ideas?
  Best regards,
  Thomas

• Accessing LDAP in a custom JAAS login module

  Hi,
  I have developed a custom jaas login module in CE 7.1. I created a java dc which contains a class extending AbstractLoginModule. This DC is deployed on to the server using an EAR DC. I am trying to access LDAP in the custom login module. I am trying to establish an SSL connection to LDAP. For this purpose i have created a custom socket factory class which extends SSLSocketFactory. I used the code below to establish the connection.
            Hashtable<String,String> env=new Hashtable<String,String>();
            DirContext dirContext=null;
            env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL,ldapURL);
                  env.put(Context.SECURITY_PROTOCOL,"ssl");
                  env.put("java.naming.ldap.factory.socket", "com.test.ldap.MySSLSocketFactory");
                  dirContext=new InitialDirContext(env);
  MySSLSocketFactory is the name of custom socket factory.
  During a login process, the above code results in error because the connection to LDAP server could not be established. However the same code when executed in a webdynpro DC is working without any problem. What could be the reason for this?
  This is the error i could see in defaultTrace
  javax.naming.CommunicationException: js24.na.domain.net:636 [Root exception is java.lang.ClassNotFoundException: com.test.ldap.MySSLSocketFactory
  Loader Info -
  ClassLoader name: [service:security]
  Living status: alive
  Direct parent loaders:
     [system:Frame]
     [library:j2eeca]
     [service:timeout]
     [service:com.sap.security.core.ume.service]
     [service:adminadapter]
  Resources:
     /usr/sap/SV3/J10/j2ee/cluster/bin/services/security/lib/private/sap.comtcjesecurityimpl.jar
  at com.sun.jndi.ldap.Connection.<init>(Connection.java:205)
  at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
  at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1579)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2681)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:299)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  at com.sap.engine.system.naming.provider.DefaultInitialContext._getDefaultInitCtxt(DefaultInitialContext.java:64)
  at com.sap.engine.system.naming.provider.DefaultInitialContext.<init>(DefaultInitialContext.java:45)
  at com.sap.engine.system.naming.provider.DefaultInitialContextFactory.getInitialContext(DefaultInitialContextFactory.java:41)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.InitialContext.<init>(InitialContext.java:197)
  at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)

  Hi,
  I used an EJB to perform the LDAP search and called the EJB from the login module. It is working as expected.
  Regards,
  Shabeer

• How to deploy and configure custom JAAS login module

  Dear Experts,
  I have created a custom jaas login module, In my .jar I am having
  1. MyLoginModule.class
  2. Handler.class
  3. MyPrincipal.class
  I want to know how to deploy the custom jaas module to oc4j. And make available to all
  other application to use the same for authentication & authorization. Please suggest me.
  Thanks,
  Rajesh A

  This article does not mention that you can put the <jazn-loginconfig> tag into the orion-application.xml as well.
  Much easier to deploy and test.
  --olaf                                                                                                                                                                                                                                                                                                                       

• How to create Jaas Login module !! Urgent

  <b>Hi developers</b>
                      I want to make some changes in logon messages. Right now we are getting only error <b>user authentication failed </b> on the portal even if user is locked or some other reason is there for failed authentiaction. I want proper message should be displaying based on user input. For it I hope its good to <b>create Jaas logon module</b> so that i can modify it accordingly .
  kindly if any one can give me way out , its urgent.
  how to create it step by step. it would be highly appriciable.
  any inputs are appriciated .
  Thanks in advance
  <b>Abhay</b>

  Hi Abhay,
  1.) Every question is "urgent"... Please read https://www.sdn.sap.com/irj/sdn/wiki?path=/display/home/rulesofEngagement - section "Use a Good Subject Line"
  2.) For JAAS Login Modules examples, see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4d65ed90-0201-0010-3aba-9209836e8242
  Hope it helps
  Detlev

• Looking for example: JAAS login module using ADF BC

  Hello all,
  I have seen the article at http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm by Frank and Duncan detailing how to put together a login module that uses the database for authentication. Great idea. I would like to take it to the next level and use an ADF BC View Object to do the authentication and role assignment for users, but am stuck on a few points. First of all, is there anyone out there who has done this and would care to share? If not:
  1). How do I get a reference to the AM so that I can look up a view object in the login module?
  2). I assume that I am going to need to add my model project classes to the system classpath, correct?
  3). What are the other gotchas?
  4). Or should this be the first question, is this even possible?

  Hi John,
  I am trying to find a relevant example on JAAS login module with ADF BC,
  i have this application that is ready to go in production deployed on a test application server
  everything seems to work fine but it is totally deprived of security :o(
  i have sent post to get some information i read most of it i even came across your blog on the matter
  i am sort of understanding the things needed to do but i would need a working example to get a better grasp on the this subject. I need i think to built a custom login module but i dont know what exactly can be coded inside the jar file that is read from the application and that forces the authentification so if you could help in my research for an example you OR anyONE
  it would be appreciated
  Carl

• Howto put custom JAAS Login Module into NWDI

  Hi there!
  We are currently in migration phase and want to integrate existing codings to NWDI. We mainly had Web Dynpro projects which we figured out how to migrate through discovering  help.sap.com
  Formerly I developed a custom JAAS login module which is productive on our portal systems. Now I would like to integrate it to NWDI. Is this possible in general?
  Best Regards
  Christian

  Can you clarify a bit more what didn't work? What issues do you face?
  Our setup for security.jar (which is not available in one of the base SC's) (for the rest try to use as many base DC's as possible):
  1. Create External Library DC for security.jar
  2. Add security.jar to libraries folder, add to new pp for Compilation
  3. Create J2EE Library DC for loginmodule
  4. Create Java Library DC for loginmodule as Child DC
  5. Define the External Library DC as Used DC of the Java DC, referencing the Compilation pp (Only a Build time dependency, since this will not be deployed, instead you'll reference the registered interface, see below).
  6. Create a public part for Assembly in the Java DC. Add all your loginmodule classes to the pp.
  7. Define the Java DC as Used DC of the J2EE Library DC, referencing the Assembly pp (only Build time dependency). (this packages the loginmodule jar in the J2EE library)
  8. Create a provider.xml in the 'server' folder of the J2EE Library DC
  9. Define references to libraries used by the Child DC and the Child DC's jar:
       <references>
            <reference
                 provider-name="sap.com"
                 strength="weak"
                 type="library">com.sap.security.api.sda</reference>
            <reference
                 provider-name="sap.com"
                 strength="weak"
                 type="interface">security_api</reference>
            <reference
                 provider-name="sap.com"
                 strength="weak"
                 type="library">com.sap.tc.Logging</reference>
            <reference
                 provider-name="sap.com"
                 strength="weak"
                 type="library">servlet</reference>
       </references>
       <jars>
            <jar-name>[vendor name]~[DC name]~Assembly.jar</jar-name>
       </jars>
  The J2EE Library DC has only one Used DC: The child Java DC.
  The Java DC has Used DCs for anything you need to compile your loginmodule code.
  Hope I didn't forget anything else.

• Need a simple jaas login module

  Hello,
  I am in need of a simple jaas login module that makes a NameCallback, gets the name and adds it to the Subject – the simplest login module one can have.
  Can anyone provide the same to me.
  Thanks in advance.

  You might find this helpful
  http://weblogic-wonders.com/weblogic/2010/06/15/jaas-login-in-weblogic-server/

• Problems deploying custom JAAS login module (ClassNotFound)

  Hi,
  I've developed a custom made JAAS login module that filters on IP addresse which I am moving from 6.20 to 6.40.
  I've pretty much followed the procedures from http://help.sap.com/saphelp_nw04/helpdata/de/46/3ce9402f3f8031e10000000a1550b0/content.htm , the only major difference is that I needed a reference to WebCallback and therefore a reference to com.sap.security.api.sda from my library project.
  I've especially followed the step with "Adding a Reference to the Classloader of the Security Provider" (http://help.sap.com/saphelp_nw04/helpdata/de/2b/23e4407211732ae10000000a155106/content.htm) , but I think its this step that fails. This has been set to library:<library name> , where <library name> is what is written on the right hand side of visual admin under library. I see that the library is deployed under the folder bin\ext\customer.com~com.customer.portal.login.IPRuleLibrary   , so maybe I will try that name tomorrow morning.
  The exceptions I get are
  #1.5#001321B3B106005C0000000800002E380004039375E59BA6#1129831779936#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#1####ae7c5500419411daa7fd001321b3b106#SAPEngine_Application_Thread[impl:3]_17##0#0#Error#1#/System/Audit#Java###Exception #1#com.sap.engine.services.security.exceptions.BaseSecurityException: Cannot load a login module.
       at com.sap.engine.services.security.login.LoginContextFactory.init(LoginContextFactory.java:95)
       at com.sap.engine.services.security.login.LoginContextFactory.getLoginContext(LoginContextFactory.java:133)
       at com.sap.engine.services.security.server.AuthenticationContextImpl.getLoginContext(AuthenticationContextImpl.java:227)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.sap.engine.system.SystemLoginModule.initialize(SystemLoginModule.java:72)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
       at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:86)
       at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:305)
       at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
       at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
       at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:295)
       at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:351)
       at com.sap.portal.navigation.Gateway.service(Gateway.java:68)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:95)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:159)
  Caused by: java.lang.ClassNotFoundException: com.customer.portal.login.IPRuleLoginModule
  Found in negative cache
  - Loader Info -
  ClassLoader name: [common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore]
  Parent loader name: [Frame ClassLoader]
  References:
     library:com.sap.ip.basecomps
     library:core_lib
     common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
     library:servlet
     library:sapxmltoolkit
     library:com.sap.mw.jco
     library:com.sap.util.monitor.jarm
     library:j2eeca
     library:opensql
     interface:security
     interface:log
     interface:shell
     interface:keystore_api
     library:ejb20
     interface:webservices
     library:com.sap.guid
     interface:appcontext
     interface:endpoint_api
     interface:resourceset_api
     interface:resourcecontext_api
     common:service:iiop;service:naming;service:p4;service:ts
     interface:ejbcomponent
     interface:container
     interface:visual_administration
     interface:transactionext
     interface:dsr_ejbcontext_api
     service:timeout
     library:tc~jmx
     library:tcSLUTIL
     service:memory
     library:antlr
     library:jdbdictionary
     library:opensqlextensions
     interface:cross
     service:locking
     service:file
  Resources:
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_saml_toolkit_api.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  adminadapter
  adminadapter.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  com.sap.security.core.ume.service
  com.sap.security.core.ume.service.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  webservices_lib
  jaxrpc-api.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  com.sap.security.api.sda
  com.sap.security.api.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  dbpool
  opensqllib.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  jmx
  jmx_sec.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  webservices_lib
  jaxm-api.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  keystore
  keystore.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  security
  security.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  basicadmin
  jstartupapi.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_saml_jaas.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  connector
  connectorimpl.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  webservices_lib
  webservices_lib.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_jaas.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_saml_service_api.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_userstore_lib.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  webservices_lib
  saaj-api.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  com.sap.security.core.sda
  com.sap.security.core.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  com.sap.security.core.sda
  com.sap.security.core.tpd.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_csi.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_ssf.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  userstore
  userstore.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  dbpool
  sqljimpl.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_saml_xmlbind.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_saml_util.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  dbpool
  dbpool.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  deploy
  deploy.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_saml_toolkit_core.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  jmx
  jmx.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_compat.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  jmx_notification
  jmx_notification.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  configuration
  configuration.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  basicadmin
  jstartupimpl.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_https.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  services
  basicadmin
  basicadmin.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  security.class
  tc_sec_jaas_test.jar
     C:
  usr
  sap
  EQ2
  J13
  j2ee
  cluster
  server1
  bin
  ext
  com.sap.security.api.sda
  com.sap.security.api.perm.jar
  Loading model: {parent,local,references}
       at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:348)
       at com.sap.engine.services.security.Util.loadClass(Util.java:262)
       at com.sap.engine.services.security.Util.loadClassFromAdditionalLoaders(Util.java:204)
       at com.sap.engine.services.security.login.LoginContextFactory.init(LoginContextFactory.java:92)
       ... 45 more
  #1.5#001321B3B106005C0000000900002E380004039375E5A109#1129831779936#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#1####ae7c5500419411daa7fd001321b3b106#SAPEngine_Application_Thread[impl:3]_17##0#0#Error##Java###Cannot load login module class .#1#com.customer.portal.login.IPRuleLoginModule#

  Hi,
  The problem was solved by using the name customer.com~com.customer.portal.login.IPRuleLibrary for the library (so basically look at the name of your library folder under cluster\j2ee\serverx\bin\ext , not the name reported by visual admin).
  Also I was able to modify the properties of the login module runtime, which made me very happy
  Dagfinn

• JDEV deployment of web app with custom JAAS login module fails

  For the first time, I am trying to implement a custom JAAS login module.
  JDEV deployment to standalone OC4J only fails when my orion-application.xml is included. The deployment fails with a java.lang.InstantiationException.
  This what I have done:
  1) Wrote a custom LoginModule called com.whirlpoool.sjtc.jaas.gpa.LDAPLoginModule.
  2) Put it and its dependent classes in a jar named sjtcjaas.jar.
  3) Put the jar in $ORACLE_HOME\j2ee\home\lib
  4) Changed library_path in $ORACLE_HOME\j2ee\home\config\application.xml to
  <library path="../../home/lib/scheduler.jar;../../home/lib/sjtcjaas.jar" />
  5) Added an orion-application.xml to the JDEV project. (I used an Oracle How-to as a pattern, see below.)
  I think I'm close but no cigar, yet. Any help would be appreciated.
  Regards,
  Al Malin
  =============== orion-application.xml ========================================
  <?xml version="1.0"?>
  <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd" deployment-version="10.1.3.0.0" default-data-source="jdbc/OracleDS" schema-major-version="10" schema-minor-version="0" >
  <security-role-mapping name="sr_manager">
  <group name="managers" />
  </security-role-mapping>
  <security-role-mapping name="sr_developer">
  <group name="developers" />
  </security-role-mapping>
  <log>
  <file path="application.log" />
  </log>
  <!-- Configuring a Login Module in an Application EAR file. -->
  <jazn-loginconfig>
  <application>
  <name>customjaas</name>
  <login-modules>
  <login-module>
  <class>com.whirlpoool.sjtc.jaas.gpa.LDAPLoginModule</class>
  <control-flag>required</control-flag>
  <options>
  <option>
  <name>debug</name>
  <value>true</value>
  </option>
  </options>
  </login-module>
  </login-modules>
  </application>
  </jazn-loginconfig>
  </orion-application>

  Starting OC4J from c:\oc4j\j2ee\home ...
  2006-09-07 13:45:28.484 NOTIFICATION JMS Router is initiating ...
  06/09/07 13:45:29 Oracle Containers for J2EE 10g (10.1.3.0.0) initialized
  2006-09-07 13:45:58.609 NOTIFICATION Application Deployer for aam STARTS.
  2006-09-07 13:45:58.640 NOTIFICATION Copy the archive to C:\oc4j\j2ee\home\applications\aam.ear
  2006-09-07 13:45:58.656 NOTIFICATION Initialize C:\oc4j\j2ee\home\applications\aam.ear begins...
  2006-09-07 13:45:58.656 NOTIFICATION Auto-unpacking C:\oc4j\j2ee\home\applications\aam.ear...
  2006-09-07 13:45:58.687 NOTIFICATION Unpacking aam.ear
  2006-09-07 13:45:58.687 NOTIFICATION Unjar C:\oc4j\j2ee\home\applications\aam.ear in C:\oc4j\j2ee\home\applications\aam
  2006-09-07 13:45:58.750 NOTIFICATION Done unpacking aam.ear
  2006-09-07 13:45:58.750 NOTIFICATION Finished auto-unpacking C:\oc4j\j2ee\home\applications\aam.ear
  2006-09-07 13:45:58.750 NOTIFICATION Auto-unpacking C:\oc4j\j2ee\home\applications\aam\aam.war...
  2006-09-07 13:45:58.750 NOTIFICATION Unpacking aam.war
  2006-09-07 13:45:58.765 NOTIFICATION Unjar C:\oc4j\j2ee\home\applications\aam\aam.war in C:\oc4j\j2ee\home\applications\aam\aam
  2006-09-07 13:45:58.765 NOTIFICATION Done unpacking aam.war
  2006-09-07 13:45:58.765 NOTIFICATION Finished auto-unpacking C:\oc4j\j2ee\home\applications\aam\aam.war
  2006-09-07 13:45:58.812 NOTIFICATION Initialize C:\oc4j\j2ee\home\applications\aam.ear ends...
  2006-09-07 13:45:58.828 NOTIFICATION Starting application : aam
  2006-09-07 13:45:58.828 NOTIFICATION Initializing ClassLoader(s)
  2006-09-07 13:45:58.828 NOTIFICATION Initializing EJB container
  2006-09-07 13:45:58.828 NOTIFICATION Loading connector(s)
  2006-09-07 13:45:58.843 NOTIFICATION application : aam is in failed state
  06/09/07 13:45:58 WARNING: Application.setConfig Application: aam is in failed state as initialization failedjava.lang.InstantiationException
  Sep 7, 2006 1:45:58 PM com.evermind.server.Application setConfig
  WARNING: Application: aam is in failed state as initialization failedjava.lang.InstantiationException
  06/09/07 13:45:58 oracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException
  06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:510)
  06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:191)
  06/09/07 13:45:58 at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:93)
  06/09/07 13:45:58 at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
  06/09/07 13:45:58 at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
  06/09/07 13:45:58 at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
  06/09/07 13:45:58 at java.lang.Thread.run(Thread.java:595)
  06/09/07 13:45:58 Caused by: java.lang.InstantiationException
  06/09/07 13:45:58 at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
  06/09/07 13:45:58 at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
  06/09/07 13:45:58 at com.evermind.server.Application.setConfig(Application.java:391)
  06/09/07 13:45:58 at com.evermind.server.Application.setConfig(Application.java:308)
  06/09/07 13:45:58 at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1771)
  06/09/07 13:45:58 at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:507)
  06/09/07 13:45:58 ... 6 more
  2006-09-07 13:45:58.890 NOTIFICATION Application Deployer for aam FAILED.
  2006-09-07 13:45:58.890 NOTIFICATION Application UnDeployer for aam STARTS.
  2006-09-07 13:45:58.906 NOTIFICATION Removing all web binding(s) for application aam from all web site(s)
  2006-09-07 13:45:59.015 NOTIFICATION Application UnDeployer for aam COMPLETES.
  06/09/07 13:45:59 WARNING: DeployerRunnable.run java.lang.InstantiationExceptionoracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException
  at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:126)
  at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
  at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:81)
  at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:814)
  at java.lang.Thread.run(Thread.java:595)
  Caused by: java.lang.InstantiationException
  at com.evermind.server.ApplicationStateRunning.initDataSources(ApplicationStateRunning.java:1424)
  at com.evermind.server.ApplicationStateRunning.initializeApplication(ApplicationStateRunning.java:195)
  at com.evermind.server.Application.setConfig(Application.java:391)
  at com.evermind.server.Application.setConfig(Application.java:308)
  at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1771)
  at oracle.oc4j.admin.internal.ApplicationDeployer.addApplication(ApplicationDeployer.java:507)
  at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:191)
  at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:93)
  ... 4 more
  2006-09-07 13:45:59.031 WARNING java.lang.InstantiationException

• Custom JAAS Login Module 9.0.4 configuration problems

  Hello,
  We have created a custom JAAS Login Module on OC4J 9.0.4 and are having some sort of configuration problem
  We always get this error:
  Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:779)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:535)
  The Login Module is configured for a specific deployed application in the global jazn-data.xml and is being run as I have attached a debugger to the app server.
  Our authentication process succeeds and we return a "true" from the login() method. No exceptions are thrown from our Login Module.
  our ORACLE_HOME/j2ee/home/config/jazn-data.xml has this added
  <application>
  <name>helloworld</name>
  <login-modules>
  <login-module>
  <class>com.test.JaasLoginModule</class>
  <control-flag>required</control-flag>
  <options>
  </options>
  </login-module>
  </login-modules>
  </application>
  The j2ee/home/application-deployments/helloworld/jazn-data.xml looks like this:
  <?xml version="1.0" encoding="UTF-8" standalone='yes'?>
  <!DOCTYPE jazn-data PUBLIC "JAZN-XML Data" "http://xmlns.oracle.com/ias/dtds/jazn-data.dtd">
  <jazn-data />
  and we added this into the j2ee/home/application-deployments/helloworld/orion-applicaton.xml
  <jazn provider="XML" location="jazn-data.xml" >
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  <property name="jaas.username.simple" value="true" />
  </jazn>
  Are we missing anything? Our code runs, it seems like there is something lacking in the configuration on the OC4J side of things.
  Anyone know what we are missing?
  Thanks....

  Hi,
  if you are on 9.0.4 then <property name="custom.loginmodule.provider" value="true"/> shouldn't work because its a parameter of 10.1.3
  Frank