Custom Realm for SJSAS 9.x using JAAS documentation too vague

Similar Messages

• Weblogic700 sp4 custom realm for SAM authentication

  we have an applicaiton running on WL7.0 sp4 which will be protected by sun access manager 7.1, but in the domain config we need to create a realm that authentication provider will be SAMAuthentication , I want to know whether we need to create a custom realm or we can create iplanet realm.

  Well, once again, I'm going to have to provide my own answer.
  After much waiting and then deciding to invest much time researching documentation and tracking down information to assist in my solution, I have manage to find the golden egg for my own recipe of a solution.
  In addition to the very helpful info I have found at:
  http://developers.sun.com/prodtech/appserver/reference/techart/as8_authentication/index.html
  I have mange to get my custom realm to work with the additional configuration of my sun-application.xml for my ear file. Even though I only wanted to specify my custom realm for my web.xml file, it turns out that in addition to this, I had to also define it in my sun-application.xml file (manually in XML text mode - within Netbeans 5.5) as follows:
  <sun-application>
      <realm>mycustrealm</realm>
      <security-role-mapping>
          <role-name>mycust_role</role-name>
          <group-name>mycust_group</group-name>
      </security-role-mapping>
  </sun-application>

• Policy Director Custom Realm for Weblogic

  I would like more information on how the Policy Director custom Realm for Weblogic
  works. What all methods are implemented and so on. If anyone could send me the source
  code of the custom Realm that would be of great help.
  Thanks in advance,
  Krish

  Well, once again, I'm going to have to provide my own answer.
  After much waiting and then deciding to invest much time researching documentation and tracking down information to assist in my solution, I have manage to find the golden egg for my own recipe of a solution.
  In addition to the very helpful info I have found at:
  http://developers.sun.com/prodtech/appserver/reference/techart/as8_authentication/index.html
  I have mange to get my custom realm to work with the additional configuration of my sun-application.xml for my ear file. Even though I only wanted to specify my custom realm for my web.xml file, it turns out that in addition to this, I had to also define it in my sun-application.xml file (manually in XML text mode - within Netbeans 5.5) as follows:
  <sun-application>
      <realm>mycustrealm</realm>
      <security-role-mapping>
          <role-name>mycust_role</role-name>
          <group-name>mycust_group</group-name>
      </security-role-mapping>
  </sun-application>

• Creating a custom realm for tomcat. Help and suggestions please.

  Has anybody ever created a custom realm to authenticate users in tomcat.
  I would like to use form based login with my own realm.
  The form requires 3 fields to log in (hence the custom realm) . I would also like to be able to use the built-in functions like isuserinrole.
  If anybody has experience with this or knows of a place where to get valuable information please let me know.
  Thanks in advance!

  Hi
  Tomcatx.x.x uses the realm sandbox security tecnique
  1)In you'r abcd/web-inf/WEB.xml file
  write the realm config scripts for the required
  jsp/servlet pages[similar will be found in
    Tomcat/webapps/examples/web-inf/web.xml]
  2)In Tomcatx.x.x/conf/tomcat_users.xml
  declare the realm id/pass/roles
  3)If still not able to do then study the web.xml (pdf)
  avaliable at websiter http://www.moreservlets.com

• Custom eventing  for reporting --- am i using the correct ResourceEvent?

  Hi All,
  I am using a web content management tool which stores all the content created through the tool in /documents repository . This content is published in the portal under various roles  . I am working on a report to generate and report the hit counts for the pages in this repository . I have written a Km service that subscribes to GET_TEMPLATE event to generate these statistics.
  The problem i am facing is this . When i navigate through the KM folder structure to a given page in a subfolder and do a preview of the page content , the hitcount is incremented and the report reflects this increase . However if i navigate to the role where the content is published and view the content from the role , the page hit count is not incremented and the report does not show the increment .
  My questions are
  1) Do i need to write a custom KM event that notifies the repository broker about
      the page access through the roles?
  2) Is there any other standard event to which i can subscribe to get this page hit count.
  Any helpful answers will be rewarded.
  regards
  Subra

  Hi Subra,
  > is there any way to know if the tool is raising any event
  As I have been one of the developers, I can report that the tool definitely does not raise such an event explicitely. But as said above, it also shouldn't do this, as it shouldn't be needed. In addition, for the display the tool redirects to a KM navigation iView, which normally should lead to the expected event risen anyhow.
  But if it really doesn't work, you still have the option to ask btexx to check if this is a shortcoming on SAP side - which in the interest of a smooth working product should be tracked, maybe worked around...
  About the caching I can report that there is also no caching used at the moment for the display. This may change one day, for this in fact it would make sense to raise the event (even if the resource isn't called from the framework, but to enable such kind of statistics, if they won't be part of the product one day anyhow).
  Hope it helps
  Detlev
  Message was edited by:
          Detlev Beutner
  One additional remark for all people involved: I just remember to have read about the same "missing" event on SDN, but I never checked this in the end. It <i>might</i> be that the navigation iView only throws the getChildren event, as for other resources than XML forms elements, it only renders the name of the resource, not it's (or part of it's) content (so the content doesn't get accessed). This also would make sense as normally the access to the <i>Show</i> form could be differentiated from the access to the <i>RenderListItem</i> form.

• Using fileReamd + custom realm w/ WLS6

  Hi,
  I would like to write a custom realm for WLS6.0, but I would like to
  delegate to the fileRealm for WebLogic accounts, such as 'system'. Can
  anyone suggest a straightforward way to accomplish this?
  Thanks,
  Dhiren
  Dhiren Patel -- Sr. Web Architect -- Align Technology, Inc.

  Duh. Momentary lapse of reason, please disregard.
  Dhiren
  Dhiren Patel wrote:
  Hi,
  I would like to write a custom realm for WLS6.0, but I would like to
  delegate to the fileRealm for WebLogic accounts, such as 'system'. Can
  anyone suggest a straightforward way to accomplish this?
  Thanks,
  Dhiren
  Dhiren Patel -- Sr. Web Architect -- Align Technology, Inc.--
  Dhiren Patel -- Sr. Web Architect -- Align Technology, Inc.

• Can you make custom ringtone for iPhone 4 w/o using iTunes?

  My computer crashed and I had to redownload iTunes and all my music the other day. I plugged my iPhone 4 in to put a custom ringtone I made in iTunes on it and it says it wants to "erase and sync" my phone since it was connected to my old iTunes. Is there a way to fix this or is there a way to make a new custom ringtone for my iphone without using iTunes?

  about backup http://support.apple.com/kb/HT1766
  you're better off creating new ringtones.  Take a look at the first link I gave you, that will answer all your questions.

• While implementing sample custom realm, got ClassNotFound exception

  I am trying to get the sample custom realm work. I followed every step in the documentation and had it deployed successfullyl. When I tried to log in, the authentication failed. Then I restarted the SunOne appserver, in the server.log file I got the error:
  [22/Jul/2003:09:34:24] WARNING (24887): SEC1100: Disabled realm [jdbc] due to errors.
  [22/Jul/2003:09:34:24] WARNING (24887): SEC1000: Caught exception.
  com.sun.enterprise.security.auth.realm.BadRealmException: java.lang.ClassNotFoundException: samples.security.jdbcrealm.JDBCRealm
  at com.sun.enterprise.security.auth.realm.Realm.doInstantiate(Realm.java:350)
  at com.sun.enterprise.security.auth.realm.Realm.instantiate(Realm.java:284)
  at com.iplanet.ias.security.RealmConfig.createRealms(RealmConfig.java:95)
  at com.sun.enterprise.security.RealmManager.init(RealmManager.java:91)
  at com.sun.enterprise.server.J2EEServer.startAuthenticationService(J2EEServer.java:1211)
  at com.sun.enterprise.server.J2EEServer.run(J2EEServer.java:391)
  at com.sun.enterprise.server.J2EEServer.main(J2EEServer.java:1415)
  at com.iplanet.ias.server.ApplicationServer.onInitialization(ApplicationServer.java:212)
  at com.iplanet.ias.server.J2EERunner.confPreInit(J2EERunner.java:114)
  Since I am new to this, I couldn't locate the problem after checking everything many times. Can anyone help me? I need to get this part work first, then I can move ahead and make changes.
  Thanks a million!

  Thanks a lot, I did it and it worked.
  I have more questions. For the custom realm database, I want to use a table just for username and password, and another table just for roles. Then use a third table as a bridge between the two. Can I do it in the sample application? Can I change JDBCLoginModule to do this? If yes, Where to put JDBCLoginModule and JDBCRealm after changes?
  Really appreciate your help.

• WebLogic Server doesn't start after configuring a Custom Realm

  Hi,
  We are having problems getting WebLogic server to startup after configuring a
  Custom Realm. It outputs the error message "User System not authorized to boot
  WebLogic Server. Security Excpetion".
  For debugging purposed we had our Custom Realm classes output some debug statements
  to the console. From the output it was apparent that all the users were getting
  authenticated properly including System, Administrator, wliSystem etc. But after
  the initial authentications we get this error message. I am attaching the log
  file for your reference. Do we have to implement Authorization also (by implementing
  ACLImpl) in the Custom Realm. Our Custom Realm was planned to be used only for
  authentication.
  Appreciate any feedback on the cause of the problem.
  Thanks
  Vikram
  [test.log]

  Thanks Deyan. I will give it a try and let you know.
  "Deyan D. Bektchiev" <[email protected]> wrote:
  Vikram,
  You should make your user that you use to startup the server a member
  of
  the Administrators group.
  In other words there should be a Principal "Administrators" in the
  Subject that your LoginModule returns.
  I'm not sure if you can configure this afterwards but this is how it's
  done out of the box.
  Dejan
  Vikram wrote:
  Mike,
  We are working with a Platform domain on Weblogic 7.0. When you implementa custom
  realm it can be implemented just for authentication and not for authorization.
  In our case we used the Custom Realm only for authentication. ACLs storeall the
  authorization information. We assumed that the standard Weblogic useraccounts
  like system, administrator are already part of the ACLs with the appropriateprivileges.
  Please let me know if you have any suggestions.
  Thanks
  Vikram
  "mike" <[email protected]> wrote:
  You mix up authentication and authorization. The fact that a user is
  a valid user
  (authentication) does not guarantee that he/she can perform a certain
  action (authorization).
  The second is defined by ACLs or something, which is probably (most
  likely)
  not
  set in your case. To go on ranting I need to know which version youare
  on (looks
  like 7, grey area for me).
  "Vikram" <[email protected]> wrote:
  Hi,
  We are having problems getting WebLogic server to startup after configuring
  a
  Custom Realm. It outputs the error message "User System not authorized
  to boot
  WebLogic Server. Security Excpetion".
  For debugging purposed we had our Custom Realm classes output some
  debug
  statements
  to the console. From the output it was apparent that all the userswere
  getting
  authenticated properly including System, Administrator, wliSystemetc.
  But after
  the initial authentications we get this error message. I am attaching
  the log
  file for your reference. Do we have to implement Authorization also
  (by
  implementing
  ACLImpl) in the Custom Realm. Our Custom Realm was planned to be used
  only for
  authentication.
  Appreciate any feedback on the cause of the problem.
  Thanks
  Vikram

• Can you make custom clothing for 3d Models?

  Hello, I am new to Photoshop CS5 Extended and mostly bought the program for making textures for 3d clothing since it has a bridge from DAZ to Photoshop which I hope will make my work go faster. I have been using DAZ and Poser for a while now and have been working in photo editing and vector designing for 12 years. I am not new to this, just need to adobe products. I was wondering if it is possible to custom clothing for 3D Daz models using Adobe Photoshop CS5 Extended? I can find tutors on painting models but nothing on making the custom clothing itself, not a texture for other clothing but making my own clothing for DAZ Kids4. I have been using Hexagon to work with clothing but was looking for a photoshop alternative method.
  Thank you
  Kimberly

  for the mesh, hexagon is actually better than photoshop. Since it can create the actual mesh. Though, you can import the mesh into photoshop so you can see it while you paint the texture.
  The 3d creation portion of photoshop is still a bit limiting. (But my experience stops with CS5. I have not tried CS6 yet, so impovement could have been made)
  The issue I have with hexagon is the amount of bugs in it. I prefer a more robust and more expensive alternative. But thats me
  A free alternative is Blender. But I find the UI a bit outdated and hard to grasp. But again, thats me.
  Generate your UV maps as you normally would then load them into photoshop and get painting. You may like other texture generating apps to go along with photoshop. Genetica is great for making tileable textures.

• auth-method BASIC with custom realm

  I've set up my web.xml with <auth-method>BASIC, and I've defined a custom realm
  for authentication. When I enter a valid userid/password at login, I can trace
  authUserPassword() in my custom realm, and I can see that it is returning an object
  which is a subclass of weblogic.security.acl.User, as it should. However, rather
  than acknowledging a successful login and moving on, the login dialog is redisplayed,
  (minus password). Further attempts to enter the same userid/password don't invoke
  authUserPassword(), presumably since the "failed" login is still cached. What
  am I missing?

  Have a look in the web server log to see under what account the failed
  accesses took place, that will help in identifying the cause.
  "Bill Welch" <[email protected]> wrote in message
  news:3b2a6431$[email protected]..
  >
  I've set up my web.xml with <auth-method>BASIC, and I've defined a customrealm
  for authentication. When I enter a valid userid/password at login, I cantrace
  authUserPassword() in my custom realm, and I can see that it is returningan object
  which is a subclass of weblogic.security.acl.User, as it should. However,rather
  than acknowledging a successful login and moving on, the login dialog isredisplayed,
  (minus password). Further attempts to enter the same userid/passworddon't invoke
  authUserPassword(), presumably since the "failed" login is still cached.What
  am I missing?

• Using JAAS/JNDI with the Login Server

  Is it possible to set up single sign-on through the Login Server
  and OID for a Java portlet using JAAS and JNDI? What would be
  required to set this up?

  I was facing same problem,
  Here is I got an answer, I was doing same mistake.
  You cannot authenticate with an outlook.com account when you use the management shell. You have to use a @yourtenant.onmicrosoft.com
  account or an account where the domain has been associated with your O365 tenant like @contoso.com . Microsoft accounts cannot be used with the management shell.
  http://community.office365.com/en-us/f/156/t/238053.aspx 

• Admin Console Integration for Users in a Custom Realm

  We are implementing a custom realm and are having troubles getting our Users to
  show up in the User list.
  Our user class extends weblogic.security.acl.User, and is forced to use the default
  CTOR because our data access layer requires it.
  Unfortunately, getName() returns null if the User(String) constructor is not used.
  Furthermore, Identity::setName() is final, so it seems as though there is no
  way to set the user's name after construction.
  I am correct in this?
  If so, any thoughts on whether it is worth going down the path of making my user
  class implement Principal instead of extending weblogic.security.acl.User? I
  would be forced to try to guess at what methods in User are required to integrate
  with the admin console, I believe. I have not been able to find any documentation
  that specifies what api/contract the console uses when it attempts to display
  user, role, acl information for a custom realm.
  Any advice would be greatly appreciated.
  -chris

  My comments mixed with your text
  "Chris Goodacre" <[email protected]> wrote:
  >
  We are implementing a custom realm and are having troubles getting our
  Users to
  show up in the User list.
  Our user class extends weblogic.security.acl.User, and is forced to use
  the default
  CTOR because our data access layer requires it.
  Unfortunately, getName() returns null if the User(String) constructor
  is not used.Yes.
  Furthermore, Identity::setName() is final, so it seems as though there
  is no
  way to set the user's name after construction.
  I am correct in this?Yes. Changing a user's name on a constructed user object is like mutating that
  user to another user - a security hole. It isn't allowed.
  >
  If so, any thoughts on whether it is worth going down the path of making
  my user
  class implement Principal instead of extending weblogic.security.acl.User?I'd try to stay with extending weblogic.security.acl.User, but also implement
  weblogic.security.acl.CredentialChanger, so you can change passwords through the
  console (otherwise you get NullPointerExceptions).
  You really want to get around not being able to supply a user name as part of
  the ctor.
  I
  would be forced to try to guess at what methods in User are required
  to integrate
  with the admin console, I believe. I have not been able to find any
  documentation
  that specifies what api/contract the console uses when it attempts to
  display
  user, role, acl information for a custom realm.
  Any advice would be greatly appreciated.
  -chris1. Your realm should extend AbstractManageableRealm and implement DebuggableRealm
  if you want to integrate with the console.
  2. The only contract is to implement all the methods!
  3. Check the type of the user and group objects being passed to your realm - if
  they're not your user and group type, reject the call.
  4. The documentation is indeed terrible, and often wrong. The examples shipped
  are incomplete (the RBDMS realm shipped has approx 1/3 of the functionality).
  You'll get good with jad.
  Should all be better in 7.0 with JAAS. The realm interfaces is a dog.
  Good luck,
  simon.

• One custom security realm for many wl servers?

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

  Is it possible to use one custom security realm for many weblogic servers...ie
  one login for all application on different weblogic server.

• How to create a user class for the customer realm

  how can I create a User class for my custom security realm, please help me out. i am trying to access using the active directory server and iam unable to write a simple classs for this user, can anyone help me. iam a beginner, would appriciate if any one helps me.regardsbaba

  Hi Rawat,
     You Don't need to create User Exits,but you need to find user Exits.Below are list of user Exits for MB31.
  Use proper exit as per your requirement.
  Exit Name     Description
  MBCF0002     Customer function exit: Segment text in material doc. item
  MBCF0005     Material document item for goods receipt/issue slip
  MBCF0006     Customer function for WBS element
  MBCF0007     Customer function exit: Updating a reservation
  MBCF0009     Filling the storage location field
  MBCF0010     Customer exit: Create reservation BAPI_RESERVATION_CREATE1
  MBCF0011     Read from RESB and RKPF for print list in  MB26
  MB_CF001     Customer Function Exit in the Case of Updating a Mat. Doc.
  award points if ans is useful.
  Regards,
  Albert