Custom pluggable idm with custom login module
Hello All. I've developed a custom implementation of the pluggable identity management framework as explained in chapter 13 of the book "Oracle® Containers for J2EE Security Guide10g (10.1.3.1.0)". I have OAS 10.1.3.1.0.
Everything works fine except when the identity is validated with in the tokenAsserter. The process is supposed to continue with the login method implemented in my custom login module but instead the default oracle implementation (RealmLoginModule) is being executed.
The application is a servlet and is configured to use a custom loginModule. If I don't use de custom auth method (auth-method="CUSTOM_AUTH" in orion-application) my loginModule is called but when I plug it to my custom idm implementation it doesn't.
The custom idm is packed in to a jar containing the idm and the login module. The jar is deployed to the <ORACLE_HOME>/ext/lib directory.
Any suggestions? Thanks
Thanks for your answer, it really helps. I had already cheeked all that stuff and it was correct, but knowing that another person had made it worked the same way I was doing it, made me think I was doing it right and the problem may simpler. It really was. OC4J was really calling my login module all the time but it was getting a runtime exception, a very simple one, that was making OC4J to propagate the authentication to the default login module (RealmLoginModule), and that was the error I was watching in the logs that had me all confused.
I will start another thread though about stolen cookie in a SSO solution that I’m developing with this implementation.
Thank you.
Similar Messages
-
Site Definition with Custom List Intance with Custom fields
How to create VS 2012 > Site Definition with Custom List Instance with Custom fields?
<site>
<list>
<field>Hi Sunil,
it is the same way we create in VS 2010.
Add a new empty SP project in VS2012 and then add, site, list and fields as per your requirement.
Here are few references-
Creating SharePoint 2010 Site Definitions in Visual Studio 2010
http://msdn.microsoft.com/en-us/library/gg276356(v=office.14).aspx
Creating SharePoint 2010 List Definitions in Visual Studio 2010
http://msdn.microsoft.com/en-us/library/gg276355(v=office.14).aspx
Walkthrough: Create a Basic Site Definition Project
http://msdn.microsoft.com/en-us/library/ee231583.aspx
and I normally create a blank site with all required configuration and then create, import the template to hand craft the list and fields. this would minimize errors.
see the below blog on this topic
http://blogs.msdn.com/b/sambetts/archive/2013/10/17/creating-a-clean-visual-studio-solution-from-a-sharepoint-2013-site-template.aspx
Hope this helps!
Ram - SharePoint Architect
Blog - SharePointDeveloper.in
Please vote or mark your question answered, if the reply helps you -
Linking customized D.O with Customized Billing doc.
Hi Experts
Seeking advice for linking the customized D.O with Customized Billing document type.
For Interco STO, delivery NLCC and Billing Doc IV is customized.
However, still custom D.O is looking for IV instead custom billing doc.
Please only detailed responce guidence.
Rgds
RGPlease "only" detailed responce guidence
What do you mean by this ?? You cannot dictate the members and hence, please avoid commenting like this.
Coming to your issue, I am confused on your statement
Seeking advice for linking the customized D.O with Customized Billing document type.
For Interco STO, delivery NLCC and Billing Doc IV is customized.
in the first line, you say you have customized whereas in the second line, you said that system is not taking customized document type. Please be clear in your question.
thanks
G. Lakshmipathi -
Custom JSF component with custom value datatype
I've created a simple custom JSF component with a decode, encodeBegin as follows:
public void decode(FacesContext context) {
Map<String, String> requestParameters = context.getExternalContext().getRequestParameterMap();
String clientId = getClientId(context);
String value = requestParameters.get(clientId);
setSubmittedValue(value);
super.decode(context);
public void encodeBegin(FacesContext context) throws IOException {
ResponseWriter response = context.getResponseWriter();
String clientId = getClientId(context);
response.startElement("input", this);
response.writeAttribute("name", clientId, "id");
response.writeAttribute("type", "text", null);
String value = (String) getValue();
if (null != value) {
response.writeAttribute("value", value, "value");
response.endElement("input");
}With also:
setRendererType(null);as part of the constructor.
This component works just fine both inside and outside of a dataTable component, as expected.
What I would like to do now is to replace the String value datatype with a custom class, for example MyDataType. For this I do:
public void decode(FacesContext context) {
Map<String, String> requestParameters = context.getExternalContext().getRequestParameterMap();
String clientId = getClientId(context);
String value = requestParameters.get(clientId);
MyDataType myData = (MyDataType) getValue();
MyDataType newData = (MyDataType) myData.clone();
newData.setValue(value);
// copy old object and only update the changed field of this object
setSubmittedValue(newData);
super.decode(context);
public void encodeBegin(FacesContext context) throws IOException {
ResponseWriter response = context.getResponseWriter();
String clientId = getClientId(context);
response.startElement("input", this);
response.writeAttribute("name", clientId, "id");
response.writeAttribute("type", "text", null);
MyDataType value = (MyDataType) getValue();
if (null != value) {
response.writeAttribute("value", value.getValue(), "value");
response.endElement("input");
}Now this works perfect outside of a dataTable component, but inside it fails to update the property on the BB.
Are there somewhere examples on how to properly use custom datatypes as values for UIInput components? Also how to only partially update the value (like I do, I only want to update the value field of the MyDataType object)Even if I encode the entire MyDataType via hidden input elements and decode it again (i.e. not using a cloned getValue) it's still not working side a dataTable.
Could it have to do something with me using Facelets? -
How to parse a custom text file (with custom separators) to a list inside a table
Hi,
i'm trying to parse +/-50 product detail html web pages to a combined PQ table showing each product and all sub-products inside their package :
let
Source = Folder.Files("N:\sample\Product_Details"),
TransformedColumn = Table.TransformColumns(Source,{{"Content", Lines.FromBinary}}),
RemovedOtherColumns = Table.SelectColumns(TransformedColumn,{"Content", "Name"}),
DuplicatedColumn = Table.DuplicateColumn(RemovedOtherColumns, "Content", "Copy of Content"),
#"Expand Content1" = Table.ExpandListColumn(DuplicatedColumn, "Content"),
FilteredRows = Table.SelectRows(#"Expand Content1", each Text.Contains([Content], "/h1")),
#"Expand Copy of Content" = Table.ExpandListColumn(FilteredRows, "Copy of Content"),
FilteredRows1 = Table.SelectRows(#"Expand Copy of Content", each Text.Contains([Copy of Content],">• ")),
---> try outs :
TransformedColumn2 = Table.TransformColumns(FilteredRows1,{{"Copy of Content",Lines.FromText}})
TransformedColumn3 = Table.TransformColumns(TransformedColumn2,{{{"Copy of Content",">• "},Text.splitAny}}),
#"Expand Copy of Content1" = Table.ExpandListColumn(TransformedColumn2,{"Copy of Content",">• "})
in
#"Expand Copy of Content1"
So the code here above...
_ list all HTML Files of the folder
_ create, for each file of the table, 1 row of data per line from inside the related HTML page
_ filter the lines to retrieve the Product Package name of each HTML page
_ create, for each "package entry" of the table, 1 row of data per line from inside the related HTML page
_ filter the lines to retrieve the sub-product Package details of each HTML page (one single line without carriage return)
---> stuck
So now for each "Package" entry row I've a text cell containing a list of sub-products separated by ">• " characters and I would like to convert this text to a list separated at each >• so I could afterward expand it to 1 row
per sub-product (with package name as first cell of the row)
normally Lines.FromText( sould provide the option to define a custom separator but when nested inside Table.TransformColumns(
I cannot find where to put this optionnal field !
I've search for some explanations on http://office.microsoft.com/en-us/excel-help/power-query-formula-categories-HA104122363.aspx but syntax transformation due to nesting isn't explained and samples doesn't cover much cases of usage they only cover
obvious usage with no option !
Can somebody help me on this ?Oh I see. I missed the part about it being separate rows when I read your post the first time.
How about this... first do the Table.SplitColumn operation and then use the Unpivot operation. Doing this through the UI is pretty simple, but you can go straight through the formula language if you want to. The formula is Table.UnpivotOtherColumns.
Here's a simplified example:
let
Source = #table({"Column1","Column2"},{{1,"a,b,c,d"},{2,"e,f,g"},{3,"h"}}),
SplitColumnDelimiter = Table.SplitColumn(Source,"Column2",Splitter.SplitTextByDelimiter(","),{"Column2.1", "Column2.2", "Column2.3", "Column2.4"}),
Unpivot = Table.UnpivotOtherColumns(SplitColumnDelimiter,{"Column1"},"Attribute","Value"),
RemovedColumns = Table.RemoveColumns(Unpivot,{"Attribute"})
in
RemovedColumns
There's probably a way to do it with Lines.FromText, but I think this is a bit simpler. It can all be done with clicks in the UI. -
Customized OAF pages(with customized controller) not working in Upgraded R 12.2.4
Hello All,
There is a problem, I am facing with my custom page. I am trying to extend the controller with my custom class, but getting the below error
oracle.apps.fnd.framework.OAException: Could not create Java class: (oracle.apps.xxar.cusstd.createcus.webui.xxArCreCusCO) associated with region: (ArUtilRN). This is probably because the class name is wrong or not included in project.
at oracle.apps.fnd.framework.webui.OAPageErrorHandler.prepareException(OAPageErrorHandler.java:1247)
at oracle.apps.fnd.framework.webui.OAPageErrorHandler.processErrors(OAPageErrorHandler.java:1435)
at oracle.apps.fnd.framework.webui.OAPageBean.processRequest(OAPageBean.java:2848)
at oracle.apps.fnd.framework.webui.OAPageBean.preparePage(OAPageBean.java:1991)
at oracle.apps.fnd.framework.webui.OAPageBean.preparePage(OAPageBean.java:567)
at oracle.apps.fnd.framework.webui.OAPageBean.preparePage(OAPageBean.java:455)
Though the file is present in the right folder
[applmgr@gfs3devapp1 webui]$ pwd
/opt/oracle/gfs2d/fs1/EBSapps/comn/java/classes/oracle/apps/xxar/cusstd/createcus/webui
[applmgr@gfs3devapp1 webui]$ ls -ltr
total 4
-rw-r-----. 1 applmgr oinstall 1177 Feb 25 10:17 xxArCreCusCO.class
I got to follow this discussion but it is not helping me: https://community.oracle.com/thread/3647610
Please assist.
Thanks, PrakharHi Prakhar,
I hope that xxar is your custom application name. You dont need to run the adop_sync.drv
Please follow the below steps to create your own jar.
Creating a custom jar file and making it available:
Create a temporary custom.zip file which contains all the custom application's directories/files at the non-standard location. The commands are:
cd $JAVA_TOP
zip -r customprod.zip <directory list> where the <directory list> is the list of all the directory paths, relative to $JAVA_TOP, for custom application's java files at the non-standard location.
Generate and sign the customprod.jar file. Command: adjava oracle.apps.ad.jri.adjmx -areas $JAVA_TOP/customprod.zip -outputFile $JAVA_TOP/customprod.jar -jar $CONTEXT_NAME 1 CUST jarsigner -storePass <KeyStore Password> -keyPass <Key Password>
Delete the temporary customprod.zip. Command: rm $JAVA_TOP/customprod.zip
Follow the steps below to make the custom jar file available for WebLogic Server:
Back up the existing <FND_TOP>/admin/template/ebsProductManifest_xml.tmp
Modify <FND_TOP>/admin/template/ebsProductManifest_xml.tmp to add the entry below for customprod.jar (after customall.jar):
<library>customprod.jar</library>
Run AutoConfig.
Bounce the middle-tier services.
NOTE: These changes will be lost if ebsProductManifest_xml.tmp is patched in future; changes will need to be done again. -
Custom Master Page with Custom Page Layout
Hi All,
I have created a Custom SharePoint Master Page. In that Master Page I have created a custom Header & Footer. In between the header and the footer I created a space to put page's content.
However I have created a page using that master page and it was successfully published.
After that I wanted to create a Custom Page Layout using that Page previously created. That also was a successful one. But when default Page Layouts in SharePoint 2013 inserted to a page it shows an area that can add content. But in my Page Layout inserted
to a page it does not show like that.
So what have I missed when I created the Custom Page Layout? Could you kindly someone tell me how to solve this matter?
Thanks and regards,
ChiranthakaCan you confirm that your custom page layout has the same WebPart Zones as the default one? They need to be if you wish to see content that was added with the default page layout.
Nikolas Charlebois-Laprade Microsoft Certified Professional & Software Engineer http://nikcharlebois.com -
Custom Login Module - all modules ignored
Hello,
we created a custom login module and deployed it as library to the server. We than configured the login module as described in the SAP manual:
http://help.sap.com/saphelp_nw70/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
First we had a little problem with the library path. The security log has a nice overview what login stack and what modules where called, for our module it stated u201CCannot load login module class u2026.u201D
After reading the forum, we found that our login module path was wrong, we only added the class name as described in the tutorial. Correct was to use the library name from Visual Admin.
But now, if we call the portal, the security log is just empty. It seems no stack and no module is called at all. If we remove our custom module from the ticket stack, everything is fine and we get an entry in the security log with the ticket stack and all remaining modules.
If we add the custom login module to the stack again and enter username and password we get an error message that all modules are ignored.
Does anybody know this error and maybe what to do?
Best regards,
KaiHi Kai,
have you solved your problem?
Currently we are facing a similar Problem.
We have a custom login module. I deployed everything like in the tutorial. There should be no Problem with the login module itself, as it is an exact copy of a working one. Class names are the same. The only difference is in package names, project names, library names. I adjusted the classloader to the new library and also adjusted the classname in the user store where the login module is configured.The login module is part of the "ticket" authentication stack.
When we want to log on to the portal, we get an error like "all modules ignored".
Maybe you have found a solution which is also suitable for our problem.
Thanks
Regards
Pascal -
Custom Login Module Called by WebLogic
I have managed to write and deploy a custom login module that works just fine with
other app servers (except WebLogic). I am using WebLogic 6.1 with sp2. When WebLogic
starts up, it seems to be calling my custom login module with a user of "system".
I then get the following exception:
Authentication Failed: Unexpected Exception, weblogic.security.acl.DefaultUserInfoImpl
java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
<<no stack trace available>>
I have updated the Server.policy file to only point to my custom login module, WebLogic's
system path points to the JAR with my login module and I can see the module get called.
Any advice as to what WebLogic is doing here. This behavior does not seem to be
compliant with the JAAS spec. Here is a snippet of my login method:
public boolean login() throws LoginException {
if (callbackHandler == null)
throw new LoginException("Error: blah blah");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback(USER);
callbacks[1] = new PasswordCallback(PWD, false);
try {
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[USERCALLBACK]).getName();
char[] tmpPassword = ((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
if (tmpPassword == null) {
tmpPassword = new char[0];
password = new String(tmpPassword);
Environment env = new Environment();
env.setProviderUrl(url);
env.setSecurityPrincipal(username);
env.setSecurityCredentials(password);
Authenticate.authenticate(env, subject);
return verifyCredentials();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString()
+ " not available");Weblogic 6.x does not support replaceable server side login modules and only
supports login modules on the client.
<[email protected]> wrote in message
news:3cf36c98$[email protected]..
>
I have managed to write and deploy a custom login module that works justfine with
other app servers (except WebLogic). I am using WebLogic 6.1 with sp2.When WebLogic
starts up, it seems to be calling my custom login module with a user of"system".
I then get the following exception:
Authentication Failed: Unexpected Exception,weblogic.security.acl.DefaultUserInfoImpl
java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
<<no stack trace available>>
I have updated the Server.policy file to only point to my custom loginmodule, WebLogic's
system path points to the JAR with my login module and I can see themodule get called.
Any advice as to what WebLogic is doing here. This behavior does notseem to be
compliant with the JAAS spec. Here is a snippet of my login method:
public boolean login() throws LoginException {
if (callbackHandler == null)
throw new LoginException("Error: blah blah");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback(USER);
callbacks[1] = new PasswordCallback(PWD, false);
try {
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[USERCALLBACK]).getName();
char[] tmpPassword =((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
>
if (tmpPassword == null) {
tmpPassword = new char[0];
password = new String(tmpPassword);
Environment env = new Environment();
env.setProviderUrl(url);
env.setSecurityPrincipal(username);
env.setSecurityCredentials(password);
Authenticate.authenticate(env, subject);
return verifyCredentials();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " +uce.getCallback().toString()
+ " not available"); -
Configuring PAM login modules with weblogic 6.1
I am trying to configure my own PAM login module to work on the same JVM as weblogic.
I have my own security policy that does not rely on weblogic however when trying
to login after creating a specific login context :
LoginContext loginContext = new LoginContext("XXLogin",subject,
callbackHandler);
loginContext.login();
The JVM tries to invoke weblogic's own internal server login module. It looks
for the callback the login module uses and then fails.
The same problem ocurrs at weblogic startup. Weblogic appears to overide the -Djava.security.auth.login.config=jaas.config
with their own login configuration file:WLHOME\lib\server.policy. Is this supposed
to be a standard PAM login configuration file or weblogic's own interpretation
of it ? (It is called a policy file which normally relates to grants and permissions
in JAVA). Anyway we modified this file to include our own login module under a
different AuthenticationConfigurationName. However weblogic attempted to use our
login module as well as their own. According to the jaas api when creating a login
context the application configuration name is specified however weblogic appears
to be ignoring this !! Also we have found that a PAM configuration file that we
had did not parse with weblogic, however it worked with the standard PAM configuration
file parser. This implies that weblogic does not use the standard parser. Any
help welcome !!Hi Parthasarathy,
Thanks for the pointer. Your suggestion was the first step to getting our Security
Model to be compatible with the WebLogic 6.1 model. As suggested I removed the
the default LoginModule (ServerLoginModule) from the Server.policy file and replaced
it with our Login Module. Then we defined JVM properties for the weblogic.management.password
property in the startweblogic command file to supply the authentication information
required by WebLogic.
The next problem that I encountered was that we use files in the jaas.jar for
Authorisation when I tried to access these files (e.g. javax.security.auth.Policy)
I got a sealing violation as the JVM had previously loaded other class files in
this package from the weblogic.jar (as weblogic uses these files for authorisation).
It was possible to get around this problem by putting the jaas.jar ahead of the
weblogic.jar in the classpath.
After this I just needed to set up permissions in the weblogic.policy file for
authorisation and we were there.
Regards
Paul
Parthasarathy Seshadri <[email protected]> wrote:
Please note from the documentation:
http://e-docs.bea.com/wls/docs61//security/prog.html#1039659
that WLS uses the default Login Module (weblogic.security.internal.ServerLoginModule)
to gather authentication informatino
during server initialization. To replace the default Login module, edit
the Server.policy file and replace the name of the
default Login module with the name of a custom Login module.
Please inform whether the above information is useful. Thank you.
Paul Petley wrote:
I am trying to configure my own PAM login module to work on the sameJVM as weblogic.
I have my own security policy that does not rely on weblogic howeverwhen trying
to login after creating a specific login context :
LoginContext loginContext = new LoginContext("XXLogin",subject,
callbackHandler);
loginContext.login();
The JVM tries to invoke weblogic's own internal server login module.It looks
for the callback the login module uses and then fails.
The same problem ocurrs at weblogic startup. Weblogic appears to overidethe -Djava.security.auth.login.config=jaas.config
with their own login configuration file:WLHOME\lib\server.policy. Isthis supposed
to be a standard PAM login configuration file or weblogic's own interpretation
of it ? (It is called a policy file which normally relates to grantsand permissions
in JAVA). Anyway we modified this file to include our own login moduleunder a
different AuthenticationConfigurationName. However weblogic attemptedto use our
login module as well as their own. According to the jaas api when creatinga login
context the application configuration name is specified however weblogicappears
to be ignoring this !! Also we have found that a PAM configurationfile that we
had did not parse with weblogic, however it worked with the standardPAM configuration
file parser. This implies that weblogic does not use the standard parser.Any
help welcome !!--
Developer Relations Engineer
BEA Support -
How to link existing PG with custom VO at design time
Hi,
I want to customzie counter group seach page of Counters modules. Here instead of searching thorugh apps schema i want to search groups through my custom schema 'XYZ'. To achieve this, i did following task:
(i) exported GroupSearchPG from apps server to jdeveloper/myprojects directory.
(ii) Created workspace and project in jdeveloper and imported PG to this project.
(ii) downloaded GroupingSearchAM , GroupSearchVO and GroupSearchCO from $JAVA_TOP to Jdev myclasses directory, its working fine for apps schema from jdeveloper
(iii) Created BC4J package with existing name oracle.apps.csi.counter.grouping.schema
(iv) created custom VO (GroupSearchVO) with custom schema 'XYZ' (Since this is expert VO, I need not to extend base EO/VO)
Now, While trying to substitute my custom VO with existing VO. I could not see existing VO to replace with.
My question is how do we link components with exported page? I mean how does the linking happens with GroupSearchPG with its CO/EO/VO or AM.
Can you please let me know which step did i miss?
Thanks in advance
TriptiFor your situation,
VO needs to be substituted,
CO needs to be substituted and
AM needs to be extended.
To make your custom VO available in substitution process, add them to the extended AM. Custom CO can be attached through personalization.
--Shiv -
Help : Call Login Module directly when iView is launched - without submit
Hi there,
we have developed a login module on for our NW2004S SP13 Portal, that checks the IP address of the client to be in a valid range. If so, the standard SAP login screen must be bypassed. If not, the standard login screen needs to be shown (we use the standard sap umLogonPage, we only made a copy z.com.portal.runtime.logon.par) and added to the portalapp.xml an entry which is a copy of the 'certlogon' entry..
-> What we like to achieve is that the logonstack is called directly when the application is launched.
a) Code below functions, but only one problem : when the IP Address is invalid (login module returns false), a blank page is shown instead of the default userid / pw page.
In case of valid IP OK, invalid IP (login module returns false) blank page :o(
b) As an alternatice, in my opinion, it would be best to use the standard SAP class in the portalapp.xml (com.sap.sapportals.portal.ume.component.logon.SAPMLogonComponent) & have some sort of servlet in front
The behaviour of which page to return in case of failed logon is contained in com.sap.portal.runtime.logon_api.jar, class com.sap.sapportals.portal.ume.component.logon.SAPMLogonComponent -> class SAPMLogonLogic).
How can this be done? I've already cracked my head over it, but can't get this to work -
My coding for a) :
package z.x.sapportals.portal.ume.component.logon;
import com.sap.security.api.logon.ILogonFrontend;
import com.sapportals.portal.prt.component.AbstractPortalComponent;
import com.sapportals.portal.prt.component.IPortalComponentRequest;
import com.sapportals.portal.prt.component.IPortalComponentResponse;
import com.sapportals.portal.prt.session.IUserContext;
public class xSAPMLogonComponent extends AbstractPortalComponent implements ILogonFrontend
protected void doContent(IPortalComponentRequest request, IPortalComponentResponse response)
response.write("\n<!-- component context:" + request.getComponentContext().getComponentName() + "-->\n");
response.write("<!-- class: " + getClass().getName() + "-->\n");
String firstName ="";
String lastName = "";
String logonUid = "";
String password = "";
String authscheme = "";
IUserContext userContext = request.getUser();
if (userContext != null)
firstName = userContext.getFirstName();
lastName = userContext.getLastName();
logonUid = userContext.getLogonUid();
password = "dummy";
authscheme = (String)request.getValue("com.sap.security.logon.authscheme.required");
response.write("Welcome :");
response.write("logonUid = " + logonUid + "<br><br>");
response.write("j_password = " + password + "<br><br>");
response.write("<form id=\"redirform\" method=\"post\" >");
response.write("<input type=\"hidden\" name=\"login_submit\" value=\"on\">");
response.write("<input type=\"hidden\" name=\"j_user\" value=\"" + logonUid + "\">");
response.write("<input type=\"hidden\" name=\"j_password\" value=\"" + password + "\">");
response.write("<input type=\"hidden\" name=\"j_authscheme\" value=\"" + authscheme + "\">");
response.write("<input type=\"submit\" value=\"send\">");
response.write("</form>");
// Commented out javascript auto submit to press submit manually for testing
/* (non-Javadoc)
@see com.sap.security.api.logon.ILogonFrontend#getTarget()
public Object getTarget()
// TODO Auto-generated method stub
return this;
/* (non-Javadoc)
@see com.sap.security.api.logon.ILogonFrontend#getType()
public int getType() {
// TODO Auto-generated method stub
return 2;
Portalapp.xml :
<component name="iplogon">
<component-config>
<property name="ClassName" value="z.x.sapportals.portal.ume.component.logon.xSAPMLogonComponent"/>
<property name="SafetyLevel" value="no_safety"/>
<property name="LocalModeAllowed" value="true"/>
</component-config>
<component-profile>
<property name="AuthScheme" value="anonymous"/>
<property name="com.sap.portal.pcm.Category" value="platform">
<property name="inheritance" value="final"/>
</property>
<property name="SupportedUserAgents" value="(MSIE, >=5.0, *) (Netscape, *, ) (Mozilla,,*)">
<property name="inheritance" value="final"/>
</property>
</component-profile>
</component>
authschemes.xml
<authscheme name="iplogon">
<authentication-template>
radiusExtended
</authentication-template>
<priority>22</priority>
<frontendtype>2</frontendtype>
<frontendtarget>z.x.portal.runtime.logon.iplogon</frontendtarget>
</authscheme>Hi,
I'm not sure if you have already solved this issue, I was looking up another issue and came across this topic, maybe I can close this topic for you.....
Here is what you could do...
1) Create a custom login module stack with your login module
2) Create a authentication scheme that refers this stack
For example, you have defined a login module stack called certlogon in the Security Provider service in the Visual Administrator. You want to create an authentication scheme that uses this login module stack. To do this, you add the following excerpt to the authschemes.xmlfile.
<authscheme name="myauthscheme">
<!-- multiple login modules can be defined -->
<authentication-template>
certlogon
</authentication-template>
<priority>20</priority>
<!-- the frontendtype TARGET_FORWARD = 0 -->
<!-- TARGET_REDIRECT = 1, TARGET_JAVAIVIEW = 2 -->
<frontendtype>2</frontendtype>
<!-- target object -->
<frontendtarget>
com.mycompany.certlogonapp
</frontendtarget>
</authscheme>
In this schema refer your custom login application.
thanks,
Sudhir -
Using Federated Security in BizTalk against custom Token Provider and Custom Token
Hi,
I as the topic states, I'm trying to get BizTalk to use a Custom Token Provider with custom tokens.
So I thought this would be rather painless using ws2007FederationHttpBinding but got stuck. The problem is that the service expect soap action and a special structure (se example):
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsc="common.namespace" xmlns:ws="securitytoken.namespace">
<soapenv:Header>
<wsc:AutHeader>
Containing Custom Auth header information tags, about 20 or so
</wsc:AutHeader>
</soapenv:Header>
<soapenv:Body>
<ws:SECSSecurityTokenCreate_V1_0InputArgs>
<ws:SecurityTokenCreateRequest>
<ws:securityToken><!-- signed SAML assertion --></ws:securityToken>
</ws:SecurityTokenCreateRequest>
</ws:SECSSecurityTokenCreate_V1_0InputArgs>
</soapenv:Body>
</soapenv:Envelope>
Response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<SECSSecurityTokenCreate_V1_0OutputArgs xmlns:ns2="common.namespace" xmlns="tokenservice,namespace">
<SecurityTokenCreateResponse>
<securityToken> <!-- THE Custom TOKEN --> </securityToken>
</SecurityTokenCreateResponse>
<ResponseState>
<ns2:ErrorCode>0</ns2:ErrorCode>
<ns2:Severity>0</ns2:Severity>
<ns2:ComponentId>201</ns2:ComponentId>
<ns2:StrErrorCode xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" />
<ns2:Message>OK</ns2:Message>
<ns2:NativeError xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" />
<ns2:LogSequence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" />
</ResponseState>
</SECSSecurityTokenCreate_V1_0OutputArgs>
</soap:Body> </soap:Envelope>
Error Message in BizTalk, when I send message via ws2007FederationHTTPBinding to the SOAP service, as expected the soap structure dosent match the expected one from the server, most obvisly is the missing SOAP action and incorrect BODY element.
System.ServiceModel.ProtocolException: The content type text/html; charset=iso-8859-1 of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 521 bytes of the response were: '<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>Server</soap:Value>
</soap:Code>
<soap:Reason>
<!--1 or more repetitions:-->
<soap:Text xml:lang="en">Missing operation for soapAction [null] and body element [{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken] with SOAP Version [SOAP 1.2]</soap:Text>
</soap:Reason>
</soap:Fault>
</soap:Body>
</soap:Envelope>'. ---> System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
at System.Net.HttpWebRequest.GetResponse()
at System.Servi
My plan to solve this is to try using beahviors added to the "inner" wcf binding that will help reconstruct the message from the standard form that I has, but I'm a bit vorried that I start to solve this and later on I'll have to add custom handling
for token extraction and handling since the token should be placed in a custom header in the soap envelope with custom namespace =).
So my question is, could this be solved via sw2007FederationHttpBinding or is an orchestration and some custom code for signing the path forward?
Thanks in advance for any help or guidance!
/MattiasIt's a little tough to use sw2007FederationHttpBinding, I faced similar situation before. :(
-
SPNEGO Login module Stack issue: Could not validate SPNEGO token
Hello to all,
We are deploying a SAP Netweavear 7.3 Enterprise Portal with SPNego login module activated.
We are performing some tests (performances and concurrent accesses).
During the tests we have found several times the folloiwing Issue linked to the spnego.
Could not validate SPNEGO token.
[EXCEPTION]
java.lang.NumberFormatException: multiple points
at sun.misc.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1082)
at java.lang.Double.parseDouble(Double.java:510)
at java.text.DigitList.getDouble(DigitList.java:151)
at java.text.DecimalFormat.parse(DecimalFormat.java:1303)
at java.text.SimpleDateFormat.subParse(SimpleDateFormat.java:1934)
at java.text.SimpleDateFormat.parse(SimpleDateFormat.java:1312)
at java.text.DateFormat.parse(DateFormat.java:335)
at com.sap.security.core.server.jaas.spnego.util.Utils.generalizedTimeStringToData(Utils.java:167)
at com.sap.security.core.server.jaas.spnego.krb5.KrbTicketEncryptedData.parseDecryptedData(KrbTicketEncryptedData.java:67)
at com.sap.security.core.server.jaas.spnego.krb5.KrbEncryptedData.decrypt(KrbEncryptedData.java:94)
at com.sap.security.core.server.jaas.spnego.krb5.KrbApReq.decrypt(KrbApReq.java:68)
at com.sap.security.core.server.jaas.SPNegoLoginModule.parseAndValidateSPNEGOToken(SPNegoLoginModule.java:315)
at com.sap.security.core.server.jaas.SPNegoLoginModule.processAuthorizationHeader(SPNegoLoginModule.java:474)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:160)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:65)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:254)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:352)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.loginWithRequestCredentials(AuthenticationService.java:337)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:321)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:60)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:163)
at com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doCached(RequestDispatcherImpl.java:655)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:488)
at com.sap.portal.navigation.Gateway.service(Gateway.java:147)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
The user rlinked to this user is Guest.
could you please advice us how to solve this reccuring issue?
Kind regards
Julien LEFEVREHello Cathal,
Thank you for your answer.
In fact the new spnego wizard of the SAP Enterprise Portal 7.3 is used to get the the two keys files. The SAP Jvm is used in fact with the 1.6.1.
And in fact , it functions perfectly sometimes. but during the test of massive access ( More than 30 conurent users), I have this error that comes frequently.
Best regards
Julien LEFEVRE -
Help - using custom login module with embedded jdev oc4j to access ejb 3
Hi All (Frank ??),
I'm just wondering if anyone has successfully been able to leverage a custom login module in combination
with a client that connects to a local EJB 3 stateless session bean through Jdeveloper 10.1.3.2's embedded oc4j.
I have spent 2+ days trying to get this to work - and i think I resound now to the fact im going to
have to deploy to oc4j standalone instead.
I got close.. but finally was trumped with the following error from the client trying to access the ejb:-
javax.naming.NoPermissionException: Not allowed to look up XXXXXX, check the namespace-access tag
setting in orion-application.xml for details.
Using the various guides available, I had no problem getting the custom login module working
with a local servlet running from JDev's embedded oc4j.. however with ejb - no such luck.
I have a roles table (possible values Member, Admin) - that maps to sr_Member and sr_Admin
respectively in various config files.
I'm using EJB 3 annotations for protecting methods .. for example
@RolesAllowed("sr_Member")
Steps that I had to do so far :-
In <jdevhome>\jdev\system\oracle.jwee.10.1.3.40.66\embedded-oc4j\config\system-jazn-data.xml1) Add custom login module
<application>
<name>current-workspace-app</name>
<login-modules>
<login-module>
<class>kr.security.KnowRushLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>dataSource</name>
<value>jdbc/DB_XE_KNOWRUSHDS</value>
</option>
<option>
<name>user.table</name>
<value>users</value>
</option>
<option>
<name>user.pk.column</name>
<value>id</value>
</option>
<option>
<name>user.name.column</name>
<value>email_address</value>
</option>
<option>
<name>user.password.column</name>
<value>password</value>
</option>
<option>
<name>role.table</name>
<value>roles</value>
</option>
<option>
<name>role.to.user.fk.column</name>
<value>user_id</value>
</option>
<option>
<name>role.name.column</name>
<value>name</value>
</option>
</options>
</login-module>
</login-modules>
</application>2) Grant login rmi permission to roles associated with custom login module (also in system-jazn-data.xml)
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>Admin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>Member</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>3) I've tried creating various oracle and j2ee deployment descriptors (even though ejb-jar.xml and orion-ejb-jar.xml get created automatically when running the session bean in jdev).
My ejb-jar.xml contains :-
<?xml version="1.0" encoding="utf-8"?>
<ejb-jar xmlns ....
<assembly-descriptor>
<security-role>
<role-name>sr_Admin</role-name>
</security-role>
<security-role>
<role-name>sr_Member</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>Note- i'm not specifying the enterprise-beans stuff, as JDev seems to populate this automatically.
My orion-ejb-jar.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-ejb-jar ...
<assembly-descriptor>
<security-role-mapping name="sr_Admin">
<group name="Admin"></group>
</security-role-mapping>
<security-role-mapping name="sr_Member">
<group name="Member"></group>
</security-role-mapping>
<default-method-access>
<security-role-mapping name="sr_Member" impliesAll="true">
</security-role-mapping>
</default-method-access>
</assembly-descriptor>My orion-application.xml contains ...
<?xml version="1.0" encoding="utf-8"?>
<orion-application xmlns ...
<security-role-mapping name="sr_Admin">
<group name="Admin"></group>
</security-role-mapping>
<security-role-mapping name="sr_Member">
<group name="Member"></group>
</security-role-mapping>
<jazn provider="XML">
<property name="role.mapping.dynamic" value="true"></property>
<property name="custom.loginmodule.provider" value="true"></property>
</jazn>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping name="sr_Admin">
<group name="Admin"/>
<group name="Member"/>
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping name="sr_Admin">
<group name="Admin"/>
<group name="Member"/>
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
</orion-application>My essentially auto-generated EJB 3 client does the following :-
Hashtable env = new Hashtable();
env.put(Context.SECURITY_PRINCIPAL, "matt.shannon");
env.put(Context.SECURITY_CREDENTIALS, "welcome1");
final Context context = new InitialContext(env);
KRFacade kRFacade = (KRFacade)context.lookup("KRFacade");
...And throws the error
20/04/2007 00:55:37 oracle.j2ee.rmi.RMIMessages
EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
javax.naming.NoPermissionException: Not allowed to look
up KRFacade, check the namespace-access tag setting in
orion-application.xml for details
at
com.evermind.server.rmi.RMIClientConnection.handleLookupRe
sponse(RMIClientConnection.java:819)
at
com.evermind.server.rmi.RMIClientConnection.handleOrmiComm
andResponse(RMIClientConnection.java:283)
....I can see from the console that the user was successfully authenticated :-
20/04/2007 00:55:37 kr.security.KnowRushLoginModule validate
WARNING: [KnowRushLoginModule] User matt.shannon authenticated
And that user is granted both the Admin, and Member roles.
The test servlet using basic authentication correctly detects the user and roles perfectly...
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
LOGGER.log(Level.INFO,LOGPREFIX +"doGet called");
response.setContentType(CONTENT_TYPE);
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>ExampleServlet</title></head>");
out.println("<body>");
out.println("<p>The servlet has received a GET. This is the reply.</p>");
out.println("<br> getRemoteUser = " + request.getRemoteUser());
out.println("<br> getUserPrincipal = " + request.getUserPrincipal());
out.println("<br> isUserInRole('sr_Admin') = "+request.isUserInRole("sr_Admin"));
out.println("<br> isUserInRole('sr_Memeber') = "+request.isUserInRole("sr_Member"));Anyone got any ideas what could be going wrong?
cheers
Matt.
Message was edited by:
mshannonThanks for the response. I checked out your blog and tried your suggestions. I'm sure it works well in standalone OC4J, but i was still unable to get it to function correctly from JDeveloper embedded.
Did you ever get the code working directly from JDeveloper?
Your custom code essentially seems to be the equivalent of a grant within system-jazn-data.xml.
For example, the following grant to a custom jaas role (JAAS_ADMIN) that gets added by my custom login module gives them rmi login access :-
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>role</type>
<class>kr.security.principals.KRRolePrincipal</class>
<name>JAAS_Admin</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>If I add the following to orion-application.xml
<!-- Granting login permission to users accessing this EJB. -->
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping>
<group name="JAAS_Admin"></group>
</security-role-mapping>
</namespace-resource>
</read-access>Running a standalone client against the embedded jdev oc4j server gives the namespace-access error.
I tried out your code by essentially creating a static reference to a singleton class that does the role lookup/provisioning with rmi login grant :-
From custom login module :-
private static KRSecurityHelper singleton = new KRSecurityHelper();
protected Principal[] m_Principals;
Vector v = new Vector();
v.add(singleton.getCustomRmiConnectRole());
// set principals in LoginModule
m_Principals=(Principal[]) v.toArray(new Principal[v.size()]);
Singleton class :-
package kr.security;
import com.evermind.server.rmi.RMIPermission;
import java.util.logging.Level;
import java.util.logging.Logger;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.policy.Grantee;
import oracle.security.jazn.realm.Realm;
import oracle.security.jazn.realm.RealmManager;
import oracle.security.jazn.realm.RealmRole;
import oracle.security.jazn.realm.RoleManager;
import oracle.security.jazn.policy.JAZNPolicy;
import oracle.security.jazn.JAZNException;
public class KRSecurityHelper
private static final Logger LOGGER = Logger.getLogger("kr.security");
private static final String LOGPREFIX = "[KRSecurityHelper] ";
public static String CUSTOM_RMI_CONNECT_ROLE = "remote_connect";
private RealmRole m_Role = null;
public KRSecurityHelper()
LOGGER.log(Level.FINEST,LOGPREFIX +"calling JAZNConfig.getJAZNConfig");
JAZNConfig jc = JAZNConfig.getJAZNConfig();
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getRealmManager");
RealmManager realmMgr = jc.getRealmManager();
try
// Get the default realm .. e.g. jazn.com
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getGetDefaultRealm");
Realm r = realmMgr.getRealm(jc.getDefaultRealm());
LOGGER.log(Level.INFO,LOGPREFIX +"default realm: "+r.getName());
// Access the role manager for the remote connection role
LOGGER.log(Level.FINEST,
LOGPREFIX +"calling default_realm.getRoleManager");
RoleManager roleMgr = r.getRoleManager();
LOGGER.log(Level.INFO,LOGPREFIX +"looking up custom role '"
CUSTOM_RMI_CONNECT_ROLE "'");
RealmRole rmiConnectRole = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
if (rmiConnectRole == null)
LOGGER.log(Level.INFO,LOGPREFIX +"role does not exist, create it...");
rmiConnectRole = roleMgr.createRole(CUSTOM_RMI_CONNECT_ROLE);
LOGGER.log(Level.FINEST,LOGPREFIX +"constructing new grantee");
Grantee gtee = new Grantee(rmiConnectRole);
LOGGER.log(Level.FINEST,LOGPREFIX +"constructing login rmi permission");
RMIPermission login = new RMIPermission("login");
LOGGER.log(Level.FINEST,
LOGPREFIX +"constructing subject.propagation rmi permission");
RMIPermission subjectprop = new RMIPermission("subject.propagation");
// make policy changes
LOGGER.log(Level.FINEST,LOGPREFIX +"calling jc.getPolicy");
JAZNPolicy policy = jc.getPolicy();
if (policy != null)
LOGGER.log(Level.INFO, LOGPREFIX
+ "add to policy grant for RMI 'login' permission to "
+ CUSTOM_RMI_CONNECT_ROLE);
policy.grant(gtee, login);
LOGGER.log(Level.INFO, LOGPREFIX
+ "add to policy grant for RMI 'subject.propagation' permission to "
+ CUSTOM_RMI_CONNECT_ROLE);
policy.grant(gtee, subjectprop);
// m_Role = rmiConnectRole;
m_Role = roleMgr.getRole(CUSTOM_RMI_CONNECT_ROLE);
LOGGER.log(Level.INFO, LOGPREFIX
+ m_Role.getName() + ":" + m_Role.getFullName() + ":" + m_Role.getFullName());
else
LOGGER.log(Level.WARNING,LOGPREFIX +"Cannot find jazn policy!");
else
LOGGER.log(Level.INFO,LOGPREFIX +"custom role already exists");
m_Role = rmiConnectRole;
catch (JAZNException e)
LOGGER.log(Level.WARNING,
LOGPREFIX +"Cannot configure JAZN for remote connections");
public RealmRole getCustomRmiConnectRole()
return m_Role;
}Using the code approach and switching application.xml across so that namespace access is for the group remote_connect, I get the following error from my bean :-
INFO: Login permission not granted for current-workspace-app (test.user)
Thus, the login permission that I'm adding through the custom remote_connect role does not seem to work. Even if it did, i'm pretty sure I would still get that namespace error.
This has been such a frustrating process. All the custom login module samples using embedded JDeveloper show simple j2ee servlet protection based on settings in web.xml.
There are no samples showing jdeveloper embedded oc4j using ejb with custom login modules.
Hopefully the oc4j jdev gurus like Frank can write a paper that demonstrates this.
Matt.
Maybe you are looking for
-
Printing to a Printer connected via HP JetDirect using original HP drivers
Hi, I have bought a new router (AVM Fritz wlan 7170) which has a printer port that uses an emulated HP JetDirect Server for printing. Is it somehow possible to use the original HP Inkjet Drivers v2.7.1 for printing to my Hewlett Packard Deskjet 5652?
-
Itunes crashes on start up every time
ive tried uninstalling and re installing and ive tried to open about 10000 times and still nothing. Has been going on for weeks.
-
Dear All, we want to know Item wise billing for a given single sales order.one sales order has say 4 items.Now i want to do billing 4 times that is each item with one bill. How to acheive this scenario.Reward points are assured for your timely help.
-
Can the Action in Slides be Edited?
The timing on the action in slides is sometimes off. Is there a way to edit the action in slides?
-
Af:image source outside of application
Hi I use Jdev 12c I have a folder which contains images, this folder is outside the app I did this to save space in the Database, I'd like to know how to access it to show it I used <af:image source="/home/diego/Pictures/aaa.png" id="i1" shortDesc="H