Connectiing to PAMS - Pluggable Authentication Module using JAVA

Hi,
I am working on a security issue where there is PAM on the unix machine. How can I connect to that PAM using java? As I am new to this PAM concept, please give me a lead as of how can I do it using JAVA.
Thanks in advance

Hi,
The usually procedure is to use ipsadmin change component iwtauth cust_auth.xml where cust_auth.xml has the attributes and values for the new module you have added. In your case you can try changing the client detection attribute alone using the ipsadmin command.
The first step is to modify the existing
 iwtAuth-clientDetectionEnabled 
attribute to have a new value and changeing again to have the right(correct) value.
Regards,
Raj_indts
Developer Technical Support
Sun Microsystems http://www.sun.com/developers/support

Similar Messages

New pluggable Authentication module changed Platform Settings

I installed IPS 3.0 SP 3a and the MAP provided along with it then I have written a new Pluggable Authentication Module and made required additions in iwtAuth.xml .I deleted the existing iwtAuth component using ipsadmin delete and then imported the modified XML. But after importing this XML the Platform Settings in admin Console such as "Client detection enabled" options etc got missing.(The check box is no longer there). Although there are entries relating to these options in XML that i imported but they are missing from admin console. Where did i go wrong ?
This is my modified iwtAuth:
<iwt:Component name="iwtAuth"
 ver="1.0"
 desc="Authentication"
 resB="iwtAuth"
 idx="">
<iwt:Att name="iwtAuth-authMenu"
 desc="Authentication Menu"
 type="multichoice"
 idx="a1"
 userConfigurable="TRUE">
 <Val>Radius</Val>
<Val>SecurID</Val>
<Val>SafeWord</Val>
<Val>SKey</Val>
<Val>Unix</Val>
<Val>Ldap</Val>
<Val>NT</Val>
<Val>Membership</Val>
<Val>customizeLogin</Val>
<Val>Anonymous</Val>
<Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
<Wperm>ADMIN</Wperm>
<CVal>Radius</CVal>
<CVal>SecurID</CVal>
<CVal>SafeWord</CVal>
<CVal>SKey</CVal>
<CVal>Unix</CVal>
<CVal>Ldap</CVal>
<CVal>NT</CVal>
<CVal>Membership</CVal>
<CVal>customizeLogin</CVal>
<CVal>Anonymous</CVal>
</iwt:Att>
<iwt:Att name="iwtAuth-profileRequired"
 desc="Authentication Requires Profile"
 type="boolean"
 idx="a2"
 userConfigurable="TRUE">
 <Val>false</Val>
 <Rperm>ADMIN</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-domainURL"
 desc="Domain URLs"
 type="stringlist"
 idx="a3"
 userConfigurable="TRUE">
 <Val>/test.com</Val> <Val>sun-lily.test.com</Val> <Val>sun-lily.test.com/test.com</Val> <Val>sun-lily.test.com/login</Val> <Val>157.227.246.30</Val> <Val>157.227.246.30/test.com</Val> <Val>157.227.246.30/login</Val>
 <Rperm>ADMIN</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-adminAuthModule"
 desc="Admin Authenticator"
 type="singlechoice"
 idx="a4"
 userConfigurable="TRUE">
 <Val>Unix</Val>
 <CVal>Radius</CVal>
<CVal>Simple</CVal>
<CVal>SecurID</CVal>
<CVal>SafeWord</CVal>
<CVal>SKey</CVal>
<CVal>Unix</CVal>
<CVal>Ldap</CVal>
<CVal>NT</CVal>
<CVal>Membership</CVal>
<CVal>customizeLogin</CVal>
<CVal>Anonymous</CVal>
 <Rperm>ADMIN</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-defaultRole"
 desc="Default Role"
 type="string"
 idx="a5"
 userConfigurable="TRUE">
 <Val>/test.com/defaultRole</Val>
 <Rperm>ADMIN</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-chainingModules"
desc="Authentication Chaining Modules"
type="string"
idx="a6"
userConfigurable="TRUE">
<Rperm>ADMIN</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-chainingEnabled"
desc="Authentication Chaining Enabled"
type="boolean"
idx="a7"
userConfigurable="TRUE">
<Val>false</Val>
<Rperm>ADMIN</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-unixConfigPort"
 desc="Unix Configuration Port"
 type="number"
 idx="X-Unix-x1"
 userConfigurable="FALSE">
 <Val>8946</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-unixHelperPort"
 desc="Unix Helper's Port"
 type="number"
 idx="X-Unix-x2"
 userConfigurable="FALSE">
 <Val>7946</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-unixTimeout"
 desc="Unix Timeout"
 type="number"
 idx="X-Unix-x3"
 userConfigurable="FALSE">
 <Val>3</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-unixThread"
 desc="Unix Threads"
 type="number"
 idx="X-Unix-x4"
 userConfigurable="FALSE">
 <Val>5</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-radiusConfigPort"
 desc="RADIUS Configuration Port"
 type="number"
 idx="X-Radius-x1"
 userConfigurable="FALSE">
 <Val>8944</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-radiusHelperPort"
 desc="RADIUS Helper's Port"
 type="number"
 idx="X-Radius-x2"
 userConfigurable="FALSE">
 <Val>7944</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-radiusTimeout"
 desc="RADIUS Timeout"
 type="number"
 idx="X-Radius-x3"
 userConfigurable="FALSE">
 <Val>3</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-radiusThread"
 desc="RADIUS Threads"
 type="number"
 idx="X-Radius-x4"
 userConfigurable="FALSE">
 <Val>5</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-skeyMaxLimit"
 desc="S/Key Maximum Passphrases Allowed"
 type="number"
 idx="X-Skey-x1"
 userConfigurable="FALSE">
 <Val>400</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm></Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-skeyConfigPort"
 desc="S/Key Configuration Port"
 type="number"
 idx="X-Skey-x2"
 userConfigurable="FALSE">
 <Val>8947</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-skeyHelperPort"
 desc="S/Key Helper's Port"
 type="number"
 idx="X-Skey-x3"
 userConfigurable="FALSE">
 <Val>7947</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-skeyTimeout"
 desc="S/Key Timeout"
 type="number"
 idx="X-Skey-x4"
 userConfigurable="FALSE">
 <Val>3</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-skeyThread"
 desc="S/Key Threads"
 type="number"
 idx="X-Skey-x5"
 userConfigurable="FALSE">
 <Val>5</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-securidConfigPort"
 desc="SecurID Configuration Port"
 type="number"
 idx="X-Securid-x1"
 userConfigurable="FALSE">
 <Val>8943</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-securidHelperPort"
 desc="SecurID Helper's Port"
 type="number"
 idx="X-Securid-x2"
 userConfigurable="FALSE">
 <Val>7943</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-securidTimeout"
 desc="SecurID Timeout"
 type="number"
 idx="X-Securid-x3"
 userConfigurable="FALSE">
 <Val>3</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-securidThread"
 desc="SecurID Threads"
 type="number"
 idx="X-Securid-x4"
 userConfigurable="FALSE">
 <Val>5</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-safewordConfigPort"
 desc="SafeWord Configuration Port"
 type="number"
 idx="X-Safeword-x1"
 userConfigurable="FALSE">
 <Val>8945</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-safewordHelperPort"
 desc="SafeWord Helper's Port"
 type="number"
 idx="X-Safeword-x2"
 userConfigurable="FALSE">
 <Val>7945</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-safewordTimeout"
 desc="SafeWord Timeout"
 type="number"
 idx="X-Safeword-x3"
 userConfigurable="FALSE">
 <Val>3</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-safewordThread"
 desc="SafeWord Threads"
 type="number"
 idx="X-Safeword-x4"
 userConfigurable="FALSE">
 <Val>5</Val>
 <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
 <Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-debug"
 desc="Auth debugging options"
 type="singlechoice"
 idx=""
 userConfigurable="FALSE">
 <Val>off</Val>
<CVal>log</CVal>
<CVal>off</CVal>
<CVal>on</CVal>
<Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-loginWorkerClass"
desc="Pluggable Auth page generator class"
type="string"
idx="X-x30"
userConfigurable="FALSE">
<Val>com.iplanet.portalserver.auth.server.HTMLLoginWorker</Val>
<Rperm>ADMIN</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-authenticators"
 desc="Authentication Modules"
 type="multichoice"
 idx="X-x24"
 userConfigurable="TRUE">
 <Val>com.iplanet.portalserver.auth.module.radius.Radius</Val>
<Val>com.iplanet.portalserver.auth.module.securid.SecurID</Val>
<Val>com.iplanet.portalserver.auth.module.safeword.SafeWord</Val>
<Val>com.iplanet.portalserver.auth.module.skey.SKey</Val>
<Val>com.iplanet.portalserver.auth.module.unix.Unix</Val>
<Val>com.iplanet.portalserver.auth.module.ldap.Ldap</Val>
<Val>com.iplanet.portalserver.auth.module.cert.Cert</Val>
<Val>com.iplanet.portalserver.auth.module.nt.NT</Val>
<Val>com.iplanet.portalserver.auth.module.application.Application</Val>
<Val>com.iplanet.portalserver.auth.module.membership.Membership</Val>
<Val>com.iplanet.portalserver.auth.module.customizeLogin.customizeLogin</Val>
<Val>com.iplanet.portalserver.auth.module.anonymous.Anonymous</Val>
<Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
<Wperm>ADMIN</Wperm>
<CVal>com.iplanet.portalserver.auth.module.radius.Radius</CVal>
<CVal>com.iplanet.portalserver.auth.module.securid.SecurID</CVal>
<CVal>com.iplanet.portalserver.auth.module.safeword.SafeWord</CVal>
<CVal>com.iplanet.portalserver.auth.module.skey.SKey</CVal>
<CVal>com.iplanet.portalserver.auth.module.unix.Unix</CVal>
<CVal>com.iplanet.portalserver.auth.module.ldap.Ldap</CVal>
<CVal>com.iplanet.portalserver.auth.module.cert.Cert</CVal>
<CVal>com.iplanet.portalserver.auth.module.nt.NT</CVal>
<CVal>com.iplanet.portalserver.auth.module.application.Application</CVal>
<CVal>com.iplanet.portalserver.auth.module.membership.Membership</CVal>
<CVal>com.iplanet.portalserver.auth.module.customizeLogin.customizeLogin</CVal>
<CVal>com.iplanet.portalserver.auth.module.anonymous.Anonymous</CVal>
</iwt:Att>
<iwt:Att name="iwtAuth-defaultAuthLevel"
desc="Default Authentication Level"
type="number"
idx="X-y1"
userConfigurable="TRUE">
<Val>0</Val>
<Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-persistentCookieMode"
desc="Enable Persistent Cookie Mode"
type="boolean"
idx="X-y2"
userConfigurable="TRUE">
<Val>false</Val>
<Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-persistentCookieTime"
desc="Persistent Cookie Max Age Value (in Seconds)"
type="number"
idx="X-y3"
userConfigurable="TRUE">
<Val>2147483</Val>
<Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-nonInteractiveModules"
desc="Non Interactive Modules"
type="stringlist"
idx="X-x25"
userConfigurable="TRUE">
<Val>Cert</Val>
<Rperm>ADMIN</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-clientDetectionEnabled"
desc="Client Detection Enabled"
type="boolean"
idx=""
userConfigurable="FALSE">
<Val>false</Val>
<Rperm>ADMIN</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-clientDetectionClass"
desc="Client Detector Class"
type="string"
idx=""
userConfigurable="FALSE">
<Rperm>ADMIN</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-supportedAuthModules"
desc="Supported Auth Modules for Clients"
type="stringlist"
idx=""
userConfigurable="FALSE">
<Rperm>ADMIN</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
<iwt:Att name="iwtAuth-loginWorkerClasses"
desc="Pluggable Auth page generator classes for clients"
type="stringlist"
idx=""
userConfigurable="FALSE">
<Rperm>ADMIN</Rperm>
<Wperm>ADMIN</Wperm>
</iwt:Att>
</iwt:Component>

Hi,
The usually procedure is to use ipsadmin change component iwtauth cust_auth.xml where cust_auth.xml has the attributes and values for the new module you have added. In your case you can try changing the client detection attribute alone using the ipsadmin command.
The first step is to modify the existing
 iwtAuth-clientDetectionEnabled 
attribute to have a new value and changeing again to have the right(correct) value.
Regards,
Raj_indts
Developer Technical Support
Sun Microsystems http://www.sun.com/developers/support

Retrieve NT Authentication details using java

Need to get the OS user name and password of the remote client machine from which accesses the server Application in my machine.
How to do this using java? Is there any java API to get this?
Also tried the NTLM code but its not working.
Any code will be appreciated.

Need to get the OS user name and password of the
remote client machine from which accesses the
server Application in my machine.
How to do this using java? Is there any java API to
get this?
Also tried the NTLM code but its not working.
Any code will be appreciated.Forget it. You can't get the password unless you ask the user for it.
Kaj

Fetching NT Authentication details using java

I am accesing a jsp page of tomcat server in my machine from a browser client in another machine.I have to fetch the OS User name with which the user logged in the client machine using java.I tried using request.getRemoteHost() but it returned null.
I tried using NTLM .This is the code which i used
<%@ page language="java" import="java.io.*,java.util.*,java.lang.* " %>
<%@ page import="org.castor.util.*"%>
<%
String auth = request.getHeader("Authorization");
if (auth == null)
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
response.flushBuffer();
return;
if (auth.startsWith("NTLM "))
byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
if (msg[8] == 1)
 byte z = 0;
 byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z, (byte)1, (byte)130, z, z,z, (byte)2, (byte)2, (byte)2, z, z, z, z, z, z, z, z, z, z, z, z};
 response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1));
 response.sendError(response.SC_UNAUTHORIZED);
 return;
else if (msg[8] == 3)
 off = 30;
 length = msg[off+17]*256 + msg[off+16];
 offset = msg[off+19]*256 + msg[off+18];
 String remoteHost = new String(msg, offset, length);
 length = msg[off+1]*256 + msg[off];
 offset = msg[off+3]*256 + msg[off+2];
 String domain = new String(msg, offset, length);
 length = msg[off+9]*256 + msg[off+8];
 offset = msg[off+11]*256 + msg[off+10];
 String username = new String(msg, offset, length);
 out.println("Username:"+username+" ");
 out.println("RemoteHost:"+remoteHost+" ");
 out.println("Domain:"+domain+" ");
%>But it didnt work.Should i configure my environment in any way for NTLM to work?
Is there anyother way to do this.Any code will be appreciated.
Thanks,
Vignesh

JSP's execute on the server and not on the client machine. So I'm not sure how you exect to get details from the client here. Not to mention that JSP you wrote is pretty nasty IMO.

Pluggable Authentication Modules

Does any one know how to present a list of options from within the PAM module? I developed a PAM module that presents a user with a list of options for logging on to the system. It works fine from telnet but when I use the GUI I am only able to display one option at a time when logging on. If I try to format the message buffer to separate the options using '\r\n', it displays garbage where the '\r\n' are and the message continues off the screen on a single line. A user would not be able to read the entire message. Does anyone have any suggestions how I can resolve this problem?

I found these but I havent testing them yet or looked at the source.
http://www.comsmiths.com.au/pam/v1.05/

Create a PAM module in java

I am wondering if it is possible to create a PAM module in java, as opposed to C/C++.
If yes, how would I get started?

java integrates already the PAM concept (which seems comes from sun laboratories and integrated firstly in solaris, i'm right?) in java through the JAAS api.
JAAS is already integrated in java since java 1.4.
so, the PAM concept (pluggable authenticable module) is mapped to the javax.security.auth.spi.LoginModule interface.
so, to add a PAM to your java application, you should provide a LoginModule implementation.
hope it helps,
Charles(jGuard team).

How to set proxy authentication using java properties at run time

Hi All,
How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
=> Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
import java.io.*;
import java.net.*;
public class DnldURLWithoutUsingProxy {
 public static void main (String[] args) {
 URL u;
 InputStream is = null;
 DataInputStream dis;
 String s;
 try {
 u = new URL("http://www.yahoo.com.au/index.html");
 is = u.openStream(); // throws an IOException
 dis = new DataInputStream(new BufferedInputStream(is));
 BufferedReader br = new BufferedReader(new InputStreamReader(dis));
 String strLine;
 //Read File Line By Line
 while ((strLine = br.readLine()) != null) {
 // Print the content on the console
 System.out.println (strLine);
 //Close the input stream
 dis.close();
 } catch (MalformedURLException mue) {
 System.out.println("Ouch - a MalformedURLException happened.");
 mue.printStackTrace();
 System.exit(1);
 } catch (IOException ioe) {
 System.out.println("Oops- an IOException happened.");
 ioe.printStackTrace();
 System.exit(1);
 } finally {
 try {
 is.close();
 } catch (IOException ioe) {
}However, it generated the following message when run behind the firewall:
cd C:\Documents and Settings\abc\DnldURL\build\classes
java -cp . DnldURLWithoutUsingProxy
Oops- an IOException happened.
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
at sun.net.www.http.HttpClient.New(HttpClient.java:339)
at sun.net.www.http.HttpClient.New(HttpClient.java:320)
at sun.net.www.http.HttpClient.New(HttpClient.java:315)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
I have also tried the command without much luck either:
java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
Oops- an IOException happened.
java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
There is no problem pinging www.yahoo.com from this system.
I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
Java Control Panel - Use browser settings without success.
Thanks,
George

Hi All,
How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
=> Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
import java.io.*;
import java.net.*;
public class DnldURLWithoutUsingProxy {
 public static void main (String[] args) {
 URL u;
 InputStream is = null;
 DataInputStream dis;
 String s;
 try {
 u = new URL("http://www.yahoo.com.au/index.html");
 is = u.openStream(); // throws an IOException
 dis = new DataInputStream(new BufferedInputStream(is));
 BufferedReader br = new BufferedReader(new InputStreamReader(dis));
 String strLine;
 //Read File Line By Line
 while ((strLine = br.readLine()) != null) {
 // Print the content on the console
 System.out.println (strLine);
 //Close the input stream
 dis.close();
 } catch (MalformedURLException mue) {
 System.out.println("Ouch - a MalformedURLException happened.");
 mue.printStackTrace();
 System.exit(1);
 } catch (IOException ioe) {
 System.out.println("Oops- an IOException happened.");
 ioe.printStackTrace();
 System.exit(1);
 } finally {
 try {
 is.close();
 } catch (IOException ioe) {
}However, it generated the following message when run behind the firewall:
cd C:\Documents and Settings\abc\DnldURL\build\classes
java -cp . DnldURLWithoutUsingProxy
Oops- an IOException happened.
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
at sun.net.www.http.HttpClient.New(HttpClient.java:339)
at sun.net.www.http.HttpClient.New(HttpClient.java:320)
at sun.net.www.http.HttpClient.New(HttpClient.java:315)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
I have also tried the command without much luck either:
java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
Oops- an IOException happened.
java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
There is no problem pinging www.yahoo.com from this system.
I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
Java Control Panel - Use browser settings without success.
Thanks,
George

How to make use of Windows authentication from my Java application

I have a Java application, Instead I design one more login page for my application, I want to make use of Windows Authentication.
How should I use that windows authentication in my java application
can any help me in suggesting a solution

How will they be able to access your application if they aren't users of the system?

Retrieve parameters from LDAP using authentication module

I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
If the forwarding is not possible what is the next best alternative ?

OpenSSO forum is quite silent so I'm back with you guys.
I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
My LDAP looks like this:
# testuser, pollo.fi
dn: cn=testuser,dc=pollo,dc=fi
cn: testuser
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Test
sn: User
ou: People
uid: testuser
mail: [email protected]
And my datastore configuration:
LDAP server->localhost:389
LDAP bind DN->cn=admin,dc=pollo,dc=fi
LDAP organization DN->dc=pollo,dc=fi
Attribute name mapping->empty
LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
LDAP3 Plugin search scope->scope_sub
LDAP Users Search Attribute->uid
LDAP Users Search Filter->(objectclass=inetorgperson)
LDAP User Object Class->organizationalPerson
LDAP User Attributes->uid, userpassword
Create User Attribute Mapping->empty
Attribute Name of User Status->inetuserstatus
User Status Active Value->Active
User Status Inactive Value->inactive
LDAP Groups Search Attribute->cn
LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
LDAP Groups container Naming Attribute->ou
LDAP Groups Container Value->groups
LDAP Groups Object Class->top
LDAP Groups Attributes->cn,description,dn,objectclass
Attribute Name for Group Membership->empty
Attribute Name of Unqiue Member->uniqueMember
Attribute Name of Group Member URL->memberUrl
LDAP People Container Naming Attribute->ou
LDAP People Container Value->people
LDAP Agents Search Attribute->uid
LDAP Agents Container Naming Attribute->ou
LDAP Agents Container Value->agents
LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
LDAP Agents Object Class->sunIdentityServerDevice,top
LDAP Agents Attributes->empty
Identity Types That Can Be Authenticated->Agent,User
Authentication Naming Attribute->uid
Persistent Search Base DN->dc=pollo,dc=fi
Persistent Search Filter->(objectclass=*)
Persistent Search Maximum Idle Time Before Restart->0
Should I enable some setting still to get the forwarding going on? Any ideas for debugging?

Has anyone every try using the iplanet portal server radius authentication module with cryptoCard?

We are using the easyRadius server from CryptoCARD. When we run the radius server in debug mode, it appears ips is sending multiple access-request message. Also, the server is coming back with a challenge which we are not expecting.

yes,
we did basic integration where the authentication will be done using siteminder. The trick is to protect the portal server web server and not the gateway. You also need to add a new authentication module for siteminder in the portal using ipsadmin. We are protecting the login html page only. We couldn't protect the desktop because it's built using servlets.

Any one used certificate authentication module?

Hi
Does any one used certificate authentication module successfully?
I am trying to do it but there are no resources available about how to configure and use it.
Indeed i want to use Certification authentication module from within a j2se application using AMSDK.
Thanks

OK, thanks to Peter Hanusiak, and Oracle Consulting consultant in Slovakia, I have resolved my issue and I'm hoping that the same solution may apply for you. See below for the instructions from Peter that helped me out. Note that since our applications are different, the specific libraries and locations that you need to confirm compatibility for may be different.
Hope this helps,
Dave
I had similar problem. And in my case it was caused by different ADF from JDev and SOA Suite and SOA order booking demo.
Because I can't test it now, I'll tell just what I remember.
In SOADEMO is somewhere folder SOADEMO-CLIENT\UserInterface\public_html\WEB-INF\lib
where you can find
adf-faces-impl.jar
jsf-impl.jar
Try to find exactly the same libs in Jdev and copy&paste from Jdev to SOADEMO folder. then find the libs in SOASuite, and copy&paste from Jdev to SOA Suite those libs. Restart SOA Suite. Deploy Soademo-Client. And hopefully it will work.

Windows Ad Authentication using java

Hi,
My Requirement: We are using Java, JSP, Struts in our application.
We have a user login jsp page. Whenever user try signing by using the logiin page we have to use Ad(Active Directory) userid and Ad password available from operating system.
Can any one please suggest me how I can achieve this?
Thanks in advance
Best Regards,
Satish

1. Given a user name password and perhaps other information find out via the windows API how to 'log in'. This has nothing to do with java.
2. Write some C/C++ code that uses 1 to wrap that functionality in such a way that it describes what you want to do in your application. This has nothing to do with java.
3. Write a jni java class and C JNI code to wrap 2. This has something to do with java.

Pam.conf does not use ldap for password length check when changing passwd

I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
I have dsee 6.0 installed on a solaris 10 server (client).
I have a solaris 9 server (server) set up to use ldap authentication.
bash-2.05# cat /var/ldap/ldap_client_file
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= X, Y
NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= tls_profile
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
NS_LDAP_BIND_TIME= 10
bash-2.05# cat /var/ldap/ldap_client_cred
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
bash-2.05# cat /etc/nsswitch.conf
# /etc/nsswitch.ldap:
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
# consult /etc "files" only if ldap is down.
hosts: files dns
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: ldap [NOTFOUND=return] files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: ldap
automount: files ldap
aliases: files ldap
# for efficient getservbyname() avoid ldap
services: files ldap
sendmailvars: files
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
bash-2.05# cat /etc/pam.conf
#ident "@(#)pam.conf 1.20 02/01/23 SMI"
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# PAM configuration
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
# Authentication management
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1 debug
login auth required pam_dhkeys.so.1 debug
login auth required pam_dial_auth.so.1 debug
login auth binding pam_unix_auth.so.1 server_policy debug
login auth required pam_ldap.so.1 use_first_pass debug
# rlogin service (explicit because of pam_rhost_auth)
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1 use_first_pass
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
# PPP service (explicit because of pam_dial_auth)
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1 use_first_pass
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
other auth requisite pam_authtok_get.so.1 debug
other auth required pam_dhkeys.so.1 debug
other auth binding pam_unix_auth.so.1 server_policy debug
other auth required pam_ldap.so.1 use_first_pass debug
# passwd command (explicit because of a different authentication module)
passwd auth binding pam_passwd_auth.so.1 server_policy debug
passwd auth required pam_ldap.so.1 use_first_pass debug
# cron service (explicit because of non-usage of pam_roles.so.1)
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
other account requisite pam_roles.so.1 debug
other account required pam_projects.so.1 debug
other account binding pam_unix_account.so.1 server_policy debug
other account required pam_ldap.so.1 no_pass debug
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
other session required pam_unix_session.so.1
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
other password required pam_dhkeys.so.1 debug
other password requisite pam_authtok_get.so.1 debug
other password requisite pam_authtok_check.so.1 debug
other password required pam_authtok_store.so.1 server_policy debug
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
bash-2.05$ passwd
passwd: Changing password for VV
Enter existing login password:
New Password:
passwd: Password too short - must be at least 8 characters.
Please try again
May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
I am using the default policy on the directory server which states a minimum password length of 6 characters.
server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
pwd-accept-hashed-pwd-enabled : N/A
pwd-check-enabled : off
pwd-compat-mode : DS6-mode
pwd-expire-no-warning-enabled : on
pwd-expire-warning-delay : 1d
pwd-failure-count-interval : 10m
pwd-grace-login-limit : disabled
pwd-keep-last-auth-time-enabled : off
pwd-lockout-duration : disabled
pwd-lockout-enabled : off
pwd-lockout-repl-priority-enabled : on
pwd-max-age : disabled
pwd-max-failure-count : 3
pwd-max-history-count : disabled
pwd-min-age : disabled
pwd-min-length : 6
pwd-mod-gen-length : 6
pwd-must-change-enabled : off
pwd-root-dn-bypass-enabled : off
pwd-safe-modify-enabled : off
pwd-storage-scheme : CRYPT
pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
pwd-strong-check-enabled : off
pwd-strong-check-require-charset : lower
pwd-strong-check-require-charset : upper
pwd-strong-check-require-charset : digit
pwd-strong-check-require-charset : special
pwd-supported-storage-scheme : CRYPT
pwd-supported-storage-scheme : SHA
pwd-supported-storage-scheme : SSHA
pwd-supported-storage-scheme : NS-MTA-MD5
pwd-supported-storage-scheme : CLEAR
pwd-user-change-enabled : off
Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
. It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
Edited by: ericduggan on Sep 8, 2008 5:30 AM

you can try passwd -r ldap for changing the ldap passwds...

Problem calling two perl modules from java in seperate threads(JVM CRASHES)

Dear Friends,
I have one severe problem regarding calling perl modules from java
I had to call two perl modules simultaneously (i.e.) from two threads,,, but jvm crashes when one of the perl calls is exiting earlier
I am unable to spot out why ....
For calling perl from java ...., We are first calling C code from java using JNI and then Perl code from C
All works fine if we call only one perl call at a time.... If we call them in a synchronized manner the JVM is not crashing .... But we don't want blocking..
The following is the code snippet
<JAVA FILE>
class Sample
 static {
 System.loadLibrary("xyz"); // Here xyz is the library file generated by compiling c code
 public native void call_PrintList();
 public native void call_PrintListNew();
 Sample()
 new Thread1(this).start();
 public static void main(String args[])
 System.out.println("In the main Method");
 new Sample().call_PrintList();
 class Thread1 extends Thread
 Sample sample;
 Thread1(Sample sam)
 sample=sam;
 public void run()
 sample.call_PrintListNew();
}<C FILE>
#include <EXTERN.h>
#include <perl.h>
static PerlInterpreter *my_perl;
static char * words[] = {"alpha", "beta", "gamma", "delta", NULL } ;
static void
call_PrintList(){
 printf("\nIn the Call method of string.c\n");
 char *wor[] = {"hello", "sudha", NULL } ;
 char *my_argv[] = { "", "string.pl" };
 PERL_SYS_INIT3(&argc,&argv,&env);
 my_perl = perl_alloc();
 PL_perl_destruct_level = 1; //// We have mentioned this also and tried removing destruct call
 perl_construct( my_perl );
 perl_parse(my_perl, NULL, 2, my_argv, (char**)NULL);
 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
 perl_run(my_perl);
 dSP ;
 perl_call_argv("PrintList", G_DISCARD, wor) ;
PL_perl_destruct_level = 1;
// perl_destruct(my_perl);
// perl_free(my_perl);
// PERL_SYS_TERM();
static void
call_PrintListNew(){
printf("In the new call method\n");
char *wor[] = {"Hiiiiiiiiiiiiiii", "Satyam123333", NULL } ;
 char *my_argv[] = { "", "string.pl" };
 PERL_SYS_INIT3(&argc,&argv,&env);
 my_perl = perl_alloc();
PL_perl_destruct_level = 1;
 perl_construct( my_perl );
 perl_parse(my_perl, NULL, 2, my_argv, (char**)NULL);
 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
 perl_run(my_perl);
 dSP ;
 perl_call_argv("PrintListNew", G_DISCARD, wor) ;
PL_perl_destruct_level = 1;
// perl_destruct(my_perl);
// perl_free(my_perl);
 // PERL_SYS_TERM();
void callNew()
call_PrintListNew();
void call ( )
call_PrintList();
//char *wor[] = {"hello","sudha",NULL};
/* char *my_argv[] = { "", "string.pl" };
 PERL_SYS_INIT3(&argc,&argv,&env);
 my_perl = perl_alloc();
 perl_construct( my_perl );
 perl_parse(my_perl, NULL, 2, my_argv, (char**)NULL);
 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
 perl_run(my_perl);*/
 // call_PrintList(); /*** Compute 3 ** 4 ***/
/* perl_destruct(my_perl);
 perl_free(my_perl);
 PERL_SYS_TERM();*/
 }And Finally the perl code
sub PrintList
 my(@list) = @_ ;
 foreach (@list) { print "$_\n" }
sub PrintListNew
 my(@list) = @_ ;
 foreach (@list) { print "$_\n" }
 }Please help me in this regard

Dear Friends,
I have one severe problem regarding calling perl modules from java
I had to call two perl modules simultaneously (i.e.) from two threads,,, but jvm crashes when one of the perl calls is exiting earlier
I am unable to spot out why ....
For calling perl from java ...., We are first calling C code from java using JNI and then Perl code from C
All works fine if we call only one perl call at a time.... If we call them in a synchronized manner the JVM is not crashing .... But we don't want blocking..
The following is the code snippet
<JAVA FILE>
class Sample
 static {
 System.loadLibrary("xyz"); // Here xyz is the library file generated by compiling c code
 public native void call_PrintList();
 public native void call_PrintListNew();
 Sample()
 new Thread1(this).start();
 public static void main(String args[])
 System.out.println("In the main Method");
 new Sample().call_PrintList();
 class Thread1 extends Thread
 Sample sample;
 Thread1(Sample sam)
 sample=sam;
 public void run()
 sample.call_PrintListNew();
}<C FILE>
#include <EXTERN.h>
#include <perl.h>
static PerlInterpreter *my_perl;
static char * words[] = {"alpha", "beta", "gamma", "delta", NULL } ;
static void
call_PrintList(){
 printf("\nIn the Call method of string.c\n");
 char *wor[] = {"hello", "sudha", NULL } ;
 char *my_argv[] = { "", "string.pl" };
 PERL_SYS_INIT3(&argc,&argv,&env);
 my_perl = perl_alloc();
 PL_perl_destruct_level = 1; //// We have mentioned this also and tried removing destruct call
 perl_construct( my_perl );
 perl_parse(my_perl, NULL, 2, my_argv, (char**)NULL);
 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
 perl_run(my_perl);
 dSP ;
 perl_call_argv("PrintList", G_DISCARD, wor) ;
PL_perl_destruct_level = 1;
// perl_destruct(my_perl);
// perl_free(my_perl);
// PERL_SYS_TERM();
static void
call_PrintListNew(){
printf("In the new call method\n");
char *wor[] = {"Hiiiiiiiiiiiiiii", "Satyam123333", NULL } ;
 char *my_argv[] = { "", "string.pl" };
 PERL_SYS_INIT3(&argc,&argv,&env);
 my_perl = perl_alloc();
PL_perl_destruct_level = 1;
 perl_construct( my_perl );
 perl_parse(my_perl, NULL, 2, my_argv, (char**)NULL);
 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
 perl_run(my_perl);
 dSP ;
 perl_call_argv("PrintListNew", G_DISCARD, wor) ;
PL_perl_destruct_level = 1;
// perl_destruct(my_perl);
// perl_free(my_perl);
 // PERL_SYS_TERM();
void callNew()
call_PrintListNew();
void call ( )
call_PrintList();
//char *wor[] = {"hello","sudha",NULL};
/* char *my_argv[] = { "", "string.pl" };
 PERL_SYS_INIT3(&argc,&argv,&env);
 my_perl = perl_alloc();
 perl_construct( my_perl );
 perl_parse(my_perl, NULL, 2, my_argv, (char**)NULL);
 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
 perl_run(my_perl);*/
 // call_PrintList(); /*** Compute 3 ** 4 ***/
/* perl_destruct(my_perl);
 perl_free(my_perl);
 PERL_SYS_TERM();*/
 }And Finally the perl code
sub PrintList
 my(@list) = @_ ;
 foreach (@list) { print "$_\n" }
sub PrintListNew
 my(@list) = @_ ;
 foreach (@list) { print "$_\n" }
 }Please help me in this regard

Custom Authentication Module on Identity Server

Hi,
I have a custom authentication module which I am trying to access through the policy agent.
I have set the following property in AMAgent.properties file
com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
My login module code is something like this:
package com.iplanet.am.samples.authentication.providers;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import java.rmi.RemoteException;
import java.io.FileInputStream;
import java.util.Properties;
public class LoginModule1 extends AMLoginModule
private String userName;
private String userTokenId;
private HashMap usersMap;
private java.security.Principal userPrincipal = null;
public LoginModule1() throws LoginException
public void init(Subject subject, Map sharedState, Map options)
          System.out.println("LoginModule1 initialization");
          usersMap = new HashMap();
          ResourceBundle bundle = ResourceBundle.getBundle("users");
          Enumeration users = bundle.getKeys();
          while (users.hasMoreElements())
               String user = (String)users.nextElement();
               String password = bundle.getString(user.trim());
               usersMap.put(user, password);
public int process(Callback[] callbacks, int state) throws AuthLoginException
          int currentState = state;
          if (currentState == 1)
               userName = ((NameCallback) callbacks[0]).getName().trim();
               char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
               String passwdString = new String (passwd);
               if (userName.equals(""))
                    throw new AuthLoginException("names must not be empty");
               if (userName.equals("testuser") && passwdString.equals("testuser"))
                    userTokenId = userName;
                    return -1;
               if (usersMap.containsKey(userName))
                    if (usersMap.get(userName).equals(new String(passwd)))
                         userTokenId = userName;
                         return -1;
               return 0;
     public java.security.Principal getPrincipal()
          if (userPrincipal != null)
               return userPrincipal;
          else
          if (userTokenId != null)
               userPrincipal = new SamplePrincipal("testuser");
               return userPrincipal;
          else
               return null;
So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
Thanks
Srinivas

Does the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.

Connectiing to PAMS - Pluggable Authentication Module using JAVA

Similar Messages

Maybe you are looking for