Custom ACL protecting jsp
Hi all,
I am attempting to create a custom ACL mechanism that incorporates a custom realm
to protect servlet resource. I would like it to work in the same manner as the WLPropertyRealm.
ie weblogic.allow.execute.weblogic.servlet.TestServlet=<groupname>.
From the docs it seems that a custom ACL must be defined as per the example of the
FrobImpl RMI object. However i can't see how this can be extended to protect a servlet
without programatically reading the group permission from a separate configuration
file.
Can the WLPropertyRealm syntax be reused in my custom acl?
any ideas.
-lucio
Thanks for the hint. Actually the problem was with JSP code and not folder structure.
I found and resolved the problem.
So the folder structure I explained above in my first post is now working perfectly.
Both of the following two import directives worked:
<%@ page import="bpm.*" %> OR <%@ page import="bpm.MyClass" %>
Duke is coming to both of you who gave time to my problem.
Now one problem is solved, I am facing another, please help again.
Now I want to convert, as learning practice, my custom class into a single jar file and use it instead of class files.
I did the following:
1. Removed the 'package bpm;' from MyClass.java.
2. Obtained myjar.jar from MyClass.class.
3. Deleted MyClass.class from bpm folder.
4. Placed myjar.jar in myapp/WEB-INF/lib
5. Removed the import directive <%@ page import="bpm.*" %> f rom myjsp.jsp
Now the JSP complains that 'cannot recognize class MyClass.'
This is my first time attempting to use jar files with JSP.
Please teach how this should be done.
Thanks.
Similar Messages
-
I'm trying to set up an ACL on a JSP page for the default WebLogic realm
using a very simple example.
I added the following lines to weblogic.properties file
to specify an ACL on a particular JSP page.
# ACL for JSP pages
weblogic.allow.execute.weblogic.servlet./dummy.jsp=testuser
However, when 'dummy.jsp' is accessed for the very first time
since WebLogic server is brought up,
the server just displays the page without any security check.
'dummy.jsp' displays the current user which is retrieved by
'Security.getCurrentUser()' method and I could find out the user is 'guest'
when the server bypasses the security check.
But it works just fine from the next time, that is, it does security check
properly afterwards so that only user 'testuser' can view the JSP page.
In other words, this problem occurrs only once while the server is running.
The very first time the JSP page is accessed.
I've also tried with servlets and EJBs, which didn't get me this problem.
Actually I tested this using RDBMSRealm in the first place,
but I went through the same problem.
That's why I'm testing it with WLPropertyRealm now to simplify the test
case.
However I got stuck with the same problem again.
Is this a WebLogic bug or am I missing something?
Could anyone please help me out with this?
Thanks in advance...
Best regards,
SangSorry, I forgot to specify my testing environment.
WL5.1 with SP6.
JDK1.3
running on WinNT 4.0 with SP5
Sang Y. Sung <[email protected]> wrote in message
news:3a0f51c4$[email protected]..
I'm trying to set up an ACL on a JSP page for the default WebLogic realm
using a very simple example.
I added the following lines to weblogic.properties file
to specify an ACL on a particular JSP page.
# ACL for JSP pages
weblogic.allow.execute.weblogic.servlet./dummy.jsp=testuser
However, when 'dummy.jsp' is accessed for the very first time
since WebLogic server is brought up,
the server just displays the page without any security check.
'dummy.jsp' displays the current user which is retrieved by
'Security.getCurrentUser()' method and I could find out the user is'guest'
when the server bypasses the security check.
But it works just fine from the next time, that is, it does security check
properly afterwards so that only user 'testuser' can view the JSP page.
In other words, this problem occurrs only once while the server isrunning.
The very first time the JSP page is accessed.
I've also tried with servlets and EJBs, which didn't get me this problem.
Actually I tested this using RDBMSRealm in the first place,
but I went through the same problem.
That's why I'm testing it with WLPropertyRealm now to simplify the test
case.
However I got stuck with the same problem again.
Is this a WebLogic bug or am I missing something?
Could anyone please help me out with this?
Thanks in advance...
Best regards,
Sang -
sir
plz tell me how to use custom tag in jsp.plz describe it.
i will be thankful to uDo you want to use taglibs or develop custom tags? Either way take a look at these:
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/JSPTags.html
http://www.stardeveloper.com/articles/display.html?article=2001081301&page=1
http://www.onjava.com/pub/a/onjava/2000/12/15/jsp_custom_tags.html
http://jakarta.apache.org/taglibs/tutorial.html
http://www.ibm.com/developerworks/edu/j-dw-java-custom-i.html
http://www.herongyang.com/jsp/tag.html -
Hi,
we are trying to set define ACL for weblogic security for JSP
and could't manage to do it. In the online documentation there
are examples for servlets but not for html or jsp files.
How have to be defined the ACLs for jsp and html files ?
Thanks in advance.
GRIDSYSTEMS Bartolome Real Planells
See http://www.weblogic.com/docs51/admindocs/properties.html#urlacl for
details on setting ACLs on URLs...
Bartolome Real Planells wrote:
> Hi,
>
> we are trying to set define ACL for weblogic security for JSP
> and could't manage to do it. In the online documentation there
> are examples for servlets but not for html or jsp files.
>
> How have to be defined the ACLs for jsp and html files ?
>
> Thanks in advance.
>
> -------------------------------------------------------------------
> GRIDSYSTEMS Bartolome Real Planells
-
Where can find JHeadstart customizing using Struts & JSP
We can found the Tutorial-Customizing JHeadstart Applications , using MVC-Framework and UIX,
but where we can find the tutorial-Customizing on Struts & JSP solution ?Dear Steven:
As you mentioned in early:
we will make a new version of this tutorial available through the supplement option which will then contains the same customizations as the MVC-UIX one.Whether this new version of Sruts-JSP tutorial is released now ? and whether have any supplement option for Jhs10g have been released ?
thanks a lot ! -
I would like to create a custom ACL that will provide additional permissions to grant/revoke on ACLs.
For example, I would like to add a permission PROCESS that would allow users to trigger a particular process using that document. Obviously I would need to check that ACL in code before allowing the operation, but I would like to use a unfied security policy in the app.
As far as I can figure out, I would need to create a custom version of ACCESSCONTROLLIST, but I cannot figure out how to add additional permissions. Any ideas? Thanks.i don't know if this still applies, but it should.
check this archived thread:
http://discussions.apple.com/thread.jspa?messageID=1535247 -
I have a JSP within an application that I want the user to enter the weblogic system username/password before display (this page allows for application configuration for the system admin). I want to setup an ACL on this JSP, please offer help (I'm new to ACL).
thanks
Kiet Nguyen <[email protected]> wrote in message news:<[email protected]>...
> ...I want the user to enter the weblogic system username/password
> I want to setup an ACL on this JSP, please offer help (I'm new to ACL).
Hi Kiet,
I think this may help:-
http://edocs.bea.com/wls/docs60/adminguide/config_web_app.html#configure-security
Cheers
Ricky Yin
Consultant
http://www.soft-trek.com.au
-
How can I protect a JSP application published on server client?
How can I be sure that the client(supose he can and want to understand my JSP code),
does not try to sell the app again?
Thank you.You can't.
Anyone who can read the files on the server could copy them to some other medium and sell them.
It's the same as with any other software, there's a measure of trust needed between supplier and customer.
You could use some form of hardware dependent key that is referenced from each bean or servlet you use and causes it to fail if invalid, but that would not protect your JSPs which are after all plain text files and can be easily edited (that's the big plus of JSP after all).
If your relationship with your customers is so poor that you can't trust them with source code (which is what JSPs are effectively) you may be better off changing your business model to either get other customers or get your customers to pay you not just for the software but also for hosting it. -
WLS 6.0 - ACL & protecting servlet
Hi!
I'm using WLS 6.0 and w2k. I am running the RDBMSrealm with the exampleServer
and trying to protect a servlet. (exampleWebApp/HelloWorldServlet) No matter what
I write in the ACL, anybody can still access the servlet.
Does anybody out there know how to protect a servlet using ACL...? I have tried
to follow the "docs" with no luck.
Thank you in advance,
RolleThe problem is the "guest" servlet/jsp should have permission to execute
"system" EJBs.
But it is not allowed now in 5.1 sp9 and 6 sp2. But it is allowed in 5.1 sp6-8.
mj
ramesh wrote:
hi Minjiang,
Check the output of your your AdminRealm servlet :
http://Localhost:7001/AdminRealm
It clearly shows who has permissions to do what on what .....
Hope it helps.
Ramesh
"minjiang" <[email protected]> wrote in message
news:[email protected]..
weblogic.allow.execute.weblogic.servlet=everyone
weblogic.allow.execute.weblogic.servlet.*.jsp=everyone,guest
If you chance these two lines, you can see the difference.
Any my problem is not i cannot protect my serlvet, but my servlet openingto
everyone, and the servlet itself cannot access my EJBs, which are underanother
ACL. This only occurs ont WLS 5.1 sp9.
mj
Joachim Hering wrote:
Hi!
I have stumbled across the exact same problem trying to protect
a JSP with ACLs. It seems, that the documentation - although
generally quite good - lacks a bit of information here.
Any help would be greatly appreciated,
Joachim.
"Roland Egedi" <[email protected]> wrote:
Hi!
I'm using WLS 6.0 and w2k. I am running the RDBMSrealm with the
exampleServer
and trying to protect a servlet. (exampleWebApp/HelloWorldServlet) No
matter what
I write in the ACL, anybody can still access the servlet.
Does anybody out there know how to protect a servlet using ACL...? I
have tried
to follow the "docs" with no luck.
Thank you in advance,
Rolle -
Accessing custom classes from JSP
Hi Guys,
I am having some problems accessing my custom classes from my JSP.
1) I've created a very simple class, SimpleCountingBean that just has accessors for an int. The class is in the package "SimpleCountingBean". I compiled this class locally on my laptop and uploaded the *.class file to my ISP.
2) I've checked my classpath and yes, the file "SimpleCountingBean/SimpleCountingBean.class" is located off of one of the directories listed in the classpath.
3) When I attempt to use this class in my JSP, via the following import statement:
import "SimpleCountingBean.*"
I get the following compile error
java.lang.NoClassDefFoundError: SimpleCountingBean/SimpleCountingBean
I'm pretty sure that my classpath is properly setup because when I purposely garble the import statement, I get the "package not found" compile error.
Do I need to upload some other files in addition to the class file? Any suggestions would of course be appreciated.
Sonny.Trying to get some clearer view.. so don't mind..
So you uploaded all your .jsp files into your account which is:
home/sonny
and it compiles and work. But custom classes doesn't seems to be working, where did you place your classes?
From my knowledge of tomcat, classes are normally placed in, in this case:
home/sonny/web-inf/classes
Maybe it differs from windows enviroment to *nix enviroment.. well, I'm just saying out so if its not the case.. don't mind me. -
Urgent-how to access custom tag from jsp tag
I have a problem accessing a custom tag from a jsp expression.
Details: I have a custom tag that returns a string variable. I need to access that variable from jsp expression <%%>.
Can any body help me?Tags don't "return" values as in the normal sense.
They can only support TEI (Tag Extra Information) that just stuffs a declared variable into the page's state.
For example, if the tag class had a public method called getValue(), you could do the following:
<xmp:mytag id="foo"/>
<%
out.println("value is " + foo.getValue());
%> -
How to use ApplicationModule custom methods in JSP?
I have an ApplicationModule for which I have defined several custom methods (in the ApplicationModuleImpl class). I wish to invoke these methods from a JSP. I'm having trouble getting a scriptable reference to the application module object in the JSP. I can get data from the view objects using the jbo:xxx data tags, but I can't get any sort of reference to the application module object that would allow me to invoke the methods. I have tried editing the application module to expose the methods as client methods, but still can't get a reference to them.
My main questions:
1. Is there a way to invoke the custom methods somewhere between the jbo:ApplicationModule tag and the jbo:ReleasePageResources tag?
2. Is there a way to declare and use the application module without using the jbo:ApplicationModule tag? Would I ever benefit from doing this?Alan, here's how to call a custom method String getSomeInfo() that I've created on my application module, MyModule in this example. Also, in this example the id parameter in the ApplicationModule tag is "am" (<jbo:ApplicationModule id="am"...):
First, edit your application module. In the app module editor, go to the Client Methods tab and move getSomeInfo into the selected list.
Next, edit your JSP to call your custom method.
<% MyModule myAm = (MyModule)am.useApplicationModule(); String someInfo = myAm.getSomeInfo(); %>
You also have to add the correct import statements to the page tag in your JSP:
<%@ page contentType="text/html;charset=windows-1252" import="oracle.jbo.*, MyModule.common.*"%>
Hope this helps
Blaise -
Custom loading image JSP dynpage
Hello,
Wa have created a jsp dynpage, and want to show a custom loading image. I other applications (appintegrator) we have succesfully changed the loading image by exporting the theme that we are currently using, change the loading_ani.gif image and re-importing the theme. This change has no effect on the loading image of the JSP dynpage, it is still the one supplied by SAP. I checked the url of this image and got the following https://host:port/htmlb/mimes/common/loading/loading_ani.gif, so I tried changing the loeding image that is stored in the htmlb par file, but there was no visible result when loading the application, or when loding the direct url of this image. Can anyone tell me where I can change the loading image of the JSP dynpages?
Kind Regards
Timon Van SoomJuhi Bhatnagar
Greetings!!!
May i know , what is the procedure need to be followed to replace the default Loading ICON with our custom image.
2. Does our custome image should be a image file (like jpg, png) or its like a command
Kindly share the procedure for this...
Appreciate your response in advance'
Thanks -
Where to set the classpath for custom classes in jsp
Hi,
we have created our custom classes in and ported in contentDB and that classes are internally using some jar files. Previously we have set the classpath of all the jar files provided in CDB devkit in the orion-web.xml but if are opening the explorer.jsp or any other jspx of contentDB we are getting the classcastexception and page is not opening.
Is there any problem in setting the classpath. Please if any one knows abt this, reply as soon as possible.
thanks,
swapna soni.I think it is Oracle 10g Release 2... since when I click the top OAS link in the Enterprise Manager Console, it took me to 'Enterprise Manager 10g Grid Control Release 2' this page.
And...10g Application Server Control Release 10.1.2.0.1, I think 2.0.1 means Release 2.
Thanks and let me know if you need something else. -
Passing params to custom tag from jsp
Hi all, I have a problem passing params back to my custom tag. The tag handler has a "getPageNumber()" method which returns a value. Initially the value is set and if a link is clicked it passes that param to the tag handler. I am trying to get this value from the tag handler to update the value on the link parameter.
Something like this:
// processed tag
<a href="mypage.jsp?page=1">Next page</a>
// clicking "Next Page"
<a href="mypage.jsp?page=2">Next page</a>
// jsp
<taglib:tag param="<%=getPageNumber()%>" />
// in tag lib
private pagenumber=1;
pagenumber++;
getPageNumber(){
return pagenumber;
setPageNumber(int pagenumber){
this.pagenumber=pagenumber
}I'm not sure if this is the best way to do this or if what I am trying to do is even possible.
Any advice would be greatly appreciated.
Thanks :)Hi all, I have a problem passing params back to my custom tag. The tag handler has a "getPageNumber()" method which returns a value. Initially the value is set and if a link is clicked it passes that param to the tag handler. I am trying to get this value from the tag handler to update the value on the link parameter.
Something like this:
// processed tag
<a href="mypage.jsp?page=1">Next page</a>
// clicking "Next Page"
<a href="mypage.jsp?page=2">Next page</a>
// jsp
<taglib:tag param="<%=getPageNumber()%>" />
// in tag lib
private pagenumber=1;
pagenumber++;
getPageNumber(){
return pagenumber;
setPageNumber(int pagenumber){
this.pagenumber=pagenumber
}I'm not sure if this is the best way to do this or if what I am trying to do is even possible.
Any advice would be greatly appreciated.
Thanks :)
Maybe you are looking for
-
My ipod is disabled and says connect to itunes but when i do it says unlock the with the password
my ipod says ipod is disabled connect to itunes but when I connect it to itunes it says unlock ipod with password but I cant do that
-
Hello all, I am currently working on a form that has a fixed layout, meaning everything is placed in a Positioned subform. I have to do this because at the bottom of the page there is a table that lists approvers of the form. The aprovers need to pro
-
Copy credit memo refenced to invoice one time
Hi gurus, When i create credit memo with reference to an Invoice, the system allows create several credit memos referenced to 1 invoice. Requirement: We need the system allows the creation only for one time (the first time). Thanks
-
When I insert my images into the webpage template and they turn soft, even when they were very sharp to begin with. This also happens in Pages. Has anyone experienced this? And does anyone know how to prevent this from happening? When I set up a phot
-
OS X Yosemite - Ilustrator and Photoshop problems.
I have a MacBook Pro, just over a year old. Updated to OS X Yosemite last week. Since updating Illustrator and Photoshop run much slower. Fonts don't show up in Illustrator, photoshop cursor flickers whenever I try do anything like there isn't enough