Custom Functuion Module

Similar Messages

• Custom Authentication Module on Identity Server

  Hi,
  I have a custom authentication module which I am trying to access through the policy agent.
  I have set the following property in AMAgent.properties file
  com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
  My login module code is something like this:
  package com.iplanet.am.samples.authentication.providers;
  import java.util.*;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.login.LoginException;
  import com.sun.identity.authentication.spi.AMLoginModule;
  import com.sun.identity.authentication.spi.AuthLoginException;
  import java.rmi.RemoteException;
  import java.io.FileInputStream;
  import java.util.Properties;
  public class LoginModule1 extends AMLoginModule
  private String userName;
  private String userTokenId;
  private HashMap usersMap;
  private java.security.Principal userPrincipal = null;
  public LoginModule1() throws LoginException
  public void init(Subject subject, Map sharedState, Map options)
            System.out.println("LoginModule1 initialization");
            usersMap = new HashMap();
            ResourceBundle bundle = ResourceBundle.getBundle("users");
            Enumeration users = bundle.getKeys();
            while (users.hasMoreElements())
                 String user = (String)users.nextElement();
                 String password = bundle.getString(user.trim());
                 usersMap.put(user, password);
  public int process(Callback[] callbacks, int state) throws AuthLoginException
            int currentState = state;
            if (currentState == 1)
                 userName = ((NameCallback) callbacks[0]).getName().trim();
                 char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
                 String passwdString = new String (passwd);
                 if (userName.equals(""))
                      throw new AuthLoginException("names must not be empty");
                 if (userName.equals("testuser") && passwdString.equals("testuser"))
                      userTokenId = userName;
                      return -1;
                 if (usersMap.containsKey(userName))
                      if (usersMap.get(userName).equals(new String(passwd)))
                           userTokenId = userName;
                           return -1;
                 return 0;
       public java.security.Principal getPrincipal()
            if (userPrincipal != null)
                 return userPrincipal;
            else
            if (userTokenId != null)
                 userPrincipal = new SamplePrincipal("testuser");
                 return userPrincipal;
            else
                 return null;
  So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
  2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
  2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
  The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
  Thanks
  Srinivas

  Does the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
  I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
  I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
  so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.

• SAP PI crashes because of Custom Adapter module

  Hi,
  We are facing a strange problem. We have deployed a custom adapter module developed in java which accesses a Hardware Security Module(HSM) and uses the keys in HSM to digitally sign our data. Now, when I use particular methods in this code and deploy it on PI server, the server crashes while testing this out. As soon as I run the channel having this adapter module, PI server becomes unavailable. It restarts on its own after a few minutes.
  One of the reasons I identified to be causing this issue is the signing mechanism used in code. When I used a mechanism that was not supported or not correct, it crashed the server. If i corrected it, it worked fine. I found no other thing in my code causing this behaviour apart from this mechanism. But I am still not able to understand how a single method in a code can cause the whole server to crash. Has anybody here faced such a problem? Any pointers would be appreciated.
  We are using SAP PI 7.31 java only installation.
  Thanks,
  Ravi Desai

  Hi Ravi
  1. To check if it is a memory issue. Once you start the channel, check the memory usage in nwa. Check if the memory is increasing once the channel is started.
  2. Add debug statements to print logs in default traces at as many places as possible. Since your code is not reaching the Catch block, using the debug statement you can reach the line in the code which is causing this issue.
  Regards
  Osman Jabri

• How to write the custom Function Module to trigger the Alert.

  Hi all,
  I have developed a custom alert category in Tx - alrtcatdef. Now i want to trigger it from my custom function module. what should i do or what is the procedure to trigger the alert from my custom function module.
  Arul Jothi

  hi arul,
  try this program.
  RSALERTTEST.
  check out this link...
  <a href="/people/ginger.gatling/blog/2005/12/02/innovative-ways-to-use-alerts:///people/ginger.gatling/blog/2005/12/02/innovative-ways-to-use-alerts
  regs,
  jaga

• How to create a custom function module with the records in SAP R/3?

  Hi All,
  How to create a custom function module with the records in SAP R/3? Using RFC Adapter I have to fetch the custom function module records.
  Regards
  Sara

  Hi
  goto se37...here u need to create a function group... then u need to create a function module. inside assign import/export parameters. assign tables/exceptions. activate the same. now write ur code within the function module
  http://help.sap.com/saphelp_nw04/helpdata/en/9f/db98fc35c111d1829f0000e829fbfe/content.htm
  Look at the below SAP HELP links, These links will show you the way to create a Function Module
  http://help.sap.com/saphelp_nw04/helpdata/en/26/64f623fa8911d386e70000e82011b8/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/9f/db98fc35c111d1829f0000e829fbfe/content.htm

• How to bring the custom function module in WE42?

  Hi,
  I have created a custom function module to post a custom idoc.
  Process code has been created thro WE42 and WE57 is done.
  Still I am not able to see the custom function module in the list (WE42) in order to assign it to process code.
  May i know the reason for this?
  Thanks.
  Thiyagu

  What makes you think that it should be visible in WE42? There is no F4-value help for this and you haven't added it manually yet, right.
  In WE42 you can manually add entries, so that's what I would do.

• SOAP Web Service +  Custom Login Module issue

  Hi Guys,
  We faced an authentication issue in our project. Could you please give any advice how the issue could be resolved.
  Environment: A simple SOAP Web Service on top of POJO class created in a Web Application. The web application deployed to the SAP NetWeaver 7.10 Application Server in the Enterprise Application Archive.
  Configuration:
        Single Service Administration Application(NetWeaver Administration -> SOA Management -> Application and Scenario Communication -> Single Service Administration)
         The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
      Authentication Application(NetWeaver Administration-> Configuration Management->Security->Authentication)
        The application(<vendorName>/<earName>*<vendor>~<webAppName>) has Authentication Stack configured to use our custom login module.
  Issue:  BasicPasswordLoginModule used by the J2EE when we are trying to execute the web service using Web Service Navigator(checked in debug mode). It seems that we missed something in configuration.
  Idea: The main Idea is to use our custom login module when we are executing a web service.
  Could you help me to resolve the issue.
  Thanks,
  Dmitry
  Edited by: Dmitry Eidin on Jul 17, 2009 3:46 PM

  > The web service endpoint has authentication configured to use User ID/Password HTTP Authentication.
  That's the point.

• Help - using custom login module with embedded jdev oc4j to access ejb 3

  Hi All (Frank ??),
  I'm just wondering if anyone has successfully been able to leverage a custom login module in combination
  with a client that connects to a local EJB 3 stateless session bean through Jdeveloper 10.1.3.2's embedded oc4j.
  I have spent 2+ days trying to get this to work - and i think I resound now to the fact im going to
  have to deploy to oc4j standalone instead.
  I got close.. but finally was trumped with the following error from the client trying to access the ejb:-
  javax.naming.NoPermissionException: Not allowed to look up XXXXXX, check the namespace-access tag
  setting in orion-application.xml for details.
  Using the various guides available, I had no problem getting the custom login module working
  with a local servlet running from JDev's embedded oc4j.. however with ejb - no such luck.
  I have a roles table (possible values Member, Admin) - that maps to sr_Member and sr_Admin
  respectively in various config files.
  I'm using EJB 3 annotations for protecting methods .. for example
  @RolesAllowed("sr_Member")
  Steps that I had to do so far :-
  In <jdevhome>\jdev\system\oracle.jwee.10.1.3.40.66\embedded-oc4j\config\system-jazn-data.xml1) Add custom login module
      <application>
        <name>current-workspace-app</name>
        <login-modules>
          <login-module>
            <class>kr.security.KnowRushLoginModule</class>
            <control-flag>required</control-flag>
            <options>
              <option>
                <name>dataSource</name>
                <value>jdbc/DB_XE_KNOWRUSHDS</value>
              </option>
              <option>
                <name>user.table</name>
                <value>users</value>
              </option>
              <option>
                <name>user.pk.column</name>
                <value>id</value>
              </option>
              <option>
                <name>user.name.column</name>
                <value>email_address</value>
              </option>
              <option>
                <name>user.password.column</name>
                <value>password</value>
              </option>
              <option>
                <name>role.table</name>
                <value>roles</value>
              </option>
              <option>
                <name>role.to.user.fk.column</name>
                <value>user_id</value>
              </option>
              <option>
                <name>role.name.column</name>
                <value>name</value>
              </option>
            </options>
          </login-module>
        </login-modules>
      </application>2) Grant login rmi permission to roles associated with custom login module (also in system-jazn-data.xml)
    <grant>
      <grantee>
        <principals>
          <principal>
            <realm-name>jazn.com</realm-name>
            <type>role</type>
            <class>kr.security.principals.KRRolePrincipal</class>
            <name>Admin</name>
          </principal>
        </principals>
      </grantee>
      <permissions>
        <permission>
          <class>com.evermind.server.rmi.RMIPermission</class>
          <name>login</name>
        </permission>
      </permissions>
    </grant>
    <grant>
      <grantee>
        <principals>
          <principal>
            <realm-name>jazn.com</realm-name>
            <type>role</type>
            <class>kr.security.principals.KRRolePrincipal</class>
            <name>Member</name>
          </principal>
        </principals>
      </grantee>
      <permissions>
        <permission>
          <class>com.evermind.server.rmi.RMIPermission</class>
          <name>login</name>
        </permission>
      </permissions>
    </grant>3) I've tried creating various oracle and j2ee deployment descriptors (even though ejb-jar.xml and orion-ejb-jar.xml get created automatically when running the session bean in jdev).
  My ejb-jar.xml contains :-
  <?xml version="1.0" encoding="utf-8"?>
  <ejb-jar xmlns ....
    <assembly-descriptor>
      <security-role>
        <role-name>sr_Admin</role-name>
      </security-role>
      <security-role>
        <role-name>sr_Member</role-name>
      </security-role>
    </assembly-descriptor>
  </ejb-jar>Note- i'm not specifying the enterprise-beans stuff, as JDev seems to populate this automatically.
  My orion-ejb-jar.xml contains ...
  <?xml version="1.0" encoding="utf-8"?>
  <orion-ejb-jar ...
    <assembly-descriptor>
      <security-role-mapping name="sr_Admin">
        <group name="Admin"></group>
      </security-role-mapping>
      <security-role-mapping name="sr_Member">
        <group name="Member"></group>
      </security-role-mapping>
      <default-method-access>
        <security-role-mapping name="sr_Member" impliesAll="true">
        </security-role-mapping>
      </default-method-access>
    </assembly-descriptor>My orion-application.xml contains ...
  <?xml version="1.0" encoding="utf-8"?>
  <orion-application xmlns ...
    <security-role-mapping name="sr_Admin">
      <group name="Admin"></group>
    </security-role-mapping>
    <security-role-mapping name="sr_Member">
      <group name="Member"></group>
    </security-role-mapping>
    <jazn provider="XML">
      <property name="role.mapping.dynamic" value="true"></property>
      <property name="custom.loginmodule.provider" value="true"></property>
    </jazn>
    <namespace-access>
      <read-access>
        <namespace-resource root="">
          <security-role-mapping name="sr_Admin">
            <group name="Admin"/>
            <group name="Member"/>
          </security-role-mapping>
        </namespace-resource>
      </read-access>
      <write-access>
        <namespace-resource root="">
          <security-role-mapping name="sr_Admin">
            <group name="Admin"/>
            <group name="Member"/>
          </security-role-mapping>
        </namespace-resource>
      </write-access>
    </namespace-access>
  </orion-application>My essentially auto-generated EJB 3 client does the following :-
        Hashtable env = new Hashtable();
        env.put(Context.SECURITY_PRINCIPAL, "matt.shannon");
        env.put(Context.SECURITY_CREDENTIALS, "welcome1");
        final Context context = new InitialContext(env);
        KRFacade kRFacade = (KRFacade)context.lookup("KRFacade");
  ...And throws the error
  20/04/2007 00:55:37 oracle.j2ee.rmi.RMIMessages
  EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
  WARNING: Exception returned by remote server: {0}
  javax.naming.NoPermissionException: Not allowed to look
  up KRFacade, check the namespace-access tag setting in
  orion-application.xml for details
       at
  com.evermind.server.rmi.RMIClientConnection.handleLookupRe
  sponse(RMIClientConnection.java:819)
       at
  com.evermind.server.rmi.RMIClientConnection.handleOrmiComm
  andResponse(RMIClientConnection.java:283)
  ....I can see from the console that the user was successfully authenticated :-
  20/04/2007 00:55:37 kr.security.KnowRushLoginModule validate
  WARNING: [KnowRushLoginModule] User matt.shannon authenticated
  And that user is granted both the Admin, and Member roles.
  The test servlet using basic authentication correctly detects the user and roles perfectly...
    public void doGet(HttpServletRequest request,
                      HttpServletResponse response)
      throws ServletException, IOException
      LOGGER.log(Level.INFO,LOGPREFIX +"doGet called");
      response.setContentType(CONTENT_TYPE);
      PrintWriter out = response.getWriter();
      out.println("<html>");
      out.println("<head><title>ExampleServlet</title></head>");
      out.println("<body>");
      out.println("<p>The servlet has received a GET. This is the reply.</p>");
      out.println("<br> getRemoteUser = " + request.getRemoteUser());
      out.println("<br> getUserPrincipal = " + request.getUserPrincipal());
      out.println("<br> isUserInRole('sr_Admin') = "+request.isUserInRole("sr_Admin"));
      out.println("<br> isUserInRole('sr_Memeber') = "+request.isUserInRole("sr_Member"));Anyone got any ideas what could be going wrong?
  cheers
  Matt.
  Message was edited by:
  mshannon

  Thanks for the response. I checked out your blog and tried your suggestions. I'm sure it works well in standalone OC4J, but i was still unable to get it to function correctly from JDeveloper embedded.
  Did you ever get the code working directly from JDeveloper?
  Your custom code essentially seems to be the equivalent of a grant within system-jazn-data.xml.
  For example, the following grant to a custom jaas role (JAAS_ADMIN) that gets added by my custom login module gives them rmi login access :-
       <grant>
            <grantee>
                 <principals>
                      <principal>
                           <realm-name>jazn.com</realm-name>
                           <type>role</type>
                           <class>kr.security.principals.KRRolePrincipal</class>
                           <name>JAAS_Admin</name>
                      </principal>
                 </principals>
            </grantee>
            <permissions>
                 <permission>
                      <class>com.evermind.server.rmi.RMIPermission</class>
                      <name>login</name>
                 </permission>
            </permissions>
       </grant>If I add the following to orion-application.xml
    <!-- Granting login permission to users accessing this EJB. -->
    <namespace-access>
      <read-access>
        <namespace-resource root="">
          <security-role-mapping>
            <group name="JAAS_Admin"></group>
          </security-role-mapping>
        </namespace-resource>
      </read-access>Running a standalone client against the embedded jdev oc4j server gives the namespace-access error.
  I tried out your code by essentially creating a static reference to a singleton class that does the role lookup/provisioning with rmi login grant :-
  From custom login module :-
    private static KRSecurityHelper singleton = new KRSecurityHelper();
    protected Principal[] m_Principals;
      Vector v = new Vector();
        v.add(singleton.getCustomRmiConnectRole());
        // set principals in LoginModule
        m_Principals=(Principal[]) v.toArray(new Principal[v.size()]);
  Singleton class :-
  package kr.security;
  import com.evermind.server.rmi.RMIPermission;
  import java.util.logging.Level;
  import java.util.logging.Logger;
  import oracle.security.jazn.JAZNConfig;
  import oracle.security.jazn.policy.Grantee;
  import oracle.security.jazn.realm.Realm;
  import oracle.security.jazn.realm.RealmManager;
  import oracle.security.jazn.realm.RealmRole;
  import oracle.security.jazn.realm.RoleManager;
  import oracle.security.jazn.policy.JAZNPolicy;
  import oracle.security.jazn.JAZNException;
  public class KRSecurityHelper
    private static final Logger LOGGER = Logger.getLogger("kr.security");
    private static final String LOGPREFIX = "[KRSecurityHelper] ";
    public static String CUSTOM_RMI_CONNECT_ROLE = "remote_connect";
    private RealmRole m_Role = null;
    public KRSecurityHelper()
      LOGGER.log(Level.FINEST,LOGPREFIX +"calling JAZNConfig.getJAZNConfig");
      JAZNConfig jc = JAZNConfig.getJAZNConfig();
      LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getRealmManager");
      RealmManager realmMgr = jc.getRealmManager();
      try
        // Get the default realm .. e.g. jazn.com
        LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getGetDefaultRealm");
        Realm r = realmMgr.getRealm(jc.getDefaultRealm());
        LOGGER.log(Level.INFO,LOGPREFIX +"default realm: "+r.getName());
        // Access the role manager for the remote connection role
        LOGGER.log(Level.FINEST,
          LOGPREFIX +"calling default_realm.getRoleManager");
        RoleManager roleMgr = r.getRoleManager();
        LOGGER.log(Level.INFO,LOGPREFIX +"looking up custom role '"
          CUSTOM_RMI_CONNECT_ROLE "'");
        RealmRole rmiConnectRole = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
        if (rmiConnectRole == null)
          LOGGER.log(Level.INFO,LOGPREFIX +"role does not exist, create it...");
          rmiConnectRole = roleMgr.createRole(CUSTOM_RMI_CONNECT_ROLE);
          LOGGER.log(Level.FINEST,LOGPREFIX +"constructing new grantee");
          Grantee gtee = new Grantee(rmiConnectRole);
          LOGGER.log(Level.FINEST,LOGPREFIX +"constructing login rmi permission");
          RMIPermission login = new RMIPermission("login");
          LOGGER.log(Level.FINEST,
            LOGPREFIX +"constructing subject.propagation rmi permission");
          RMIPermission subjectprop = new RMIPermission("subject.propagation");
          // make policy changes
          LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getPolicy");
          JAZNPolicy policy = jc.getPolicy();
          if (policy != null)
            LOGGER.log(Level.INFO, LOGPREFIX
              + "add to policy grant for RMI 'login' permission to "
              + CUSTOM_RMI_CONNECT_ROLE);
            policy.grant(gtee, login);
            LOGGER.log(Level.INFO, LOGPREFIX
              + "add to policy grant for RMI 'subject.propagation' permission to "
              + CUSTOM_RMI_CONNECT_ROLE);
            policy.grant(gtee, subjectprop);
            // m_Role = rmiConnectRole;
            m_Role = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
            LOGGER.log(Level.INFO, LOGPREFIX
              + m_Role.getName() + ":" + m_Role.getFullName() + ":" + m_Role.getFullName());
          else
            LOGGER.log(Level.WARNING,LOGPREFIX +"Cannot find jazn policy!");
        else
          LOGGER.log(Level.INFO,LOGPREFIX +"custom role already exists");
          m_Role = rmiConnectRole;
      catch (JAZNException e)
        LOGGER.log(Level.WARNING,
          LOGPREFIX +"Cannot configure JAZN for remote connections");
    public RealmRole getCustomRmiConnectRole()
      return m_Role;
  }Using the code approach and switching application.xml across so that namespace access is for the group remote_connect, I get the following error from my bean :-
  INFO: Login permission not granted for current-workspace-app (test.user)
  Thus, the login permission that I'm adding through the custom remote_connect role does not seem to work. Even if it did, i'm pretty sure I would still get that namespace error.
  This has been such a frustrating process. All the custom login module samples using embedded JDeveloper show simple j2ee servlet protection based on settings in web.xml.
  There are no samples showing jdeveloper embedded oc4j using ejb with custom login modules.
  Hopefully the oc4j jdev gurus like Frank can write a paper that demonstrates this.
  Matt.

• Custom login module on OC4J 10.1.3.3.0

  Hi,
  I need to implement custom web form-based authentication on OC4J, in order to port an existing JBoss app. I was following Frank's example at http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm. Trying to access protected pages will correctly redirect to the j_security_check page, and from there call my custom login module - through LoginContext. The issue is that - even if the LoginModule correctly authenticates user's credentials, the request still doesn't get through, coming back to the authentication page.
  I perform the deployment using Oracle Enterprise Manager, and the relevant files are:
  web.xml:
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>testJAAS</realm-name>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/jsp/login.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <!-- Security constraints -->
  <security-constraint>
       <web-resource-collection>
       <web-resource-name>Test Secure Application</web-resource-name>
       <description>Requires users to authenticate</description>
       <url-pattern>faces/*</url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
       <http-method>HEAD</http-method>     
       <http-method>PUT</http-method>     
       </web-resource-collection>     
       <auth-constraint>
       <description>Only allow role1 users</description>
       <role-name>role1</role-name>
       </auth-constraint>     
       <user-data-constraint>
       <description>Encryption is not required for the application in general. </description>
       <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
  </security-constraint>
  <!-- Define the security role(s) -->
  <security-role>
  <description>Example role</description>
  <role-name>role1</role-name>
  </security-role>
  orion-web.xml:
  schema-major-version="10" schema-minor-version="0" >
       <!-- Uncomment this element to control web application class loader behavior.
            <web-app-class-loader search-local-classes-first="true" include-war-manifest-class-path="true" />
       -->
       <resource-ref-mapping name="jdbc/lics" />
       <security-role-mapping name="role1">
            <group name="oc4j-app-administrators" />
       </security-role-mapping>
       <web-app>
       </web-app>
  orion-application.xml:
       <jazn provider="XML" >
            <property name="jaas.username.simple" value="true" />
            <property name="custom.loginmodule.provider" value="true" />
            <property name="role.mapping.dynamic" value="true" />
       </jazn>
  system-jazn-data.xml:
  <jazn-loginconfig>
       <application>
            <name>le5</name>
            <login-modules>
                 <login-module>
                      <class>com.tx.lic.oc4jsx.ext.LicLoginModule</class>
                      <control-flag>required</control-flag>
                      <options>
                           <option>
                                <name>defaultRole</name>
                                <value>role1</value>
                           </option>
                      </options>
                 </login-module>
            </login-modules>
       </application>
  I assume something is wrong with the deployment configuration, b/c when I specifically add users to the defined role1 role, it works fine(see below). But this is not an option, since users should only be specified in the data store of the LoginModule.
  Doing as above, the orion-web.xml is below:
       <resource-ref-mapping name="jdbc/lic" />
       <security-role-mapping name="role1">
            <group name="oc4j-app-administrators" />
            <user name="user1" />
            <user name="user2" />
       </security-role-mapping>
  Any insight would be much appreciated. Thanks.

  Hi,
  role to group mapping doesn't seem to work for custom LoginModules. This means hat your web applcation (web.xml) should use th same role names as used on the database authentication. So remove
  <security-role-mapping name="role1">
  <group name="oc4j-app-administrators" />
  </security-role-mapping>
  from orion-web.xml and it should start wrking
  Frank

• Custom login module Authentication works but Authorization Does not work

  Hi:
  I am using custom login module and switched on the ADF authentication using adf-config.xml file. My custom authentication works i.e. it returns true but when it finally tries to display the page 401 Unauthorized message is shown. I am using JDev 10.1.3.2.
  Is there any other settings I need to perform. Could you please let me know.
  Thanks

  I have the same issue, please refer to this thread.
  Re: ADF Security Authorization

• How to develope custom function modules in SAP R/3 system to maintain c...

  How to develope custom function modules in SAP R/3 system to maintain cross
  referencing tables for sales order number.

  Hi Raja,
  Steps to crate FM..
  Follow these steps..
  Go to the T: code SE37
  First You Create Function Group
  On That u specify
  Function Group Name..............
  Short Text..............................
  save...
  Go to SE 37
  Specify the Function Module Name: Eg: Z_Bapi_Materialmaster
  Short Text.......
  Save...
  Next Go to Attributes..
  Select Radio button : Remote enabled model
  Go to Parameters..
  Click Import...
  Give Parameter Type Associate type S.t
  next Click Export...
  Give Parameter Type Associate type S.t
  Next Click Tables Button..
  Specify tables..
  Next click source code button..
  Write Source code here..
  Eg : Select statements Etc..
  Finally we should be select the Radio button Enable remorely
  https://www.sdn.sap.com/irj/sdn/wiki?path=/pages/viewpage.action?pageId=39728
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/abap/bapi%2bstep%2bby%2bstep
  Hope this information is useful to you..
  Reward points if it is usefulll....
  Thanks ,
  Satya Kumar..

• Unable to deploy custom adapter module in PI 7.31

  Hi pros,
  I created a custom adapter module to split some complex input files to multiple messages. We use a SAP PO 7.31 java-only installation. I followed this document to create my adapter module:
  How to Create Modules for the JEE Adapter Engine
  I know it is for PI 7.1 but a colleague of mine said that he was able to create a running adapter module for PI 7.3 following the guide. I created the following projects:
  EAR project references the EJB project:
  Project facet of the EJBproject:
  ejb-jar.xml config:
  application-j2ee-engine.xml (in EAR project):
  When I try to deploy my module, I get the following error:
  Java version:
  NWDS version:
  Any hint is appreciated! What can be wrong? What can I check again?
  THANKS!
  Message was edited by: Stefan Münchow

  I am not sure if the version is the problem. We have PI 7.31, support package 14, patch level 0 and NWDS 7.31 support package 12, patch level 4. The version of NWDS is lower than the version of the PI. According to Note 1599298 the error occurs when the NWDS is higher than the one of PI. Besides, we are able to deploy BPMN processes with the same NWDS to the same server.
  This is the exact exception trace shown in NWDS:
  com.sap.ide.eclipse.sdm.deploy.DeploymentException: [ERROR CODE DPL.DCAPI.1027] DeploymentException.
  Reason: ASJ.dpl_dc.001085 Operation [deploy] of [sap.com_SplitArticleFileModule_EAR] failed
  at com.sap.ide.eclipse.sdm.threading.DCDeployThread.run(DCDeployThread.java:110)
  ------------- Nested exception -------------------
  com.sap.engine.services.dc.api.deploy.DeployException: [ERROR CODE DPL.DCAPI.1027] DeploymentException.
  Reason: ASJ.dpl_dc.001085 Operation [deploy] of [sap.com_SplitArticleFileModule_EAR] failed
  at com.sap.engine.services.dc.api.deploy.impl.DeployProcessorImpl.deployItems(DeployProcessorImpl.java:862)
  at com.sap.engine.services.dc.api.deploy.impl.DeployProcessorImpl.deploy(DeployProcessorImpl.java:259)
  at com.sap.ide.eclipse.deployer.dc.deploy.DeployProcessor70.deploy(DeployProcessor70.java:105)
  at com.sap.ide.eclipse.sdm.threading.DCDeployThread.run(DCDeployThread.java:80)
  Caused by: com.sap.engine.services.dc.cm.deploy.DeploymentException: ASJ.dpl_dc.001085 Operation [deploy] of [sap.com_SplitArticleFileModule_EAR] failed
  at com.sap.engine.services.dc.cm.deploy.impl.OnlineDeployProcessor.performDelivery(OnlineDeployProcessor.java:246)
  at com.sap.engine.services.dc.cm.deploy.impl.BulkOnlineDeployProcessor.deploy(BulkOnlineDeployProcessor.java:67)
  at com.sap.engine.services.dc.cm.deploy.impl.AbstractDeployProcessor$DeployProcessorHelper.visit(AbstractDeployProcessor.java:282)
  at com.sap.engine.services.dc.cm.deploy.impl.DeploymentItemImpl.accept(DeploymentItemImpl.java:84)
  at com.sap.engine.services.dc.cm.deploy.impl.AbstractDeployProcessor.deploy(AbstractDeployProcessor.java:100)
  at com.sap.engine.services.dc.cm.deploy.impl.DeployThread.run(DeployThread.java:39)
  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
  at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
  Caused by: com.sap.engine.services.dc.gd.DeliveryException: [ERROR CODE DPL.DC.3298] Operation [deploy] of [sap.com_SplitArticleFileModule_EAR] failed
  at com.sap.engine.services.dc.gd.impl.ApplicationDeployer.deploy(ApplicationDeployer.java:167)
  at com.sap.engine.services.dc.gd.impl.InitialApplicationDeployer.performDeployment(InitialApplicationDeployer.java:138)
  at com.sap.engine.services.dc.gd.impl.InitialGenericDeliveryImpl.deploy(InitialGenericDeliveryImpl.java:57)
  at com.sap.engine.services.dc.cm.deploy.impl.OnlineDeployProcessor.performDelivery(OnlineDeployProcessor.java:213)
  ... 8 more
  Caused by: com.sap.engine.services.deploy.server.utils.DSRemoteException: ASJ.dpl_ds.006193 Operation [deploy] of [/usr/sap/DP2/J64/j2ee/cluster/server0/temp/tc~bl~deploy_controller/archives/213/SplitArticleFileModule_EAR.ear] failed
  at com.sap.engine.services.deploy.server.DeployServiceImpl.catchDeploymentExceptionWithDSRem(DeployServiceImpl.java:3370)
  at com.sap.engine.services.deploy.server.DeployServiceImpl.deploy(DeployServiceImpl.java:315)
  at com.sap.engine.services.dc.gd.impl.ApplicationDeployer.deploy(ApplicationDeployer.java:139)
  ... 11 more
  Caused by: com.sap.engine.services.deploy.container.rtgen.GenerationException: Open failed for '/usr/sap/DP2/J64/j2ee/cluster/server0/temp/deploy/SplitArticleFileModule_EAR.ear1422275742985/com.sap.aii.utilxi.server.jar' with fd 218 returning message 'couldn't find 'END' tag' and errno 0 after trying cache.
  at com.sap.engine.services.webservices.server.deploy.preprocess.WebServicesGenerator.createSingleModule(WebServicesGenerator.java:100)
  at com.sap.engine.services.webservices.server.deploy.preprocess.WebServicesGenerator.generate(WebServicesGenerator.java:54)
  at com.sap.engine.services.deploy.container.rtgen.AnnotationsSupportingGenerator.generate(AnnotationsSupportingGenerator.java:27)
  at com.sap.engine.services.deploy.ear.jar.moduledetect.GeneratorWrapper.generate(GeneratorWrapper.java:43)
  at com.sap.engine.services.deploy.ear.jar.ModuleGeneratorTool.generate(ModuleGeneratorTool.java:110)
  at com.sap.engine.services.deploy.ear.jar.ModuleGeneratorTool.generateOverExistingModules(ModuleGeneratorTool.java:97)
  at com.sap.engine.services.deploy.ear.jar.ModuleGeneratorTool.generateModules(ModuleGeneratorTool.java:80)
  at com.sap.engine.services.deploy.ear.jar.EARReader.read(EARReader.java:240)
  at com.sap.engine.services.deploy.server.application.DeployUtilTransaction.prepareNewDeploymentInfo(DeployUtilTransaction.java:217)
  at com.sap.engine.services.deploy.server.application.DeploymentTransaction.begin(DeploymentTransaction.java:199)
  at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesOnOneServer(ApplicationTransaction.java:421)
  at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhases(ApplicationTransaction.java:473)
  at com.sap.engine.services.deploy.server.DeployServiceImpl.makeGlobalTransaction(DeployServiceImpl.java:1836)
  at com.sap.engine.services.deploy.server.DeployServiceImpl.deploy(DeployServiceImpl.java:360)
  at com.sap.engine.services.deploy.server.DeployServiceImpl.deploy(DeployServiceImpl.java:313)
  ... 12 more
  Caused by: java.util.zip.ZipException: Open failed for '/usr/sap/DP2/J64/j2ee/cluster/server0/temp/deploy/SplitArticleFileModule_EAR.ear1422275742985/com.sap.aii.utilxi.server.jar' with fd 218 returning message 'couldn't find 'END' tag' and errno 0 after trying cache.
  at java.util.zip.ZipFile.open(Native Method)
  at java.util.zip.ZipFile.<init>(ZipFile.java:154)
  at java.util.jar.JarFile.<init>(JarFile.java:141)
  at java.util.jar.JarFile.<init>(JarFile.java:105)
  at com.sap.engine.services.webservices.server.deploy.preprocess.WebServicesSupportHandlerImpl.generateWebSupport(WebServicesSupportHandlerImpl.java:79)
  at com.sap.engine.services.webservices.server.deploy.preprocess.WebServicesGenerator.createSingleModule(WebServicesGenerator.java:69)
  ... 26 more
  Maybe the used jar files could be the problem?

• Steps to create Service Notification in Customer Service Module

  Hi,
  Can anyone let me know the steps involved and the process to create Service Notification in Customer Service Module.
  Regards,
  Ram

  Hello SAP Guru's,
  I am Shankar from chennai.
  At present i have assigned to do the Customer Service process for our project.
  I had tried the BPP method for doing it.
  When i tried the Depot repair process from BPP i got error during billing process.
  Can any one guide me with the step by steps procedure to do the senerio.
  i searched the web for the process. but i couldnt able to find it.
  If any one has the complete step by step procedure to do the process pls help me.
  my id is ponshankar gmail com.
  Thanks in advance
  Warm regards,
  Shankar

• How to register a custom HCM module/application in Fusion Application

  Hi All,
  I am working on a Fusion Co-existence project and one of the requirement we have to create/register a custom application/module In Fusion Apps(Just like Creating Entry in FND_APPLICATION IN EBS).
  Once created we want it to be linked to a custom schema and custom Linus directory structure as well.
  Any help would be highly appreciated.
  Thanks,
  Ankit

  Hi Jani,
  We haven't deployed any application till now; Infact we are not even sure of it as we are EBS People predominantly. Here is what we need and Why:
  We are developing a custom integration to support the Data translations migrations from EBS to Fusion Apps in a co-existence environment. Solution is basically consist of :
  1.Extract the Data in Flat File using a Concurrent Program from EBS R12
  2.FTP the file to Fusion Server
  3.Read the file and write into Staging table using the SQL*Loader in Fusion Apps through a custom ESS Job
  4.Data validation and Import program in Fusion Apps through a custom ESS Job
  Since this is a custom solution The ESS Import/Validation jobs in Fusion Apps need to be register within a custom module (Like lets say XXHR). So the staging tables need to be created should be tied to custom Database schema linked with this application and the Files to be palced in the Fusion Server should be placed under the Custom XXHR_TOP/bin directory. Also the ESS job shold be registered with the custom application.
  So we are looking for a complete help on this.
  Hope it clarifies your questions.
  Thanks,
  Ankit

• Inconsistent Errors when processing  IDocs using custom Function Module

  I am encountering a most perplexing error. Here is the situation.
  We have a custom function module to update data in the EH&S system. We are having a bizarre error occurring. This is the basic processing of the function module:
  1. IDoc data is read and loaded into an internal table.
  2. Data is run through a series of checks to determine if the data is valid for entry into the system.
  3. After validation we use function module  C1F2_SUBSTANCES_READ_WITH_REF to read  characteristic data for the  substance. This data is used to validate whether current data exists to allow for loading of the IDoc data. (This is the step where the IDoc is receiving an error even if the data is valid. This only occurs if we are processing a large amount of Idocs and one IDoc contains valid data and another invalid data for the same substance. It occurs even if the Idocs are not processed in sequence.  If individually processed or reprocessed after initial failure they pass. This is what is so confusing!) If it exists, a flag is set and  the data is loaded using function module BAPI_BUS1077_CHANGE to modify the data.
  4. If the flag is set to allow further processing, the function module C1F2_SUBSTANCES_READ_WITH_REF is used again to select different characteristic data for the substance. A similar validation process occurs and if it passes, data is loaded using BAPI_BUS1077_CHANGE to update and BAPI_BUS1077_CREATE to create new data.
  Here is the situation:
  When processing one valid record for one substance, the record loads successfully.  When processing multiple valid records (all are valid) for one substance, they all load successfully.  The problem occurs when attempting to load valid and invalid records for the same substance.  Some times the program successfully loads the valid data (as expected).  Other times, it will not load any records.  It is not consistent!
  The order of IDoc processing does not have an impact on the success of the load.  Whether the valid or invalid record processes first does not have an impact on the success of the valid substance load.
  Does anyone have ANY Idea of what is going on? I am clearing all fields in the function module before processing occurs. I cannot find what is causing the error to occur.
  HELP!
  Jim Hardy

  I have some further information. It seems that if data for a substance is sent in two separate Idocs, one with valid and one with invalid data, As long as the two IDocs are processed consecutively, they process correctly. If they are separated by IDocs containing other substance information, they fail.
  thanks
  Jim